1/* BEGIN_HEADER */ 2#include "test/drivers/test_driver.h" 3 4/* Auxiliary variables for pake tests. 5 Global to silent the compiler when unused. */ 6size_t pake_expected_hit_count = 0; 7int pake_in_driver = 0; 8 9/* The only two JPAKE user/peer identifiers supported for the time being. */ 10static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; 11static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; 12 13#if defined(PSA_WANT_ALG_JPAKE) && \ 14 defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ 15 defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) 16static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, 17 psa_pake_operation_t *server, 18 psa_pake_operation_t *client, 19 int client_input_first, 20 int round) 21{ 22 unsigned char *buffer0 = NULL, *buffer1 = NULL; 23 size_t buffer_length = ( 24 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + 25 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + 26 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; 27 /* The output should be exactly this size according to the spec */ 28 const size_t expected_size_key_share = 29 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); 30 /* The output should be exactly this size according to the spec */ 31 const size_t expected_size_zk_public = 32 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); 33 /* The output can be smaller: the spec allows stripping leading zeroes */ 34 const size_t max_expected_size_zk_proof = 35 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); 36 size_t buffer0_off = 0; 37 size_t buffer1_off = 0; 38 size_t s_g1_len, s_g2_len, s_a_len; 39 size_t s_g1_off, s_g2_off, s_a_off; 40 size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; 41 size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; 42 size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; 43 size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; 44 size_t c_g1_len, c_g2_len, c_a_len; 45 size_t c_g1_off, c_g2_off, c_a_off; 46 size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; 47 size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; 48 size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; 49 size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; 50 psa_status_t status; 51 52 TEST_CALLOC(buffer0, buffer_length); 53 TEST_CALLOC(buffer1, buffer_length); 54 55 switch (round) { 56 case 1: 57 /* Server first round Output */ 58 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 59 buffer0 + buffer0_off, 60 buffer_length - buffer0_off, &s_g1_len)); 61 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 62 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 63 TEST_EQUAL(s_g1_len, expected_size_key_share); 64 s_g1_off = buffer0_off; 65 buffer0_off += s_g1_len; 66 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 67 buffer0 + buffer0_off, 68 buffer_length - buffer0_off, &s_x1_pk_len)); 69 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 70 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 71 TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); 72 s_x1_pk_off = buffer0_off; 73 buffer0_off += s_x1_pk_len; 74 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 75 buffer0 + buffer0_off, 76 buffer_length - buffer0_off, &s_x1_pr_len)); 77 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 78 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 79 TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); 80 s_x1_pr_off = buffer0_off; 81 buffer0_off += s_x1_pr_len; 82 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 83 buffer0 + buffer0_off, 84 buffer_length - buffer0_off, &s_g2_len)); 85 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 86 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 87 TEST_EQUAL(s_g2_len, expected_size_key_share); 88 s_g2_off = buffer0_off; 89 buffer0_off += s_g2_len; 90 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 91 buffer0 + buffer0_off, 92 buffer_length - buffer0_off, &s_x2_pk_len)); 93 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 94 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 95 TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); 96 s_x2_pk_off = buffer0_off; 97 buffer0_off += s_x2_pk_len; 98 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 99 buffer0 + buffer0_off, 100 buffer_length - buffer0_off, &s_x2_pr_len)); 101 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 102 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 103 TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); 104 s_x2_pr_off = buffer0_off; 105 buffer0_off += s_x2_pr_len; 106 107 if (client_input_first == 1) { 108 /* Client first round Input */ 109 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 110 buffer0 + s_g1_off, s_g1_len); 111 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 112 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 113 TEST_EQUAL(status, PSA_SUCCESS); 114 115 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 116 buffer0 + s_x1_pk_off, 117 s_x1_pk_len); 118 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 119 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 120 TEST_EQUAL(status, PSA_SUCCESS); 121 122 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 123 buffer0 + s_x1_pr_off, 124 s_x1_pr_len); 125 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 126 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 127 TEST_EQUAL(status, PSA_SUCCESS); 128 129 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 130 buffer0 + s_g2_off, 131 s_g2_len); 132 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 133 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 134 TEST_EQUAL(status, PSA_SUCCESS); 135 136 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 137 buffer0 + s_x2_pk_off, 138 s_x2_pk_len); 139 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 140 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 141 TEST_EQUAL(status, PSA_SUCCESS); 142 143 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 144 buffer0 + s_x2_pr_off, 145 s_x2_pr_len); 146 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 147 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 148 TEST_EQUAL(status, PSA_SUCCESS); 149 } 150 151 /* Adjust for indirect client driver setup in first pake_output call. */ 152 pake_expected_hit_count++; 153 154 /* Client first round Output */ 155 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 156 buffer1 + buffer1_off, 157 buffer_length - buffer1_off, &c_g1_len)); 158 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 159 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 160 TEST_EQUAL(c_g1_len, expected_size_key_share); 161 c_g1_off = buffer1_off; 162 buffer1_off += c_g1_len; 163 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 164 buffer1 + buffer1_off, 165 buffer_length - buffer1_off, &c_x1_pk_len)); 166 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 167 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 168 TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); 169 c_x1_pk_off = buffer1_off; 170 buffer1_off += c_x1_pk_len; 171 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 172 buffer1 + buffer1_off, 173 buffer_length - buffer1_off, &c_x1_pr_len)); 174 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 175 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 176 TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); 177 c_x1_pr_off = buffer1_off; 178 buffer1_off += c_x1_pr_len; 179 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 180 buffer1 + buffer1_off, 181 buffer_length - buffer1_off, &c_g2_len)); 182 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 183 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 184 TEST_EQUAL(c_g2_len, expected_size_key_share); 185 c_g2_off = buffer1_off; 186 buffer1_off += c_g2_len; 187 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 188 buffer1 + buffer1_off, 189 buffer_length - buffer1_off, &c_x2_pk_len)); 190 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 191 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 192 TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); 193 c_x2_pk_off = buffer1_off; 194 buffer1_off += c_x2_pk_len; 195 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 196 buffer1 + buffer1_off, 197 buffer_length - buffer1_off, &c_x2_pr_len)); 198 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 199 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 200 TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); 201 c_x2_pr_off = buffer1_off; 202 buffer1_off += c_x2_pr_len; 203 204 if (client_input_first == 0) { 205 /* Client first round Input */ 206 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 207 buffer0 + s_g1_off, s_g1_len); 208 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 209 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 210 TEST_EQUAL(status, PSA_SUCCESS); 211 212 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 213 buffer0 + s_x1_pk_off, 214 s_x1_pk_len); 215 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 216 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 217 TEST_EQUAL(status, PSA_SUCCESS); 218 219 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 220 buffer0 + s_x1_pr_off, 221 s_x1_pr_len); 222 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 223 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 224 TEST_EQUAL(status, PSA_SUCCESS); 225 226 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 227 buffer0 + s_g2_off, 228 s_g2_len); 229 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 230 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 231 TEST_EQUAL(status, PSA_SUCCESS); 232 233 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 234 buffer0 + s_x2_pk_off, 235 s_x2_pk_len); 236 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 237 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 238 TEST_EQUAL(status, PSA_SUCCESS); 239 240 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 241 buffer0 + s_x2_pr_off, 242 s_x2_pr_len); 243 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 244 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 245 TEST_EQUAL(status, PSA_SUCCESS); 246 } 247 248 /* Server first round Input */ 249 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 250 buffer1 + c_g1_off, c_g1_len); 251 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 252 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 253 TEST_EQUAL(status, PSA_SUCCESS); 254 255 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 256 buffer1 + c_x1_pk_off, c_x1_pk_len); 257 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 258 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 259 TEST_EQUAL(status, PSA_SUCCESS); 260 261 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 262 buffer1 + c_x1_pr_off, c_x1_pr_len); 263 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 264 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 265 TEST_EQUAL(status, PSA_SUCCESS); 266 267 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 268 buffer1 + c_g2_off, c_g2_len); 269 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 270 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 271 TEST_EQUAL(status, PSA_SUCCESS); 272 273 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 274 buffer1 + c_x2_pk_off, c_x2_pk_len); 275 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 276 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 277 TEST_EQUAL(status, PSA_SUCCESS); 278 279 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 280 buffer1 + c_x2_pr_off, c_x2_pr_len); 281 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 282 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 283 TEST_EQUAL(status, PSA_SUCCESS); 284 285 break; 286 287 case 2: 288 /* Server second round Output */ 289 buffer0_off = 0; 290 291 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 292 buffer0 + buffer0_off, 293 buffer_length - buffer0_off, &s_a_len)); 294 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 295 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 296 TEST_EQUAL(s_a_len, expected_size_key_share); 297 s_a_off = buffer0_off; 298 buffer0_off += s_a_len; 299 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 300 buffer0 + buffer0_off, 301 buffer_length - buffer0_off, &s_x2s_pk_len)); 302 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 303 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 304 TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); 305 s_x2s_pk_off = buffer0_off; 306 buffer0_off += s_x2s_pk_len; 307 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 308 buffer0 + buffer0_off, 309 buffer_length - buffer0_off, &s_x2s_pr_len)); 310 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 311 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 312 TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); 313 s_x2s_pr_off = buffer0_off; 314 buffer0_off += s_x2s_pr_len; 315 316 if (client_input_first == 1) { 317 /* Client second round Input */ 318 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 319 buffer0 + s_a_off, s_a_len); 320 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 321 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 322 TEST_EQUAL(status, PSA_SUCCESS); 323 324 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 325 buffer0 + s_x2s_pk_off, 326 s_x2s_pk_len); 327 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 328 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 329 TEST_EQUAL(status, PSA_SUCCESS); 330 331 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 332 buffer0 + s_x2s_pr_off, 333 s_x2s_pr_len); 334 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 335 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 336 TEST_EQUAL(status, PSA_SUCCESS); 337 } 338 339 /* Client second round Output */ 340 buffer1_off = 0; 341 342 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 343 buffer1 + buffer1_off, 344 buffer_length - buffer1_off, &c_a_len)); 345 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 346 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 347 TEST_EQUAL(c_a_len, expected_size_key_share); 348 c_a_off = buffer1_off; 349 buffer1_off += c_a_len; 350 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 351 buffer1 + buffer1_off, 352 buffer_length - buffer1_off, &c_x2s_pk_len)); 353 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 354 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 355 TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); 356 c_x2s_pk_off = buffer1_off; 357 buffer1_off += c_x2s_pk_len; 358 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 359 buffer1 + buffer1_off, 360 buffer_length - buffer1_off, &c_x2s_pr_len)); 361 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 362 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 363 TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); 364 c_x2s_pr_off = buffer1_off; 365 buffer1_off += c_x2s_pr_len; 366 367 if (client_input_first == 0) { 368 /* Client second round Input */ 369 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 370 buffer0 + s_a_off, s_a_len); 371 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 372 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 373 TEST_EQUAL(status, PSA_SUCCESS); 374 375 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 376 buffer0 + s_x2s_pk_off, 377 s_x2s_pk_len); 378 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 379 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 380 TEST_EQUAL(status, PSA_SUCCESS); 381 382 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 383 buffer0 + s_x2s_pr_off, 384 s_x2s_pr_len); 385 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 386 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 387 TEST_EQUAL(status, PSA_SUCCESS); 388 } 389 390 /* Server second round Input */ 391 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 392 buffer1 + c_a_off, c_a_len); 393 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 394 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 395 TEST_EQUAL(status, PSA_SUCCESS); 396 397 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 398 buffer1 + c_x2s_pk_off, c_x2s_pk_len); 399 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 400 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 401 TEST_EQUAL(status, PSA_SUCCESS); 402 403 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 404 buffer1 + c_x2s_pr_off, c_x2s_pr_len); 405 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 406 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 407 TEST_EQUAL(status, PSA_SUCCESS); 408 409 break; 410 } 411 412exit: 413 mbedtls_free(buffer0); 414 mbedtls_free(buffer1); 415} 416#endif /* PSA_WANT_ALG_JPAKE */ 417 418#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) 419/* Sanity checks on the output of RSA encryption. 420 * 421 * \param modulus Key modulus. Must not have leading zeros. 422 * \param private_exponent Key private exponent. 423 * \param alg An RSA algorithm. 424 * \param input_data The input plaintext. 425 * \param buf The ciphertext produced by the driver. 426 * \param length Length of \p buf in bytes. 427 */ 428static int sanity_check_rsa_encryption_result( 429 psa_algorithm_t alg, 430 const data_t *modulus, const data_t *private_exponent, 431 const data_t *input_data, 432 uint8_t *buf, size_t length) 433{ 434#if defined(MBEDTLS_BIGNUM_C) 435 mbedtls_mpi N, D, C, X; 436 mbedtls_mpi_init(&N); 437 mbedtls_mpi_init(&D); 438 mbedtls_mpi_init(&C); 439 mbedtls_mpi_init(&X); 440#endif /* MBEDTLS_BIGNUM_C */ 441 442 int ok = 0; 443 444 TEST_ASSERT(length == modulus->len); 445 446#if defined(MBEDTLS_BIGNUM_C) 447 /* Perform the private key operation */ 448 TEST_ASSERT(mbedtls_mpi_read_binary(&N, modulus->x, modulus->len) == 0); 449 TEST_ASSERT(mbedtls_mpi_read_binary(&D, 450 private_exponent->x, 451 private_exponent->len) == 0); 452 TEST_ASSERT(mbedtls_mpi_read_binary(&C, buf, length) == 0); 453 TEST_ASSERT(mbedtls_mpi_exp_mod(&X, &C, &D, &N, NULL) == 0); 454 455 /* Sanity checks on the padded plaintext */ 456 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, length) == 0); 457 458 if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { 459 TEST_ASSERT(length > input_data->len + 2); 460 TEST_EQUAL(buf[0], 0x00); 461 TEST_EQUAL(buf[1], 0x02); 462 TEST_EQUAL(buf[length - input_data->len - 1], 0x00); 463 TEST_MEMORY_COMPARE(buf + length - input_data->len, input_data->len, 464 input_data->x, input_data->len); 465 } else if (PSA_ALG_IS_RSA_OAEP(alg)) { 466 TEST_EQUAL(buf[0], 0x00); 467 /* The rest is too hard to check */ 468 } else { 469 TEST_FAIL("Encryption result sanity check not implemented for RSA algorithm"); 470 } 471#endif /* MBEDTLS_BIGNUM_C */ 472 473 ok = 1; 474 475exit: 476#if defined(MBEDTLS_BIGNUM_C) 477 mbedtls_mpi_free(&N); 478 mbedtls_mpi_free(&D); 479 mbedtls_mpi_free(&C); 480 mbedtls_mpi_free(&X); 481#endif /* MBEDTLS_BIGNUM_C */ 482 return ok; 483} 484#endif 485/* END_HEADER */ 486 487/* BEGIN_DEPENDENCIES 488 * depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_CRYPTO_DRIVER_TEST 489 * END_DEPENDENCIES 490 */ 491 492/* BEGIN_CASE */ 493void builtin_key_id_stability() 494{ 495 /* If the range of built-in keys is reduced, it's an API break, since 496 * it breaks user code that hard-codes the key id of built-in keys. 497 * It's ok to expand this range, but not to shrink it. That is, you 498 * may make the MIN smaller or the MAX larger at any time, but 499 * making the MIN larger or the MAX smaller can only be done in 500 * a new major version of the library. 501 */ 502 TEST_EQUAL(MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, 0x7fff0000); 503 TEST_EQUAL(MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, 0x7fffefff); 504} 505/* END_CASE */ 506 507/* BEGIN_CASE */ 508void sign_hash(int key_type_arg, 509 int alg_arg, 510 int force_status_arg, 511 data_t *key_input, 512 data_t *data_input, 513 data_t *expected_output, 514 int fake_output, 515 int expected_status_arg) 516{ 517 psa_status_t force_status = force_status_arg; 518 psa_status_t expected_status = expected_status_arg; 519 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 520 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 521 psa_algorithm_t alg = alg_arg; 522 size_t key_bits; 523 psa_key_type_t key_type = key_type_arg; 524 unsigned char *signature = NULL; 525 size_t signature_size; 526 size_t signature_length = 0xdeadbeef; 527 psa_status_t actual_status; 528 mbedtls_test_driver_signature_sign_hooks = 529 mbedtls_test_driver_signature_hooks_init(); 530 531 PSA_ASSERT(psa_crypto_init()); 532 psa_set_key_type(&attributes, 533 key_type); 534 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 535 psa_set_key_algorithm(&attributes, alg); 536 psa_import_key(&attributes, 537 key_input->x, key_input->len, 538 &key); 539 540 mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; 541 if (fake_output == 1) { 542 mbedtls_test_driver_signature_sign_hooks.forced_output = 543 expected_output->x; 544 mbedtls_test_driver_signature_sign_hooks.forced_output_length = 545 expected_output->len; 546 } 547 548 /* Allocate a buffer which has the size advertized by the 549 * library. */ 550 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 551 key_bits = psa_get_key_bits(&attributes); 552 signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 553 554 TEST_ASSERT(signature_size != 0); 555 TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); 556 TEST_CALLOC(signature, signature_size); 557 558 actual_status = psa_sign_hash(key, alg, 559 data_input->x, data_input->len, 560 signature, signature_size, 561 &signature_length); 562 TEST_EQUAL(actual_status, expected_status); 563 if (expected_status == PSA_SUCCESS) { 564 TEST_MEMORY_COMPARE(signature, signature_length, 565 expected_output->x, expected_output->len); 566 } 567 TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1); 568 569exit: 570 psa_reset_key_attributes(&attributes); 571 psa_destroy_key(key); 572 mbedtls_free(signature); 573 PSA_DONE(); 574 mbedtls_test_driver_signature_sign_hooks = 575 mbedtls_test_driver_signature_hooks_init(); 576} 577/* END_CASE */ 578 579/* BEGIN_CASE */ 580void verify_hash(int key_type_arg, 581 int key_type_public_arg, 582 int alg_arg, 583 int force_status_arg, 584 int register_public_key, 585 data_t *key_input, 586 data_t *data_input, 587 data_t *signature_input, 588 int expected_status_arg) 589{ 590 psa_status_t force_status = force_status_arg; 591 psa_status_t expected_status = expected_status_arg; 592 psa_algorithm_t alg = alg_arg; 593 psa_key_type_t key_type = key_type_arg; 594 psa_key_type_t key_type_public = key_type_public_arg; 595 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 596 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 597 psa_status_t actual_status; 598 mbedtls_test_driver_signature_verify_hooks = 599 mbedtls_test_driver_signature_hooks_init(); 600 601 PSA_ASSERT(psa_crypto_init()); 602 if (register_public_key) { 603 psa_set_key_type(&attributes, key_type_public); 604 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 605 psa_set_key_algorithm(&attributes, alg); 606 psa_import_key(&attributes, 607 key_input->x, key_input->len, 608 &key); 609 } else { 610 psa_set_key_type(&attributes, key_type); 611 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 612 psa_set_key_algorithm(&attributes, alg); 613 psa_import_key(&attributes, 614 key_input->x, key_input->len, 615 &key); 616 } 617 618 mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; 619 620 actual_status = psa_verify_hash(key, alg, 621 data_input->x, data_input->len, 622 signature_input->x, signature_input->len); 623 TEST_EQUAL(actual_status, expected_status); 624 TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 1); 625 626exit: 627 psa_reset_key_attributes(&attributes); 628 psa_destroy_key(key); 629 PSA_DONE(); 630 mbedtls_test_driver_signature_verify_hooks = 631 mbedtls_test_driver_signature_hooks_init(); 632} 633/* END_CASE */ 634 635/* BEGIN_CASE */ 636void sign_message(int key_type_arg, 637 int alg_arg, 638 int force_status_arg, 639 data_t *key_input, 640 data_t *data_input, 641 data_t *expected_output, 642 int fake_output, 643 int expected_status_arg) 644{ 645 psa_status_t force_status = force_status_arg; 646 psa_status_t expected_status = expected_status_arg; 647 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 648 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 649 psa_algorithm_t alg = alg_arg; 650 size_t key_bits; 651 psa_key_type_t key_type = key_type_arg; 652 unsigned char *signature = NULL; 653 size_t signature_size; 654 size_t signature_length = 0xdeadbeef; 655 psa_status_t actual_status; 656 mbedtls_test_driver_signature_sign_hooks = 657 mbedtls_test_driver_signature_hooks_init(); 658 659 PSA_ASSERT(psa_crypto_init()); 660 psa_set_key_type(&attributes, key_type); 661 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); 662 psa_set_key_algorithm(&attributes, alg); 663 psa_import_key(&attributes, 664 key_input->x, key_input->len, 665 &key); 666 667 mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; 668 if (fake_output == 1) { 669 mbedtls_test_driver_signature_sign_hooks.forced_output = 670 expected_output->x; 671 mbedtls_test_driver_signature_sign_hooks.forced_output_length = 672 expected_output->len; 673 } 674 675 /* Allocate a buffer which has the size advertized by the 676 * library. */ 677 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 678 key_bits = psa_get_key_bits(&attributes); 679 signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 680 681 TEST_ASSERT(signature_size != 0); 682 TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); 683 TEST_CALLOC(signature, signature_size); 684 685 actual_status = psa_sign_message(key, alg, 686 data_input->x, data_input->len, 687 signature, signature_size, 688 &signature_length); 689 TEST_EQUAL(actual_status, expected_status); 690 if (expected_status == PSA_SUCCESS) { 691 TEST_MEMORY_COMPARE(signature, signature_length, 692 expected_output->x, expected_output->len); 693 } 694 /* In the builtin algorithm the driver is called twice. */ 695 TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 696 force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); 697 698exit: 699 psa_reset_key_attributes(&attributes); 700 psa_destroy_key(key); 701 mbedtls_free(signature); 702 PSA_DONE(); 703 mbedtls_test_driver_signature_sign_hooks = 704 mbedtls_test_driver_signature_hooks_init(); 705} 706/* END_CASE */ 707 708/* BEGIN_CASE */ 709void verify_message(int key_type_arg, 710 int key_type_public_arg, 711 int alg_arg, 712 int force_status_arg, 713 int register_public_key, 714 data_t *key_input, 715 data_t *data_input, 716 data_t *signature_input, 717 int expected_status_arg) 718{ 719 psa_status_t force_status = force_status_arg; 720 psa_status_t expected_status = expected_status_arg; 721 psa_algorithm_t alg = alg_arg; 722 psa_key_type_t key_type = key_type_arg; 723 psa_key_type_t key_type_public = key_type_public_arg; 724 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 725 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 726 psa_status_t actual_status; 727 mbedtls_test_driver_signature_verify_hooks = 728 mbedtls_test_driver_signature_hooks_init(); 729 730 PSA_ASSERT(psa_crypto_init()); 731 if (register_public_key) { 732 psa_set_key_type(&attributes, key_type_public); 733 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 734 psa_set_key_algorithm(&attributes, alg); 735 psa_import_key(&attributes, 736 key_input->x, key_input->len, 737 &key); 738 } else { 739 psa_set_key_type(&attributes, key_type); 740 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 741 psa_set_key_algorithm(&attributes, alg); 742 psa_import_key(&attributes, 743 key_input->x, key_input->len, 744 &key); 745 } 746 747 mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; 748 749 actual_status = psa_verify_message(key, alg, 750 data_input->x, data_input->len, 751 signature_input->x, signature_input->len); 752 TEST_EQUAL(actual_status, expected_status); 753 /* In the builtin algorithm the driver is called twice. */ 754 TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 755 force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); 756 757exit: 758 psa_reset_key_attributes(&attributes); 759 psa_destroy_key(key); 760 PSA_DONE(); 761 mbedtls_test_driver_signature_verify_hooks = 762 mbedtls_test_driver_signature_hooks_init(); 763} 764/* END_CASE */ 765 766/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ 767void generate_ec_key(int force_status_arg, 768 data_t *fake_output, 769 int expected_status_arg) 770{ 771 psa_status_t force_status = force_status_arg; 772 psa_status_t expected_status = expected_status_arg; 773 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 774 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 775 psa_algorithm_t alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256); 776 const uint8_t *expected_output = NULL; 777 size_t expected_output_length = 0; 778 psa_status_t actual_status; 779 uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = { 0 }; 780 size_t actual_output_length; 781 mbedtls_test_driver_key_management_hooks = 782 mbedtls_test_driver_key_management_hooks_init(); 783 784 psa_set_key_type(&attributes, 785 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); 786 psa_set_key_bits(&attributes, 256); 787 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT); 788 psa_set_key_algorithm(&attributes, alg); 789 790 if (fake_output->len > 0) { 791 expected_output = 792 mbedtls_test_driver_key_management_hooks.forced_output = 793 fake_output->x; 794 795 expected_output_length = 796 mbedtls_test_driver_key_management_hooks.forced_output_length = 797 fake_output->len; 798 } 799 800 PSA_ASSERT(psa_crypto_init()); 801 802 mbedtls_test_driver_key_management_hooks.hits = 0; 803 mbedtls_test_driver_key_management_hooks.hits_generate_key = 0; 804 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 805 806 actual_status = psa_generate_key(&attributes, &key); 807 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_generate_key, 1); 808 TEST_EQUAL(actual_status, expected_status); 809 810 if (actual_status == PSA_SUCCESS) { 811 psa_export_key(key, actual_output, sizeof(actual_output), &actual_output_length); 812 813 if (fake_output->len > 0) { 814 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 815 expected_output, expected_output_length); 816 } else { 817 size_t zeroes = 0; 818 for (size_t i = 0; i < sizeof(actual_output); i++) { 819 if (actual_output[i] == 0) { 820 zeroes++; 821 } 822 } 823 TEST_ASSERT(zeroes != sizeof(actual_output)); 824 } 825 } 826exit: 827 psa_reset_key_attributes(&attributes); 828 psa_destroy_key(key); 829 PSA_DONE(); 830 mbedtls_test_driver_key_management_hooks = 831 mbedtls_test_driver_key_management_hooks_init(); 832} 833/* END_CASE */ 834 835/* BEGIN_CASE */ 836void validate_key(int force_status_arg, 837 int location, 838 int owner_id_arg, 839 int id_arg, 840 int key_type_arg, 841 data_t *key_input, 842 int expected_status_arg) 843{ 844 psa_key_lifetime_t lifetime = 845 PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ 846 PSA_KEY_PERSISTENCE_DEFAULT, location); 847 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg); 848 psa_status_t force_status = force_status_arg; 849 psa_status_t expected_status = expected_status_arg; 850 psa_key_type_t key_type = key_type_arg; 851 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 852 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 853 psa_status_t actual_status; 854 mbedtls_test_driver_key_management_hooks = 855 mbedtls_test_driver_key_management_hooks_init(); 856 857 psa_set_key_id(&attributes, id); 858 psa_set_key_type(&attributes, 859 key_type); 860 psa_set_key_lifetime(&attributes, lifetime); 861 psa_set_key_bits(&attributes, 0); 862 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 863 864 PSA_ASSERT(psa_crypto_init()); 865 866 mbedtls_test_driver_key_management_hooks.hits = 0; 867 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 868 actual_status = psa_import_key(&attributes, key_input->x, key_input->len, &key); 869 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); 870 TEST_EQUAL(actual_status, expected_status); 871 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.location, location); 872exit: 873 psa_reset_key_attributes(&attributes); 874 psa_destroy_key(key); 875 PSA_DONE(); 876 mbedtls_test_driver_key_management_hooks = 877 mbedtls_test_driver_key_management_hooks_init(); 878} 879/* END_CASE */ 880 881/* BEGIN_CASE */ 882void export_key(int force_status_arg, 883 data_t *fake_output, 884 int key_in_type_arg, 885 data_t *key_in, 886 int key_out_type_arg, 887 data_t *expected_output, 888 int expected_status_arg) 889{ 890 psa_status_t force_status = force_status_arg; 891 psa_status_t expected_status = expected_status_arg; 892 psa_key_handle_t handle = 0; 893 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 894 psa_key_type_t input_key_type = key_in_type_arg; 895 psa_key_type_t output_key_type = key_out_type_arg; 896 const uint8_t *expected_output_ptr = NULL; 897 size_t expected_output_length = 0; 898 psa_status_t actual_status; 899 uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = { 0 }; 900 size_t actual_output_length; 901 mbedtls_test_driver_key_management_hooks = 902 mbedtls_test_driver_key_management_hooks_init(); 903 904 psa_set_key_type(&attributes, input_key_type); 905 psa_set_key_bits(&attributes, 256); 906 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 907 908 PSA_ASSERT(psa_crypto_init()); 909 PSA_ASSERT(psa_import_key(&attributes, key_in->x, key_in->len, &handle)); 910 911 if (fake_output->len > 0) { 912 expected_output_ptr = 913 mbedtls_test_driver_key_management_hooks.forced_output = 914 fake_output->x; 915 916 expected_output_length = 917 mbedtls_test_driver_key_management_hooks.forced_output_length = 918 fake_output->len; 919 } else { 920 expected_output_ptr = expected_output->x; 921 expected_output_length = expected_output->len; 922 } 923 924 mbedtls_test_driver_key_management_hooks.hits = 0; 925 mbedtls_test_driver_key_management_hooks.hits_export_public_key = 0; 926 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 927 928 if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { 929 actual_status = psa_export_public_key(handle, 930 actual_output, 931 sizeof(actual_output), 932 &actual_output_length); 933 } else { 934 actual_status = psa_export_key(handle, 935 actual_output, 936 sizeof(actual_output), 937 &actual_output_length); 938 } 939 TEST_EQUAL(actual_status, expected_status); 940 941 if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && 942 !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { 943 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_export_public_key, 1); 944 } 945 946 if (actual_status == PSA_SUCCESS) { 947 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 948 expected_output_ptr, expected_output_length); 949 } 950exit: 951 psa_reset_key_attributes(&attributes); 952 psa_destroy_key(handle); 953 PSA_DONE(); 954 mbedtls_test_driver_key_management_hooks = 955 mbedtls_test_driver_key_management_hooks_init(); 956} 957/* END_CASE */ 958 959/* BEGIN_CASE */ 960void key_agreement(int alg_arg, 961 int force_status_arg, 962 int our_key_type_arg, 963 data_t *our_key_data, 964 data_t *peer_key_data, 965 data_t *expected_output, 966 data_t *fake_output, 967 int expected_status_arg) 968{ 969 psa_status_t force_status = force_status_arg; 970 psa_status_t expected_status = expected_status_arg; 971 psa_algorithm_t alg = alg_arg; 972 psa_key_type_t our_key_type = our_key_type_arg; 973 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 974 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 975 const uint8_t *expected_output_ptr = NULL; 976 size_t expected_output_length = 0; 977 unsigned char *actual_output = NULL; 978 size_t actual_output_length = ~0; 979 size_t key_bits; 980 psa_status_t actual_status; 981 mbedtls_test_driver_key_agreement_hooks = 982 mbedtls_test_driver_key_agreement_hooks_init(); 983 984 PSA_ASSERT(psa_crypto_init()); 985 986 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 987 psa_set_key_algorithm(&attributes, alg); 988 psa_set_key_type(&attributes, our_key_type); 989 PSA_ASSERT(psa_import_key(&attributes, 990 our_key_data->x, our_key_data->len, 991 &our_key)); 992 993 PSA_ASSERT(psa_get_key_attributes(our_key, &attributes)); 994 key_bits = psa_get_key_bits(&attributes); 995 996 TEST_LE_U(expected_output->len, 997 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits)); 998 TEST_LE_U(PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits), 999 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); 1000 1001 if (fake_output->len > 0) { 1002 expected_output_ptr = 1003 mbedtls_test_driver_key_agreement_hooks.forced_output = 1004 fake_output->x; 1005 1006 expected_output_length = 1007 mbedtls_test_driver_key_agreement_hooks.forced_output_length = 1008 fake_output->len; 1009 } else { 1010 expected_output_ptr = expected_output->x; 1011 expected_output_length = expected_output->len; 1012 } 1013 1014 mbedtls_test_driver_key_agreement_hooks.hits = 0; 1015 mbedtls_test_driver_key_agreement_hooks.forced_status = force_status; 1016 1017 TEST_CALLOC(actual_output, expected_output->len); 1018 actual_status = psa_raw_key_agreement(alg, our_key, 1019 peer_key_data->x, peer_key_data->len, 1020 actual_output, expected_output->len, 1021 &actual_output_length); 1022 TEST_EQUAL(actual_status, expected_status); 1023 TEST_EQUAL(mbedtls_test_driver_key_agreement_hooks.hits, 1); 1024 1025 if (actual_status == PSA_SUCCESS) { 1026 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 1027 expected_output_ptr, expected_output_length); 1028 } 1029 mbedtls_free(actual_output); 1030 actual_output = NULL; 1031 actual_output_length = ~0; 1032 1033exit: 1034 psa_reset_key_attributes(&attributes); 1035 psa_destroy_key(our_key); 1036 PSA_DONE(); 1037 mbedtls_test_driver_key_agreement_hooks = 1038 mbedtls_test_driver_key_agreement_hooks_init(); 1039} 1040 1041/* END_CASE */ 1042 1043/* BEGIN_CASE */ 1044void cipher_encrypt_validation(int alg_arg, 1045 int key_type_arg, 1046 data_t *key_data, 1047 data_t *input) 1048{ 1049 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1050 psa_key_type_t key_type = key_type_arg; 1051 psa_algorithm_t alg = alg_arg; 1052 size_t iv_size = PSA_CIPHER_IV_LENGTH(key_type, alg); 1053 unsigned char *output1 = NULL; 1054 size_t output1_buffer_size = 0; 1055 size_t output1_length = 0; 1056 unsigned char *output2 = NULL; 1057 size_t output2_buffer_size = 0; 1058 size_t output2_length = 0; 1059 size_t function_output_length = 0; 1060 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1061 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1062 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1063 1064 PSA_ASSERT(psa_crypto_init()); 1065 1066 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1067 psa_set_key_algorithm(&attributes, alg); 1068 psa_set_key_type(&attributes, key_type); 1069 1070 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); 1071 output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + 1072 PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); 1073 TEST_CALLOC(output1, output1_buffer_size); 1074 TEST_CALLOC(output2, output2_buffer_size); 1075 1076 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1077 &key)); 1078 1079 mbedtls_test_driver_cipher_hooks.hits = 0; 1080 mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; 1081 PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, 1082 output1_buffer_size, &output1_length)); 1083 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); 1084 mbedtls_test_driver_cipher_hooks.hits = 0; 1085 1086 PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 1087 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1088 mbedtls_test_driver_cipher_hooks.hits = 0; 1089 1090 PSA_ASSERT(psa_cipher_set_iv(&operation, output1, iv_size)); 1091 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1092 mbedtls_test_driver_cipher_hooks.hits = 0; 1093 1094 PSA_ASSERT(psa_cipher_update(&operation, 1095 input->x, input->len, 1096 output2, output2_buffer_size, 1097 &function_output_length)); 1098 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1099 mbedtls_test_driver_cipher_hooks.hits = 0; 1100 1101 output2_length += function_output_length; 1102 PSA_ASSERT(psa_cipher_finish(&operation, 1103 output2 + output2_length, 1104 output2_buffer_size - output2_length, 1105 &function_output_length)); 1106 /* Finish will have called abort as well, so expecting two hits here */ 1107 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1108 mbedtls_test_driver_cipher_hooks.hits = 0; 1109 1110 output2_length += function_output_length; 1111 1112 PSA_ASSERT(psa_cipher_abort(&operation)); 1113 // driver function should've been called as part of the finish() core routine 1114 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1115 TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size, 1116 output2, output2_length); 1117 1118exit: 1119 psa_cipher_abort(&operation); 1120 mbedtls_free(output1); 1121 mbedtls_free(output2); 1122 psa_destroy_key(key); 1123 PSA_DONE(); 1124 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1125} 1126/* END_CASE */ 1127 1128/* BEGIN_CASE */ 1129void cipher_encrypt_multipart(int alg_arg, 1130 int key_type_arg, 1131 data_t *key_data, 1132 data_t *iv, 1133 data_t *input, 1134 int first_part_size_arg, 1135 int output1_length_arg, 1136 int output2_length_arg, 1137 data_t *expected_output, 1138 int mock_output_arg, 1139 int force_status_arg, 1140 int expected_status_arg) 1141{ 1142 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1143 psa_key_type_t key_type = key_type_arg; 1144 psa_algorithm_t alg = alg_arg; 1145 psa_status_t status; 1146 psa_status_t expected_status = expected_status_arg; 1147 psa_status_t force_status = force_status_arg; 1148 size_t first_part_size = first_part_size_arg; 1149 size_t output1_length = output1_length_arg; 1150 size_t output2_length = output2_length_arg; 1151 unsigned char *output = NULL; 1152 size_t output_buffer_size = 0; 1153 size_t function_output_length = 0; 1154 size_t total_output_length = 0; 1155 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1156 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1157 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1158 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1159 1160 /* Test operation initialization */ 1161 mbedtls_psa_cipher_operation_t mbedtls_operation = 1162 MBEDTLS_PSA_CIPHER_OPERATION_INIT; 1163 1164 mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = 1165 MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; 1166 1167 mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = 1168 MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; 1169 1170 operation.ctx.mbedtls_ctx = mbedtls_operation; 1171 operation.ctx.transparent_test_driver_ctx = transparent_operation; 1172 operation.ctx.opaque_test_driver_ctx = opaque_operation; 1173 1174 PSA_ASSERT(psa_crypto_init()); 1175 1176 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1177 psa_set_key_algorithm(&attributes, alg); 1178 psa_set_key_type(&attributes, key_type); 1179 1180 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1181 &key)); 1182 1183 mbedtls_test_driver_cipher_hooks.hits = 0; 1184 PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 1185 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1186 mbedtls_test_driver_cipher_hooks.hits = 0; 1187 1188 PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 1189 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1190 mbedtls_test_driver_cipher_hooks.hits = 0; 1191 1192 output_buffer_size = ((size_t) input->len + 1193 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); 1194 TEST_CALLOC(output, output_buffer_size); 1195 1196 if (mock_output_arg) { 1197 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1198 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1199 } 1200 1201 TEST_ASSERT(first_part_size <= input->len); 1202 PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size, 1203 output, output_buffer_size, 1204 &function_output_length)); 1205 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1206 mbedtls_test_driver_cipher_hooks.hits = 0; 1207 1208 TEST_ASSERT(function_output_length == output1_length); 1209 total_output_length += function_output_length; 1210 1211 if (first_part_size < input->len) { 1212 PSA_ASSERT(psa_cipher_update(&operation, 1213 input->x + first_part_size, 1214 input->len - first_part_size, 1215 output + total_output_length, 1216 output_buffer_size - total_output_length, 1217 &function_output_length)); 1218 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1219 mbedtls_test_driver_cipher_hooks.hits = 0; 1220 1221 TEST_ASSERT(function_output_length == output2_length); 1222 total_output_length += function_output_length; 1223 } 1224 1225 if (mock_output_arg) { 1226 mbedtls_test_driver_cipher_hooks.forced_output = NULL; 1227 mbedtls_test_driver_cipher_hooks.forced_output_length = 0; 1228 } 1229 1230 status = psa_cipher_finish(&operation, 1231 output + total_output_length, 1232 output_buffer_size - total_output_length, 1233 &function_output_length); 1234 /* Finish will have called abort as well, so expecting two hits here */ 1235 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); 1236 mbedtls_test_driver_cipher_hooks.hits = 0; 1237 total_output_length += function_output_length; 1238 TEST_EQUAL(status, expected_status); 1239 1240 if (expected_status == PSA_SUCCESS) { 1241 PSA_ASSERT(psa_cipher_abort(&operation)); 1242 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1243 1244 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1245 output, total_output_length); 1246 } 1247 1248exit: 1249 psa_cipher_abort(&operation); 1250 mbedtls_free(output); 1251 psa_destroy_key(key); 1252 PSA_DONE(); 1253 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1254} 1255/* END_CASE */ 1256 1257/* BEGIN_CASE */ 1258void cipher_decrypt_multipart(int alg_arg, 1259 int key_type_arg, 1260 data_t *key_data, 1261 data_t *iv, 1262 data_t *input, 1263 int first_part_size_arg, 1264 int output1_length_arg, 1265 int output2_length_arg, 1266 data_t *expected_output, 1267 int mock_output_arg, 1268 int force_status_arg, 1269 int expected_status_arg) 1270{ 1271 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1272 psa_key_type_t key_type = key_type_arg; 1273 psa_algorithm_t alg = alg_arg; 1274 psa_status_t status; 1275 psa_status_t expected_status = expected_status_arg; 1276 psa_status_t force_status = force_status_arg; 1277 size_t first_part_size = first_part_size_arg; 1278 size_t output1_length = output1_length_arg; 1279 size_t output2_length = output2_length_arg; 1280 unsigned char *output = NULL; 1281 size_t output_buffer_size = 0; 1282 size_t function_output_length = 0; 1283 size_t total_output_length = 0; 1284 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1285 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1286 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1287 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1288 1289 /* Test operation initialization */ 1290 mbedtls_psa_cipher_operation_t mbedtls_operation = 1291 MBEDTLS_PSA_CIPHER_OPERATION_INIT; 1292 1293 mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = 1294 MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; 1295 1296 mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = 1297 MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; 1298 1299 operation.ctx.mbedtls_ctx = mbedtls_operation; 1300 operation.ctx.transparent_test_driver_ctx = transparent_operation; 1301 operation.ctx.opaque_test_driver_ctx = opaque_operation; 1302 1303 PSA_ASSERT(psa_crypto_init()); 1304 1305 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1306 psa_set_key_algorithm(&attributes, alg); 1307 psa_set_key_type(&attributes, key_type); 1308 1309 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1310 &key)); 1311 1312 mbedtls_test_driver_cipher_hooks.hits = 0; 1313 PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); 1314 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1315 mbedtls_test_driver_cipher_hooks.hits = 0; 1316 1317 PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 1318 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1319 mbedtls_test_driver_cipher_hooks.hits = 0; 1320 1321 output_buffer_size = ((size_t) input->len + 1322 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); 1323 TEST_CALLOC(output, output_buffer_size); 1324 1325 if (mock_output_arg) { 1326 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1327 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1328 } 1329 1330 TEST_ASSERT(first_part_size <= input->len); 1331 PSA_ASSERT(psa_cipher_update(&operation, 1332 input->x, first_part_size, 1333 output, output_buffer_size, 1334 &function_output_length)); 1335 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1336 mbedtls_test_driver_cipher_hooks.hits = 0; 1337 1338 TEST_ASSERT(function_output_length == output1_length); 1339 total_output_length += function_output_length; 1340 1341 if (first_part_size < input->len) { 1342 PSA_ASSERT(psa_cipher_update(&operation, 1343 input->x + first_part_size, 1344 input->len - first_part_size, 1345 output + total_output_length, 1346 output_buffer_size - total_output_length, 1347 &function_output_length)); 1348 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1349 mbedtls_test_driver_cipher_hooks.hits = 0; 1350 1351 TEST_ASSERT(function_output_length == output2_length); 1352 total_output_length += function_output_length; 1353 } 1354 1355 if (mock_output_arg) { 1356 mbedtls_test_driver_cipher_hooks.forced_output = NULL; 1357 mbedtls_test_driver_cipher_hooks.forced_output_length = 0; 1358 } 1359 1360 status = psa_cipher_finish(&operation, 1361 output + total_output_length, 1362 output_buffer_size - total_output_length, 1363 &function_output_length); 1364 /* Finish will have called abort as well, so expecting two hits here */ 1365 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); 1366 mbedtls_test_driver_cipher_hooks.hits = 0; 1367 total_output_length += function_output_length; 1368 TEST_EQUAL(status, expected_status); 1369 1370 if (expected_status == PSA_SUCCESS) { 1371 PSA_ASSERT(psa_cipher_abort(&operation)); 1372 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1373 1374 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1375 output, total_output_length); 1376 } 1377 1378exit: 1379 psa_cipher_abort(&operation); 1380 mbedtls_free(output); 1381 psa_destroy_key(key); 1382 PSA_DONE(); 1383 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1384} 1385/* END_CASE */ 1386 1387/* BEGIN_CASE */ 1388void cipher_decrypt(int alg_arg, 1389 int key_type_arg, 1390 data_t *key_data, 1391 data_t *iv, 1392 data_t *input_arg, 1393 data_t *expected_output, 1394 int mock_output_arg, 1395 int force_status_arg, 1396 int expected_status_arg) 1397{ 1398 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1399 psa_status_t status; 1400 psa_key_type_t key_type = key_type_arg; 1401 psa_algorithm_t alg = alg_arg; 1402 psa_status_t expected_status = expected_status_arg; 1403 psa_status_t force_status = force_status_arg; 1404 unsigned char *input = NULL; 1405 size_t input_buffer_size = 0; 1406 unsigned char *output = NULL; 1407 size_t output_buffer_size = 0; 1408 size_t output_length = 0; 1409 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1410 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1411 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1412 1413 PSA_ASSERT(psa_crypto_init()); 1414 1415 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1416 psa_set_key_algorithm(&attributes, alg); 1417 psa_set_key_type(&attributes, key_type); 1418 1419 /* Allocate input buffer and copy the iv and the plaintext */ 1420 input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); 1421 if (input_buffer_size > 0) { 1422 TEST_CALLOC(input, input_buffer_size); 1423 memcpy(input, iv->x, iv->len); 1424 memcpy(input + iv->len, input_arg->x, input_arg->len); 1425 } 1426 1427 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); 1428 TEST_CALLOC(output, output_buffer_size); 1429 1430 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1431 &key)); 1432 1433 if (mock_output_arg) { 1434 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1435 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1436 } 1437 1438 mbedtls_test_driver_cipher_hooks.hits = 0; 1439 status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, 1440 output_buffer_size, &output_length); 1441 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1442 mbedtls_test_driver_cipher_hooks.hits = 0; 1443 1444 TEST_EQUAL(status, expected_status); 1445 1446 if (expected_status == PSA_SUCCESS) { 1447 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1448 output, output_length); 1449 } 1450 1451exit: 1452 mbedtls_free(input); 1453 mbedtls_free(output); 1454 psa_destroy_key(key); 1455 PSA_DONE(); 1456 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1457} 1458/* END_CASE */ 1459 1460/* BEGIN_CASE */ 1461void cipher_entry_points(int alg_arg, int key_type_arg, 1462 data_t *key_data, data_t *iv, 1463 data_t *input) 1464{ 1465 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1466 psa_status_t status; 1467 psa_key_type_t key_type = key_type_arg; 1468 psa_algorithm_t alg = alg_arg; 1469 unsigned char *output = NULL; 1470 size_t output_buffer_size = 0; 1471 size_t function_output_length = 0; 1472 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1473 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1474 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1475 1476 TEST_CALLOC(output, input->len + 16); 1477 output_buffer_size = input->len + 16; 1478 1479 PSA_ASSERT(psa_crypto_init()); 1480 1481 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 1482 psa_set_key_algorithm(&attributes, alg); 1483 psa_set_key_type(&attributes, key_type); 1484 1485 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1486 &key)); 1487 1488 /* 1489 * Test encrypt failure 1490 * First test that if we don't force a driver error, encryption is 1491 * successful, then force driver error. 1492 */ 1493 mbedtls_test_driver_cipher_hooks.hits = 0; 1494 mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; 1495 status = psa_cipher_encrypt( 1496 key, alg, input->x, input->len, 1497 output, output_buffer_size, &function_output_length); 1498 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); 1499 TEST_EQUAL(status, PSA_SUCCESS); 1500 mbedtls_test_driver_cipher_hooks.hits = 0; 1501 1502 mbedtls_test_driver_cipher_hooks.forced_status_encrypt = PSA_ERROR_GENERIC_ERROR; 1503 /* Set the output buffer in a given state. */ 1504 for (size_t i = 0; i < output_buffer_size; i++) { 1505 output[i] = 0xa5; 1506 } 1507 1508 mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; 1509 status = psa_cipher_encrypt( 1510 key, alg, input->x, input->len, 1511 output, output_buffer_size, &function_output_length); 1512 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); 1513 TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); 1514 1515 mbedtls_test_driver_cipher_hooks.hits = 0; 1516 1517 /* Test setup call, encrypt */ 1518 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1519 status = psa_cipher_encrypt_setup(&operation, key, alg); 1520 /* When setup fails, it shouldn't call any further entry points */ 1521 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1522 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1523 mbedtls_test_driver_cipher_hooks.hits = 0; 1524 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1525 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1526 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1527 1528 /* Test setup call failure, decrypt */ 1529 status = psa_cipher_decrypt_setup(&operation, key, alg); 1530 /* When setup fails, it shouldn't call any further entry points */ 1531 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1532 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1533 mbedtls_test_driver_cipher_hooks.hits = 0; 1534 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1535 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1536 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1537 1538 /* Test IV setting failure */ 1539 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1540 status = psa_cipher_encrypt_setup(&operation, key, alg); 1541 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1542 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1543 mbedtls_test_driver_cipher_hooks.hits = 0; 1544 1545 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1546 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1547 /* When setting the IV fails, it should call abort too */ 1548 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1549 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1550 /* Failure should prevent further operations from executing on the driver */ 1551 mbedtls_test_driver_cipher_hooks.hits = 0; 1552 status = psa_cipher_update(&operation, 1553 input->x, input->len, 1554 output, output_buffer_size, 1555 &function_output_length); 1556 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1557 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1558 psa_cipher_abort(&operation); 1559 1560 /* Test IV generation failure */ 1561 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1562 status = psa_cipher_encrypt_setup(&operation, key, alg); 1563 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1564 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1565 mbedtls_test_driver_cipher_hooks.hits = 0; 1566 mbedtls_test_driver_cipher_hooks.hits_set_iv = 0; 1567 1568 mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_ERROR_GENERIC_ERROR; 1569 /* Set the output buffer in a given state. */ 1570 for (size_t i = 0; i < 16; i++) { 1571 output[i] = 0xa5; 1572 } 1573 1574 status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length); 1575 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_set_iv, 1); 1576 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status_set_iv); 1577 mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_SUCCESS; 1578 /* Failure should prevent further operations from executing on the driver */ 1579 mbedtls_test_driver_cipher_hooks.hits = 0; 1580 status = psa_cipher_update(&operation, 1581 input->x, input->len, 1582 output, output_buffer_size, 1583 &function_output_length); 1584 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1585 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1586 psa_cipher_abort(&operation); 1587 1588 /* Test update failure */ 1589 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1590 status = psa_cipher_encrypt_setup(&operation, key, alg); 1591 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1592 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1593 mbedtls_test_driver_cipher_hooks.hits = 0; 1594 1595 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1596 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1597 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1598 mbedtls_test_driver_cipher_hooks.hits = 0; 1599 1600 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1601 status = psa_cipher_update(&operation, 1602 input->x, input->len, 1603 output, output_buffer_size, 1604 &function_output_length); 1605 /* When the update call fails, it should call abort too */ 1606 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1607 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1608 /* Failure should prevent further operations from executing on the driver */ 1609 mbedtls_test_driver_cipher_hooks.hits = 0; 1610 status = psa_cipher_update(&operation, 1611 input->x, input->len, 1612 output, output_buffer_size, 1613 &function_output_length); 1614 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1615 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1616 psa_cipher_abort(&operation); 1617 1618 /* Test finish failure */ 1619 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1620 status = psa_cipher_encrypt_setup(&operation, key, alg); 1621 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1622 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1623 mbedtls_test_driver_cipher_hooks.hits = 0; 1624 1625 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1626 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1627 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1628 mbedtls_test_driver_cipher_hooks.hits = 0; 1629 1630 status = psa_cipher_update(&operation, 1631 input->x, input->len, 1632 output, output_buffer_size, 1633 &function_output_length); 1634 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1635 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1636 mbedtls_test_driver_cipher_hooks.hits = 0; 1637 1638 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1639 status = psa_cipher_finish(&operation, 1640 output + function_output_length, 1641 output_buffer_size - function_output_length, 1642 &function_output_length); 1643 /* When the finish call fails, it should call abort too */ 1644 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1645 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1646 /* Failure should prevent further operations from executing on the driver */ 1647 mbedtls_test_driver_cipher_hooks.hits = 0; 1648 status = psa_cipher_update(&operation, 1649 input->x, input->len, 1650 output, output_buffer_size, 1651 &function_output_length); 1652 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1653 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1654 psa_cipher_abort(&operation); 1655 1656exit: 1657 psa_cipher_abort(&operation); 1658 mbedtls_free(output); 1659 psa_destroy_key(key); 1660 PSA_DONE(); 1661 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1662} 1663/* END_CASE */ 1664 1665/* BEGIN_CASE */ 1666void aead_encrypt(int key_type_arg, data_t *key_data, 1667 int alg_arg, 1668 data_t *nonce, 1669 data_t *additional_data, 1670 data_t *input_data, 1671 data_t *expected_result, 1672 int forced_status_arg) 1673{ 1674 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1675 psa_key_type_t key_type = key_type_arg; 1676 psa_algorithm_t alg = alg_arg; 1677 size_t key_bits; 1678 psa_status_t forced_status = forced_status_arg; 1679 unsigned char *output_data = NULL; 1680 size_t output_size = 0; 1681 size_t output_length = 0; 1682 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1683 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1684 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1685 1686 PSA_ASSERT(psa_crypto_init()); 1687 1688 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1689 psa_set_key_algorithm(&attributes, alg); 1690 psa_set_key_type(&attributes, key_type); 1691 1692 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1693 &key)); 1694 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1695 key_bits = psa_get_key_bits(&attributes); 1696 1697 output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 1698 alg); 1699 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 1700 * should be exact. */ 1701 TEST_EQUAL(output_size, 1702 PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 1703 TEST_ASSERT(output_size <= 1704 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 1705 TEST_CALLOC(output_data, output_size); 1706 1707 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 1708 status = psa_aead_encrypt(key, alg, 1709 nonce->x, nonce->len, 1710 additional_data->x, additional_data->len, 1711 input_data->x, input_data->len, 1712 output_data, output_size, 1713 &output_length); 1714 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt, 1); 1715 TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); 1716 1717 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 1718 PSA_SUCCESS : forced_status); 1719 1720 if (status == PSA_SUCCESS) { 1721 TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, 1722 output_data, output_length); 1723 } 1724 1725exit: 1726 psa_destroy_key(key); 1727 mbedtls_free(output_data); 1728 PSA_DONE(); 1729 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1730} 1731/* END_CASE */ 1732 1733/* BEGIN_CASE */ 1734void aead_decrypt(int key_type_arg, data_t *key_data, 1735 int alg_arg, 1736 data_t *nonce, 1737 data_t *additional_data, 1738 data_t *input_data, 1739 data_t *expected_data, 1740 int forced_status_arg) 1741{ 1742 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1743 psa_key_type_t key_type = key_type_arg; 1744 psa_algorithm_t alg = alg_arg; 1745 size_t key_bits; 1746 psa_status_t forced_status = forced_status_arg; 1747 unsigned char *output_data = NULL; 1748 size_t output_size = 0; 1749 size_t output_length = 0; 1750 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1751 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1752 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1753 1754 PSA_ASSERT(psa_crypto_init()); 1755 1756 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1757 psa_set_key_algorithm(&attributes, alg); 1758 psa_set_key_type(&attributes, key_type); 1759 1760 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1761 &key)); 1762 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1763 key_bits = psa_get_key_bits(&attributes); 1764 1765 output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits, 1766 alg); 1767 TEST_CALLOC(output_data, output_size); 1768 1769 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 1770 status = psa_aead_decrypt(key, alg, 1771 nonce->x, nonce->len, 1772 additional_data->x, 1773 additional_data->len, 1774 input_data->x, input_data->len, 1775 output_data, output_size, 1776 &output_length); 1777 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt, 1); 1778 TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); 1779 1780 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 1781 PSA_SUCCESS : forced_status); 1782 1783 if (status == PSA_SUCCESS) { 1784 TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, 1785 output_data, output_length); 1786 } 1787 1788exit: 1789 psa_destroy_key(key); 1790 mbedtls_free(output_data); 1791 PSA_DONE(); 1792 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1793} 1794/* END_CASE */ 1795 1796/* BEGIN_CASE */ 1797void mac_sign(int key_type_arg, 1798 data_t *key_data, 1799 int alg_arg, 1800 data_t *input, 1801 data_t *expected_mac, 1802 int forced_status_arg) 1803{ 1804 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1805 psa_key_type_t key_type = key_type_arg; 1806 psa_algorithm_t alg = alg_arg; 1807 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1808 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1809 uint8_t *actual_mac = NULL; 1810 size_t mac_buffer_size = 1811 PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 1812 size_t mac_length = 0; 1813 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1814 psa_status_t forced_status = forced_status_arg; 1815 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1816 1817 TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); 1818 /* We expect PSA_MAC_LENGTH to be exact. */ 1819 TEST_ASSERT(expected_mac->len == mac_buffer_size); 1820 1821 PSA_ASSERT(psa_crypto_init()); 1822 1823 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 1824 psa_set_key_algorithm(&attributes, alg); 1825 psa_set_key_type(&attributes, key_type); 1826 1827 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1828 &key)); 1829 1830 TEST_CALLOC(actual_mac, mac_buffer_size); 1831 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 1832 1833 /* 1834 * Calculate the MAC, one-shot case. 1835 */ 1836 status = psa_mac_compute(key, alg, 1837 input->x, input->len, 1838 actual_mac, mac_buffer_size, 1839 &mac_length); 1840 1841 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1842 if (forced_status == PSA_SUCCESS || 1843 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1844 PSA_ASSERT(status); 1845 } else { 1846 TEST_EQUAL(forced_status, status); 1847 } 1848 1849 PSA_ASSERT(psa_mac_abort(&operation)); 1850 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1851 1852 if (forced_status == PSA_SUCCESS) { 1853 TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, 1854 actual_mac, mac_length); 1855 } 1856 1857 mbedtls_free(actual_mac); 1858 actual_mac = NULL; 1859 1860exit: 1861 psa_mac_abort(&operation); 1862 psa_destroy_key(key); 1863 PSA_DONE(); 1864 mbedtls_free(actual_mac); 1865 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1866} 1867/* END_CASE */ 1868 1869/* BEGIN_CASE */ 1870void mac_sign_multipart(int key_type_arg, 1871 data_t *key_data, 1872 int alg_arg, 1873 data_t *input, 1874 data_t *expected_mac, 1875 int fragments_count, 1876 int forced_status_arg) 1877{ 1878 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1879 psa_key_type_t key_type = key_type_arg; 1880 psa_algorithm_t alg = alg_arg; 1881 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1882 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1883 uint8_t *actual_mac = NULL; 1884 size_t mac_buffer_size = 1885 PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 1886 size_t mac_length = 0; 1887 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1888 psa_status_t forced_status = forced_status_arg; 1889 uint8_t *input_x = input->x; 1890 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1891 1892 TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); 1893 /* We expect PSA_MAC_LENGTH to be exact. */ 1894 TEST_ASSERT(expected_mac->len == mac_buffer_size); 1895 1896 PSA_ASSERT(psa_crypto_init()); 1897 1898 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 1899 psa_set_key_algorithm(&attributes, alg); 1900 psa_set_key_type(&attributes, key_type); 1901 1902 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1903 &key)); 1904 1905 TEST_CALLOC(actual_mac, mac_buffer_size); 1906 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 1907 1908 /* 1909 * Calculate the MAC, multipart case. 1910 */ 1911 status = psa_mac_sign_setup(&operation, key, alg); 1912 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1913 1914 if (forced_status == PSA_SUCCESS || 1915 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1916 PSA_ASSERT(status); 1917 } else { 1918 TEST_EQUAL(forced_status, status); 1919 } 1920 1921 if (fragments_count) { 1922 TEST_ASSERT((input->len / fragments_count) > 0); 1923 } 1924 1925 for (int i = 0; i < fragments_count; i++) { 1926 int fragment_size = input->len / fragments_count; 1927 if (i == fragments_count - 1) { 1928 fragment_size += (input->len % fragments_count); 1929 } 1930 1931 status = psa_mac_update(&operation, 1932 input_x, fragment_size); 1933 if (forced_status == PSA_SUCCESS) { 1934 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); 1935 } else { 1936 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1937 } 1938 if (forced_status == PSA_SUCCESS || 1939 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1940 PSA_ASSERT(status); 1941 } else { 1942 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 1943 } 1944 input_x += fragment_size; 1945 } 1946 1947 status = psa_mac_sign_finish(&operation, 1948 actual_mac, mac_buffer_size, 1949 &mac_length); 1950 if (forced_status == PSA_SUCCESS) { 1951 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 1952 } else { 1953 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1954 } 1955 1956 if (forced_status == PSA_SUCCESS || 1957 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1958 PSA_ASSERT(status); 1959 } else { 1960 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 1961 } 1962 1963 PSA_ASSERT(psa_mac_abort(&operation)); 1964 if (forced_status == PSA_SUCCESS) { 1965 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 1966 } else { 1967 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1968 } 1969 1970 if (forced_status == PSA_SUCCESS) { 1971 TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, 1972 actual_mac, mac_length); 1973 } 1974 1975 mbedtls_free(actual_mac); 1976 actual_mac = NULL; 1977 1978exit: 1979 psa_mac_abort(&operation); 1980 psa_destroy_key(key); 1981 PSA_DONE(); 1982 mbedtls_free(actual_mac); 1983 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1984} 1985/* END_CASE */ 1986 1987/* BEGIN_CASE */ 1988void mac_verify(int key_type_arg, 1989 data_t *key_data, 1990 int alg_arg, 1991 data_t *input, 1992 data_t *expected_mac, 1993 int forced_status_arg) 1994{ 1995 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1996 psa_key_type_t key_type = key_type_arg; 1997 psa_algorithm_t alg = alg_arg; 1998 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1999 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2000 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2001 psa_status_t forced_status = forced_status_arg; 2002 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2003 2004 TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); 2005 2006 PSA_ASSERT(psa_crypto_init()); 2007 2008 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 2009 psa_set_key_algorithm(&attributes, alg); 2010 psa_set_key_type(&attributes, key_type); 2011 2012 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2013 &key)); 2014 2015 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 2016 2017 /* 2018 * Verify the MAC, one-shot case. 2019 */ 2020 status = psa_mac_verify(key, alg, 2021 input->x, input->len, 2022 expected_mac->x, expected_mac->len); 2023 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2024 if (forced_status == PSA_SUCCESS || 2025 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2026 PSA_ASSERT(status); 2027 } else { 2028 TEST_EQUAL(forced_status, status); 2029 } 2030 2031 PSA_ASSERT(psa_mac_abort(&operation)); 2032 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2033exit: 2034 psa_mac_abort(&operation); 2035 psa_destroy_key(key); 2036 PSA_DONE(); 2037 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2038} 2039/* END_CASE */ 2040 2041/* BEGIN_CASE */ 2042void mac_verify_multipart(int key_type_arg, 2043 data_t *key_data, 2044 int alg_arg, 2045 data_t *input, 2046 data_t *expected_mac, 2047 int fragments_count, 2048 int forced_status_arg) 2049{ 2050 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2051 psa_key_type_t key_type = key_type_arg; 2052 psa_algorithm_t alg = alg_arg; 2053 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2054 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2055 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2056 psa_status_t forced_status = forced_status_arg; 2057 uint8_t *input_x = input->x; 2058 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2059 2060 TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); 2061 2062 PSA_ASSERT(psa_crypto_init()); 2063 2064 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 2065 psa_set_key_algorithm(&attributes, alg); 2066 psa_set_key_type(&attributes, key_type); 2067 2068 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2069 &key)); 2070 2071 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 2072 2073 /* 2074 * Verify the MAC, multi-part case. 2075 */ 2076 status = psa_mac_verify_setup(&operation, key, alg); 2077 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2078 2079 if (forced_status == PSA_SUCCESS || 2080 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2081 PSA_ASSERT(status); 2082 } else { 2083 TEST_EQUAL(forced_status, status); 2084 } 2085 2086 if (fragments_count) { 2087 TEST_ASSERT((input->len / fragments_count) > 0); 2088 } 2089 2090 for (int i = 0; i < fragments_count; i++) { 2091 int fragment_size = input->len / fragments_count; 2092 if (i == fragments_count - 1) { 2093 fragment_size += (input->len % fragments_count); 2094 } 2095 2096 status = psa_mac_update(&operation, 2097 input_x, fragment_size); 2098 if (forced_status == PSA_SUCCESS) { 2099 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); 2100 } else { 2101 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2102 } 2103 2104 if (forced_status == PSA_SUCCESS || 2105 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2106 PSA_ASSERT(status); 2107 } else { 2108 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 2109 } 2110 input_x += fragment_size; 2111 } 2112 2113 status = psa_mac_verify_finish(&operation, 2114 expected_mac->x, 2115 expected_mac->len); 2116 if (forced_status == PSA_SUCCESS) { 2117 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 2118 } else { 2119 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2120 } 2121 2122 if (forced_status == PSA_SUCCESS || 2123 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2124 PSA_ASSERT(status); 2125 } else { 2126 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 2127 } 2128 2129 2130 PSA_ASSERT(psa_mac_abort(&operation)); 2131 if (forced_status == PSA_SUCCESS) { 2132 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 2133 } else { 2134 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2135 } 2136 2137exit: 2138 psa_mac_abort(&operation); 2139 psa_destroy_key(key); 2140 PSA_DONE(); 2141 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2142} 2143/* END_CASE */ 2144 2145/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 2146void builtin_key_export(int builtin_key_id_arg, 2147 int builtin_key_type_arg, 2148 int builtin_key_bits_arg, 2149 int builtin_key_algorithm_arg, 2150 data_t *expected_output, 2151 int expected_status_arg) 2152{ 2153 psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; 2154 psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; 2155 psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; 2156 size_t builtin_key_bits = (size_t) builtin_key_bits_arg; 2157 psa_status_t expected_status = expected_status_arg; 2158 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2159 2160 mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); 2161 uint8_t *output_buffer = NULL; 2162 size_t output_size = 0; 2163 psa_status_t actual_status; 2164 2165 PSA_ASSERT(psa_crypto_init()); 2166 TEST_CALLOC(output_buffer, expected_output->len); 2167 2168 actual_status = psa_export_key(key, output_buffer, expected_output->len, &output_size); 2169 2170 if (expected_status == PSA_SUCCESS) { 2171 PSA_ASSERT(actual_status); 2172 TEST_EQUAL(output_size, expected_output->len); 2173 TEST_MEMORY_COMPARE(output_buffer, output_size, 2174 expected_output->x, expected_output->len); 2175 2176 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2177 TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); 2178 TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); 2179 TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); 2180 } else { 2181 if (actual_status != expected_status) { 2182 fprintf(stderr, "Expected %d but got %d\n", expected_status, actual_status); 2183 } 2184 TEST_EQUAL(actual_status, expected_status); 2185 TEST_EQUAL(output_size, 0); 2186 } 2187 2188exit: 2189 mbedtls_free(output_buffer); 2190 psa_reset_key_attributes(&attributes); 2191 psa_destroy_key(key); 2192 PSA_DONE(); 2193} 2194/* END_CASE */ 2195 2196/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 2197void builtin_pubkey_export(int builtin_key_id_arg, 2198 int builtin_key_type_arg, 2199 int builtin_key_bits_arg, 2200 int builtin_key_algorithm_arg, 2201 data_t *expected_output, 2202 int expected_status_arg) 2203{ 2204 psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; 2205 psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; 2206 psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; 2207 size_t builtin_key_bits = (size_t) builtin_key_bits_arg; 2208 psa_status_t expected_status = expected_status_arg; 2209 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2210 2211 mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); 2212 uint8_t *output_buffer = NULL; 2213 size_t output_size = 0; 2214 psa_status_t actual_status; 2215 2216 PSA_ASSERT(psa_crypto_init()); 2217 TEST_CALLOC(output_buffer, expected_output->len); 2218 2219 actual_status = psa_export_public_key(key, output_buffer, expected_output->len, &output_size); 2220 2221 if (expected_status == PSA_SUCCESS) { 2222 PSA_ASSERT(actual_status); 2223 TEST_EQUAL(output_size, expected_output->len); 2224 TEST_MEMORY_COMPARE(output_buffer, output_size, 2225 expected_output->x, expected_output->len); 2226 2227 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2228 TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); 2229 TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); 2230 TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); 2231 } else { 2232 TEST_EQUAL(actual_status, expected_status); 2233 TEST_EQUAL(output_size, 0); 2234 } 2235 2236exit: 2237 mbedtls_free(output_buffer); 2238 psa_reset_key_attributes(&attributes); 2239 psa_destroy_key(key); 2240 PSA_DONE(); 2241} 2242/* END_CASE */ 2243 2244/* BEGIN_CASE */ 2245void hash_compute(int alg_arg, 2246 data_t *input, data_t *hash, 2247 int forced_status_arg, 2248 int expected_status_arg) 2249{ 2250 psa_algorithm_t alg = alg_arg; 2251 psa_status_t forced_status = forced_status_arg; 2252 psa_status_t expected_status = expected_status_arg; 2253 unsigned char *output = NULL; 2254 size_t output_length; 2255 2256 2257 PSA_ASSERT(psa_crypto_init()); 2258 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2259 2260 /* Do this after psa_crypto_init() which may call hash drivers */ 2261 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2262 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2263 2264 TEST_EQUAL(psa_hash_compute(alg, input->x, input->len, 2265 output, PSA_HASH_LENGTH(alg), 2266 &output_length), expected_status); 2267 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2268 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2269 2270 if (expected_status == PSA_SUCCESS) { 2271 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2272 } 2273 2274exit: 2275 mbedtls_free(output); 2276 PSA_DONE(); 2277 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2278} 2279/* END_CASE */ 2280 2281/* BEGIN_CASE */ 2282void hash_multipart_setup(int alg_arg, 2283 data_t *input, data_t *hash, 2284 int forced_status_arg, 2285 int expected_status_arg) 2286{ 2287 psa_algorithm_t alg = alg_arg; 2288 psa_status_t forced_status = forced_status_arg; 2289 psa_status_t expected_status = expected_status_arg; 2290 unsigned char *output = NULL; 2291 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2292 size_t output_length; 2293 2294 2295 PSA_ASSERT(psa_crypto_init()); 2296 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2297 2298 /* Do this after psa_crypto_init() which may call hash drivers */ 2299 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2300 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2301 2302 TEST_EQUAL(psa_hash_setup(&operation, alg), expected_status); 2303 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2304 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2305 2306 if (expected_status == PSA_SUCCESS) { 2307 PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 2308 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2309 forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 2); 2310 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2311 2312 PSA_ASSERT(psa_hash_finish(&operation, 2313 output, PSA_HASH_LENGTH(alg), 2314 &output_length)); 2315 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2316 forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4); 2317 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2318 2319 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2320 } 2321 2322exit: 2323 psa_hash_abort(&operation); 2324 mbedtls_free(output); 2325 PSA_DONE(); 2326 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2327} 2328/* END_CASE */ 2329 2330/* BEGIN_CASE */ 2331void hash_multipart_update(int alg_arg, 2332 data_t *input, data_t *hash, 2333 int forced_status_arg) 2334{ 2335 psa_algorithm_t alg = alg_arg; 2336 psa_status_t forced_status = forced_status_arg; 2337 unsigned char *output = NULL; 2338 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2339 size_t output_length; 2340 2341 2342 PSA_ASSERT(psa_crypto_init()); 2343 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2344 2345 /* Do this after psa_crypto_init() which may call hash drivers */ 2346 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2347 2348 /* 2349 * Update inactive operation, the driver shouldn't be called. 2350 */ 2351 TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), 2352 PSA_ERROR_BAD_STATE); 2353 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2354 2355 PSA_ASSERT(psa_hash_setup(&operation, alg)); 2356 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2357 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2358 2359 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2360 TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), 2361 forced_status); 2362 /* One or two more calls to the driver interface: update or update + abort */ 2363 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2364 forced_status == PSA_SUCCESS ? 2 : 3); 2365 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2366 2367 if (forced_status == PSA_SUCCESS) { 2368 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2369 PSA_ASSERT(psa_hash_finish(&operation, 2370 output, PSA_HASH_LENGTH(alg), 2371 &output_length)); 2372 /* Two calls to the driver interface: update + abort */ 2373 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); 2374 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2375 2376 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2377 } 2378 2379exit: 2380 psa_hash_abort(&operation); 2381 mbedtls_free(output); 2382 PSA_DONE(); 2383 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2384} 2385/* END_CASE */ 2386 2387/* BEGIN_CASE */ 2388void hash_multipart_finish(int alg_arg, 2389 data_t *input, data_t *hash, 2390 int forced_status_arg) 2391{ 2392 psa_algorithm_t alg = alg_arg; 2393 psa_status_t forced_status = forced_status_arg; 2394 unsigned char *output = NULL; 2395 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2396 size_t output_length; 2397 2398 PSA_ASSERT(psa_crypto_init()); 2399 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2400 2401 /* Do this after psa_crypto_init() which may call hash drivers */ 2402 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2403 2404 /* 2405 * Finish inactive operation, the driver shouldn't be called. 2406 */ 2407 TEST_EQUAL(psa_hash_finish(&operation, output, PSA_HASH_LENGTH(alg), 2408 &output_length), 2409 PSA_ERROR_BAD_STATE); 2410 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2411 2412 PSA_ASSERT(psa_hash_setup(&operation, alg)); 2413 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2414 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2415 2416 PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 2417 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); 2418 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2419 2420 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2421 TEST_EQUAL(psa_hash_finish(&operation, 2422 output, PSA_HASH_LENGTH(alg), 2423 &output_length), 2424 forced_status); 2425 /* Two more calls to the driver interface: finish + abort */ 2426 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 4); 2427 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2428 2429 if (forced_status == PSA_SUCCESS) { 2430 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2431 } 2432 2433exit: 2434 psa_hash_abort(&operation); 2435 mbedtls_free(output); 2436 PSA_DONE(); 2437 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2438} 2439/* END_CASE */ 2440 2441/* BEGIN_CASE */ 2442void hash_clone(int alg_arg, 2443 data_t *input, data_t *hash, 2444 int forced_status_arg) 2445{ 2446 psa_algorithm_t alg = alg_arg; 2447 psa_status_t forced_status = forced_status_arg; 2448 unsigned char *output = NULL; 2449 psa_hash_operation_t source_operation = PSA_HASH_OPERATION_INIT; 2450 psa_hash_operation_t target_operation = PSA_HASH_OPERATION_INIT; 2451 size_t output_length; 2452 2453 PSA_ASSERT(psa_crypto_init()); 2454 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2455 2456 /* Do this after psa_crypto_init() which may call hash drivers */ 2457 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2458 2459 /* 2460 * Clone inactive operation, the driver shouldn't be called. 2461 */ 2462 TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), 2463 PSA_ERROR_BAD_STATE); 2464 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2465 2466 PSA_ASSERT(psa_hash_setup(&source_operation, alg)); 2467 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2468 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2469 2470 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2471 TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), 2472 forced_status); 2473 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2474 forced_status == PSA_SUCCESS ? 2 : 3); 2475 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2476 2477 if (forced_status == PSA_SUCCESS) { 2478 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2479 PSA_ASSERT(psa_hash_update(&target_operation, 2480 input->x, input->len)); 2481 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2482 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2483 2484 PSA_ASSERT(psa_hash_finish(&target_operation, 2485 output, PSA_HASH_LENGTH(alg), 2486 &output_length)); 2487 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 3); 2488 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2489 2490 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2491 } 2492 2493exit: 2494 psa_hash_abort(&source_operation); 2495 psa_hash_abort(&target_operation); 2496 mbedtls_free(output); 2497 PSA_DONE(); 2498 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2499} 2500/* END_CASE */ 2501 2502/* BEGIN_CASE */ 2503void asymmetric_encrypt_decrypt(int alg_arg, 2504 data_t *key_data, 2505 data_t *input_data, 2506 data_t *label, 2507 data_t *fake_output_encrypt, 2508 data_t *fake_output_decrypt, 2509 int forced_status_encrypt_arg, 2510 int forced_status_decrypt_arg, 2511 int expected_status_encrypt_arg, 2512 int expected_status_decrypt_arg) 2513{ 2514 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2515 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 2516 psa_algorithm_t alg = alg_arg; 2517 size_t key_bits; 2518 unsigned char *output = NULL; 2519 size_t output_size; 2520 size_t output_length = ~0; 2521 unsigned char *output2 = NULL; 2522 size_t output2_size; 2523 size_t output2_length = ~0; 2524 psa_status_t forced_status_encrypt = forced_status_encrypt_arg; 2525 psa_status_t forced_status_decrypt = forced_status_decrypt_arg; 2526 psa_status_t expected_status_encrypt = expected_status_encrypt_arg; 2527 psa_status_t expected_status_decrypt = expected_status_decrypt_arg; 2528 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2529 2530 PSA_ASSERT(psa_crypto_init()); 2531 mbedtls_test_driver_asymmetric_encryption_hooks = 2532 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2533 2534 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 2535 psa_set_key_algorithm(&attributes, alg); 2536 psa_set_key_type(&attributes, key_type); 2537 2538 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2539 &key)); 2540 2541 /* Determine the maximum ciphertext length */ 2542 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2543 key_bits = psa_get_key_bits(&attributes); 2544 2545 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2546 forced_status_encrypt; 2547 if (fake_output_encrypt->len > 0) { 2548 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2549 fake_output_encrypt->x; 2550 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2551 fake_output_encrypt->len; 2552 output_size = fake_output_encrypt->len; 2553 TEST_CALLOC(output, output_size); 2554 } else { 2555 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 2556 TEST_ASSERT(output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); 2557 TEST_CALLOC(output, output_size); 2558 } 2559 2560 /* We test encryption by checking that encrypt-then-decrypt gives back 2561 * the original plaintext because of the non-optional random 2562 * part of encryption process which prevents using fixed vectors. */ 2563 TEST_EQUAL(psa_asymmetric_encrypt(key, alg, 2564 input_data->x, input_data->len, 2565 label->x, label->len, 2566 output, output_size, 2567 &output_length), expected_status_encrypt); 2568 /* We don't know what ciphertext length to expect, but check that 2569 * it looks sensible. */ 2570 TEST_ASSERT(output_length <= output_size); 2571 2572 if (expected_status_encrypt == PSA_SUCCESS) { 2573 if (fake_output_encrypt->len > 0) { 2574 TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, 2575 output, output_length); 2576 } else { 2577 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2578 forced_status_decrypt; 2579 if (fake_output_decrypt->len > 0) { 2580 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2581 fake_output_decrypt->x; 2582 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2583 fake_output_decrypt->len; 2584 output2_size = fake_output_decrypt->len; 2585 TEST_CALLOC(output2, output2_size); 2586 } else { 2587 output2_size = input_data->len; 2588 TEST_ASSERT(output2_size <= 2589 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); 2590 TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); 2591 TEST_CALLOC(output2, output2_size); 2592 } 2593 2594 TEST_EQUAL(psa_asymmetric_decrypt(key, alg, 2595 output, output_length, 2596 label->x, label->len, 2597 output2, output2_size, 2598 &output2_length), expected_status_decrypt); 2599 if (expected_status_decrypt == PSA_SUCCESS) { 2600 if (fake_output_decrypt->len > 0) { 2601 TEST_MEMORY_COMPARE(fake_output_decrypt->x, fake_output_decrypt->len, 2602 output2, output2_length); 2603 } else { 2604 TEST_MEMORY_COMPARE(input_data->x, input_data->len, 2605 output2, output2_length); 2606 } 2607 } 2608 } 2609 } 2610 2611exit: 2612 /* 2613 * Key attributes may have been returned by psa_get_key_attributes() 2614 * thus reset them as required. 2615 */ 2616 psa_reset_key_attributes(&attributes); 2617 2618 psa_destroy_key(key); 2619 mbedtls_free(output); 2620 mbedtls_free(output2); 2621 PSA_DONE(); 2622} 2623/* END_CASE */ 2624 2625/* BEGIN_CASE */ 2626void asymmetric_decrypt(int alg_arg, 2627 data_t *key_data, 2628 data_t *input_data, 2629 data_t *label, 2630 data_t *expected_output_data, 2631 data_t *fake_output_decrypt, 2632 int forced_status_decrypt_arg, 2633 int expected_status_decrypt_arg) 2634{ 2635 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2636 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 2637 psa_algorithm_t alg = alg_arg; 2638 unsigned char *output = NULL; 2639 size_t output_size; 2640 size_t output_length = ~0; 2641 psa_status_t forced_status_decrypt = forced_status_decrypt_arg; 2642 psa_status_t expected_status_decrypt = expected_status_decrypt_arg; 2643 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2644 2645 PSA_ASSERT(psa_crypto_init()); 2646 mbedtls_test_driver_asymmetric_encryption_hooks = 2647 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2648 2649 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 2650 psa_set_key_algorithm(&attributes, alg); 2651 psa_set_key_type(&attributes, key_type); 2652 2653 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2654 &key)); 2655 2656 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2657 forced_status_decrypt; 2658 2659 if (fake_output_decrypt->len > 0) { 2660 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2661 fake_output_decrypt->x; 2662 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2663 fake_output_decrypt->len; 2664 output_size = fake_output_decrypt->len; 2665 TEST_CALLOC(output, output_size); 2666 } else { 2667 output_size = expected_output_data->len; 2668 TEST_CALLOC(output, expected_output_data->len); 2669 } 2670 2671 TEST_EQUAL(psa_asymmetric_decrypt(key, alg, 2672 input_data->x, input_data->len, 2673 label->x, label->len, 2674 output, output_size, 2675 &output_length), expected_status_decrypt); 2676 if (expected_status_decrypt == PSA_SUCCESS) { 2677 TEST_EQUAL(output_length, expected_output_data->len); 2678 TEST_MEMORY_COMPARE(expected_output_data->x, expected_output_data->len, 2679 output, output_length); 2680 } 2681exit: 2682 /* 2683 * Key attributes may have been returned by psa_get_key_attributes() 2684 * thus reset them as required. 2685 */ 2686 psa_reset_key_attributes(&attributes); 2687 2688 psa_destroy_key(key); 2689 mbedtls_free(output); 2690 PSA_DONE(); 2691} 2692/* END_CASE */ 2693 2694/* BEGIN_CASE */ 2695void asymmetric_encrypt(int alg_arg, 2696 data_t *key_data, 2697 data_t *modulus, 2698 data_t *private_exponent, 2699 data_t *input_data, 2700 data_t *label, 2701 data_t *fake_output_encrypt, 2702 int forced_status_encrypt_arg, 2703 int expected_status_encrypt_arg) 2704{ 2705 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2706 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_PUBLIC_KEY; 2707 psa_algorithm_t alg = alg_arg; 2708 unsigned char *output = NULL; 2709 size_t output_size; 2710 size_t output_length = ~0; 2711 psa_status_t forced_status_encrypt = forced_status_encrypt_arg; 2712 psa_status_t expected_status_encrypt = expected_status_encrypt_arg; 2713 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2714 2715 PSA_ASSERT(psa_crypto_init()); 2716 mbedtls_test_driver_asymmetric_encryption_hooks = 2717 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2718 2719 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 2720 psa_set_key_algorithm(&attributes, alg); 2721 psa_set_key_type(&attributes, key_type); 2722 2723 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2724 &key)); 2725 2726 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2727 size_t key_bits = psa_get_key_bits(&attributes); 2728 2729 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2730 forced_status_encrypt; 2731 2732 if (fake_output_encrypt->len > 0) { 2733 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2734 fake_output_encrypt->x; 2735 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2736 fake_output_encrypt->len; 2737 output_size = fake_output_encrypt->len; 2738 TEST_CALLOC(output, output_size); 2739 } else { 2740 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 2741 TEST_CALLOC(output, output_size); 2742 } 2743 2744 TEST_EQUAL(psa_asymmetric_encrypt(key, alg, 2745 input_data->x, input_data->len, 2746 label->x, label->len, 2747 output, output_size, 2748 &output_length), expected_status_encrypt); 2749 if (expected_status_encrypt == PSA_SUCCESS) { 2750 if (fake_output_encrypt->len > 0) { 2751 TEST_EQUAL(fake_output_encrypt->len, output_length); 2752 TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, 2753 output, output_length); 2754 } else { 2755 /* Perform sanity checks on the output */ 2756#if PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2757 if (PSA_KEY_TYPE_IS_RSA(key_type)) { 2758 if (!sanity_check_rsa_encryption_result( 2759 alg, modulus, private_exponent, 2760 input_data, 2761 output, output_length)) { 2762 goto exit; 2763 } 2764 } else 2765#endif 2766 { 2767 (void) modulus; 2768 (void) private_exponent; 2769 TEST_FAIL("Encryption sanity checks not implemented for this key type"); 2770 } 2771 } 2772 } 2773exit: 2774 /* 2775 * Key attributes may have been returned by psa_get_key_attributes() 2776 * thus reset them as required. 2777 */ 2778 psa_reset_key_attributes(&attributes); 2779 2780 psa_destroy_key(key); 2781 mbedtls_free(output); 2782 PSA_DONE(); 2783} 2784/* END_CASE */ 2785 2786/* BEGIN_CASE */ 2787void aead_encrypt_setup(int key_type_arg, data_t *key_data, 2788 int alg_arg, 2789 data_t *nonce, 2790 data_t *additional_data, 2791 data_t *input_data, 2792 data_t *expected_ciphertext, 2793 data_t *expected_tag, 2794 int forced_status_arg, 2795 int expected_status_arg) 2796{ 2797 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2798 psa_key_type_t key_type = key_type_arg; 2799 psa_algorithm_t alg = alg_arg; 2800 size_t key_bits; 2801 psa_status_t forced_status = forced_status_arg; 2802 psa_status_t expected_status = expected_status_arg; 2803 uint8_t *output_data = NULL; 2804 size_t output_size = 0; 2805 size_t output_length = 0; 2806 size_t finish_output_length = 0; 2807 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2808 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2809 size_t tag_length = 0; 2810 uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 2811 2812 psa_aead_operation_t operation = psa_aead_operation_init(); 2813 2814 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2815 2816 PSA_INIT(); 2817 2818 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 2819 2820 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 2821 psa_set_key_algorithm(&attributes, alg); 2822 psa_set_key_type(&attributes, key_type); 2823 2824 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2825 &key)); 2826 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2827 key_bits = psa_get_key_bits(&attributes); 2828 2829 output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 2830 alg); 2831 2832 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 2833 * should be exact. */ 2834 TEST_EQUAL(output_size, 2835 PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 2836 TEST_ASSERT(output_size <= 2837 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 2838 TEST_CALLOC(output_data, output_size); 2839 2840 status = psa_aead_encrypt_setup(&operation, key, alg); 2841 2842 TEST_EQUAL(status, expected_status); 2843 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt_setup, 1); 2844 2845 if (status == PSA_SUCCESS) { 2846 /* Set the nonce. */ 2847 PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 2848 2849 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, 2850 forced_status == PSA_SUCCESS ? 1 : 0); 2851 2852 /* Check hooks hits and 2853 * set length (additional data and data to encrypt) */ 2854 PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 2855 input_data->len)); 2856 2857 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, 2858 forced_status == PSA_SUCCESS ? 1 : 0); 2859 2860 /* Pass the additional data */ 2861 PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 2862 additional_data->len)); 2863 2864 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, 2865 forced_status == PSA_SUCCESS ? 1 : 0); 2866 2867 /* Pass the data to encrypt */ 2868 PSA_ASSERT(psa_aead_update(&operation, input_data->x, input_data->len, 2869 output_data, output_size, &output_length)); 2870 2871 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, 2872 forced_status == PSA_SUCCESS ? 1 : 0); 2873 2874 /* Finish the encryption operation */ 2875 PSA_ASSERT(psa_aead_finish(&operation, output_data + output_length, 2876 output_size - output_length, 2877 &finish_output_length, tag_buffer, 2878 PSA_AEAD_TAG_MAX_SIZE, &tag_length)); 2879 2880 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 2881 forced_status == PSA_SUCCESS ? 1 : 0); 2882 2883 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, 2884 forced_status == PSA_SUCCESS ? 1 : 0); 2885 2886 /* Compare output_data and expected_ciphertext */ 2887 TEST_MEMORY_COMPARE(expected_ciphertext->x, expected_ciphertext->len, 2888 output_data, output_length + finish_output_length); 2889 2890 /* Compare tag and expected_tag */ 2891 TEST_MEMORY_COMPARE(expected_tag->x, expected_tag->len, tag_buffer, tag_length); 2892 } 2893 2894exit: 2895 /* Cleanup */ 2896 PSA_ASSERT(psa_destroy_key(key)); 2897 mbedtls_free(output_data); 2898 PSA_DONE(); 2899 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2900} 2901/* END_CASE */ 2902 2903/* BEGIN_CASE */ 2904void aead_decrypt_setup(int key_type_arg, data_t *key_data, 2905 int alg_arg, 2906 data_t *nonce, 2907 data_t *additional_data, 2908 data_t *input_ciphertext, 2909 data_t *input_tag, 2910 data_t *expected_result, 2911 int forced_status_arg, 2912 int expected_status_arg) 2913{ 2914 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2915 psa_key_type_t key_type = key_type_arg; 2916 psa_algorithm_t alg = alg_arg; 2917 unsigned char *output_data = NULL; 2918 size_t output_size = 0; 2919 size_t output_length = 0; 2920 size_t verify_output_length = 0; 2921 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2922 psa_status_t forced_status = forced_status_arg; 2923 psa_status_t expected_status = expected_status_arg; 2924 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2925 2926 psa_aead_operation_t operation = psa_aead_operation_init(); 2927 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2928 2929 PSA_INIT(); 2930 2931 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 2932 psa_set_key_algorithm(&attributes, alg); 2933 psa_set_key_type(&attributes, key_type); 2934 2935 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2936 &key)); 2937 2938 output_size = input_ciphertext->len; 2939 2940 TEST_CALLOC(output_data, output_size); 2941 2942 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 2943 2944 status = psa_aead_decrypt_setup(&operation, key, alg); 2945 2946 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 2947 PSA_SUCCESS : forced_status); 2948 2949 TEST_EQUAL(status, expected_status); 2950 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt_setup, 1); 2951 2952 if (status == PSA_SUCCESS) { 2953 PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 2954 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, 2955 forced_status == PSA_SUCCESS ? 1 : 0); 2956 2957 PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 2958 input_ciphertext->len)); 2959 2960 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, 2961 forced_status == PSA_SUCCESS ? 1 : 0); 2962 2963 PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 2964 additional_data->len)); 2965 2966 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, 2967 forced_status == PSA_SUCCESS ? 1 : 0); 2968 2969 PSA_ASSERT(psa_aead_update(&operation, input_ciphertext->x, 2970 input_ciphertext->len, output_data, 2971 output_size, &output_length)); 2972 2973 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, 2974 forced_status == PSA_SUCCESS ? 1 : 0); 2975 2976 /* Offset applied to output_data in order to handle cases where verify() 2977 * outputs further data */ 2978 PSA_ASSERT(psa_aead_verify(&operation, output_data + output_length, 2979 output_size - output_length, 2980 &verify_output_length, input_tag->x, 2981 input_tag->len)); 2982 2983 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_verify, 2984 forced_status == PSA_SUCCESS ? 1 : 0); 2985 2986 /* Since this is a decryption operation, 2987 * finish should never be hit */ 2988 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 0); 2989 2990 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, 2991 forced_status == PSA_SUCCESS ? 1 : 0); 2992 2993 TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, 2994 output_data, output_length + verify_output_length); 2995 } 2996 2997exit: 2998 PSA_ASSERT(psa_destroy_key(key)); 2999 mbedtls_free(output_data); 3000 PSA_DONE(); 3001} 3002/* END_CASE */ 3003 3004/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 3005void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, 3006 data_t *forced_output, int expected_status_arg, 3007 int fut) 3008{ 3009 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3010 psa_status_t forced_status = forced_status_arg; 3011 psa_status_t forced_status_setup = forced_status_setup_arg; 3012 psa_status_t expected_status = expected_status_arg; 3013 psa_pake_operation_t operation = psa_pake_operation_init(); 3014 psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 3015 psa_key_derivation_operation_t implicit_key = 3016 PSA_KEY_DERIVATION_OPERATION_INIT; 3017 psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( 3018 PSA_PAKE_PRIMITIVE_TYPE_ECC, 3019 PSA_ECC_FAMILY_SECP_R1, 256); 3020 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3021 unsigned char *input_buffer = NULL; 3022 const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3023 PSA_PAKE_STEP_KEY_SHARE); 3024 unsigned char *output_buffer = NULL; 3025 size_t output_len = 0; 3026 size_t output_size = PSA_PAKE_OUTPUT_SIZE(PSA_ALG_JPAKE, primitive, 3027 PSA_PAKE_STEP_KEY_SHARE); 3028 int in_driver = (forced_status_setup_arg == PSA_SUCCESS); 3029 3030 TEST_CALLOC(input_buffer, 3031 PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3032 PSA_PAKE_STEP_KEY_SHARE)); 3033 memset(input_buffer, 0xAA, size_key_share); 3034 3035 TEST_CALLOC(output_buffer, 3036 PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3037 PSA_PAKE_STEP_KEY_SHARE)); 3038 memset(output_buffer, 0x55, output_size); 3039 3040 PSA_INIT(); 3041 3042 mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); 3043 3044 if (pw_data->len > 0) { 3045 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 3046 psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); 3047 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 3048 PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 3049 &key)); 3050 } 3051 3052 psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); 3053 psa_pake_cs_set_primitive(&cipher_suite, primitive); 3054 psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); 3055 3056 mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; 3057 3058 /* Collecting input stage (no driver entry points) */ 3059 3060 TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), 3061 PSA_SUCCESS); 3062 3063 PSA_ASSERT(psa_pake_set_user(&operation, jpake_server_id, sizeof(jpake_server_id))); 3064 PSA_ASSERT(psa_pake_set_peer(&operation, jpake_client_id, sizeof(jpake_client_id))); 3065 3066 TEST_EQUAL(psa_pake_set_password_key(&operation, key), 3067 PSA_SUCCESS); 3068 3069 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3070 3071 /* Computation stage (driver entry points) */ 3072 3073 switch (fut) { 3074 case 0: /* setup (via input) */ 3075 /* --- psa_pake_input (driver: setup, input) --- */ 3076 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3077 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3078 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3079 input_buffer, size_key_share), 3080 expected_status); 3081 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3082 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3083 break; 3084 3085 case 1: /* setup (via output) */ 3086 /* --- psa_pake_output (driver: setup, output) --- */ 3087 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3088 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3089 TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 3090 output_buffer, output_size, &output_len), 3091 expected_status); 3092 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3093 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3094 break; 3095 3096 case 2: /* input */ 3097 /* --- psa_pake_input (driver: setup, input, abort) --- */ 3098 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3099 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3100 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3101 input_buffer, size_key_share), 3102 expected_status); 3103 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); 3104 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3105 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.input, in_driver ? 1 : 0); 3106 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); 3107 break; 3108 3109 case 3: /* output */ 3110 /* --- psa_pake_output (driver: setup, output, (abort)) --- */ 3111 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3112 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3113 if (forced_output->len > 0) { 3114 mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; 3115 mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; 3116 } 3117 TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 3118 output_buffer, output_size, &output_len), 3119 expected_status); 3120 3121 if (forced_output->len > 0) { 3122 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 2 : 1); 3123 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3124 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); 3125 TEST_EQUAL(output_len, forced_output->len); 3126 TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); 3127 } else { 3128 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); 3129 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3130 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); 3131 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); 3132 } 3133 break; 3134 3135 case 4: /* get_implicit_key */ 3136 /* Call driver setup indirectly */ 3137 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3138 input_buffer, size_key_share), 3139 PSA_SUCCESS); 3140 3141 /* Simulate that we are ready to get implicit key. */ 3142 operation.computation_stage.jpake.round = PSA_JPAKE_FINISHED; 3143 operation.computation_stage.jpake.inputs = 0; 3144 operation.computation_stage.jpake.outputs = 0; 3145 operation.computation_stage.jpake.step = PSA_PAKE_STEP_KEY_SHARE; 3146 3147 /* --- psa_pake_get_implicit_key --- */ 3148 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3149 memset(&mbedtls_test_driver_pake_hooks.hits, 0, 3150 sizeof(mbedtls_test_driver_pake_hooks.hits)); 3151 TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), 3152 expected_status); 3153 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 2); 3154 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.implicit_key, 1); 3155 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); 3156 3157 break; 3158 3159 case 5: /* abort */ 3160 /* Call driver setup indirectly */ 3161 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3162 input_buffer, size_key_share), 3163 PSA_SUCCESS); 3164 3165 /* --- psa_pake_abort --- */ 3166 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3167 memset(&mbedtls_test_driver_pake_hooks.hits, 0, 3168 sizeof(mbedtls_test_driver_pake_hooks.hits)); 3169 TEST_EQUAL(psa_pake_abort(&operation), expected_status); 3170 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3171 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); 3172 break; 3173 3174 default: 3175 break; 3176 } 3177 3178 /* Clean up */ 3179 mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_SUCCESS; 3180 mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; 3181 TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS); 3182exit: 3183 /* 3184 * Key attributes may have been returned by psa_get_key_attributes() 3185 * thus reset them as required. 3186 */ 3187 psa_reset_key_attributes(&attributes); 3188 mbedtls_free(input_buffer); 3189 mbedtls_free(output_buffer); 3190 psa_destroy_key(key); 3191 mbedtls_test_driver_pake_hooks = 3192 mbedtls_test_driver_pake_hooks_init(); 3193 PSA_DONE(); 3194} 3195/* END_CASE */ 3196 3197/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ 3198void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, 3199 int derive_alg_arg, data_t *pw_data, 3200 int client_input_first, int in_driver) 3201{ 3202 psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 3203 psa_pake_operation_t server = psa_pake_operation_init(); 3204 psa_pake_operation_t client = psa_pake_operation_init(); 3205 psa_algorithm_t alg = alg_arg; 3206 psa_algorithm_t hash_alg = hash_arg; 3207 psa_algorithm_t derive_alg = derive_alg_arg; 3208 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3209 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3210 psa_key_derivation_operation_t server_derive = 3211 PSA_KEY_DERIVATION_OPERATION_INIT; 3212 psa_key_derivation_operation_t client_derive = 3213 PSA_KEY_DERIVATION_OPERATION_INIT; 3214 pake_in_driver = in_driver; 3215 /* driver setup is called indirectly through pake_output/pake_input */ 3216 if (pake_in_driver) { 3217 pake_expected_hit_count = 2; 3218 } else { 3219 pake_expected_hit_count = 1; 3220 } 3221 3222 PSA_INIT(); 3223 3224 mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); 3225 3226 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 3227 psa_set_key_algorithm(&attributes, alg); 3228 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 3229 PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 3230 &key)); 3231 3232 psa_pake_cs_set_algorithm(&cipher_suite, alg); 3233 psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); 3234 psa_pake_cs_set_hash(&cipher_suite, hash_alg); 3235 3236 /* Get shared key */ 3237 PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg)); 3238 PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg)); 3239 3240 if (PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) { 3241 PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive, 3242 PSA_KEY_DERIVATION_INPUT_SEED, 3243 (const uint8_t *) "", 0)); 3244 PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive, 3245 PSA_KEY_DERIVATION_INPUT_SEED, 3246 (const uint8_t *) "", 0)); 3247 } 3248 3249 if (!pake_in_driver) { 3250 mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_ERROR_NOT_SUPPORTED; 3251 } 3252 3253 PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); 3254 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3255 PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); 3256 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3257 3258 3259 PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); 3260 PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); 3261 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3262 PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); 3263 PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); 3264 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3265 PSA_ASSERT(psa_pake_set_password_key(&server, key)); 3266 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3267 PSA_ASSERT(psa_pake_set_password_key(&client, key)); 3268 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3269 3270 /* First round */ 3271 ecjpake_do_round(alg, primitive_arg, &server, &client, 3272 client_input_first, 1); 3273 3274 /* Second round */ 3275 ecjpake_do_round(alg, primitive_arg, &server, &client, 3276 client_input_first, 2); 3277 3278 /* After the key is obtained operation is aborted. 3279 Adapt counter of expected hits. */ 3280 if (pake_in_driver) { 3281 pake_expected_hit_count++; 3282 } 3283 3284 PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); 3285 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 3286 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 3287 3288 /* After the key is obtained operation is aborted. 3289 Adapt counter of expected hits. */ 3290 if (pake_in_driver) { 3291 pake_expected_hit_count++; 3292 } 3293 3294 PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); 3295 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 3296 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 3297exit: 3298 psa_key_derivation_abort(&server_derive); 3299 psa_key_derivation_abort(&client_derive); 3300 psa_destroy_key(key); 3301 psa_pake_abort(&server); 3302 psa_pake_abort(&client); 3303 PSA_DONE(); 3304} 3305/* END_CASE */ 3306
