1/* BEGIN_HEADER */ 2#include <stdint.h> 3 4#include "mbedtls/asn1.h" 5#include "mbedtls/asn1write.h" 6#include "mbedtls/oid.h" 7 8/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random() 9 * uses mbedtls_ctr_drbg internally. */ 10#include "mbedtls/ctr_drbg.h" 11 12#include "psa/crypto.h" 13#include "psa_crypto_slot_management.h" 14 15#include "test/asn1_helpers.h" 16#include "test/psa_crypto_helpers.h" 17#include "test/psa_exercise_key.h" 18 19/* If this comes up, it's a bug in the test code or in the test data. */ 20#define UNUSED 0xdeadbeef 21 22/* Assert that an operation is (not) active. 23 * This serves as a proxy for checking if the operation is aborted. */ 24#define ASSERT_OPERATION_IS_ACTIVE( operation ) TEST_ASSERT( operation.id != 0 ) 25#define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 ) 26 27/** An invalid export length that will never be set by psa_export_key(). */ 28static const size_t INVALID_EXPORT_LENGTH = ~0U; 29 30/** Test if a buffer contains a constant byte value. 31 * 32 * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`. 33 * 34 * \param buffer Pointer to the beginning of the buffer. 35 * \param c Expected value of every byte. 36 * \param size Size of the buffer in bytes. 37 * 38 * \return 1 if the buffer is all-bits-zero. 39 * \return 0 if there is at least one nonzero byte. 40 */ 41static int mem_is_char( void *buffer, unsigned char c, size_t size ) 42{ 43 size_t i; 44 for( i = 0; i < size; i++ ) 45 { 46 if( ( (unsigned char *) buffer )[i] != c ) 47 return( 0 ); 48 } 49 return( 1 ); 50} 51 52/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */ 53static int asn1_write_10x( unsigned char **p, 54 unsigned char *start, 55 size_t bits, 56 unsigned char x ) 57{ 58 int ret; 59 int len = bits / 8 + 1; 60 if( bits == 0 ) 61 return( MBEDTLS_ERR_ASN1_INVALID_DATA ); 62 if( bits <= 8 && x >= 1 << ( bits - 1 ) ) 63 return( MBEDTLS_ERR_ASN1_INVALID_DATA ); 64 if( *p < start || *p - start < (ptrdiff_t) len ) 65 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); 66 *p -= len; 67 ( *p )[len-1] = x; 68 if( bits % 8 == 0 ) 69 ( *p )[1] |= 1; 70 else 71 ( *p )[0] |= 1 << ( bits % 8 ); 72 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); 73 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, 74 MBEDTLS_ASN1_INTEGER ) ); 75 return( len ); 76} 77 78static int construct_fake_rsa_key( unsigned char *buffer, 79 size_t buffer_size, 80 unsigned char **p, 81 size_t bits, 82 int keypair ) 83{ 84 size_t half_bits = ( bits + 1 ) / 2; 85 int ret; 86 int len = 0; 87 /* Construct something that looks like a DER encoding of 88 * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2: 89 * RSAPrivateKey ::= SEQUENCE { 90 * version Version, 91 * modulus INTEGER, -- n 92 * publicExponent INTEGER, -- e 93 * privateExponent INTEGER, -- d 94 * prime1 INTEGER, -- p 95 * prime2 INTEGER, -- q 96 * exponent1 INTEGER, -- d mod (p-1) 97 * exponent2 INTEGER, -- d mod (q-1) 98 * coefficient INTEGER, -- (inverse of q) mod p 99 * otherPrimeInfos OtherPrimeInfos OPTIONAL 100 * } 101 * Or, for a public key, the same structure with only 102 * version, modulus and publicExponent. 103 */ 104 *p = buffer + buffer_size; 105 if( keypair ) 106 { 107 MBEDTLS_ASN1_CHK_ADD( len, /* pq */ 108 asn1_write_10x( p, buffer, half_bits, 1 ) ); 109 MBEDTLS_ASN1_CHK_ADD( len, /* dq */ 110 asn1_write_10x( p, buffer, half_bits, 1 ) ); 111 MBEDTLS_ASN1_CHK_ADD( len, /* dp */ 112 asn1_write_10x( p, buffer, half_bits, 1 ) ); 113 MBEDTLS_ASN1_CHK_ADD( len, /* q */ 114 asn1_write_10x( p, buffer, half_bits, 1 ) ); 115 MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */ 116 asn1_write_10x( p, buffer, half_bits, 3 ) ); 117 MBEDTLS_ASN1_CHK_ADD( len, /* d */ 118 asn1_write_10x( p, buffer, bits, 1 ) ); 119 } 120 MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */ 121 asn1_write_10x( p, buffer, 17, 1 ) ); 122 MBEDTLS_ASN1_CHK_ADD( len, /* n */ 123 asn1_write_10x( p, buffer, bits, 1 ) ); 124 if( keypair ) 125 MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */ 126 mbedtls_asn1_write_int( p, buffer, 0 ) ); 127 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) ); 128 { 129 const unsigned char tag = 130 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE; 131 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) ); 132 } 133 return( len ); 134} 135 136int exercise_mac_setup( psa_key_type_t key_type, 137 const unsigned char *key_bytes, 138 size_t key_length, 139 psa_algorithm_t alg, 140 psa_mac_operation_t *operation, 141 psa_status_t *status ) 142{ 143 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 144 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 145 146 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 147 psa_set_key_algorithm( &attributes, alg ); 148 psa_set_key_type( &attributes, key_type ); 149 PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) ); 150 151 *status = psa_mac_sign_setup( operation, key, alg ); 152 /* Whether setup succeeded or failed, abort must succeed. */ 153 PSA_ASSERT( psa_mac_abort( operation ) ); 154 /* If setup failed, reproduce the failure, so that the caller can 155 * test the resulting state of the operation object. */ 156 if( *status != PSA_SUCCESS ) 157 { 158 TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status ); 159 } 160 161 psa_destroy_key( key ); 162 return( 1 ); 163 164exit: 165 psa_destroy_key( key ); 166 return( 0 ); 167} 168 169int exercise_cipher_setup( psa_key_type_t key_type, 170 const unsigned char *key_bytes, 171 size_t key_length, 172 psa_algorithm_t alg, 173 psa_cipher_operation_t *operation, 174 psa_status_t *status ) 175{ 176 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 177 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 178 179 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 180 psa_set_key_algorithm( &attributes, alg ); 181 psa_set_key_type( &attributes, key_type ); 182 PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) ); 183 184 *status = psa_cipher_encrypt_setup( operation, key, alg ); 185 /* Whether setup succeeded or failed, abort must succeed. */ 186 PSA_ASSERT( psa_cipher_abort( operation ) ); 187 /* If setup failed, reproduce the failure, so that the caller can 188 * test the resulting state of the operation object. */ 189 if( *status != PSA_SUCCESS ) 190 { 191 TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ), 192 *status ); 193 } 194 195 psa_destroy_key( key ); 196 return( 1 ); 197 198exit: 199 psa_destroy_key( key ); 200 return( 0 ); 201} 202 203static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key ) 204{ 205 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 206 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 ); 207 uint8_t buffer[1]; 208 size_t length; 209 int ok = 0; 210 211 psa_set_key_id( &attributes, key_id ); 212 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 213 psa_set_key_algorithm( &attributes, PSA_ALG_CTR ); 214 psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); 215 TEST_EQUAL( psa_get_key_attributes( key, &attributes ), 216 PSA_ERROR_INVALID_HANDLE ); 217 TEST_EQUAL( 218 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); 219 TEST_EQUAL( 220 MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 ); 221 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 ); 222 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); 223 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); 224 TEST_EQUAL( psa_get_key_type( &attributes ), 0 ); 225 TEST_EQUAL( psa_get_key_bits( &attributes ), 0 ); 226 227 TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ), 228 PSA_ERROR_INVALID_HANDLE ); 229 TEST_EQUAL( psa_export_public_key( key, 230 buffer, sizeof( buffer ), &length ), 231 PSA_ERROR_INVALID_HANDLE ); 232 233 ok = 1; 234 235exit: 236 /* 237 * Key attributes may have been returned by psa_get_key_attributes() 238 * thus reset them as required. 239 */ 240 psa_reset_key_attributes( &attributes ); 241 242 return( ok ); 243} 244 245/* Assert that a key isn't reported as having a slot number. */ 246#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 247#define ASSERT_NO_SLOT_NUMBER( attributes ) \ 248 do \ 249 { \ 250 psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \ 251 TEST_EQUAL( psa_get_key_slot_number( \ 252 attributes, \ 253 &ASSERT_NO_SLOT_NUMBER_slot_number ), \ 254 PSA_ERROR_INVALID_ARGUMENT ); \ 255 } \ 256 while( 0 ) 257#else /* MBEDTLS_PSA_CRYPTO_SE_C */ 258#define ASSERT_NO_SLOT_NUMBER( attributes ) \ 259 ( (void) 0 ) 260#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 261 262/* An overapproximation of the amount of storage needed for a key of the 263 * given type and with the given content. The API doesn't make it easy 264 * to find a good value for the size. The current implementation doesn't 265 * care about the value anyway. */ 266#define KEY_BITS_FROM_DATA( type, data ) \ 267 ( data )->len 268 269typedef enum { 270 IMPORT_KEY = 0, 271 GENERATE_KEY = 1, 272 DERIVE_KEY = 2 273} generate_method; 274 275/* END_HEADER */ 276 277/* BEGIN_DEPENDENCIES 278 * depends_on:MBEDTLS_PSA_CRYPTO_C 279 * END_DEPENDENCIES 280 */ 281 282/* BEGIN_CASE */ 283void static_checks( ) 284{ 285 size_t max_truncated_mac_size = 286 PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET; 287 288 /* Check that the length for a truncated MAC always fits in the algorithm 289 * encoding. The shifted mask is the maximum truncated value. The 290 * untruncated algorithm may be one byte larger. */ 291 TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size ); 292 293#if defined(MBEDTLS_TEST_DEPRECATED) 294 /* Check deprecated constants. */ 295 TEST_EQUAL( PSA_ERROR_UNKNOWN_ERROR, PSA_ERROR_GENERIC_ERROR ); 296 TEST_EQUAL( PSA_ERROR_OCCUPIED_SLOT, PSA_ERROR_ALREADY_EXISTS ); 297 TEST_EQUAL( PSA_ERROR_EMPTY_SLOT, PSA_ERROR_DOES_NOT_EXIST ); 298 TEST_EQUAL( PSA_ERROR_INSUFFICIENT_CAPACITY, PSA_ERROR_INSUFFICIENT_DATA ); 299 TEST_EQUAL( PSA_ERROR_TAMPERING_DETECTED, PSA_ERROR_CORRUPTION_DETECTED ); 300 TEST_EQUAL( PSA_KEY_USAGE_SIGN, PSA_KEY_USAGE_SIGN_HASH ); 301 TEST_EQUAL( PSA_KEY_USAGE_VERIFY, PSA_KEY_USAGE_VERIFY_HASH ); 302 TEST_EQUAL( PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE, PSA_SIGNATURE_MAX_SIZE ); 303 304 TEST_EQUAL( PSA_ECC_CURVE_SECP160K1, PSA_ECC_FAMILY_SECP_K1 ); 305 TEST_EQUAL( PSA_ECC_CURVE_SECP192K1, PSA_ECC_FAMILY_SECP_K1 ); 306 TEST_EQUAL( PSA_ECC_CURVE_SECP224K1, PSA_ECC_FAMILY_SECP_K1 ); 307 TEST_EQUAL( PSA_ECC_CURVE_SECP256K1, PSA_ECC_FAMILY_SECP_K1 ); 308 TEST_EQUAL( PSA_ECC_CURVE_SECP160R1, PSA_ECC_FAMILY_SECP_R1 ); 309 TEST_EQUAL( PSA_ECC_CURVE_SECP192R1, PSA_ECC_FAMILY_SECP_R1 ); 310 TEST_EQUAL( PSA_ECC_CURVE_SECP224R1, PSA_ECC_FAMILY_SECP_R1 ); 311 TEST_EQUAL( PSA_ECC_CURVE_SECP256R1, PSA_ECC_FAMILY_SECP_R1 ); 312 TEST_EQUAL( PSA_ECC_CURVE_SECP384R1, PSA_ECC_FAMILY_SECP_R1 ); 313 TEST_EQUAL( PSA_ECC_CURVE_SECP521R1, PSA_ECC_FAMILY_SECP_R1 ); 314 TEST_EQUAL( PSA_ECC_CURVE_SECP160R2, PSA_ECC_FAMILY_SECP_R2 ); 315 TEST_EQUAL( PSA_ECC_CURVE_SECT163K1, PSA_ECC_FAMILY_SECT_K1 ); 316 TEST_EQUAL( PSA_ECC_CURVE_SECT233K1, PSA_ECC_FAMILY_SECT_K1 ); 317 TEST_EQUAL( PSA_ECC_CURVE_SECT239K1, PSA_ECC_FAMILY_SECT_K1 ); 318 TEST_EQUAL( PSA_ECC_CURVE_SECT283K1, PSA_ECC_FAMILY_SECT_K1 ); 319 TEST_EQUAL( PSA_ECC_CURVE_SECT409K1, PSA_ECC_FAMILY_SECT_K1 ); 320 TEST_EQUAL( PSA_ECC_CURVE_SECT571K1, PSA_ECC_FAMILY_SECT_K1 ); 321 TEST_EQUAL( PSA_ECC_CURVE_SECT163R1, PSA_ECC_FAMILY_SECT_R1 ); 322 TEST_EQUAL( PSA_ECC_CURVE_SECT193R1, PSA_ECC_FAMILY_SECT_R1 ); 323 TEST_EQUAL( PSA_ECC_CURVE_SECT233R1, PSA_ECC_FAMILY_SECT_R1 ); 324 TEST_EQUAL( PSA_ECC_CURVE_SECT283R1, PSA_ECC_FAMILY_SECT_R1 ); 325 TEST_EQUAL( PSA_ECC_CURVE_SECT409R1, PSA_ECC_FAMILY_SECT_R1 ); 326 TEST_EQUAL( PSA_ECC_CURVE_SECT571R1, PSA_ECC_FAMILY_SECT_R1 ); 327 TEST_EQUAL( PSA_ECC_CURVE_SECT163R2, PSA_ECC_FAMILY_SECT_R2 ); 328 TEST_EQUAL( PSA_ECC_CURVE_SECT193R2, PSA_ECC_FAMILY_SECT_R2 ); 329 TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); 330 TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); 331 TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); 332 TEST_EQUAL( PSA_ECC_CURVE_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY ); 333 TEST_EQUAL( PSA_ECC_CURVE_CURVE448, PSA_ECC_FAMILY_MONTGOMERY ); 334 335 TEST_EQUAL( PSA_ECC_CURVE_SECP_K1, PSA_ECC_FAMILY_SECP_K1 ); 336 TEST_EQUAL( PSA_ECC_CURVE_SECP_R1, PSA_ECC_FAMILY_SECP_R1 ); 337 TEST_EQUAL( PSA_ECC_CURVE_SECP_R2, PSA_ECC_FAMILY_SECP_R2 ); 338 TEST_EQUAL( PSA_ECC_CURVE_SECT_K1, PSA_ECC_FAMILY_SECT_K1 ); 339 TEST_EQUAL( PSA_ECC_CURVE_SECT_R1, PSA_ECC_FAMILY_SECT_R1 ); 340 TEST_EQUAL( PSA_ECC_CURVE_SECT_R2, PSA_ECC_FAMILY_SECT_R2 ); 341 TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P_R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); 342 TEST_EQUAL( PSA_ECC_CURVE_MONTGOMERY, PSA_ECC_FAMILY_MONTGOMERY ); 343 344 TEST_EQUAL( PSA_DH_GROUP_FFDHE2048, PSA_DH_FAMILY_RFC7919 ); 345 TEST_EQUAL( PSA_DH_GROUP_FFDHE3072, PSA_DH_FAMILY_RFC7919 ); 346 TEST_EQUAL( PSA_DH_GROUP_FFDHE4096, PSA_DH_FAMILY_RFC7919 ); 347 TEST_EQUAL( PSA_DH_GROUP_FFDHE6144, PSA_DH_FAMILY_RFC7919 ); 348 TEST_EQUAL( PSA_DH_GROUP_FFDHE8192, PSA_DH_FAMILY_RFC7919 ); 349 350 TEST_EQUAL( PSA_DH_GROUP_RFC7919, PSA_DH_FAMILY_RFC7919 ); 351 TEST_EQUAL( PSA_DH_GROUP_CUSTOM, PSA_DH_FAMILY_CUSTOM ); 352#endif 353} 354/* END_CASE */ 355 356/* BEGIN_CASE */ 357void import_with_policy( int type_arg, 358 int usage_arg, int alg_arg, 359 int expected_status_arg ) 360{ 361 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 362 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 363 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 364 psa_key_type_t type = type_arg; 365 psa_key_usage_t usage = usage_arg; 366 psa_algorithm_t alg = alg_arg; 367 psa_status_t expected_status = expected_status_arg; 368 const uint8_t key_material[16] = {0}; 369 psa_status_t status; 370 371 PSA_ASSERT( psa_crypto_init( ) ); 372 373 psa_set_key_type( &attributes, type ); 374 psa_set_key_usage_flags( &attributes, usage ); 375 psa_set_key_algorithm( &attributes, alg ); 376 377 status = psa_import_key( &attributes, 378 key_material, sizeof( key_material ), 379 &key ); 380 TEST_EQUAL( status, expected_status ); 381 if( status != PSA_SUCCESS ) 382 goto exit; 383 384 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 385 TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); 386 TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), 387 mbedtls_test_update_key_usage_flags( usage ) ); 388 TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); 389 ASSERT_NO_SLOT_NUMBER( &got_attributes ); 390 391 PSA_ASSERT( psa_destroy_key( key ) ); 392 test_operations_on_invalid_key( key ); 393 394exit: 395 /* 396 * Key attributes may have been returned by psa_get_key_attributes() 397 * thus reset them as required. 398 */ 399 psa_reset_key_attributes( &got_attributes ); 400 401 psa_destroy_key( key ); 402 PSA_DONE( ); 403} 404/* END_CASE */ 405 406/* BEGIN_CASE */ 407void import_with_data( data_t *data, int type_arg, 408 int attr_bits_arg, 409 int expected_status_arg ) 410{ 411 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 412 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 413 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 414 psa_key_type_t type = type_arg; 415 size_t attr_bits = attr_bits_arg; 416 psa_status_t expected_status = expected_status_arg; 417 psa_status_t status; 418 419 PSA_ASSERT( psa_crypto_init( ) ); 420 421 psa_set_key_type( &attributes, type ); 422 psa_set_key_bits( &attributes, attr_bits ); 423 424 status = psa_import_key( &attributes, data->x, data->len, &key ); 425 TEST_EQUAL( status, expected_status ); 426 if( status != PSA_SUCCESS ) 427 goto exit; 428 429 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 430 TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); 431 if( attr_bits != 0 ) 432 TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) ); 433 ASSERT_NO_SLOT_NUMBER( &got_attributes ); 434 435 PSA_ASSERT( psa_destroy_key( key ) ); 436 test_operations_on_invalid_key( key ); 437 438exit: 439 /* 440 * Key attributes may have been returned by psa_get_key_attributes() 441 * thus reset them as required. 442 */ 443 psa_reset_key_attributes( &got_attributes ); 444 445 psa_destroy_key( key ); 446 PSA_DONE( ); 447} 448/* END_CASE */ 449 450/* BEGIN_CASE */ 451void import_large_key( int type_arg, int byte_size_arg, 452 int expected_status_arg ) 453{ 454 psa_key_type_t type = type_arg; 455 size_t byte_size = byte_size_arg; 456 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 457 psa_status_t expected_status = expected_status_arg; 458 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 459 psa_status_t status; 460 uint8_t *buffer = NULL; 461 size_t buffer_size = byte_size + 1; 462 size_t n; 463 464 /* Skip the test case if the target running the test cannot 465 * accomodate large keys due to heap size constraints */ 466 ASSERT_ALLOC_WEAK( buffer, buffer_size ); 467 memset( buffer, 'K', byte_size ); 468 469 PSA_ASSERT( psa_crypto_init( ) ); 470 471 /* Try importing the key */ 472 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); 473 psa_set_key_type( &attributes, type ); 474 status = psa_import_key( &attributes, buffer, byte_size, &key ); 475 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY ); 476 TEST_EQUAL( status, expected_status ); 477 478 if( status == PSA_SUCCESS ) 479 { 480 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 481 TEST_EQUAL( psa_get_key_type( &attributes ), type ); 482 TEST_EQUAL( psa_get_key_bits( &attributes ), 483 PSA_BYTES_TO_BITS( byte_size ) ); 484 ASSERT_NO_SLOT_NUMBER( &attributes ); 485 memset( buffer, 0, byte_size + 1 ); 486 PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) ); 487 for( n = 0; n < byte_size; n++ ) 488 TEST_EQUAL( buffer[n], 'K' ); 489 for( n = byte_size; n < buffer_size; n++ ) 490 TEST_EQUAL( buffer[n], 0 ); 491 } 492 493exit: 494 /* 495 * Key attributes may have been returned by psa_get_key_attributes() 496 * thus reset them as required. 497 */ 498 psa_reset_key_attributes( &attributes ); 499 500 psa_destroy_key( key ); 501 PSA_DONE( ); 502 mbedtls_free( buffer ); 503} 504/* END_CASE */ 505 506/* BEGIN_CASE */ 507void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) 508{ 509 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 510 size_t bits = bits_arg; 511 psa_status_t expected_status = expected_status_arg; 512 psa_status_t status; 513 psa_key_type_t type = 514 keypair ? PSA_KEY_TYPE_RSA_KEY_PAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY; 515 size_t buffer_size = /* Slight overapproximations */ 516 keypair ? bits * 9 / 16 + 80 : bits / 8 + 20; 517 unsigned char *buffer = NULL; 518 unsigned char *p; 519 int ret; 520 size_t length; 521 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 522 523 PSA_ASSERT( psa_crypto_init( ) ); 524 ASSERT_ALLOC( buffer, buffer_size ); 525 526 TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p, 527 bits, keypair ) ) >= 0 ); 528 length = ret; 529 530 /* Try importing the key */ 531 psa_set_key_type( &attributes, type ); 532 status = psa_import_key( &attributes, p, length, &key ); 533 TEST_EQUAL( status, expected_status ); 534 535 if( status == PSA_SUCCESS ) 536 PSA_ASSERT( psa_destroy_key( key ) ); 537 538exit: 539 mbedtls_free( buffer ); 540 PSA_DONE( ); 541} 542/* END_CASE */ 543 544/* BEGIN_CASE */ 545void import_export( data_t *data, 546 int type_arg, 547 int usage_arg, int alg_arg, 548 int expected_bits, 549 int export_size_delta, 550 int expected_export_status_arg, 551 int canonical_input ) 552{ 553 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 554 psa_key_type_t type = type_arg; 555 psa_algorithm_t alg = alg_arg; 556 psa_status_t expected_export_status = expected_export_status_arg; 557 psa_status_t status; 558 unsigned char *exported = NULL; 559 unsigned char *reexported = NULL; 560 size_t export_size; 561 size_t exported_length = INVALID_EXPORT_LENGTH; 562 size_t reexported_length; 563 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 564 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 565 566 export_size = (ptrdiff_t) data->len + export_size_delta; 567 ASSERT_ALLOC( exported, export_size ); 568 if( ! canonical_input ) 569 ASSERT_ALLOC( reexported, export_size ); 570 PSA_ASSERT( psa_crypto_init( ) ); 571 572 psa_set_key_usage_flags( &attributes, usage_arg ); 573 psa_set_key_algorithm( &attributes, alg ); 574 psa_set_key_type( &attributes, type ); 575 576 /* Import the key */ 577 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); 578 579 /* Test the key information */ 580 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 581 TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); 582 TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits ); 583 ASSERT_NO_SLOT_NUMBER( &got_attributes ); 584 585 /* Export the key */ 586 status = psa_export_key( key, exported, export_size, &exported_length ); 587 TEST_EQUAL( status, expected_export_status ); 588 589 /* The exported length must be set by psa_export_key() to a value between 0 590 * and export_size. On errors, the exported length must be 0. */ 591 TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH ); 592 TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 ); 593 TEST_ASSERT( exported_length <= export_size ); 594 595 TEST_ASSERT( mem_is_char( exported + exported_length, 0, 596 export_size - exported_length ) ); 597 if( status != PSA_SUCCESS ) 598 { 599 TEST_EQUAL( exported_length, 0 ); 600 goto destroy; 601 } 602 603 /* Run sanity checks on the exported key. For non-canonical inputs, 604 * this validates the canonical representations. For canonical inputs, 605 * this doesn't directly validate the implementation, but it still helps 606 * by cross-validating the test data with the sanity check code. */ 607 if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) ) 608 goto exit; 609 610 if( canonical_input ) 611 ASSERT_COMPARE( data->x, data->len, exported, exported_length ); 612 else 613 { 614 mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; 615 PSA_ASSERT( psa_import_key( &attributes, exported, exported_length, 616 &key2 ) ); 617 PSA_ASSERT( psa_export_key( key2, 618 reexported, 619 export_size, 620 &reexported_length ) ); 621 ASSERT_COMPARE( exported, exported_length, 622 reexported, reexported_length ); 623 PSA_ASSERT( psa_destroy_key( key2 ) ); 624 } 625 TEST_ASSERT( exported_length <= 626 PSA_EXPORT_KEY_OUTPUT_SIZE( type, 627 psa_get_key_bits( &got_attributes ) ) ); 628 TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); 629 630destroy: 631 /* Destroy the key */ 632 PSA_ASSERT( psa_destroy_key( key ) ); 633 test_operations_on_invalid_key( key ); 634 635exit: 636 /* 637 * Key attributes may have been returned by psa_get_key_attributes() 638 * thus reset them as required. 639 */ 640 psa_reset_key_attributes( &got_attributes ); 641 642 mbedtls_free( exported ); 643 mbedtls_free( reexported ); 644 PSA_DONE( ); 645} 646/* END_CASE */ 647 648/* BEGIN_CASE */ 649void import_export_public_key( data_t *data, 650 int type_arg, 651 int alg_arg, 652 int export_size_delta, 653 int expected_export_status_arg, 654 data_t *expected_public_key ) 655{ 656 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 657 psa_key_type_t type = type_arg; 658 psa_algorithm_t alg = alg_arg; 659 psa_status_t expected_export_status = expected_export_status_arg; 660 psa_status_t status; 661 unsigned char *exported = NULL; 662 size_t export_size = expected_public_key->len + export_size_delta; 663 size_t exported_length = INVALID_EXPORT_LENGTH; 664 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 665 666 PSA_ASSERT( psa_crypto_init( ) ); 667 668 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); 669 psa_set_key_algorithm( &attributes, alg ); 670 psa_set_key_type( &attributes, type ); 671 672 /* Import the key */ 673 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); 674 675 /* Export the public key */ 676 ASSERT_ALLOC( exported, export_size ); 677 status = psa_export_public_key( key, 678 exported, export_size, 679 &exported_length ); 680 TEST_EQUAL( status, expected_export_status ); 681 if( status == PSA_SUCCESS ) 682 { 683 psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ); 684 size_t bits; 685 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 686 bits = psa_get_key_bits( &attributes ); 687 TEST_ASSERT( expected_public_key->len <= 688 PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) ); 689 TEST_ASSERT( expected_public_key->len <= 690 PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) ); 691 TEST_ASSERT( expected_public_key->len <= 692 PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); 693 ASSERT_COMPARE( expected_public_key->x, expected_public_key->len, 694 exported, exported_length ); 695 } 696 697exit: 698 /* 699 * Key attributes may have been returned by psa_get_key_attributes() 700 * thus reset them as required. 701 */ 702 psa_reset_key_attributes( &attributes ); 703 704 mbedtls_free( exported ); 705 psa_destroy_key( key ); 706 PSA_DONE( ); 707} 708/* END_CASE */ 709 710/* BEGIN_CASE */ 711void import_and_exercise_key( data_t *data, 712 int type_arg, 713 int bits_arg, 714 int alg_arg ) 715{ 716 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 717 psa_key_type_t type = type_arg; 718 size_t bits = bits_arg; 719 psa_algorithm_t alg = alg_arg; 720 psa_key_usage_t usage = mbedtls_test_psa_usage_to_exercise( type, alg ); 721 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 722 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 723 724 PSA_ASSERT( psa_crypto_init( ) ); 725 726 psa_set_key_usage_flags( &attributes, usage ); 727 psa_set_key_algorithm( &attributes, alg ); 728 psa_set_key_type( &attributes, type ); 729 730 /* Import the key */ 731 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); 732 733 /* Test the key information */ 734 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 735 TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); 736 TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); 737 738 /* Do something with the key according to its type and permitted usage. */ 739 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) 740 goto exit; 741 742 PSA_ASSERT( psa_destroy_key( key ) ); 743 test_operations_on_invalid_key( key ); 744 745exit: 746 /* 747 * Key attributes may have been returned by psa_get_key_attributes() 748 * thus reset them as required. 749 */ 750 psa_reset_key_attributes( &got_attributes ); 751 752 psa_reset_key_attributes( &attributes ); 753 psa_destroy_key( key ); 754 PSA_DONE( ); 755} 756/* END_CASE */ 757 758/* BEGIN_CASE */ 759void effective_key_attributes( int type_arg, int expected_type_arg, 760 int bits_arg, int expected_bits_arg, 761 int usage_arg, int expected_usage_arg, 762 int alg_arg, int expected_alg_arg ) 763{ 764 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 765 psa_key_type_t key_type = type_arg; 766 psa_key_type_t expected_key_type = expected_type_arg; 767 size_t bits = bits_arg; 768 size_t expected_bits = expected_bits_arg; 769 psa_algorithm_t alg = alg_arg; 770 psa_algorithm_t expected_alg = expected_alg_arg; 771 psa_key_usage_t usage = usage_arg; 772 psa_key_usage_t expected_usage = expected_usage_arg; 773 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 774 775 PSA_ASSERT( psa_crypto_init( ) ); 776 777 psa_set_key_usage_flags( &attributes, usage ); 778 psa_set_key_algorithm( &attributes, alg ); 779 psa_set_key_type( &attributes, key_type ); 780 psa_set_key_bits( &attributes, bits ); 781 782 PSA_ASSERT( psa_generate_key( &attributes, &key ) ); 783 psa_reset_key_attributes( &attributes ); 784 785 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 786 TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type ); 787 TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); 788 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage ); 789 TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg ); 790 791exit: 792 /* 793 * Key attributes may have been returned by psa_get_key_attributes() 794 * thus reset them as required. 795 */ 796 psa_reset_key_attributes( &attributes ); 797 798 psa_destroy_key( key ); 799 PSA_DONE( ); 800} 801/* END_CASE */ 802 803/* BEGIN_CASE */ 804void check_key_policy( int type_arg, int bits_arg, 805 int usage_arg, int alg_arg ) 806{ 807 test_effective_key_attributes( type_arg, type_arg, bits_arg, bits_arg, 808 usage_arg, 809 mbedtls_test_update_key_usage_flags( usage_arg ), 810 alg_arg, alg_arg ); 811 goto exit; 812} 813/* END_CASE */ 814 815/* BEGIN_CASE */ 816void key_attributes_init( ) 817{ 818 /* Test each valid way of initializing the object, except for `= {0}`, as 819 * Clang 5 complains when `-Wmissing-field-initializers` is used, even 820 * though it's OK by the C standard. We could test for this, but we'd need 821 * to supress the Clang warning for the test. */ 822 psa_key_attributes_t func = psa_key_attributes_init( ); 823 psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT; 824 psa_key_attributes_t zero; 825 826 memset( &zero, 0, sizeof( zero ) ); 827 828 TEST_EQUAL( psa_get_key_lifetime( &func ), PSA_KEY_LIFETIME_VOLATILE ); 829 TEST_EQUAL( psa_get_key_lifetime( &init ), PSA_KEY_LIFETIME_VOLATILE ); 830 TEST_EQUAL( psa_get_key_lifetime( &zero ), PSA_KEY_LIFETIME_VOLATILE ); 831 832 TEST_EQUAL( psa_get_key_type( &func ), 0 ); 833 TEST_EQUAL( psa_get_key_type( &init ), 0 ); 834 TEST_EQUAL( psa_get_key_type( &zero ), 0 ); 835 836 TEST_EQUAL( psa_get_key_bits( &func ), 0 ); 837 TEST_EQUAL( psa_get_key_bits( &init ), 0 ); 838 TEST_EQUAL( psa_get_key_bits( &zero ), 0 ); 839 840 TEST_EQUAL( psa_get_key_usage_flags( &func ), 0 ); 841 TEST_EQUAL( psa_get_key_usage_flags( &init ), 0 ); 842 TEST_EQUAL( psa_get_key_usage_flags( &zero ), 0 ); 843 844 TEST_EQUAL( psa_get_key_algorithm( &func ), 0 ); 845 TEST_EQUAL( psa_get_key_algorithm( &init ), 0 ); 846 TEST_EQUAL( psa_get_key_algorithm( &zero ), 0 ); 847} 848/* END_CASE */ 849 850/* BEGIN_CASE */ 851void mac_key_policy( int policy_usage_arg, 852 int policy_alg_arg, 853 int key_type_arg, 854 data_t *key_data, 855 int exercise_alg_arg, 856 int expected_status_sign_arg, 857 int expected_status_verify_arg ) 858{ 859 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 860 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 861 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 862 psa_key_type_t key_type = key_type_arg; 863 psa_algorithm_t policy_alg = policy_alg_arg; 864 psa_algorithm_t exercise_alg = exercise_alg_arg; 865 psa_key_usage_t policy_usage = policy_usage_arg; 866 psa_status_t status; 867 psa_status_t expected_status_sign = expected_status_sign_arg; 868 psa_status_t expected_status_verify = expected_status_verify_arg; 869 unsigned char mac[PSA_MAC_MAX_SIZE]; 870 871 PSA_ASSERT( psa_crypto_init( ) ); 872 873 psa_set_key_usage_flags( &attributes, policy_usage ); 874 psa_set_key_algorithm( &attributes, policy_alg ); 875 psa_set_key_type( &attributes, key_type ); 876 877 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 878 &key ) ); 879 880 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 881 mbedtls_test_update_key_usage_flags( policy_usage ) ); 882 883 status = psa_mac_sign_setup( &operation, key, exercise_alg ); 884 TEST_EQUAL( status, expected_status_sign ); 885 886 /* Calculate the MAC, one-shot case. */ 887 uint8_t input[128] = {0}; 888 size_t mac_len; 889 TEST_EQUAL( psa_mac_compute( key, exercise_alg, 890 input, 128, 891 mac, PSA_MAC_MAX_SIZE, &mac_len ), 892 expected_status_sign ); 893 894 /* Verify correct MAC, one-shot case. */ 895 status = psa_mac_verify( key, exercise_alg, input, 128, 896 mac, mac_len ); 897 898 if( expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS ) 899 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); 900 else 901 TEST_EQUAL( status, expected_status_verify ); 902 903 psa_mac_abort( &operation ); 904 905 memset( mac, 0, sizeof( mac ) ); 906 status = psa_mac_verify_setup( &operation, key, exercise_alg ); 907 TEST_EQUAL( status, expected_status_verify ); 908 909exit: 910 psa_mac_abort( &operation ); 911 psa_destroy_key( key ); 912 PSA_DONE( ); 913} 914/* END_CASE */ 915 916/* BEGIN_CASE */ 917void cipher_key_policy( int policy_usage_arg, 918 int policy_alg, 919 int key_type, 920 data_t *key_data, 921 int exercise_alg ) 922{ 923 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 924 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 925 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 926 psa_key_usage_t policy_usage = policy_usage_arg; 927 psa_status_t status; 928 929 PSA_ASSERT( psa_crypto_init( ) ); 930 931 psa_set_key_usage_flags( &attributes, policy_usage ); 932 psa_set_key_algorithm( &attributes, policy_alg ); 933 psa_set_key_type( &attributes, key_type ); 934 935 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 936 &key ) ); 937 938 /* Check if no key usage flag implication is done */ 939 TEST_EQUAL( policy_usage, 940 mbedtls_test_update_key_usage_flags( policy_usage ) ); 941 942 status = psa_cipher_encrypt_setup( &operation, key, exercise_alg ); 943 if( policy_alg == exercise_alg && 944 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 ) 945 PSA_ASSERT( status ); 946 else 947 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 948 psa_cipher_abort( &operation ); 949 950 status = psa_cipher_decrypt_setup( &operation, key, exercise_alg ); 951 if( policy_alg == exercise_alg && 952 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 ) 953 PSA_ASSERT( status ); 954 else 955 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 956 957exit: 958 psa_cipher_abort( &operation ); 959 psa_destroy_key( key ); 960 PSA_DONE( ); 961} 962/* END_CASE */ 963 964/* BEGIN_CASE */ 965void aead_key_policy( int policy_usage_arg, 966 int policy_alg, 967 int key_type, 968 data_t *key_data, 969 int nonce_length_arg, 970 int tag_length_arg, 971 int exercise_alg, 972 int expected_status_arg ) 973{ 974 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 975 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 976 psa_key_usage_t policy_usage = policy_usage_arg; 977 psa_status_t status; 978 psa_status_t expected_status = expected_status_arg; 979 unsigned char nonce[16] = {0}; 980 size_t nonce_length = nonce_length_arg; 981 unsigned char tag[16]; 982 size_t tag_length = tag_length_arg; 983 size_t output_length; 984 985 TEST_ASSERT( nonce_length <= sizeof( nonce ) ); 986 TEST_ASSERT( tag_length <= sizeof( tag ) ); 987 988 PSA_ASSERT( psa_crypto_init( ) ); 989 990 psa_set_key_usage_flags( &attributes, policy_usage ); 991 psa_set_key_algorithm( &attributes, policy_alg ); 992 psa_set_key_type( &attributes, key_type ); 993 994 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 995 &key ) ); 996 997 /* Check if no key usage implication is done */ 998 TEST_EQUAL( policy_usage, 999 mbedtls_test_update_key_usage_flags( policy_usage ) ); 1000 1001 status = psa_aead_encrypt( key, exercise_alg, 1002 nonce, nonce_length, 1003 NULL, 0, 1004 NULL, 0, 1005 tag, tag_length, 1006 &output_length ); 1007 if( ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 ) 1008 TEST_EQUAL( status, expected_status ); 1009 else 1010 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1011 1012 memset( tag, 0, sizeof( tag ) ); 1013 status = psa_aead_decrypt( key, exercise_alg, 1014 nonce, nonce_length, 1015 NULL, 0, 1016 tag, tag_length, 1017 NULL, 0, 1018 &output_length ); 1019 if( ( policy_usage & PSA_KEY_USAGE_DECRYPT ) == 0 ) 1020 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1021 else if( expected_status == PSA_SUCCESS ) 1022 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); 1023 else 1024 TEST_EQUAL( status, expected_status ); 1025 1026exit: 1027 psa_destroy_key( key ); 1028 PSA_DONE( ); 1029} 1030/* END_CASE */ 1031 1032/* BEGIN_CASE */ 1033void asymmetric_encryption_key_policy( int policy_usage_arg, 1034 int policy_alg, 1035 int key_type, 1036 data_t *key_data, 1037 int exercise_alg ) 1038{ 1039 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1040 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1041 psa_key_usage_t policy_usage = policy_usage_arg; 1042 psa_status_t status; 1043 size_t key_bits; 1044 size_t buffer_length; 1045 unsigned char *buffer = NULL; 1046 size_t output_length; 1047 1048 PSA_ASSERT( psa_crypto_init( ) ); 1049 1050 psa_set_key_usage_flags( &attributes, policy_usage ); 1051 psa_set_key_algorithm( &attributes, policy_alg ); 1052 psa_set_key_type( &attributes, key_type ); 1053 1054 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1055 &key ) ); 1056 1057 /* Check if no key usage implication is done */ 1058 TEST_EQUAL( policy_usage, 1059 mbedtls_test_update_key_usage_flags( policy_usage ) ); 1060 1061 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 1062 key_bits = psa_get_key_bits( &attributes ); 1063 buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, 1064 exercise_alg ); 1065 ASSERT_ALLOC( buffer, buffer_length ); 1066 1067 status = psa_asymmetric_encrypt( key, exercise_alg, 1068 NULL, 0, 1069 NULL, 0, 1070 buffer, buffer_length, 1071 &output_length ); 1072 if( policy_alg == exercise_alg && 1073 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 ) 1074 PSA_ASSERT( status ); 1075 else 1076 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1077 1078 if( buffer_length != 0 ) 1079 memset( buffer, 0, buffer_length ); 1080 status = psa_asymmetric_decrypt( key, exercise_alg, 1081 buffer, buffer_length, 1082 NULL, 0, 1083 buffer, buffer_length, 1084 &output_length ); 1085 if( policy_alg == exercise_alg && 1086 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 ) 1087 TEST_EQUAL( status, PSA_ERROR_INVALID_PADDING ); 1088 else 1089 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1090 1091exit: 1092 /* 1093 * Key attributes may have been returned by psa_get_key_attributes() 1094 * thus reset them as required. 1095 */ 1096 psa_reset_key_attributes( &attributes ); 1097 1098 psa_destroy_key( key ); 1099 PSA_DONE( ); 1100 mbedtls_free( buffer ); 1101} 1102/* END_CASE */ 1103 1104/* BEGIN_CASE */ 1105void asymmetric_signature_key_policy( int policy_usage_arg, 1106 int policy_alg, 1107 int key_type, 1108 data_t *key_data, 1109 int exercise_alg, 1110 int payload_length_arg, 1111 int expected_usage_arg ) 1112{ 1113 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1114 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1115 psa_key_usage_t policy_usage = policy_usage_arg; 1116 psa_key_usage_t expected_usage = expected_usage_arg; 1117 psa_status_t status; 1118 unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; 1119 /* If `payload_length_arg > 0`, `exercise_alg` is supposed to be 1120 * compatible with the policy and `payload_length_arg` is supposed to be 1121 * a valid input length to sign. If `payload_length_arg <= 0`, 1122 * `exercise_alg` is supposed to be forbidden by the policy. */ 1123 int compatible_alg = payload_length_arg > 0; 1124 size_t payload_length = compatible_alg ? payload_length_arg : 0; 1125 unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; 1126 size_t signature_length; 1127 1128 /* Check if all implicit usage flags are deployed 1129 in the expected usage flags. */ 1130 TEST_EQUAL( expected_usage, 1131 mbedtls_test_update_key_usage_flags( policy_usage ) ); 1132 1133 PSA_ASSERT( psa_crypto_init( ) ); 1134 1135 psa_set_key_usage_flags( &attributes, policy_usage ); 1136 psa_set_key_algorithm( &attributes, policy_alg ); 1137 psa_set_key_type( &attributes, key_type ); 1138 1139 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1140 &key ) ); 1141 1142 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage ); 1143 1144 status = psa_sign_hash( key, exercise_alg, 1145 payload, payload_length, 1146 signature, sizeof( signature ), 1147 &signature_length ); 1148 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 ) 1149 PSA_ASSERT( status ); 1150 else 1151 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1152 1153 memset( signature, 0, sizeof( signature ) ); 1154 status = psa_verify_hash( key, exercise_alg, 1155 payload, payload_length, 1156 signature, sizeof( signature ) ); 1157 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 ) 1158 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); 1159 else 1160 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1161 1162 if( PSA_ALG_IS_SIGN_HASH( exercise_alg ) && 1163 PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( exercise_alg ) ) ) 1164 { 1165 status = psa_sign_message( key, exercise_alg, 1166 payload, payload_length, 1167 signature, sizeof( signature ), 1168 &signature_length ); 1169 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE ) != 0 ) 1170 PSA_ASSERT( status ); 1171 else 1172 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1173 1174 memset( signature, 0, sizeof( signature ) ); 1175 status = psa_verify_message( key, exercise_alg, 1176 payload, payload_length, 1177 signature, sizeof( signature ) ); 1178 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_MESSAGE ) != 0 ) 1179 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); 1180 else 1181 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1182 } 1183 1184exit: 1185 psa_destroy_key( key ); 1186 PSA_DONE( ); 1187} 1188/* END_CASE */ 1189 1190/* BEGIN_CASE */ 1191void derive_key_policy( int policy_usage, 1192 int policy_alg, 1193 int key_type, 1194 data_t *key_data, 1195 int exercise_alg ) 1196{ 1197 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1198 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1199 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 1200 psa_status_t status; 1201 1202 PSA_ASSERT( psa_crypto_init( ) ); 1203 1204 psa_set_key_usage_flags( &attributes, policy_usage ); 1205 psa_set_key_algorithm( &attributes, policy_alg ); 1206 psa_set_key_type( &attributes, key_type ); 1207 1208 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1209 &key ) ); 1210 1211 PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); 1212 1213 if( PSA_ALG_IS_TLS12_PRF( exercise_alg ) || 1214 PSA_ALG_IS_TLS12_PSK_TO_MS( exercise_alg ) ) 1215 { 1216 PSA_ASSERT( psa_key_derivation_input_bytes( 1217 &operation, 1218 PSA_KEY_DERIVATION_INPUT_SEED, 1219 (const uint8_t*) "", 0) ); 1220 } 1221 1222 status = psa_key_derivation_input_key( &operation, 1223 PSA_KEY_DERIVATION_INPUT_SECRET, 1224 key ); 1225 1226 if( policy_alg == exercise_alg && 1227 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) 1228 PSA_ASSERT( status ); 1229 else 1230 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1231 1232exit: 1233 psa_key_derivation_abort( &operation ); 1234 psa_destroy_key( key ); 1235 PSA_DONE( ); 1236} 1237/* END_CASE */ 1238 1239/* BEGIN_CASE */ 1240void agreement_key_policy( int policy_usage, 1241 int policy_alg, 1242 int key_type_arg, 1243 data_t *key_data, 1244 int exercise_alg, 1245 int expected_status_arg ) 1246{ 1247 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1248 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1249 psa_key_type_t key_type = key_type_arg; 1250 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 1251 psa_status_t status; 1252 psa_status_t expected_status = expected_status_arg; 1253 1254 PSA_ASSERT( psa_crypto_init( ) ); 1255 1256 psa_set_key_usage_flags( &attributes, policy_usage ); 1257 psa_set_key_algorithm( &attributes, policy_alg ); 1258 psa_set_key_type( &attributes, key_type ); 1259 1260 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1261 &key ) ); 1262 1263 PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); 1264 status = mbedtls_test_psa_key_agreement_with_self( &operation, key ); 1265 1266 TEST_EQUAL( status, expected_status ); 1267 1268exit: 1269 psa_key_derivation_abort( &operation ); 1270 psa_destroy_key( key ); 1271 PSA_DONE( ); 1272} 1273/* END_CASE */ 1274 1275/* BEGIN_CASE */ 1276void key_policy_alg2( int key_type_arg, data_t *key_data, 1277 int usage_arg, int alg_arg, int alg2_arg ) 1278{ 1279 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1280 psa_key_type_t key_type = key_type_arg; 1281 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1282 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 1283 psa_key_usage_t usage = usage_arg; 1284 psa_algorithm_t alg = alg_arg; 1285 psa_algorithm_t alg2 = alg2_arg; 1286 1287 PSA_ASSERT( psa_crypto_init( ) ); 1288 1289 psa_set_key_usage_flags( &attributes, usage ); 1290 psa_set_key_algorithm( &attributes, alg ); 1291 psa_set_key_enrollment_algorithm( &attributes, alg2 ); 1292 psa_set_key_type( &attributes, key_type ); 1293 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1294 &key ) ); 1295 1296 /* Update the usage flags to obtain implicit usage flags */ 1297 usage = mbedtls_test_update_key_usage_flags( usage ); 1298 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 1299 TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage ); 1300 TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); 1301 TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 ); 1302 1303 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) 1304 goto exit; 1305 if( ! mbedtls_test_psa_exercise_key( key, usage, alg2 ) ) 1306 goto exit; 1307 1308exit: 1309 /* 1310 * Key attributes may have been returned by psa_get_key_attributes() 1311 * thus reset them as required. 1312 */ 1313 psa_reset_key_attributes( &got_attributes ); 1314 1315 psa_destroy_key( key ); 1316 PSA_DONE( ); 1317} 1318/* END_CASE */ 1319 1320/* BEGIN_CASE */ 1321void raw_agreement_key_policy( int policy_usage, 1322 int policy_alg, 1323 int key_type_arg, 1324 data_t *key_data, 1325 int exercise_alg, 1326 int expected_status_arg ) 1327{ 1328 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1329 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1330 psa_key_type_t key_type = key_type_arg; 1331 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 1332 psa_status_t status; 1333 psa_status_t expected_status = expected_status_arg; 1334 1335 PSA_ASSERT( psa_crypto_init( ) ); 1336 1337 psa_set_key_usage_flags( &attributes, policy_usage ); 1338 psa_set_key_algorithm( &attributes, policy_alg ); 1339 psa_set_key_type( &attributes, key_type ); 1340 1341 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1342 &key ) ); 1343 1344 status = mbedtls_test_psa_raw_key_agreement_with_self( exercise_alg, key ); 1345 1346 TEST_EQUAL( status, expected_status ); 1347 1348exit: 1349 psa_key_derivation_abort( &operation ); 1350 psa_destroy_key( key ); 1351 PSA_DONE( ); 1352} 1353/* END_CASE */ 1354 1355/* BEGIN_CASE */ 1356void copy_success( int source_usage_arg, 1357 int source_alg_arg, int source_alg2_arg, 1358 int type_arg, data_t *material, 1359 int copy_attributes, 1360 int target_usage_arg, 1361 int target_alg_arg, int target_alg2_arg, 1362 int expected_usage_arg, 1363 int expected_alg_arg, int expected_alg2_arg ) 1364{ 1365 psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; 1366 psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; 1367 psa_key_usage_t expected_usage = expected_usage_arg; 1368 psa_algorithm_t expected_alg = expected_alg_arg; 1369 psa_algorithm_t expected_alg2 = expected_alg2_arg; 1370 mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; 1371 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; 1372 uint8_t *export_buffer = NULL; 1373 1374 PSA_ASSERT( psa_crypto_init( ) ); 1375 1376 /* Prepare the source key. */ 1377 psa_set_key_usage_flags( &source_attributes, source_usage_arg ); 1378 psa_set_key_algorithm( &source_attributes, source_alg_arg ); 1379 psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg ); 1380 psa_set_key_type( &source_attributes, type_arg ); 1381 PSA_ASSERT( psa_import_key( &source_attributes, 1382 material->x, material->len, 1383 &source_key ) ); 1384 PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) ); 1385 1386 /* Prepare the target attributes. */ 1387 if( copy_attributes ) 1388 { 1389 target_attributes = source_attributes; 1390 /* Set volatile lifetime to reset the key identifier to 0. */ 1391 psa_set_key_lifetime( &target_attributes, PSA_KEY_LIFETIME_VOLATILE ); 1392 } 1393 1394 if( target_usage_arg != -1 ) 1395 psa_set_key_usage_flags( &target_attributes, target_usage_arg ); 1396 if( target_alg_arg != -1 ) 1397 psa_set_key_algorithm( &target_attributes, target_alg_arg ); 1398 if( target_alg2_arg != -1 ) 1399 psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); 1400 1401 /* Copy the key. */ 1402 PSA_ASSERT( psa_copy_key( source_key, 1403 &target_attributes, &target_key ) ); 1404 1405 /* Destroy the source to ensure that this doesn't affect the target. */ 1406 PSA_ASSERT( psa_destroy_key( source_key ) ); 1407 1408 /* Test that the target slot has the expected content and policy. */ 1409 PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) ); 1410 TEST_EQUAL( psa_get_key_type( &source_attributes ), 1411 psa_get_key_type( &target_attributes ) ); 1412 TEST_EQUAL( psa_get_key_bits( &source_attributes ), 1413 psa_get_key_bits( &target_attributes ) ); 1414 TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) ); 1415 TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) ); 1416 TEST_EQUAL( expected_alg2, 1417 psa_get_key_enrollment_algorithm( &target_attributes ) ); 1418 if( expected_usage & PSA_KEY_USAGE_EXPORT ) 1419 { 1420 size_t length; 1421 ASSERT_ALLOC( export_buffer, material->len ); 1422 PSA_ASSERT( psa_export_key( target_key, export_buffer, 1423 material->len, &length ) ); 1424 ASSERT_COMPARE( material->x, material->len, 1425 export_buffer, length ); 1426 } 1427 1428 if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) ) 1429 goto exit; 1430 if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) ) 1431 goto exit; 1432 1433 PSA_ASSERT( psa_destroy_key( target_key ) ); 1434 1435exit: 1436 /* 1437 * Source and target key attributes may have been returned by 1438 * psa_get_key_attributes() thus reset them as required. 1439 */ 1440 psa_reset_key_attributes( &source_attributes ); 1441 psa_reset_key_attributes( &target_attributes ); 1442 1443 PSA_DONE( ); 1444 mbedtls_free( export_buffer ); 1445} 1446/* END_CASE */ 1447 1448/* BEGIN_CASE */ 1449void copy_fail( int source_usage_arg, 1450 int source_alg_arg, int source_alg2_arg, 1451 int type_arg, data_t *material, 1452 int target_type_arg, int target_bits_arg, 1453 int target_usage_arg, 1454 int target_alg_arg, int target_alg2_arg, 1455 int target_id_arg, int target_lifetime_arg, 1456 int expected_status_arg ) 1457{ 1458 psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; 1459 psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; 1460 mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; 1461 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; 1462 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, target_id_arg ); 1463 1464 PSA_ASSERT( psa_crypto_init( ) ); 1465 1466 /* Prepare the source key. */ 1467 psa_set_key_usage_flags( &source_attributes, source_usage_arg ); 1468 psa_set_key_algorithm( &source_attributes, source_alg_arg ); 1469 psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg ); 1470 psa_set_key_type( &source_attributes, type_arg ); 1471 PSA_ASSERT( psa_import_key( &source_attributes, 1472 material->x, material->len, 1473 &source_key ) ); 1474 1475 /* Prepare the target attributes. */ 1476 psa_set_key_id( &target_attributes, key_id ); 1477 psa_set_key_lifetime( &target_attributes, target_lifetime_arg ); 1478 psa_set_key_type( &target_attributes, target_type_arg ); 1479 psa_set_key_bits( &target_attributes, target_bits_arg ); 1480 psa_set_key_usage_flags( &target_attributes, target_usage_arg ); 1481 psa_set_key_algorithm( &target_attributes, target_alg_arg ); 1482 psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); 1483 1484 /* Try to copy the key. */ 1485 TEST_EQUAL( psa_copy_key( source_key, 1486 &target_attributes, &target_key ), 1487 expected_status_arg ); 1488 1489 PSA_ASSERT( psa_destroy_key( source_key ) ); 1490 1491exit: 1492 psa_reset_key_attributes( &source_attributes ); 1493 psa_reset_key_attributes( &target_attributes ); 1494 PSA_DONE( ); 1495} 1496/* END_CASE */ 1497 1498/* BEGIN_CASE */ 1499void hash_operation_init( ) 1500{ 1501 const uint8_t input[1] = { 0 }; 1502 /* Test each valid way of initializing the object, except for `= {0}`, as 1503 * Clang 5 complains when `-Wmissing-field-initializers` is used, even 1504 * though it's OK by the C standard. We could test for this, but we'd need 1505 * to supress the Clang warning for the test. */ 1506 psa_hash_operation_t func = psa_hash_operation_init( ); 1507 psa_hash_operation_t init = PSA_HASH_OPERATION_INIT; 1508 psa_hash_operation_t zero; 1509 1510 memset( &zero, 0, sizeof( zero ) ); 1511 1512 /* A freshly-initialized hash operation should not be usable. */ 1513 TEST_EQUAL( psa_hash_update( &func, input, sizeof( input ) ), 1514 PSA_ERROR_BAD_STATE ); 1515 TEST_EQUAL( psa_hash_update( &init, input, sizeof( input ) ), 1516 PSA_ERROR_BAD_STATE ); 1517 TEST_EQUAL( psa_hash_update( &zero, input, sizeof( input ) ), 1518 PSA_ERROR_BAD_STATE ); 1519 1520 /* A default hash operation should be abortable without error. */ 1521 PSA_ASSERT( psa_hash_abort( &func ) ); 1522 PSA_ASSERT( psa_hash_abort( &init ) ); 1523 PSA_ASSERT( psa_hash_abort( &zero ) ); 1524} 1525/* END_CASE */ 1526 1527/* BEGIN_CASE */ 1528void hash_setup( int alg_arg, 1529 int expected_status_arg ) 1530{ 1531 psa_algorithm_t alg = alg_arg; 1532 psa_status_t expected_status = expected_status_arg; 1533 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 1534 psa_status_t status; 1535 1536 PSA_ASSERT( psa_crypto_init( ) ); 1537 1538 status = psa_hash_setup( &operation, alg ); 1539 TEST_EQUAL( status, expected_status ); 1540 1541 /* Whether setup succeeded or failed, abort must succeed. */ 1542 PSA_ASSERT( psa_hash_abort( &operation ) ); 1543 1544 /* If setup failed, reproduce the failure, so as to 1545 * test the resulting state of the operation object. */ 1546 if( status != PSA_SUCCESS ) 1547 TEST_EQUAL( psa_hash_setup( &operation, alg ), status ); 1548 1549 /* Now the operation object should be reusable. */ 1550#if defined(KNOWN_SUPPORTED_HASH_ALG) 1551 PSA_ASSERT( psa_hash_setup( &operation, KNOWN_SUPPORTED_HASH_ALG ) ); 1552 PSA_ASSERT( psa_hash_abort( &operation ) ); 1553#endif 1554 1555exit: 1556 PSA_DONE( ); 1557} 1558/* END_CASE */ 1559 1560/* BEGIN_CASE */ 1561void hash_compute_fail( int alg_arg, data_t *input, 1562 int output_size_arg, int expected_status_arg ) 1563{ 1564 psa_algorithm_t alg = alg_arg; 1565 uint8_t *output = NULL; 1566 size_t output_size = output_size_arg; 1567 size_t output_length = INVALID_EXPORT_LENGTH; 1568 psa_status_t expected_status = expected_status_arg; 1569 psa_status_t status; 1570 1571 ASSERT_ALLOC( output, output_size ); 1572 1573 PSA_ASSERT( psa_crypto_init( ) ); 1574 1575 status = psa_hash_compute( alg, input->x, input->len, 1576 output, output_size, &output_length ); 1577 TEST_EQUAL( status, expected_status ); 1578 TEST_ASSERT( output_length <= output_size ); 1579 1580exit: 1581 mbedtls_free( output ); 1582 PSA_DONE( ); 1583} 1584/* END_CASE */ 1585 1586/* BEGIN_CASE */ 1587void hash_compare_fail( int alg_arg, data_t *input, 1588 data_t *reference_hash, 1589 int expected_status_arg ) 1590{ 1591 psa_algorithm_t alg = alg_arg; 1592 psa_status_t expected_status = expected_status_arg; 1593 psa_status_t status; 1594 1595 PSA_ASSERT( psa_crypto_init( ) ); 1596 1597 status = psa_hash_compare( alg, input->x, input->len, 1598 reference_hash->x, reference_hash->len ); 1599 TEST_EQUAL( status, expected_status ); 1600 1601exit: 1602 PSA_DONE( ); 1603} 1604/* END_CASE */ 1605 1606/* BEGIN_CASE */ 1607void hash_compute_compare( int alg_arg, data_t *input, 1608 data_t *expected_output ) 1609{ 1610 psa_algorithm_t alg = alg_arg; 1611 uint8_t output[PSA_HASH_MAX_SIZE + 1]; 1612 size_t output_length = INVALID_EXPORT_LENGTH; 1613 size_t i; 1614 1615 PSA_ASSERT( psa_crypto_init( ) ); 1616 1617 /* Compute with tight buffer */ 1618 PSA_ASSERT( psa_hash_compute( alg, input->x, input->len, 1619 output, PSA_HASH_LENGTH( alg ), 1620 &output_length ) ); 1621 TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) ); 1622 ASSERT_COMPARE( output, output_length, 1623 expected_output->x, expected_output->len ); 1624 1625 /* Compute with larger buffer */ 1626 PSA_ASSERT( psa_hash_compute( alg, input->x, input->len, 1627 output, sizeof( output ), 1628 &output_length ) ); 1629 TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) ); 1630 ASSERT_COMPARE( output, output_length, 1631 expected_output->x, expected_output->len ); 1632 1633 /* Compare with correct hash */ 1634 PSA_ASSERT( psa_hash_compare( alg, input->x, input->len, 1635 output, output_length ) ); 1636 1637 /* Compare with trailing garbage */ 1638 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len, 1639 output, output_length + 1 ), 1640 PSA_ERROR_INVALID_SIGNATURE ); 1641 1642 /* Compare with truncated hash */ 1643 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len, 1644 output, output_length - 1 ), 1645 PSA_ERROR_INVALID_SIGNATURE ); 1646 1647 /* Compare with corrupted value */ 1648 for( i = 0; i < output_length; i++ ) 1649 { 1650 mbedtls_test_set_step( i ); 1651 output[i] ^= 1; 1652 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len, 1653 output, output_length ), 1654 PSA_ERROR_INVALID_SIGNATURE ); 1655 output[i] ^= 1; 1656 } 1657 1658exit: 1659 PSA_DONE( ); 1660} 1661/* END_CASE */ 1662 1663/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 1664void hash_bad_order( ) 1665{ 1666 psa_algorithm_t alg = PSA_ALG_SHA_256; 1667 unsigned char input[] = ""; 1668 /* SHA-256 hash of an empty string */ 1669 const unsigned char valid_hash[] = { 1670 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 1671 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 1672 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 }; 1673 unsigned char hash[sizeof(valid_hash)] = { 0 }; 1674 size_t hash_len; 1675 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 1676 1677 PSA_ASSERT( psa_crypto_init( ) ); 1678 1679 /* Call setup twice in a row. */ 1680 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1681 ASSERT_OPERATION_IS_ACTIVE( operation ); 1682 TEST_EQUAL( psa_hash_setup( &operation, alg ), 1683 PSA_ERROR_BAD_STATE ); 1684 ASSERT_OPERATION_IS_INACTIVE( operation ); 1685 PSA_ASSERT( psa_hash_abort( &operation ) ); 1686 ASSERT_OPERATION_IS_INACTIVE( operation ); 1687 1688 /* Call update without calling setup beforehand. */ 1689 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ), 1690 PSA_ERROR_BAD_STATE ); 1691 PSA_ASSERT( psa_hash_abort( &operation ) ); 1692 1693 /* Check that update calls abort on error. */ 1694 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1695 operation.id = UINT_MAX; 1696 ASSERT_OPERATION_IS_ACTIVE( operation ); 1697 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ), 1698 PSA_ERROR_BAD_STATE ); 1699 ASSERT_OPERATION_IS_INACTIVE( operation ); 1700 PSA_ASSERT( psa_hash_abort( &operation ) ); 1701 ASSERT_OPERATION_IS_INACTIVE( operation ); 1702 1703 /* Call update after finish. */ 1704 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1705 PSA_ASSERT( psa_hash_finish( &operation, 1706 hash, sizeof( hash ), &hash_len ) ); 1707 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ), 1708 PSA_ERROR_BAD_STATE ); 1709 PSA_ASSERT( psa_hash_abort( &operation ) ); 1710 1711 /* Call verify without calling setup beforehand. */ 1712 TEST_EQUAL( psa_hash_verify( &operation, 1713 valid_hash, sizeof( valid_hash ) ), 1714 PSA_ERROR_BAD_STATE ); 1715 PSA_ASSERT( psa_hash_abort( &operation ) ); 1716 1717 /* Call verify after finish. */ 1718 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1719 PSA_ASSERT( psa_hash_finish( &operation, 1720 hash, sizeof( hash ), &hash_len ) ); 1721 TEST_EQUAL( psa_hash_verify( &operation, 1722 valid_hash, sizeof( valid_hash ) ), 1723 PSA_ERROR_BAD_STATE ); 1724 PSA_ASSERT( psa_hash_abort( &operation ) ); 1725 1726 /* Call verify twice in a row. */ 1727 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1728 ASSERT_OPERATION_IS_ACTIVE( operation ); 1729 PSA_ASSERT( psa_hash_verify( &operation, 1730 valid_hash, sizeof( valid_hash ) ) ); 1731 ASSERT_OPERATION_IS_INACTIVE( operation ); 1732 TEST_EQUAL( psa_hash_verify( &operation, 1733 valid_hash, sizeof( valid_hash ) ), 1734 PSA_ERROR_BAD_STATE ); 1735 ASSERT_OPERATION_IS_INACTIVE( operation ); 1736 PSA_ASSERT( psa_hash_abort( &operation ) ); 1737 1738 /* Call finish without calling setup beforehand. */ 1739 TEST_EQUAL( psa_hash_finish( &operation, 1740 hash, sizeof( hash ), &hash_len ), 1741 PSA_ERROR_BAD_STATE ); 1742 PSA_ASSERT( psa_hash_abort( &operation ) ); 1743 1744 /* Call finish twice in a row. */ 1745 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1746 PSA_ASSERT( psa_hash_finish( &operation, 1747 hash, sizeof( hash ), &hash_len ) ); 1748 TEST_EQUAL( psa_hash_finish( &operation, 1749 hash, sizeof( hash ), &hash_len ), 1750 PSA_ERROR_BAD_STATE ); 1751 PSA_ASSERT( psa_hash_abort( &operation ) ); 1752 1753 /* Call finish after calling verify. */ 1754 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1755 PSA_ASSERT( psa_hash_verify( &operation, 1756 valid_hash, sizeof( valid_hash ) ) ); 1757 TEST_EQUAL( psa_hash_finish( &operation, 1758 hash, sizeof( hash ), &hash_len ), 1759 PSA_ERROR_BAD_STATE ); 1760 PSA_ASSERT( psa_hash_abort( &operation ) ); 1761 1762exit: 1763 PSA_DONE( ); 1764} 1765/* END_CASE */ 1766 1767/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 1768void hash_verify_bad_args( ) 1769{ 1770 psa_algorithm_t alg = PSA_ALG_SHA_256; 1771 /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb) 1772 * appended to it */ 1773 unsigned char hash[] = { 1774 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 1775 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 1776 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb }; 1777 size_t expected_size = PSA_HASH_LENGTH( alg ); 1778 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 1779 1780 PSA_ASSERT( psa_crypto_init( ) ); 1781 1782 /* psa_hash_verify with a smaller hash than expected */ 1783 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1784 ASSERT_OPERATION_IS_ACTIVE( operation ); 1785 TEST_EQUAL( psa_hash_verify( &operation, hash, expected_size - 1 ), 1786 PSA_ERROR_INVALID_SIGNATURE ); 1787 ASSERT_OPERATION_IS_INACTIVE( operation ); 1788 PSA_ASSERT( psa_hash_abort( &operation ) ); 1789 ASSERT_OPERATION_IS_INACTIVE( operation ); 1790 1791 /* psa_hash_verify with a non-matching hash */ 1792 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1793 TEST_EQUAL( psa_hash_verify( &operation, hash + 1, expected_size ), 1794 PSA_ERROR_INVALID_SIGNATURE ); 1795 1796 /* psa_hash_verify with a hash longer than expected */ 1797 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1798 TEST_EQUAL( psa_hash_verify( &operation, hash, sizeof( hash ) ), 1799 PSA_ERROR_INVALID_SIGNATURE ); 1800 1801exit: 1802 PSA_DONE( ); 1803} 1804/* END_CASE */ 1805 1806/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 1807void hash_finish_bad_args( ) 1808{ 1809 psa_algorithm_t alg = PSA_ALG_SHA_256; 1810 unsigned char hash[PSA_HASH_MAX_SIZE]; 1811 size_t expected_size = PSA_HASH_LENGTH( alg ); 1812 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 1813 size_t hash_len; 1814 1815 PSA_ASSERT( psa_crypto_init( ) ); 1816 1817 /* psa_hash_finish with a smaller hash buffer than expected */ 1818 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1819 TEST_EQUAL( psa_hash_finish( &operation, 1820 hash, expected_size - 1, &hash_len ), 1821 PSA_ERROR_BUFFER_TOO_SMALL ); 1822 1823exit: 1824 PSA_DONE( ); 1825} 1826/* END_CASE */ 1827 1828/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 1829void hash_clone_source_state( ) 1830{ 1831 psa_algorithm_t alg = PSA_ALG_SHA_256; 1832 unsigned char hash[PSA_HASH_MAX_SIZE]; 1833 psa_hash_operation_t op_source = PSA_HASH_OPERATION_INIT; 1834 psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT; 1835 psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT; 1836 psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT; 1837 psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT; 1838 size_t hash_len; 1839 1840 PSA_ASSERT( psa_crypto_init( ) ); 1841 PSA_ASSERT( psa_hash_setup( &op_source, alg ) ); 1842 1843 PSA_ASSERT( psa_hash_setup( &op_setup, alg ) ); 1844 PSA_ASSERT( psa_hash_setup( &op_finished, alg ) ); 1845 PSA_ASSERT( psa_hash_finish( &op_finished, 1846 hash, sizeof( hash ), &hash_len ) ); 1847 PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) ); 1848 PSA_ASSERT( psa_hash_abort( &op_aborted ) ); 1849 1850 TEST_EQUAL( psa_hash_clone( &op_source, &op_setup ), 1851 PSA_ERROR_BAD_STATE ); 1852 1853 PSA_ASSERT( psa_hash_clone( &op_source, &op_init ) ); 1854 PSA_ASSERT( psa_hash_finish( &op_init, 1855 hash, sizeof( hash ), &hash_len ) ); 1856 PSA_ASSERT( psa_hash_clone( &op_source, &op_finished ) ); 1857 PSA_ASSERT( psa_hash_finish( &op_finished, 1858 hash, sizeof( hash ), &hash_len ) ); 1859 PSA_ASSERT( psa_hash_clone( &op_source, &op_aborted ) ); 1860 PSA_ASSERT( psa_hash_finish( &op_aborted, 1861 hash, sizeof( hash ), &hash_len ) ); 1862 1863exit: 1864 psa_hash_abort( &op_source ); 1865 psa_hash_abort( &op_init ); 1866 psa_hash_abort( &op_setup ); 1867 psa_hash_abort( &op_finished ); 1868 psa_hash_abort( &op_aborted ); 1869 PSA_DONE( ); 1870} 1871/* END_CASE */ 1872 1873/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 1874void hash_clone_target_state( ) 1875{ 1876 psa_algorithm_t alg = PSA_ALG_SHA_256; 1877 unsigned char hash[PSA_HASH_MAX_SIZE]; 1878 psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT; 1879 psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT; 1880 psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT; 1881 psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT; 1882 psa_hash_operation_t op_target = PSA_HASH_OPERATION_INIT; 1883 size_t hash_len; 1884 1885 PSA_ASSERT( psa_crypto_init( ) ); 1886 1887 PSA_ASSERT( psa_hash_setup( &op_setup, alg ) ); 1888 PSA_ASSERT( psa_hash_setup( &op_finished, alg ) ); 1889 PSA_ASSERT( psa_hash_finish( &op_finished, 1890 hash, sizeof( hash ), &hash_len ) ); 1891 PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) ); 1892 PSA_ASSERT( psa_hash_abort( &op_aborted ) ); 1893 1894 PSA_ASSERT( psa_hash_clone( &op_setup, &op_target ) ); 1895 PSA_ASSERT( psa_hash_finish( &op_target, 1896 hash, sizeof( hash ), &hash_len ) ); 1897 1898 TEST_EQUAL( psa_hash_clone( &op_init, &op_target ), PSA_ERROR_BAD_STATE ); 1899 TEST_EQUAL( psa_hash_clone( &op_finished, &op_target ), 1900 PSA_ERROR_BAD_STATE ); 1901 TEST_EQUAL( psa_hash_clone( &op_aborted, &op_target ), 1902 PSA_ERROR_BAD_STATE ); 1903 1904exit: 1905 psa_hash_abort( &op_target ); 1906 psa_hash_abort( &op_init ); 1907 psa_hash_abort( &op_setup ); 1908 psa_hash_abort( &op_finished ); 1909 psa_hash_abort( &op_aborted ); 1910 PSA_DONE( ); 1911} 1912/* END_CASE */ 1913 1914/* BEGIN_CASE */ 1915void mac_operation_init( ) 1916{ 1917 const uint8_t input[1] = { 0 }; 1918 1919 /* Test each valid way of initializing the object, except for `= {0}`, as 1920 * Clang 5 complains when `-Wmissing-field-initializers` is used, even 1921 * though it's OK by the C standard. We could test for this, but we'd need 1922 * to supress the Clang warning for the test. */ 1923 psa_mac_operation_t func = psa_mac_operation_init( ); 1924 psa_mac_operation_t init = PSA_MAC_OPERATION_INIT; 1925 psa_mac_operation_t zero; 1926 1927 memset( &zero, 0, sizeof( zero ) ); 1928 1929 /* A freshly-initialized MAC operation should not be usable. */ 1930 TEST_EQUAL( psa_mac_update( &func, 1931 input, sizeof( input ) ), 1932 PSA_ERROR_BAD_STATE ); 1933 TEST_EQUAL( psa_mac_update( &init, 1934 input, sizeof( input ) ), 1935 PSA_ERROR_BAD_STATE ); 1936 TEST_EQUAL( psa_mac_update( &zero, 1937 input, sizeof( input ) ), 1938 PSA_ERROR_BAD_STATE ); 1939 1940 /* A default MAC operation should be abortable without error. */ 1941 PSA_ASSERT( psa_mac_abort( &func ) ); 1942 PSA_ASSERT( psa_mac_abort( &init ) ); 1943 PSA_ASSERT( psa_mac_abort( &zero ) ); 1944} 1945/* END_CASE */ 1946 1947/* BEGIN_CASE */ 1948void mac_setup( int key_type_arg, 1949 data_t *key, 1950 int alg_arg, 1951 int expected_status_arg ) 1952{ 1953 psa_key_type_t key_type = key_type_arg; 1954 psa_algorithm_t alg = alg_arg; 1955 psa_status_t expected_status = expected_status_arg; 1956 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1957 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1958#if defined(KNOWN_SUPPORTED_MAC_ALG) 1959 const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk"; 1960#endif 1961 1962 PSA_ASSERT( psa_crypto_init( ) ); 1963 1964 if( ! exercise_mac_setup( key_type, key->x, key->len, alg, 1965 &operation, &status ) ) 1966 goto exit; 1967 TEST_EQUAL( status, expected_status ); 1968 1969 /* The operation object should be reusable. */ 1970#if defined(KNOWN_SUPPORTED_MAC_ALG) 1971 if( ! exercise_mac_setup( KNOWN_SUPPORTED_MAC_KEY_TYPE, 1972 smoke_test_key_data, 1973 sizeof( smoke_test_key_data ), 1974 KNOWN_SUPPORTED_MAC_ALG, 1975 &operation, &status ) ) 1976 goto exit; 1977 TEST_EQUAL( status, PSA_SUCCESS ); 1978#endif 1979 1980exit: 1981 PSA_DONE( ); 1982} 1983/* END_CASE */ 1984 1985/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_HMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256 */ 1986void mac_bad_order( ) 1987{ 1988 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1989 psa_key_type_t key_type = PSA_KEY_TYPE_HMAC; 1990 psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256); 1991 const uint8_t key_data[] = { 1992 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1993 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 1994 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; 1995 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1996 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1997 uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 }; 1998 size_t sign_mac_length = 0; 1999 const uint8_t input[] = { 0xbb, 0xbb, 0xbb, 0xbb }; 2000 const uint8_t verify_mac[] = { 2001 0x74, 0x65, 0x93, 0x8c, 0xeb, 0x1d, 0xb3, 0x76, 0x5a, 0x38, 0xe7, 0xdd, 2002 0x85, 0xc5, 0xad, 0x4f, 0x07, 0xe7, 0xd5, 0xb2, 0x64, 0xf0, 0x1a, 0x1a, 2003 0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 }; 2004 2005 PSA_ASSERT( psa_crypto_init( ) ); 2006 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); 2007 psa_set_key_algorithm( &attributes, alg ); 2008 psa_set_key_type( &attributes, key_type ); 2009 2010 PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), 2011 &key ) ); 2012 2013 /* Call update without calling setup beforehand. */ 2014 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ), 2015 PSA_ERROR_BAD_STATE ); 2016 PSA_ASSERT( psa_mac_abort( &operation ) ); 2017 2018 /* Call sign finish without calling setup beforehand. */ 2019 TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), 2020 &sign_mac_length), 2021 PSA_ERROR_BAD_STATE ); 2022 PSA_ASSERT( psa_mac_abort( &operation ) ); 2023 2024 /* Call verify finish without calling setup beforehand. */ 2025 TEST_EQUAL( psa_mac_verify_finish( &operation, 2026 verify_mac, sizeof( verify_mac ) ), 2027 PSA_ERROR_BAD_STATE ); 2028 PSA_ASSERT( psa_mac_abort( &operation ) ); 2029 2030 /* Call setup twice in a row. */ 2031 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); 2032 ASSERT_OPERATION_IS_ACTIVE( operation ); 2033 TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ), 2034 PSA_ERROR_BAD_STATE ); 2035 ASSERT_OPERATION_IS_INACTIVE( operation ); 2036 PSA_ASSERT( psa_mac_abort( &operation ) ); 2037 ASSERT_OPERATION_IS_INACTIVE( operation ); 2038 2039 /* Call update after sign finish. */ 2040 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); 2041 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2042 PSA_ASSERT( psa_mac_sign_finish( &operation, 2043 sign_mac, sizeof( sign_mac ), 2044 &sign_mac_length ) ); 2045 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ), 2046 PSA_ERROR_BAD_STATE ); 2047 PSA_ASSERT( psa_mac_abort( &operation ) ); 2048 2049 /* Call update after verify finish. */ 2050 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2051 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2052 PSA_ASSERT( psa_mac_verify_finish( &operation, 2053 verify_mac, sizeof( verify_mac ) ) ); 2054 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ), 2055 PSA_ERROR_BAD_STATE ); 2056 PSA_ASSERT( psa_mac_abort( &operation ) ); 2057 2058 /* Call sign finish twice in a row. */ 2059 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); 2060 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2061 PSA_ASSERT( psa_mac_sign_finish( &operation, 2062 sign_mac, sizeof( sign_mac ), 2063 &sign_mac_length ) ); 2064 TEST_EQUAL( psa_mac_sign_finish( &operation, 2065 sign_mac, sizeof( sign_mac ), 2066 &sign_mac_length ), 2067 PSA_ERROR_BAD_STATE ); 2068 PSA_ASSERT( psa_mac_abort( &operation ) ); 2069 2070 /* Call verify finish twice in a row. */ 2071 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2072 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2073 PSA_ASSERT( psa_mac_verify_finish( &operation, 2074 verify_mac, sizeof( verify_mac ) ) ); 2075 TEST_EQUAL( psa_mac_verify_finish( &operation, 2076 verify_mac, sizeof( verify_mac ) ), 2077 PSA_ERROR_BAD_STATE ); 2078 PSA_ASSERT( psa_mac_abort( &operation ) ); 2079 2080 /* Setup sign but try verify. */ 2081 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); 2082 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2083 ASSERT_OPERATION_IS_ACTIVE( operation ); 2084 TEST_EQUAL( psa_mac_verify_finish( &operation, 2085 verify_mac, sizeof( verify_mac ) ), 2086 PSA_ERROR_BAD_STATE ); 2087 ASSERT_OPERATION_IS_INACTIVE( operation ); 2088 PSA_ASSERT( psa_mac_abort( &operation ) ); 2089 ASSERT_OPERATION_IS_INACTIVE( operation ); 2090 2091 /* Setup verify but try sign. */ 2092 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2093 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2094 ASSERT_OPERATION_IS_ACTIVE( operation ); 2095 TEST_EQUAL( psa_mac_sign_finish( &operation, 2096 sign_mac, sizeof( sign_mac ), 2097 &sign_mac_length ), 2098 PSA_ERROR_BAD_STATE ); 2099 ASSERT_OPERATION_IS_INACTIVE( operation ); 2100 PSA_ASSERT( psa_mac_abort( &operation ) ); 2101 ASSERT_OPERATION_IS_INACTIVE( operation ); 2102 2103 PSA_ASSERT( psa_destroy_key( key ) ); 2104 2105exit: 2106 PSA_DONE( ); 2107} 2108/* END_CASE */ 2109 2110/* BEGIN_CASE */ 2111void mac_sign( int key_type_arg, 2112 data_t *key_data, 2113 int alg_arg, 2114 data_t *input, 2115 data_t *expected_mac ) 2116{ 2117 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2118 psa_key_type_t key_type = key_type_arg; 2119 psa_algorithm_t alg = alg_arg; 2120 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2121 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2122 uint8_t *actual_mac = NULL; 2123 size_t mac_buffer_size = 2124 PSA_MAC_LENGTH( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg ); 2125 size_t mac_length = 0; 2126 const size_t output_sizes_to_test[] = { 2127 0, 2128 1, 2129 expected_mac->len - 1, 2130 expected_mac->len, 2131 expected_mac->len + 1, 2132 }; 2133 2134 TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE ); 2135 /* We expect PSA_MAC_LENGTH to be exact. */ 2136 TEST_ASSERT( expected_mac->len == mac_buffer_size ); 2137 2138 PSA_ASSERT( psa_crypto_init( ) ); 2139 2140 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 2141 psa_set_key_algorithm( &attributes, alg ); 2142 psa_set_key_type( &attributes, key_type ); 2143 2144 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2145 &key ) ); 2146 2147 for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ ) 2148 { 2149 const size_t output_size = output_sizes_to_test[i]; 2150 psa_status_t expected_status = 2151 ( output_size >= expected_mac->len ? PSA_SUCCESS : 2152 PSA_ERROR_BUFFER_TOO_SMALL ); 2153 2154 mbedtls_test_set_step( output_size ); 2155 ASSERT_ALLOC( actual_mac, output_size ); 2156 2157 /* Calculate the MAC, one-shot case. */ 2158 TEST_EQUAL( psa_mac_compute( key, alg, 2159 input->x, input->len, 2160 actual_mac, output_size, &mac_length ), 2161 expected_status ); 2162 if( expected_status == PSA_SUCCESS ) 2163 { 2164 ASSERT_COMPARE( expected_mac->x, expected_mac->len, 2165 actual_mac, mac_length ); 2166 } 2167 2168 if( output_size > 0 ) 2169 memset( actual_mac, 0, output_size ); 2170 2171 /* Calculate the MAC, multi-part case. */ 2172 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); 2173 PSA_ASSERT( psa_mac_update( &operation, 2174 input->x, input->len ) ); 2175 TEST_EQUAL( psa_mac_sign_finish( &operation, 2176 actual_mac, output_size, 2177 &mac_length ), 2178 expected_status ); 2179 PSA_ASSERT( psa_mac_abort( &operation ) ); 2180 2181 if( expected_status == PSA_SUCCESS ) 2182 { 2183 ASSERT_COMPARE( expected_mac->x, expected_mac->len, 2184 actual_mac, mac_length ); 2185 } 2186 mbedtls_free( actual_mac ); 2187 actual_mac = NULL; 2188 } 2189 2190exit: 2191 psa_mac_abort( &operation ); 2192 psa_destroy_key( key ); 2193 PSA_DONE( ); 2194 mbedtls_free( actual_mac ); 2195} 2196/* END_CASE */ 2197 2198/* BEGIN_CASE */ 2199void mac_verify( int key_type_arg, 2200 data_t *key_data, 2201 int alg_arg, 2202 data_t *input, 2203 data_t *expected_mac ) 2204{ 2205 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2206 psa_key_type_t key_type = key_type_arg; 2207 psa_algorithm_t alg = alg_arg; 2208 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2209 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2210 uint8_t *perturbed_mac = NULL; 2211 2212 TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE ); 2213 2214 PSA_ASSERT( psa_crypto_init( ) ); 2215 2216 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); 2217 psa_set_key_algorithm( &attributes, alg ); 2218 psa_set_key_type( &attributes, key_type ); 2219 2220 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2221 &key ) ); 2222 2223 /* Verify correct MAC, one-shot case. */ 2224 PSA_ASSERT( psa_mac_verify( key, alg, input->x, input->len, 2225 expected_mac->x, expected_mac->len ) ); 2226 2227 /* Verify correct MAC, multi-part case. */ 2228 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2229 PSA_ASSERT( psa_mac_update( &operation, 2230 input->x, input->len ) ); 2231 PSA_ASSERT( psa_mac_verify_finish( &operation, 2232 expected_mac->x, 2233 expected_mac->len ) ); 2234 2235 /* Test a MAC that's too short, one-shot case. */ 2236 TEST_EQUAL( psa_mac_verify( key, alg, 2237 input->x, input->len, 2238 expected_mac->x, 2239 expected_mac->len - 1 ), 2240 PSA_ERROR_INVALID_SIGNATURE ); 2241 2242 /* Test a MAC that's too short, multi-part case. */ 2243 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2244 PSA_ASSERT( psa_mac_update( &operation, 2245 input->x, input->len ) ); 2246 TEST_EQUAL( psa_mac_verify_finish( &operation, 2247 expected_mac->x, 2248 expected_mac->len - 1 ), 2249 PSA_ERROR_INVALID_SIGNATURE ); 2250 2251 /* Test a MAC that's too long, one-shot case. */ 2252 ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 ); 2253 memcpy( perturbed_mac, expected_mac->x, expected_mac->len ); 2254 TEST_EQUAL( psa_mac_verify( key, alg, 2255 input->x, input->len, 2256 perturbed_mac, expected_mac->len + 1 ), 2257 PSA_ERROR_INVALID_SIGNATURE ); 2258 2259 /* Test a MAC that's too long, multi-part case. */ 2260 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2261 PSA_ASSERT( psa_mac_update( &operation, 2262 input->x, input->len ) ); 2263 TEST_EQUAL( psa_mac_verify_finish( &operation, 2264 perturbed_mac, 2265 expected_mac->len + 1 ), 2266 PSA_ERROR_INVALID_SIGNATURE ); 2267 2268 /* Test changing one byte. */ 2269 for( size_t i = 0; i < expected_mac->len; i++ ) 2270 { 2271 mbedtls_test_set_step( i ); 2272 perturbed_mac[i] ^= 1; 2273 2274 TEST_EQUAL( psa_mac_verify( key, alg, 2275 input->x, input->len, 2276 perturbed_mac, expected_mac->len ), 2277 PSA_ERROR_INVALID_SIGNATURE ); 2278 2279 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2280 PSA_ASSERT( psa_mac_update( &operation, 2281 input->x, input->len ) ); 2282 TEST_EQUAL( psa_mac_verify_finish( &operation, 2283 perturbed_mac, 2284 expected_mac->len ), 2285 PSA_ERROR_INVALID_SIGNATURE ); 2286 perturbed_mac[i] ^= 1; 2287 } 2288 2289exit: 2290 psa_mac_abort( &operation ); 2291 psa_destroy_key( key ); 2292 PSA_DONE( ); 2293 mbedtls_free( perturbed_mac ); 2294} 2295/* END_CASE */ 2296 2297/* BEGIN_CASE */ 2298void cipher_operation_init( ) 2299{ 2300 const uint8_t input[1] = { 0 }; 2301 unsigned char output[1] = { 0 }; 2302 size_t output_length; 2303 /* Test each valid way of initializing the object, except for `= {0}`, as 2304 * Clang 5 complains when `-Wmissing-field-initializers` is used, even 2305 * though it's OK by the C standard. We could test for this, but we'd need 2306 * to supress the Clang warning for the test. */ 2307 psa_cipher_operation_t func = psa_cipher_operation_init( ); 2308 psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT; 2309 psa_cipher_operation_t zero; 2310 2311 memset( &zero, 0, sizeof( zero ) ); 2312 2313 /* A freshly-initialized cipher operation should not be usable. */ 2314 TEST_EQUAL( psa_cipher_update( &func, 2315 input, sizeof( input ), 2316 output, sizeof( output ), 2317 &output_length ), 2318 PSA_ERROR_BAD_STATE ); 2319 TEST_EQUAL( psa_cipher_update( &init, 2320 input, sizeof( input ), 2321 output, sizeof( output ), 2322 &output_length ), 2323 PSA_ERROR_BAD_STATE ); 2324 TEST_EQUAL( psa_cipher_update( &zero, 2325 input, sizeof( input ), 2326 output, sizeof( output ), 2327 &output_length ), 2328 PSA_ERROR_BAD_STATE ); 2329 2330 /* A default cipher operation should be abortable without error. */ 2331 PSA_ASSERT( psa_cipher_abort( &func ) ); 2332 PSA_ASSERT( psa_cipher_abort( &init ) ); 2333 PSA_ASSERT( psa_cipher_abort( &zero ) ); 2334} 2335/* END_CASE */ 2336 2337/* BEGIN_CASE */ 2338void cipher_setup( int key_type_arg, 2339 data_t *key, 2340 int alg_arg, 2341 int expected_status_arg ) 2342{ 2343 psa_key_type_t key_type = key_type_arg; 2344 psa_algorithm_t alg = alg_arg; 2345 psa_status_t expected_status = expected_status_arg; 2346 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2347 psa_status_t status; 2348#if defined(KNOWN_SUPPORTED_CIPHER_ALG) 2349 const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk"; 2350#endif 2351 2352 PSA_ASSERT( psa_crypto_init( ) ); 2353 2354 if( ! exercise_cipher_setup( key_type, key->x, key->len, alg, 2355 &operation, &status ) ) 2356 goto exit; 2357 TEST_EQUAL( status, expected_status ); 2358 2359 /* The operation object should be reusable. */ 2360#if defined(KNOWN_SUPPORTED_CIPHER_ALG) 2361 if( ! exercise_cipher_setup( KNOWN_SUPPORTED_CIPHER_KEY_TYPE, 2362 smoke_test_key_data, 2363 sizeof( smoke_test_key_data ), 2364 KNOWN_SUPPORTED_CIPHER_ALG, 2365 &operation, &status ) ) 2366 goto exit; 2367 TEST_EQUAL( status, PSA_SUCCESS ); 2368#endif 2369 2370exit: 2371 psa_cipher_abort( &operation ); 2372 PSA_DONE( ); 2373} 2374/* END_CASE */ 2375 2376/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_PKCS7 */ 2377void cipher_bad_order( ) 2378{ 2379 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2380 psa_key_type_t key_type = PSA_KEY_TYPE_AES; 2381 psa_algorithm_t alg = PSA_ALG_CBC_PKCS7; 2382 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2383 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2384 unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 }; 2385 const uint8_t key_data[] = { 2386 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 2387 0xaa, 0xaa, 0xaa, 0xaa }; 2388 const uint8_t text[] = { 2389 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 2390 0xbb, 0xbb, 0xbb, 0xbb }; 2391 uint8_t buffer[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 }; 2392 size_t length = 0; 2393 2394 PSA_ASSERT( psa_crypto_init( ) ); 2395 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 2396 psa_set_key_algorithm( &attributes, alg ); 2397 psa_set_key_type( &attributes, key_type ); 2398 PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), 2399 &key ) ); 2400 2401 /* Call encrypt setup twice in a row. */ 2402 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2403 ASSERT_OPERATION_IS_ACTIVE( operation ); 2404 TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ), 2405 PSA_ERROR_BAD_STATE ); 2406 ASSERT_OPERATION_IS_INACTIVE( operation ); 2407 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2408 ASSERT_OPERATION_IS_INACTIVE( operation ); 2409 2410 /* Call decrypt setup twice in a row. */ 2411 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); 2412 ASSERT_OPERATION_IS_ACTIVE( operation ); 2413 TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ), 2414 PSA_ERROR_BAD_STATE ); 2415 ASSERT_OPERATION_IS_INACTIVE( operation ); 2416 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2417 ASSERT_OPERATION_IS_INACTIVE( operation ); 2418 2419 /* Generate an IV without calling setup beforehand. */ 2420 TEST_EQUAL( psa_cipher_generate_iv( &operation, 2421 buffer, sizeof( buffer ), 2422 &length ), 2423 PSA_ERROR_BAD_STATE ); 2424 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2425 2426 /* Generate an IV twice in a row. */ 2427 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2428 PSA_ASSERT( psa_cipher_generate_iv( &operation, 2429 buffer, sizeof( buffer ), 2430 &length ) ); 2431 ASSERT_OPERATION_IS_ACTIVE( operation ); 2432 TEST_EQUAL( psa_cipher_generate_iv( &operation, 2433 buffer, sizeof( buffer ), 2434 &length ), 2435 PSA_ERROR_BAD_STATE ); 2436 ASSERT_OPERATION_IS_INACTIVE( operation ); 2437 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2438 ASSERT_OPERATION_IS_INACTIVE( operation ); 2439 2440 /* Generate an IV after it's already set. */ 2441 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2442 PSA_ASSERT( psa_cipher_set_iv( &operation, 2443 iv, sizeof( iv ) ) ); 2444 TEST_EQUAL( psa_cipher_generate_iv( &operation, 2445 buffer, sizeof( buffer ), 2446 &length ), 2447 PSA_ERROR_BAD_STATE ); 2448 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2449 2450 /* Set an IV without calling setup beforehand. */ 2451 TEST_EQUAL( psa_cipher_set_iv( &operation, 2452 iv, sizeof( iv ) ), 2453 PSA_ERROR_BAD_STATE ); 2454 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2455 2456 /* Set an IV after it's already set. */ 2457 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2458 PSA_ASSERT( psa_cipher_set_iv( &operation, 2459 iv, sizeof( iv ) ) ); 2460 ASSERT_OPERATION_IS_ACTIVE( operation ); 2461 TEST_EQUAL( psa_cipher_set_iv( &operation, 2462 iv, sizeof( iv ) ), 2463 PSA_ERROR_BAD_STATE ); 2464 ASSERT_OPERATION_IS_INACTIVE( operation ); 2465 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2466 ASSERT_OPERATION_IS_INACTIVE( operation ); 2467 2468 /* Set an IV after it's already generated. */ 2469 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2470 PSA_ASSERT( psa_cipher_generate_iv( &operation, 2471 buffer, sizeof( buffer ), 2472 &length ) ); 2473 TEST_EQUAL( psa_cipher_set_iv( &operation, 2474 iv, sizeof( iv ) ), 2475 PSA_ERROR_BAD_STATE ); 2476 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2477 2478 /* Call update without calling setup beforehand. */ 2479 TEST_EQUAL( psa_cipher_update( &operation, 2480 text, sizeof( text ), 2481 buffer, sizeof( buffer ), 2482 &length ), 2483 PSA_ERROR_BAD_STATE ); 2484 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2485 2486 /* Call update without an IV where an IV is required. */ 2487 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2488 ASSERT_OPERATION_IS_ACTIVE( operation ); 2489 TEST_EQUAL( psa_cipher_update( &operation, 2490 text, sizeof( text ), 2491 buffer, sizeof( buffer ), 2492 &length ), 2493 PSA_ERROR_BAD_STATE ); 2494 ASSERT_OPERATION_IS_INACTIVE( operation ); 2495 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2496 ASSERT_OPERATION_IS_INACTIVE( operation ); 2497 2498 /* Call update after finish. */ 2499 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2500 PSA_ASSERT( psa_cipher_set_iv( &operation, 2501 iv, sizeof( iv ) ) ); 2502 PSA_ASSERT( psa_cipher_finish( &operation, 2503 buffer, sizeof( buffer ), &length ) ); 2504 TEST_EQUAL( psa_cipher_update( &operation, 2505 text, sizeof( text ), 2506 buffer, sizeof( buffer ), 2507 &length ), 2508 PSA_ERROR_BAD_STATE ); 2509 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2510 2511 /* Call finish without calling setup beforehand. */ 2512 TEST_EQUAL( psa_cipher_finish( &operation, 2513 buffer, sizeof( buffer ), &length ), 2514 PSA_ERROR_BAD_STATE ); 2515 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2516 2517 /* Call finish without an IV where an IV is required. */ 2518 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2519 /* Not calling update means we are encrypting an empty buffer, which is OK 2520 * for cipher modes with padding. */ 2521 ASSERT_OPERATION_IS_ACTIVE( operation ); 2522 TEST_EQUAL( psa_cipher_finish( &operation, 2523 buffer, sizeof( buffer ), &length ), 2524 PSA_ERROR_BAD_STATE ); 2525 ASSERT_OPERATION_IS_INACTIVE( operation ); 2526 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2527 ASSERT_OPERATION_IS_INACTIVE( operation ); 2528 2529 /* Call finish twice in a row. */ 2530 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2531 PSA_ASSERT( psa_cipher_set_iv( &operation, 2532 iv, sizeof( iv ) ) ); 2533 PSA_ASSERT( psa_cipher_finish( &operation, 2534 buffer, sizeof( buffer ), &length ) ); 2535 TEST_EQUAL( psa_cipher_finish( &operation, 2536 buffer, sizeof( buffer ), &length ), 2537 PSA_ERROR_BAD_STATE ); 2538 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2539 2540 PSA_ASSERT( psa_destroy_key( key ) ); 2541 2542exit: 2543 psa_cipher_abort( &operation ); 2544 PSA_DONE( ); 2545} 2546/* END_CASE */ 2547 2548/* BEGIN_CASE */ 2549void cipher_encrypt_fail( int alg_arg, 2550 int key_type_arg, 2551 data_t *key_data, 2552 data_t *input, 2553 int expected_status_arg ) 2554{ 2555 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2556 psa_status_t status; 2557 psa_key_type_t key_type = key_type_arg; 2558 psa_algorithm_t alg = alg_arg; 2559 psa_status_t expected_status = expected_status_arg; 2560 unsigned char *output = NULL; 2561 size_t output_buffer_size = 0; 2562 size_t output_length = 0; 2563 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2564 2565 if ( PSA_ERROR_BAD_STATE != expected_status ) 2566 { 2567 PSA_ASSERT( psa_crypto_init( ) ); 2568 2569 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 2570 psa_set_key_algorithm( &attributes, alg ); 2571 psa_set_key_type( &attributes, key_type ); 2572 2573 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, 2574 input->len ); 2575 ASSERT_ALLOC( output, output_buffer_size ); 2576 2577 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2578 &key ) ); 2579 } 2580 2581 status = psa_cipher_encrypt( key, alg, input->x, input->len, output, 2582 output_buffer_size, &output_length ); 2583 2584 TEST_EQUAL( status, expected_status ); 2585 2586exit: 2587 mbedtls_free( output ); 2588 psa_destroy_key( key ); 2589 PSA_DONE( ); 2590} 2591/* END_CASE */ 2592 2593/* BEGIN_CASE */ 2594void cipher_encrypt_alg_without_iv( int alg_arg, 2595 int key_type_arg, 2596 data_t *key_data, 2597 data_t *input, 2598 data_t *expected_output ) 2599{ 2600 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2601 psa_key_type_t key_type = key_type_arg; 2602 psa_algorithm_t alg = alg_arg; 2603 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2604 uint8_t iv[1] = { 0x5a }; 2605 size_t iv_length; 2606 unsigned char *output = NULL; 2607 size_t output_buffer_size = 0; 2608 size_t output_length = 0; 2609 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2610 2611 PSA_ASSERT( psa_crypto_init( ) ); 2612 2613 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 2614 psa_set_key_algorithm( &attributes, alg ); 2615 psa_set_key_type( &attributes, key_type ); 2616 2617 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); 2618 ASSERT_ALLOC( output, output_buffer_size ); 2619 2620 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2621 &key ) ); 2622 2623 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2624 TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ), 2625 PSA_ERROR_BAD_STATE ); 2626 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2627 TEST_EQUAL( psa_cipher_generate_iv( &operation, iv, sizeof( iv ), 2628 &iv_length ), 2629 PSA_ERROR_BAD_STATE ); 2630 2631 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output, 2632 output_buffer_size, &output_length ) ); 2633 TEST_ASSERT( output_length <= 2634 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) ); 2635 TEST_ASSERT( output_length <= 2636 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); 2637 2638 ASSERT_COMPARE( expected_output->x, expected_output->len, 2639 output, output_length ); 2640exit: 2641 mbedtls_free( output ); 2642 psa_destroy_key( key ); 2643 PSA_DONE( ); 2644} 2645/* END_CASE */ 2646 2647/* BEGIN_CASE */ 2648void cipher_bad_key( int alg_arg, int key_type_arg, data_t *key_data ) 2649{ 2650 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2651 psa_algorithm_t alg = alg_arg; 2652 psa_key_type_t key_type = key_type_arg; 2653 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2654 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2655 psa_status_t status; 2656 2657 PSA_ASSERT( psa_crypto_init( ) ); 2658 2659 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 2660 psa_set_key_algorithm( &attributes, alg ); 2661 psa_set_key_type( &attributes, key_type ); 2662 2663 /* Usage of either of these two size macros would cause divide by zero 2664 * with incorrect key types previously. Input length should be irrelevant 2665 * here. */ 2666 TEST_EQUAL( PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, 16 ), 2667 0 ); 2668 TEST_EQUAL( PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, 16 ), 0 ); 2669 2670 2671 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2672 &key ) ); 2673 2674 /* Should fail due to invalid alg type (to support invalid key type). 2675 * Encrypt or decrypt will end up in the same place. */ 2676 status = psa_cipher_encrypt_setup( &operation, key, alg ); 2677 2678 TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); 2679 2680exit: 2681 psa_cipher_abort( &operation ); 2682 psa_destroy_key( key ); 2683 PSA_DONE( ); 2684} 2685/* END_CASE */ 2686 2687/* BEGIN_CASE */ 2688void cipher_encrypt_validation( int alg_arg, 2689 int key_type_arg, 2690 data_t *key_data, 2691 data_t *input ) 2692{ 2693 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2694 psa_key_type_t key_type = key_type_arg; 2695 psa_algorithm_t alg = alg_arg; 2696 size_t iv_size = PSA_CIPHER_IV_LENGTH ( key_type, alg ); 2697 unsigned char *output1 = NULL; 2698 size_t output1_buffer_size = 0; 2699 size_t output1_length = 0; 2700 unsigned char *output2 = NULL; 2701 size_t output2_buffer_size = 0; 2702 size_t output2_length = 0; 2703 size_t function_output_length = 0; 2704 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2705 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2706 2707 PSA_ASSERT( psa_crypto_init( ) ); 2708 2709 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 2710 psa_set_key_algorithm( &attributes, alg ); 2711 psa_set_key_type( &attributes, key_type ); 2712 2713 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); 2714 output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) + 2715 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ); 2716 ASSERT_ALLOC( output1, output1_buffer_size ); 2717 ASSERT_ALLOC( output2, output2_buffer_size ); 2718 2719 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2720 &key ) ); 2721 2722 /* The one-shot cipher encryption uses generated iv so validating 2723 the output is not possible. Validating with multipart encryption. */ 2724 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output1, 2725 output1_buffer_size, &output1_length ) ); 2726 TEST_ASSERT( output1_length <= 2727 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) ); 2728 TEST_ASSERT( output1_length <= 2729 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); 2730 2731 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2732 PSA_ASSERT( psa_cipher_set_iv( &operation, output1, iv_size ) ); 2733 2734 PSA_ASSERT( psa_cipher_update( &operation, 2735 input->x, input->len, 2736 output2, output2_buffer_size, 2737 &function_output_length ) ); 2738 TEST_ASSERT( function_output_length <= 2739 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) ); 2740 TEST_ASSERT( function_output_length <= 2741 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); 2742 output2_length += function_output_length; 2743 2744 PSA_ASSERT( psa_cipher_finish( &operation, 2745 output2 + output2_length, 2746 output2_buffer_size - output2_length, 2747 &function_output_length ) ); 2748 TEST_ASSERT( function_output_length <= 2749 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); 2750 TEST_ASSERT( function_output_length <= 2751 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); 2752 output2_length += function_output_length; 2753 2754 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2755 ASSERT_COMPARE( output1 + iv_size, output1_length - iv_size, 2756 output2, output2_length ); 2757 2758exit: 2759 psa_cipher_abort( &operation ); 2760 mbedtls_free( output1 ); 2761 mbedtls_free( output2 ); 2762 psa_destroy_key( key ); 2763 PSA_DONE( ); 2764} 2765/* END_CASE */ 2766 2767/* BEGIN_CASE */ 2768void cipher_encrypt_multipart( int alg_arg, int key_type_arg, 2769 data_t *key_data, data_t *iv, 2770 data_t *input, 2771 int first_part_size_arg, 2772 int output1_length_arg, int output2_length_arg, 2773 data_t *expected_output, 2774 int expected_status_arg ) 2775{ 2776 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2777 psa_key_type_t key_type = key_type_arg; 2778 psa_algorithm_t alg = alg_arg; 2779 psa_status_t status; 2780 psa_status_t expected_status = expected_status_arg; 2781 size_t first_part_size = first_part_size_arg; 2782 size_t output1_length = output1_length_arg; 2783 size_t output2_length = output2_length_arg; 2784 unsigned char *output = NULL; 2785 size_t output_buffer_size = 0; 2786 size_t function_output_length = 0; 2787 size_t total_output_length = 0; 2788 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2789 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2790 2791 PSA_ASSERT( psa_crypto_init( ) ); 2792 2793 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 2794 psa_set_key_algorithm( &attributes, alg ); 2795 psa_set_key_type( &attributes, key_type ); 2796 2797 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2798 &key ) ); 2799 2800 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2801 2802 if( iv->len > 0 ) 2803 { 2804 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); 2805 } 2806 2807 output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) + 2808 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ); 2809 ASSERT_ALLOC( output, output_buffer_size ); 2810 2811 TEST_ASSERT( first_part_size <= input->len ); 2812 PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size, 2813 output, output_buffer_size, 2814 &function_output_length ) ); 2815 TEST_ASSERT( function_output_length == output1_length ); 2816 TEST_ASSERT( function_output_length <= 2817 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); 2818 TEST_ASSERT( function_output_length <= 2819 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) ); 2820 total_output_length += function_output_length; 2821 2822 if( first_part_size < input->len ) 2823 { 2824 PSA_ASSERT( psa_cipher_update( &operation, 2825 input->x + first_part_size, 2826 input->len - first_part_size, 2827 ( output_buffer_size == 0 ? NULL : 2828 output + total_output_length ), 2829 output_buffer_size - total_output_length, 2830 &function_output_length ) ); 2831 TEST_ASSERT( function_output_length == output2_length ); 2832 TEST_ASSERT( function_output_length <= 2833 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, 2834 alg, 2835 input->len - first_part_size ) ); 2836 TEST_ASSERT( function_output_length <= 2837 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); 2838 total_output_length += function_output_length; 2839 } 2840 2841 status = psa_cipher_finish( &operation, 2842 ( output_buffer_size == 0 ? NULL : 2843 output + total_output_length ), 2844 output_buffer_size - total_output_length, 2845 &function_output_length ); 2846 TEST_ASSERT( function_output_length <= 2847 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); 2848 TEST_ASSERT( function_output_length <= 2849 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); 2850 total_output_length += function_output_length; 2851 TEST_EQUAL( status, expected_status ); 2852 2853 if( expected_status == PSA_SUCCESS ) 2854 { 2855 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2856 2857 ASSERT_COMPARE( expected_output->x, expected_output->len, 2858 output, total_output_length ); 2859 } 2860 2861exit: 2862 psa_cipher_abort( &operation ); 2863 mbedtls_free( output ); 2864 psa_destroy_key( key ); 2865 PSA_DONE( ); 2866} 2867/* END_CASE */ 2868 2869/* BEGIN_CASE */ 2870void cipher_decrypt_multipart( int alg_arg, int key_type_arg, 2871 data_t *key_data, data_t *iv, 2872 data_t *input, 2873 int first_part_size_arg, 2874 int output1_length_arg, int output2_length_arg, 2875 data_t *expected_output, 2876 int expected_status_arg ) 2877{ 2878 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2879 psa_key_type_t key_type = key_type_arg; 2880 psa_algorithm_t alg = alg_arg; 2881 psa_status_t status; 2882 psa_status_t expected_status = expected_status_arg; 2883 size_t first_part_size = first_part_size_arg; 2884 size_t output1_length = output1_length_arg; 2885 size_t output2_length = output2_length_arg; 2886 unsigned char *output = NULL; 2887 size_t output_buffer_size = 0; 2888 size_t function_output_length = 0; 2889 size_t total_output_length = 0; 2890 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2891 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2892 2893 PSA_ASSERT( psa_crypto_init( ) ); 2894 2895 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 2896 psa_set_key_algorithm( &attributes, alg ); 2897 psa_set_key_type( &attributes, key_type ); 2898 2899 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2900 &key ) ); 2901 2902 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); 2903 2904 if( iv->len > 0 ) 2905 { 2906 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); 2907 } 2908 2909 output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) + 2910 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ); 2911 ASSERT_ALLOC( output, output_buffer_size ); 2912 2913 TEST_ASSERT( first_part_size <= input->len ); 2914 PSA_ASSERT( psa_cipher_update( &operation, 2915 input->x, first_part_size, 2916 output, output_buffer_size, 2917 &function_output_length ) ); 2918 TEST_ASSERT( function_output_length == output1_length ); 2919 TEST_ASSERT( function_output_length <= 2920 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); 2921 TEST_ASSERT( function_output_length <= 2922 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) ); 2923 total_output_length += function_output_length; 2924 2925 if( first_part_size < input->len ) 2926 { 2927 PSA_ASSERT( psa_cipher_update( &operation, 2928 input->x + first_part_size, 2929 input->len - first_part_size, 2930 ( output_buffer_size == 0 ? NULL : 2931 output + total_output_length ), 2932 output_buffer_size - total_output_length, 2933 &function_output_length ) ); 2934 TEST_ASSERT( function_output_length == output2_length ); 2935 TEST_ASSERT( function_output_length <= 2936 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, 2937 alg, 2938 input->len - first_part_size ) ); 2939 TEST_ASSERT( function_output_length <= 2940 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); 2941 total_output_length += function_output_length; 2942 } 2943 2944 status = psa_cipher_finish( &operation, 2945 ( output_buffer_size == 0 ? NULL : 2946 output + total_output_length ), 2947 output_buffer_size - total_output_length, 2948 &function_output_length ); 2949 TEST_ASSERT( function_output_length <= 2950 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); 2951 TEST_ASSERT( function_output_length <= 2952 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); 2953 total_output_length += function_output_length; 2954 TEST_EQUAL( status, expected_status ); 2955 2956 if( expected_status == PSA_SUCCESS ) 2957 { 2958 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2959 2960 ASSERT_COMPARE( expected_output->x, expected_output->len, 2961 output, total_output_length ); 2962 } 2963 2964exit: 2965 psa_cipher_abort( &operation ); 2966 mbedtls_free( output ); 2967 psa_destroy_key( key ); 2968 PSA_DONE( ); 2969} 2970/* END_CASE */ 2971 2972/* BEGIN_CASE */ 2973void cipher_decrypt_fail( int alg_arg, 2974 int key_type_arg, 2975 data_t *key_data, 2976 data_t *iv, 2977 data_t *input_arg, 2978 int expected_status_arg ) 2979{ 2980 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2981 psa_status_t status; 2982 psa_key_type_t key_type = key_type_arg; 2983 psa_algorithm_t alg = alg_arg; 2984 psa_status_t expected_status = expected_status_arg; 2985 unsigned char *input = NULL; 2986 size_t input_buffer_size = 0; 2987 unsigned char *output = NULL; 2988 size_t output_buffer_size = 0; 2989 size_t output_length = 0; 2990 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2991 2992 if ( PSA_ERROR_BAD_STATE != expected_status ) 2993 { 2994 PSA_ASSERT( psa_crypto_init( ) ); 2995 2996 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 2997 psa_set_key_algorithm( &attributes, alg ); 2998 psa_set_key_type( &attributes, key_type ); 2999 3000 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3001 &key ) ); 3002 } 3003 3004 /* Allocate input buffer and copy the iv and the plaintext */ 3005 input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len ); 3006 if ( input_buffer_size > 0 ) 3007 { 3008 ASSERT_ALLOC( input, input_buffer_size ); 3009 memcpy( input, iv->x, iv->len ); 3010 memcpy( input + iv->len, input_arg->x, input_arg->len ); 3011 } 3012 3013 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ); 3014 ASSERT_ALLOC( output, output_buffer_size ); 3015 3016 status = psa_cipher_decrypt( key, alg, input, input_buffer_size, output, 3017 output_buffer_size, &output_length ); 3018 TEST_EQUAL( status, expected_status ); 3019 3020exit: 3021 mbedtls_free( input ); 3022 mbedtls_free( output ); 3023 psa_destroy_key( key ); 3024 PSA_DONE( ); 3025} 3026/* END_CASE */ 3027 3028/* BEGIN_CASE */ 3029void cipher_decrypt( int alg_arg, 3030 int key_type_arg, 3031 data_t *key_data, 3032 data_t *iv, 3033 data_t *input_arg, 3034 data_t *expected_output ) 3035{ 3036 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3037 psa_key_type_t key_type = key_type_arg; 3038 psa_algorithm_t alg = alg_arg; 3039 unsigned char *input = NULL; 3040 size_t input_buffer_size = 0; 3041 unsigned char *output = NULL; 3042 size_t output_buffer_size = 0; 3043 size_t output_length = 0; 3044 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3045 3046 PSA_ASSERT( psa_crypto_init( ) ); 3047 3048 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 3049 psa_set_key_algorithm( &attributes, alg ); 3050 psa_set_key_type( &attributes, key_type ); 3051 3052 /* Allocate input buffer and copy the iv and the plaintext */ 3053 input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len ); 3054 if ( input_buffer_size > 0 ) 3055 { 3056 ASSERT_ALLOC( input, input_buffer_size ); 3057 memcpy( input, iv->x, iv->len ); 3058 memcpy( input + iv->len, input_arg->x, input_arg->len ); 3059 } 3060 3061 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ); 3062 ASSERT_ALLOC( output, output_buffer_size ); 3063 3064 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3065 &key ) ); 3066 3067 PSA_ASSERT( psa_cipher_decrypt( key, alg, input, input_buffer_size, output, 3068 output_buffer_size, &output_length ) ); 3069 TEST_ASSERT( output_length <= 3070 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ) ); 3071 TEST_ASSERT( output_length <= 3072 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input_buffer_size ) ); 3073 3074 ASSERT_COMPARE( expected_output->x, expected_output->len, 3075 output, output_length ); 3076exit: 3077 mbedtls_free( input ); 3078 mbedtls_free( output ); 3079 psa_destroy_key( key ); 3080 PSA_DONE( ); 3081} 3082/* END_CASE */ 3083 3084/* BEGIN_CASE */ 3085void cipher_verify_output( int alg_arg, 3086 int key_type_arg, 3087 data_t *key_data, 3088 data_t *input ) 3089{ 3090 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3091 psa_key_type_t key_type = key_type_arg; 3092 psa_algorithm_t alg = alg_arg; 3093 unsigned char *output1 = NULL; 3094 size_t output1_size = 0; 3095 size_t output1_length = 0; 3096 unsigned char *output2 = NULL; 3097 size_t output2_size = 0; 3098 size_t output2_length = 0; 3099 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3100 3101 PSA_ASSERT( psa_crypto_init( ) ); 3102 3103 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 3104 psa_set_key_algorithm( &attributes, alg ); 3105 psa_set_key_type( &attributes, key_type ); 3106 3107 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3108 &key ) ); 3109 output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); 3110 ASSERT_ALLOC( output1, output1_size ); 3111 3112 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, 3113 output1, output1_size, 3114 &output1_length ) ); 3115 TEST_ASSERT( output1_length <= 3116 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) ); 3117 TEST_ASSERT( output1_length <= 3118 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); 3119 3120 output2_size = output1_length; 3121 ASSERT_ALLOC( output2, output2_size ); 3122 3123 PSA_ASSERT( psa_cipher_decrypt( key, alg, output1, output1_length, 3124 output2, output2_size, 3125 &output2_length ) ); 3126 TEST_ASSERT( output2_length <= 3127 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) ); 3128 TEST_ASSERT( output2_length <= 3129 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) ); 3130 3131 ASSERT_COMPARE( input->x, input->len, output2, output2_length ); 3132 3133exit: 3134 mbedtls_free( output1 ); 3135 mbedtls_free( output2 ); 3136 psa_destroy_key( key ); 3137 PSA_DONE( ); 3138} 3139/* END_CASE */ 3140 3141/* BEGIN_CASE */ 3142void cipher_verify_output_multipart( int alg_arg, 3143 int key_type_arg, 3144 data_t *key_data, 3145 data_t *input, 3146 int first_part_size_arg ) 3147{ 3148 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3149 psa_key_type_t key_type = key_type_arg; 3150 psa_algorithm_t alg = alg_arg; 3151 size_t first_part_size = first_part_size_arg; 3152 unsigned char iv[16] = {0}; 3153 size_t iv_size = 16; 3154 size_t iv_length = 0; 3155 unsigned char *output1 = NULL; 3156 size_t output1_buffer_size = 0; 3157 size_t output1_length = 0; 3158 unsigned char *output2 = NULL; 3159 size_t output2_buffer_size = 0; 3160 size_t output2_length = 0; 3161 size_t function_output_length; 3162 psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT; 3163 psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT; 3164 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3165 3166 PSA_ASSERT( psa_crypto_init( ) ); 3167 3168 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 3169 psa_set_key_algorithm( &attributes, alg ); 3170 psa_set_key_type( &attributes, key_type ); 3171 3172 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3173 &key ) ); 3174 3175 PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) ); 3176 PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) ); 3177 3178 if( alg != PSA_ALG_ECB_NO_PADDING ) 3179 { 3180 PSA_ASSERT( psa_cipher_generate_iv( &operation1, 3181 iv, iv_size, 3182 &iv_length ) ); 3183 } 3184 3185 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); 3186 TEST_ASSERT( output1_buffer_size <= 3187 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); 3188 ASSERT_ALLOC( output1, output1_buffer_size ); 3189 3190 TEST_ASSERT( first_part_size <= input->len ); 3191 3192 PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size, 3193 output1, output1_buffer_size, 3194 &function_output_length ) ); 3195 TEST_ASSERT( function_output_length <= 3196 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); 3197 TEST_ASSERT( function_output_length <= 3198 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) ); 3199 output1_length += function_output_length; 3200 3201 PSA_ASSERT( psa_cipher_update( &operation1, 3202 input->x + first_part_size, 3203 input->len - first_part_size, 3204 output1, output1_buffer_size, 3205 &function_output_length ) ); 3206 TEST_ASSERT( function_output_length <= 3207 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, 3208 alg, 3209 input->len - first_part_size ) ); 3210 TEST_ASSERT( function_output_length <= 3211 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) ); 3212 output1_length += function_output_length; 3213 3214 PSA_ASSERT( psa_cipher_finish( &operation1, 3215 output1 + output1_length, 3216 output1_buffer_size - output1_length, 3217 &function_output_length ) ); 3218 TEST_ASSERT( function_output_length <= 3219 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); 3220 TEST_ASSERT( function_output_length <= 3221 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); 3222 output1_length += function_output_length; 3223 3224 PSA_ASSERT( psa_cipher_abort( &operation1 ) ); 3225 3226 output2_buffer_size = output1_length; 3227 TEST_ASSERT( output2_buffer_size <= 3228 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) ); 3229 TEST_ASSERT( output2_buffer_size <= 3230 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) ); 3231 ASSERT_ALLOC( output2, output2_buffer_size ); 3232 3233 if( iv_length > 0 ) 3234 { 3235 PSA_ASSERT( psa_cipher_set_iv( &operation2, 3236 iv, iv_length ) ); 3237 } 3238 3239 PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size, 3240 output2, output2_buffer_size, 3241 &function_output_length ) ); 3242 TEST_ASSERT( function_output_length <= 3243 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); 3244 TEST_ASSERT( function_output_length <= 3245 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) ); 3246 output2_length += function_output_length; 3247 3248 PSA_ASSERT( psa_cipher_update( &operation2, 3249 output1 + first_part_size, 3250 output1_length - first_part_size, 3251 output2, output2_buffer_size, 3252 &function_output_length ) ); 3253 TEST_ASSERT( function_output_length <= 3254 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, 3255 alg, 3256 output1_length - first_part_size ) ); 3257 TEST_ASSERT( function_output_length <= 3258 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) ); 3259 output2_length += function_output_length; 3260 3261 PSA_ASSERT( psa_cipher_finish( &operation2, 3262 output2 + output2_length, 3263 output2_buffer_size - output2_length, 3264 &function_output_length ) ); 3265 TEST_ASSERT( function_output_length <= 3266 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); 3267 TEST_ASSERT( function_output_length <= 3268 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); 3269 output2_length += function_output_length; 3270 3271 PSA_ASSERT( psa_cipher_abort( &operation2 ) ); 3272 3273 ASSERT_COMPARE( input->x, input->len, output2, output2_length ); 3274 3275exit: 3276 psa_cipher_abort( &operation1 ); 3277 psa_cipher_abort( &operation2 ); 3278 mbedtls_free( output1 ); 3279 mbedtls_free( output2 ); 3280 psa_destroy_key( key ); 3281 PSA_DONE( ); 3282} 3283/* END_CASE */ 3284 3285/* BEGIN_CASE */ 3286void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, 3287 int alg_arg, 3288 data_t *nonce, 3289 data_t *additional_data, 3290 data_t *input_data, 3291 int expected_result_arg ) 3292{ 3293 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3294 psa_key_type_t key_type = key_type_arg; 3295 psa_algorithm_t alg = alg_arg; 3296 size_t key_bits; 3297 unsigned char *output_data = NULL; 3298 size_t output_size = 0; 3299 size_t output_length = 0; 3300 unsigned char *output_data2 = NULL; 3301 size_t output_length2 = 0; 3302 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 3303 psa_status_t expected_result = expected_result_arg; 3304 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3305 3306 PSA_ASSERT( psa_crypto_init( ) ); 3307 3308 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 3309 psa_set_key_algorithm( &attributes, alg ); 3310 psa_set_key_type( &attributes, key_type ); 3311 3312 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3313 &key ) ); 3314 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 3315 key_bits = psa_get_key_bits( &attributes ); 3316 3317 output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits, 3318 alg ); 3319 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 3320 * should be exact. */ 3321 if( expected_result != PSA_ERROR_INVALID_ARGUMENT && 3322 expected_result != PSA_ERROR_NOT_SUPPORTED ) 3323 { 3324 TEST_EQUAL( output_size, 3325 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); 3326 TEST_ASSERT( output_size <= 3327 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); 3328 } 3329 ASSERT_ALLOC( output_data, output_size ); 3330 3331 status = psa_aead_encrypt( key, alg, 3332 nonce->x, nonce->len, 3333 additional_data->x, 3334 additional_data->len, 3335 input_data->x, input_data->len, 3336 output_data, output_size, 3337 &output_length ); 3338 3339 /* If the operation is not supported, just skip and not fail in case the 3340 * encryption involves a common limitation of cryptography hardwares and 3341 * an alternative implementation. */ 3342 if( status == PSA_ERROR_NOT_SUPPORTED ) 3343 { 3344 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 3345 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); 3346 } 3347 3348 TEST_EQUAL( status, expected_result ); 3349 3350 if( PSA_SUCCESS == expected_result ) 3351 { 3352 ASSERT_ALLOC( output_data2, output_length ); 3353 3354 /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE 3355 * should be exact. */ 3356 TEST_EQUAL( input_data->len, 3357 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, output_length ) ); 3358 3359 TEST_ASSERT( input_data->len <= 3360 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) ); 3361 3362 TEST_EQUAL( psa_aead_decrypt( key, alg, 3363 nonce->x, nonce->len, 3364 additional_data->x, 3365 additional_data->len, 3366 output_data, output_length, 3367 output_data2, output_length, 3368 &output_length2 ), 3369 expected_result ); 3370 3371 ASSERT_COMPARE( input_data->x, input_data->len, 3372 output_data2, output_length2 ); 3373 } 3374 3375exit: 3376 psa_destroy_key( key ); 3377 mbedtls_free( output_data ); 3378 mbedtls_free( output_data2 ); 3379 PSA_DONE( ); 3380} 3381/* END_CASE */ 3382 3383/* BEGIN_CASE */ 3384void aead_encrypt( int key_type_arg, data_t *key_data, 3385 int alg_arg, 3386 data_t *nonce, 3387 data_t *additional_data, 3388 data_t *input_data, 3389 data_t *expected_result ) 3390{ 3391 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3392 psa_key_type_t key_type = key_type_arg; 3393 psa_algorithm_t alg = alg_arg; 3394 size_t key_bits; 3395 unsigned char *output_data = NULL; 3396 size_t output_size = 0; 3397 size_t output_length = 0; 3398 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3399 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 3400 3401 PSA_ASSERT( psa_crypto_init( ) ); 3402 3403 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 3404 psa_set_key_algorithm( &attributes, alg ); 3405 psa_set_key_type( &attributes, key_type ); 3406 3407 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3408 &key ) ); 3409 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 3410 key_bits = psa_get_key_bits( &attributes ); 3411 3412 output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits, 3413 alg ); 3414 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 3415 * should be exact. */ 3416 TEST_EQUAL( output_size, 3417 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); 3418 TEST_ASSERT( output_size <= 3419 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); 3420 ASSERT_ALLOC( output_data, output_size ); 3421 3422 status = psa_aead_encrypt( key, alg, 3423 nonce->x, nonce->len, 3424 additional_data->x, additional_data->len, 3425 input_data->x, input_data->len, 3426 output_data, output_size, 3427 &output_length ); 3428 3429 /* If the operation is not supported, just skip and not fail in case the 3430 * encryption involves a common limitation of cryptography hardwares and 3431 * an alternative implementation. */ 3432 if( status == PSA_ERROR_NOT_SUPPORTED ) 3433 { 3434 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 3435 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); 3436 } 3437 3438 PSA_ASSERT( status ); 3439 ASSERT_COMPARE( expected_result->x, expected_result->len, 3440 output_data, output_length ); 3441 3442exit: 3443 psa_destroy_key( key ); 3444 mbedtls_free( output_data ); 3445 PSA_DONE( ); 3446} 3447/* END_CASE */ 3448 3449/* BEGIN_CASE */ 3450void aead_decrypt( int key_type_arg, data_t *key_data, 3451 int alg_arg, 3452 data_t *nonce, 3453 data_t *additional_data, 3454 data_t *input_data, 3455 data_t *expected_data, 3456 int expected_result_arg ) 3457{ 3458 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3459 psa_key_type_t key_type = key_type_arg; 3460 psa_algorithm_t alg = alg_arg; 3461 size_t key_bits; 3462 unsigned char *output_data = NULL; 3463 size_t output_size = 0; 3464 size_t output_length = 0; 3465 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3466 psa_status_t expected_result = expected_result_arg; 3467 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 3468 3469 PSA_ASSERT( psa_crypto_init( ) ); 3470 3471 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 3472 psa_set_key_algorithm( &attributes, alg ); 3473 psa_set_key_type( &attributes, key_type ); 3474 3475 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3476 &key ) ); 3477 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 3478 key_bits = psa_get_key_bits( &attributes ); 3479 3480 output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits, 3481 alg ); 3482 if( expected_result != PSA_ERROR_INVALID_ARGUMENT && 3483 expected_result != PSA_ERROR_NOT_SUPPORTED ) 3484 { 3485 /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE 3486 * should be exact. */ 3487 TEST_EQUAL( output_size, 3488 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); 3489 TEST_ASSERT( output_size <= 3490 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); 3491 } 3492 ASSERT_ALLOC( output_data, output_size ); 3493 3494 status = psa_aead_decrypt( key, alg, 3495 nonce->x, nonce->len, 3496 additional_data->x, 3497 additional_data->len, 3498 input_data->x, input_data->len, 3499 output_data, output_size, 3500 &output_length ); 3501 3502 /* If the operation is not supported, just skip and not fail in case the 3503 * decryption involves a common limitation of cryptography hardwares and 3504 * an alternative implementation. */ 3505 if( status == PSA_ERROR_NOT_SUPPORTED ) 3506 { 3507 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 3508 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); 3509 } 3510 3511 TEST_EQUAL( status, expected_result ); 3512 3513 if( expected_result == PSA_SUCCESS ) 3514 ASSERT_COMPARE( expected_data->x, expected_data->len, 3515 output_data, output_length ); 3516 3517exit: 3518 psa_destroy_key( key ); 3519 mbedtls_free( output_data ); 3520 PSA_DONE( ); 3521} 3522/* END_CASE */ 3523 3524/* BEGIN_CASE */ 3525void signature_size( int type_arg, 3526 int bits, 3527 int alg_arg, 3528 int expected_size_arg ) 3529{ 3530 psa_key_type_t type = type_arg; 3531 psa_algorithm_t alg = alg_arg; 3532 size_t actual_size = PSA_SIGN_OUTPUT_SIZE( type, bits, alg ); 3533 3534 TEST_EQUAL( actual_size, (size_t) expected_size_arg ); 3535#if defined(MBEDTLS_TEST_DEPRECATED) 3536 TEST_EQUAL( actual_size, 3537 PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg ) ); 3538#endif /* MBEDTLS_TEST_DEPRECATED */ 3539 3540exit: 3541 ; 3542} 3543/* END_CASE */ 3544 3545/* BEGIN_CASE */ 3546void sign_hash_deterministic( int key_type_arg, data_t *key_data, 3547 int alg_arg, data_t *input_data, 3548 data_t *output_data ) 3549{ 3550 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3551 psa_key_type_t key_type = key_type_arg; 3552 psa_algorithm_t alg = alg_arg; 3553 size_t key_bits; 3554 unsigned char *signature = NULL; 3555 size_t signature_size; 3556 size_t signature_length = 0xdeadbeef; 3557 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3558 3559 PSA_ASSERT( psa_crypto_init( ) ); 3560 3561 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 3562 psa_set_key_algorithm( &attributes, alg ); 3563 psa_set_key_type( &attributes, key_type ); 3564 3565 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3566 &key ) ); 3567 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 3568 key_bits = psa_get_key_bits( &attributes ); 3569 3570 /* Allocate a buffer which has the size advertized by the 3571 * library. */ 3572 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, 3573 key_bits, alg ); 3574 TEST_ASSERT( signature_size != 0 ); 3575 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); 3576 ASSERT_ALLOC( signature, signature_size ); 3577 3578 /* Perform the signature. */ 3579 PSA_ASSERT( psa_sign_hash( key, alg, 3580 input_data->x, input_data->len, 3581 signature, signature_size, 3582 &signature_length ) ); 3583 /* Verify that the signature is what is expected. */ 3584 ASSERT_COMPARE( output_data->x, output_data->len, 3585 signature, signature_length ); 3586 3587#if defined(MBEDTLS_TEST_DEPRECATED) 3588 memset( signature, 0, signature_size ); 3589 signature_length = INVALID_EXPORT_LENGTH; 3590 PSA_ASSERT( psa_asymmetric_sign( key, alg, 3591 input_data->x, input_data->len, 3592 signature, signature_size, 3593 &signature_length ) ); 3594 ASSERT_COMPARE( output_data->x, output_data->len, 3595 signature, signature_length ); 3596#endif /* MBEDTLS_TEST_DEPRECATED */ 3597 3598exit: 3599 /* 3600 * Key attributes may have been returned by psa_get_key_attributes() 3601 * thus reset them as required. 3602 */ 3603 psa_reset_key_attributes( &attributes ); 3604 3605 psa_destroy_key( key ); 3606 mbedtls_free( signature ); 3607 PSA_DONE( ); 3608} 3609/* END_CASE */ 3610 3611/* BEGIN_CASE */ 3612void sign_hash_fail( int key_type_arg, data_t *key_data, 3613 int alg_arg, data_t *input_data, 3614 int signature_size_arg, int expected_status_arg ) 3615{ 3616 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3617 psa_key_type_t key_type = key_type_arg; 3618 psa_algorithm_t alg = alg_arg; 3619 size_t signature_size = signature_size_arg; 3620 psa_status_t actual_status; 3621 psa_status_t expected_status = expected_status_arg; 3622 unsigned char *signature = NULL; 3623 size_t signature_length = 0xdeadbeef; 3624 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3625 3626 ASSERT_ALLOC( signature, signature_size ); 3627 3628 PSA_ASSERT( psa_crypto_init( ) ); 3629 3630 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 3631 psa_set_key_algorithm( &attributes, alg ); 3632 psa_set_key_type( &attributes, key_type ); 3633 3634 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3635 &key ) ); 3636 3637 actual_status = psa_sign_hash( key, alg, 3638 input_data->x, input_data->len, 3639 signature, signature_size, 3640 &signature_length ); 3641 TEST_EQUAL( actual_status, expected_status ); 3642 /* The value of *signature_length is unspecified on error, but 3643 * whatever it is, it should be less than signature_size, so that 3644 * if the caller tries to read *signature_length bytes without 3645 * checking the error code then they don't overflow a buffer. */ 3646 TEST_ASSERT( signature_length <= signature_size ); 3647 3648#if defined(MBEDTLS_TEST_DEPRECATED) 3649 signature_length = INVALID_EXPORT_LENGTH; 3650 TEST_EQUAL( psa_asymmetric_sign( key, alg, 3651 input_data->x, input_data->len, 3652 signature, signature_size, 3653 &signature_length ), 3654 expected_status ); 3655 TEST_ASSERT( signature_length <= signature_size ); 3656#endif /* MBEDTLS_TEST_DEPRECATED */ 3657 3658exit: 3659 psa_reset_key_attributes( &attributes ); 3660 psa_destroy_key( key ); 3661 mbedtls_free( signature ); 3662 PSA_DONE( ); 3663} 3664/* END_CASE */ 3665 3666/* BEGIN_CASE */ 3667void sign_verify_hash( int key_type_arg, data_t *key_data, 3668 int alg_arg, data_t *input_data ) 3669{ 3670 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3671 psa_key_type_t key_type = key_type_arg; 3672 psa_algorithm_t alg = alg_arg; 3673 size_t key_bits; 3674 unsigned char *signature = NULL; 3675 size_t signature_size; 3676 size_t signature_length = 0xdeadbeef; 3677 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3678 3679 PSA_ASSERT( psa_crypto_init( ) ); 3680 3681 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); 3682 psa_set_key_algorithm( &attributes, alg ); 3683 psa_set_key_type( &attributes, key_type ); 3684 3685 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3686 &key ) ); 3687 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 3688 key_bits = psa_get_key_bits( &attributes ); 3689 3690 /* Allocate a buffer which has the size advertized by the 3691 * library. */ 3692 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, 3693 key_bits, alg ); 3694 TEST_ASSERT( signature_size != 0 ); 3695 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); 3696 ASSERT_ALLOC( signature, signature_size ); 3697 3698 /* Perform the signature. */ 3699 PSA_ASSERT( psa_sign_hash( key, alg, 3700 input_data->x, input_data->len, 3701 signature, signature_size, 3702 &signature_length ) ); 3703 /* Check that the signature length looks sensible. */ 3704 TEST_ASSERT( signature_length <= signature_size ); 3705 TEST_ASSERT( signature_length > 0 ); 3706 3707 /* Use the library to verify that the signature is correct. */ 3708 PSA_ASSERT( psa_verify_hash( key, alg, 3709 input_data->x, input_data->len, 3710 signature, signature_length ) ); 3711 3712 if( input_data->len != 0 ) 3713 { 3714 /* Flip a bit in the input and verify that the signature is now 3715 * detected as invalid. Flip a bit at the beginning, not at the end, 3716 * because ECDSA may ignore the last few bits of the input. */ 3717 input_data->x[0] ^= 1; 3718 TEST_EQUAL( psa_verify_hash( key, alg, 3719 input_data->x, input_data->len, 3720 signature, signature_length ), 3721 PSA_ERROR_INVALID_SIGNATURE ); 3722 } 3723 3724exit: 3725 /* 3726 * Key attributes may have been returned by psa_get_key_attributes() 3727 * thus reset them as required. 3728 */ 3729 psa_reset_key_attributes( &attributes ); 3730 3731 psa_destroy_key( key ); 3732 mbedtls_free( signature ); 3733 PSA_DONE( ); 3734} 3735/* END_CASE */ 3736 3737/* BEGIN_CASE */ 3738void verify_hash( int key_type_arg, data_t *key_data, 3739 int alg_arg, data_t *hash_data, 3740 data_t *signature_data ) 3741{ 3742 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3743 psa_key_type_t key_type = key_type_arg; 3744 psa_algorithm_t alg = alg_arg; 3745 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3746 3747 TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE ); 3748 3749 PSA_ASSERT( psa_crypto_init( ) ); 3750 3751 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); 3752 psa_set_key_algorithm( &attributes, alg ); 3753 psa_set_key_type( &attributes, key_type ); 3754 3755 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3756 &key ) ); 3757 3758 PSA_ASSERT( psa_verify_hash( key, alg, 3759 hash_data->x, hash_data->len, 3760 signature_data->x, signature_data->len ) ); 3761 3762#if defined(MBEDTLS_TEST_DEPRECATED) 3763 PSA_ASSERT( psa_asymmetric_verify( key, alg, 3764 hash_data->x, hash_data->len, 3765 signature_data->x, 3766 signature_data->len ) ); 3767 3768#endif /* MBEDTLS_TEST_DEPRECATED */ 3769 3770exit: 3771 psa_reset_key_attributes( &attributes ); 3772 psa_destroy_key( key ); 3773 PSA_DONE( ); 3774} 3775/* END_CASE */ 3776 3777/* BEGIN_CASE */ 3778void verify_hash_fail( int key_type_arg, data_t *key_data, 3779 int alg_arg, data_t *hash_data, 3780 data_t *signature_data, 3781 int expected_status_arg ) 3782{ 3783 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3784 psa_key_type_t key_type = key_type_arg; 3785 psa_algorithm_t alg = alg_arg; 3786 psa_status_t actual_status; 3787 psa_status_t expected_status = expected_status_arg; 3788 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3789 3790 PSA_ASSERT( psa_crypto_init( ) ); 3791 3792 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); 3793 psa_set_key_algorithm( &attributes, alg ); 3794 psa_set_key_type( &attributes, key_type ); 3795 3796 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3797 &key ) ); 3798 3799 actual_status = psa_verify_hash( key, alg, 3800 hash_data->x, hash_data->len, 3801 signature_data->x, signature_data->len ); 3802 TEST_EQUAL( actual_status, expected_status ); 3803 3804#if defined(MBEDTLS_TEST_DEPRECATED) 3805 TEST_EQUAL( psa_asymmetric_verify( key, alg, 3806 hash_data->x, hash_data->len, 3807 signature_data->x, signature_data->len ), 3808 expected_status ); 3809#endif /* MBEDTLS_TEST_DEPRECATED */ 3810 3811exit: 3812 psa_reset_key_attributes( &attributes ); 3813 psa_destroy_key( key ); 3814 PSA_DONE( ); 3815} 3816/* END_CASE */ 3817 3818/* BEGIN_CASE */ 3819void sign_message_deterministic( int key_type_arg, 3820 data_t *key_data, 3821 int alg_arg, 3822 data_t *input_data, 3823 data_t *output_data ) 3824{ 3825 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3826 psa_key_type_t key_type = key_type_arg; 3827 psa_algorithm_t alg = alg_arg; 3828 size_t key_bits; 3829 unsigned char *signature = NULL; 3830 size_t signature_size; 3831 size_t signature_length = 0xdeadbeef; 3832 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3833 3834 PSA_ASSERT( psa_crypto_init( ) ); 3835 3836 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); 3837 psa_set_key_algorithm( &attributes, alg ); 3838 psa_set_key_type( &attributes, key_type ); 3839 3840 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3841 &key ) ); 3842 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 3843 key_bits = psa_get_key_bits( &attributes ); 3844 3845 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); 3846 TEST_ASSERT( signature_size != 0 ); 3847 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); 3848 ASSERT_ALLOC( signature, signature_size ); 3849 3850 PSA_ASSERT( psa_sign_message( key, alg, 3851 input_data->x, input_data->len, 3852 signature, signature_size, 3853 &signature_length ) ); 3854 3855 ASSERT_COMPARE( output_data->x, output_data->len, 3856 signature, signature_length ); 3857 3858exit: 3859 psa_reset_key_attributes( &attributes ); 3860 3861 psa_destroy_key( key ); 3862 mbedtls_free( signature ); 3863 PSA_DONE( ); 3864 3865} 3866/* END_CASE */ 3867 3868/* BEGIN_CASE */ 3869void sign_message_fail( int key_type_arg, 3870 data_t *key_data, 3871 int alg_arg, 3872 data_t *input_data, 3873 int signature_size_arg, 3874 int expected_status_arg ) 3875{ 3876 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3877 psa_key_type_t key_type = key_type_arg; 3878 psa_algorithm_t alg = alg_arg; 3879 size_t signature_size = signature_size_arg; 3880 psa_status_t actual_status; 3881 psa_status_t expected_status = expected_status_arg; 3882 unsigned char *signature = NULL; 3883 size_t signature_length = 0xdeadbeef; 3884 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3885 3886 ASSERT_ALLOC( signature, signature_size ); 3887 3888 PSA_ASSERT( psa_crypto_init( ) ); 3889 3890 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); 3891 psa_set_key_algorithm( &attributes, alg ); 3892 psa_set_key_type( &attributes, key_type ); 3893 3894 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3895 &key ) ); 3896 3897 actual_status = psa_sign_message( key, alg, 3898 input_data->x, input_data->len, 3899 signature, signature_size, 3900 &signature_length ); 3901 TEST_EQUAL( actual_status, expected_status ); 3902 /* The value of *signature_length is unspecified on error, but 3903 * whatever it is, it should be less than signature_size, so that 3904 * if the caller tries to read *signature_length bytes without 3905 * checking the error code then they don't overflow a buffer. */ 3906 TEST_ASSERT( signature_length <= signature_size ); 3907 3908exit: 3909 psa_reset_key_attributes( &attributes ); 3910 psa_destroy_key( key ); 3911 mbedtls_free( signature ); 3912 PSA_DONE( ); 3913} 3914/* END_CASE */ 3915 3916/* BEGIN_CASE */ 3917void sign_verify_message( int key_type_arg, 3918 data_t *key_data, 3919 int alg_arg, 3920 data_t *input_data ) 3921{ 3922 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3923 psa_key_type_t key_type = key_type_arg; 3924 psa_algorithm_t alg = alg_arg; 3925 size_t key_bits; 3926 unsigned char *signature = NULL; 3927 size_t signature_size; 3928 size_t signature_length = 0xdeadbeef; 3929 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3930 3931 PSA_ASSERT( psa_crypto_init( ) ); 3932 3933 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE | 3934 PSA_KEY_USAGE_VERIFY_MESSAGE ); 3935 psa_set_key_algorithm( &attributes, alg ); 3936 psa_set_key_type( &attributes, key_type ); 3937 3938 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3939 &key ) ); 3940 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 3941 key_bits = psa_get_key_bits( &attributes ); 3942 3943 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); 3944 TEST_ASSERT( signature_size != 0 ); 3945 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); 3946 ASSERT_ALLOC( signature, signature_size ); 3947 3948 PSA_ASSERT( psa_sign_message( key, alg, 3949 input_data->x, input_data->len, 3950 signature, signature_size, 3951 &signature_length ) ); 3952 TEST_ASSERT( signature_length <= signature_size ); 3953 TEST_ASSERT( signature_length > 0 ); 3954 3955 PSA_ASSERT( psa_verify_message( key, alg, 3956 input_data->x, input_data->len, 3957 signature, signature_length ) ); 3958 3959 if( input_data->len != 0 ) 3960 { 3961 /* Flip a bit in the input and verify that the signature is now 3962 * detected as invalid. Flip a bit at the beginning, not at the end, 3963 * because ECDSA may ignore the last few bits of the input. */ 3964 input_data->x[0] ^= 1; 3965 TEST_EQUAL( psa_verify_message( key, alg, 3966 input_data->x, input_data->len, 3967 signature, signature_length ), 3968 PSA_ERROR_INVALID_SIGNATURE ); 3969 } 3970 3971exit: 3972 psa_reset_key_attributes( &attributes ); 3973 3974 psa_destroy_key( key ); 3975 mbedtls_free( signature ); 3976 PSA_DONE( ); 3977} 3978/* END_CASE */ 3979 3980/* BEGIN_CASE */ 3981void verify_message( int key_type_arg, 3982 data_t *key_data, 3983 int alg_arg, 3984 data_t *input_data, 3985 data_t *signature_data ) 3986{ 3987 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3988 psa_key_type_t key_type = key_type_arg; 3989 psa_algorithm_t alg = alg_arg; 3990 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3991 3992 TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE ); 3993 3994 PSA_ASSERT( psa_crypto_init( ) ); 3995 3996 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE ); 3997 psa_set_key_algorithm( &attributes, alg ); 3998 psa_set_key_type( &attributes, key_type ); 3999 4000 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4001 &key ) ); 4002 4003 PSA_ASSERT( psa_verify_message( key, alg, 4004 input_data->x, input_data->len, 4005 signature_data->x, signature_data->len ) ); 4006 4007exit: 4008 psa_reset_key_attributes( &attributes ); 4009 psa_destroy_key( key ); 4010 PSA_DONE( ); 4011} 4012/* END_CASE */ 4013 4014/* BEGIN_CASE */ 4015void verify_message_fail( int key_type_arg, 4016 data_t *key_data, 4017 int alg_arg, 4018 data_t *hash_data, 4019 data_t *signature_data, 4020 int expected_status_arg ) 4021{ 4022 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4023 psa_key_type_t key_type = key_type_arg; 4024 psa_algorithm_t alg = alg_arg; 4025 psa_status_t actual_status; 4026 psa_status_t expected_status = expected_status_arg; 4027 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4028 4029 PSA_ASSERT( psa_crypto_init( ) ); 4030 4031 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE ); 4032 psa_set_key_algorithm( &attributes, alg ); 4033 psa_set_key_type( &attributes, key_type ); 4034 4035 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4036 &key ) ); 4037 4038 actual_status = psa_verify_message( key, alg, 4039 hash_data->x, hash_data->len, 4040 signature_data->x, 4041 signature_data->len ); 4042 TEST_EQUAL( actual_status, expected_status ); 4043 4044exit: 4045 psa_reset_key_attributes( &attributes ); 4046 psa_destroy_key( key ); 4047 PSA_DONE( ); 4048} 4049/* END_CASE */ 4050 4051/* BEGIN_CASE */ 4052void asymmetric_encrypt( int key_type_arg, 4053 data_t *key_data, 4054 int alg_arg, 4055 data_t *input_data, 4056 data_t *label, 4057 int expected_output_length_arg, 4058 int expected_status_arg ) 4059{ 4060 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4061 psa_key_type_t key_type = key_type_arg; 4062 psa_algorithm_t alg = alg_arg; 4063 size_t expected_output_length = expected_output_length_arg; 4064 size_t key_bits; 4065 unsigned char *output = NULL; 4066 size_t output_size; 4067 size_t output_length = ~0; 4068 psa_status_t actual_status; 4069 psa_status_t expected_status = expected_status_arg; 4070 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4071 4072 PSA_ASSERT( psa_crypto_init( ) ); 4073 4074 /* Import the key */ 4075 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 4076 psa_set_key_algorithm( &attributes, alg ); 4077 psa_set_key_type( &attributes, key_type ); 4078 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4079 &key ) ); 4080 4081 /* Determine the maximum output length */ 4082 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 4083 key_bits = psa_get_key_bits( &attributes ); 4084 4085 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); 4086 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE ); 4087 ASSERT_ALLOC( output, output_size ); 4088 4089 /* Encrypt the input */ 4090 actual_status = psa_asymmetric_encrypt( key, alg, 4091 input_data->x, input_data->len, 4092 label->x, label->len, 4093 output, output_size, 4094 &output_length ); 4095 TEST_EQUAL( actual_status, expected_status ); 4096 TEST_EQUAL( output_length, expected_output_length ); 4097 4098 /* If the label is empty, the test framework puts a non-null pointer 4099 * in label->x. Test that a null pointer works as well. */ 4100 if( label->len == 0 ) 4101 { 4102 output_length = ~0; 4103 if( output_size != 0 ) 4104 memset( output, 0, output_size ); 4105 actual_status = psa_asymmetric_encrypt( key, alg, 4106 input_data->x, input_data->len, 4107 NULL, label->len, 4108 output, output_size, 4109 &output_length ); 4110 TEST_EQUAL( actual_status, expected_status ); 4111 TEST_EQUAL( output_length, expected_output_length ); 4112 } 4113 4114exit: 4115 /* 4116 * Key attributes may have been returned by psa_get_key_attributes() 4117 * thus reset them as required. 4118 */ 4119 psa_reset_key_attributes( &attributes ); 4120 4121 psa_destroy_key( key ); 4122 mbedtls_free( output ); 4123 PSA_DONE( ); 4124} 4125/* END_CASE */ 4126 4127/* BEGIN_CASE */ 4128void asymmetric_encrypt_decrypt( int key_type_arg, 4129 data_t *key_data, 4130 int alg_arg, 4131 data_t *input_data, 4132 data_t *label ) 4133{ 4134 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4135 psa_key_type_t key_type = key_type_arg; 4136 psa_algorithm_t alg = alg_arg; 4137 size_t key_bits; 4138 unsigned char *output = NULL; 4139 size_t output_size; 4140 size_t output_length = ~0; 4141 unsigned char *output2 = NULL; 4142 size_t output2_size; 4143 size_t output2_length = ~0; 4144 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4145 4146 PSA_ASSERT( psa_crypto_init( ) ); 4147 4148 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 4149 psa_set_key_algorithm( &attributes, alg ); 4150 psa_set_key_type( &attributes, key_type ); 4151 4152 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4153 &key ) ); 4154 4155 /* Determine the maximum ciphertext length */ 4156 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 4157 key_bits = psa_get_key_bits( &attributes ); 4158 4159 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); 4160 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE ); 4161 ASSERT_ALLOC( output, output_size ); 4162 4163 output2_size = input_data->len; 4164 TEST_ASSERT( output2_size <= 4165 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) ); 4166 TEST_ASSERT( output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE ); 4167 ASSERT_ALLOC( output2, output2_size ); 4168 4169 /* We test encryption by checking that encrypt-then-decrypt gives back 4170 * the original plaintext because of the non-optional random 4171 * part of encryption process which prevents using fixed vectors. */ 4172 PSA_ASSERT( psa_asymmetric_encrypt( key, alg, 4173 input_data->x, input_data->len, 4174 label->x, label->len, 4175 output, output_size, 4176 &output_length ) ); 4177 /* We don't know what ciphertext length to expect, but check that 4178 * it looks sensible. */ 4179 TEST_ASSERT( output_length <= output_size ); 4180 4181 PSA_ASSERT( psa_asymmetric_decrypt( key, alg, 4182 output, output_length, 4183 label->x, label->len, 4184 output2, output2_size, 4185 &output2_length ) ); 4186 ASSERT_COMPARE( input_data->x, input_data->len, 4187 output2, output2_length ); 4188 4189exit: 4190 /* 4191 * Key attributes may have been returned by psa_get_key_attributes() 4192 * thus reset them as required. 4193 */ 4194 psa_reset_key_attributes( &attributes ); 4195 4196 psa_destroy_key( key ); 4197 mbedtls_free( output ); 4198 mbedtls_free( output2 ); 4199 PSA_DONE( ); 4200} 4201/* END_CASE */ 4202 4203/* BEGIN_CASE */ 4204void asymmetric_decrypt( int key_type_arg, 4205 data_t *key_data, 4206 int alg_arg, 4207 data_t *input_data, 4208 data_t *label, 4209 data_t *expected_data ) 4210{ 4211 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4212 psa_key_type_t key_type = key_type_arg; 4213 psa_algorithm_t alg = alg_arg; 4214 size_t key_bits; 4215 unsigned char *output = NULL; 4216 size_t output_size = 0; 4217 size_t output_length = ~0; 4218 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4219 4220 PSA_ASSERT( psa_crypto_init( ) ); 4221 4222 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 4223 psa_set_key_algorithm( &attributes, alg ); 4224 psa_set_key_type( &attributes, key_type ); 4225 4226 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4227 &key ) ); 4228 4229 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 4230 key_bits = psa_get_key_bits( &attributes ); 4231 4232 /* Determine the maximum ciphertext length */ 4233 output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); 4234 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE ); 4235 ASSERT_ALLOC( output, output_size ); 4236 4237 PSA_ASSERT( psa_asymmetric_decrypt( key, alg, 4238 input_data->x, input_data->len, 4239 label->x, label->len, 4240 output, 4241 output_size, 4242 &output_length ) ); 4243 ASSERT_COMPARE( expected_data->x, expected_data->len, 4244 output, output_length ); 4245 4246 /* If the label is empty, the test framework puts a non-null pointer 4247 * in label->x. Test that a null pointer works as well. */ 4248 if( label->len == 0 ) 4249 { 4250 output_length = ~0; 4251 if( output_size != 0 ) 4252 memset( output, 0, output_size ); 4253 PSA_ASSERT( psa_asymmetric_decrypt( key, alg, 4254 input_data->x, input_data->len, 4255 NULL, label->len, 4256 output, 4257 output_size, 4258 &output_length ) ); 4259 ASSERT_COMPARE( expected_data->x, expected_data->len, 4260 output, output_length ); 4261 } 4262 4263exit: 4264 psa_reset_key_attributes( &attributes ); 4265 psa_destroy_key( key ); 4266 mbedtls_free( output ); 4267 PSA_DONE( ); 4268} 4269/* END_CASE */ 4270 4271/* BEGIN_CASE */ 4272void asymmetric_decrypt_fail( int key_type_arg, 4273 data_t *key_data, 4274 int alg_arg, 4275 data_t *input_data, 4276 data_t *label, 4277 int output_size_arg, 4278 int expected_status_arg ) 4279{ 4280 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4281 psa_key_type_t key_type = key_type_arg; 4282 psa_algorithm_t alg = alg_arg; 4283 unsigned char *output = NULL; 4284 size_t output_size = output_size_arg; 4285 size_t output_length = ~0; 4286 psa_status_t actual_status; 4287 psa_status_t expected_status = expected_status_arg; 4288 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4289 4290 ASSERT_ALLOC( output, output_size ); 4291 4292 PSA_ASSERT( psa_crypto_init( ) ); 4293 4294 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 4295 psa_set_key_algorithm( &attributes, alg ); 4296 psa_set_key_type( &attributes, key_type ); 4297 4298 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4299 &key ) ); 4300 4301 actual_status = psa_asymmetric_decrypt( key, alg, 4302 input_data->x, input_data->len, 4303 label->x, label->len, 4304 output, output_size, 4305 &output_length ); 4306 TEST_EQUAL( actual_status, expected_status ); 4307 TEST_ASSERT( output_length <= output_size ); 4308 4309 /* If the label is empty, the test framework puts a non-null pointer 4310 * in label->x. Test that a null pointer works as well. */ 4311 if( label->len == 0 ) 4312 { 4313 output_length = ~0; 4314 if( output_size != 0 ) 4315 memset( output, 0, output_size ); 4316 actual_status = psa_asymmetric_decrypt( key, alg, 4317 input_data->x, input_data->len, 4318 NULL, label->len, 4319 output, output_size, 4320 &output_length ); 4321 TEST_EQUAL( actual_status, expected_status ); 4322 TEST_ASSERT( output_length <= output_size ); 4323 } 4324 4325exit: 4326 psa_reset_key_attributes( &attributes ); 4327 psa_destroy_key( key ); 4328 mbedtls_free( output ); 4329 PSA_DONE( ); 4330} 4331/* END_CASE */ 4332 4333/* BEGIN_CASE */ 4334void key_derivation_init( ) 4335{ 4336 /* Test each valid way of initializing the object, except for `= {0}`, as 4337 * Clang 5 complains when `-Wmissing-field-initializers` is used, even 4338 * though it's OK by the C standard. We could test for this, but we'd need 4339 * to supress the Clang warning for the test. */ 4340 size_t capacity; 4341 psa_key_derivation_operation_t func = psa_key_derivation_operation_init( ); 4342 psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT; 4343 psa_key_derivation_operation_t zero; 4344 4345 memset( &zero, 0, sizeof( zero ) ); 4346 4347 /* A default operation should not be able to report its capacity. */ 4348 TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ), 4349 PSA_ERROR_BAD_STATE ); 4350 TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ), 4351 PSA_ERROR_BAD_STATE ); 4352 TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ), 4353 PSA_ERROR_BAD_STATE ); 4354 4355 /* A default operation should be abortable without error. */ 4356 PSA_ASSERT( psa_key_derivation_abort(&func) ); 4357 PSA_ASSERT( psa_key_derivation_abort(&init) ); 4358 PSA_ASSERT( psa_key_derivation_abort(&zero) ); 4359} 4360/* END_CASE */ 4361 4362/* BEGIN_CASE */ 4363void derive_setup( int alg_arg, int expected_status_arg ) 4364{ 4365 psa_algorithm_t alg = alg_arg; 4366 psa_status_t expected_status = expected_status_arg; 4367 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4368 4369 PSA_ASSERT( psa_crypto_init( ) ); 4370 4371 TEST_EQUAL( psa_key_derivation_setup( &operation, alg ), 4372 expected_status ); 4373 4374exit: 4375 psa_key_derivation_abort( &operation ); 4376 PSA_DONE( ); 4377} 4378/* END_CASE */ 4379 4380/* BEGIN_CASE */ 4381void derive_set_capacity( int alg_arg, int capacity_arg, 4382 int expected_status_arg ) 4383{ 4384 psa_algorithm_t alg = alg_arg; 4385 size_t capacity = capacity_arg; 4386 psa_status_t expected_status = expected_status_arg; 4387 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4388 4389 PSA_ASSERT( psa_crypto_init( ) ); 4390 4391 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); 4392 4393 TEST_EQUAL( psa_key_derivation_set_capacity( &operation, capacity ), 4394 expected_status ); 4395 4396exit: 4397 psa_key_derivation_abort( &operation ); 4398 PSA_DONE( ); 4399} 4400/* END_CASE */ 4401 4402/* BEGIN_CASE */ 4403void derive_input( int alg_arg, 4404 int step_arg1, int key_type_arg1, data_t *input1, 4405 int expected_status_arg1, 4406 int step_arg2, int key_type_arg2, data_t *input2, 4407 int expected_status_arg2, 4408 int step_arg3, int key_type_arg3, data_t *input3, 4409 int expected_status_arg3, 4410 int output_key_type_arg, int expected_output_status_arg ) 4411{ 4412 psa_algorithm_t alg = alg_arg; 4413 psa_key_derivation_step_t steps[] = {step_arg1, step_arg2, step_arg3}; 4414 psa_key_type_t key_types[] = {key_type_arg1, key_type_arg2, key_type_arg3}; 4415 psa_status_t expected_statuses[] = {expected_status_arg1, 4416 expected_status_arg2, 4417 expected_status_arg3}; 4418 data_t *inputs[] = {input1, input2, input3}; 4419 mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, 4420 MBEDTLS_SVC_KEY_ID_INIT, 4421 MBEDTLS_SVC_KEY_ID_INIT }; 4422 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4423 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4424 size_t i; 4425 psa_key_type_t output_key_type = output_key_type_arg; 4426 mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT; 4427 psa_status_t expected_output_status = expected_output_status_arg; 4428 psa_status_t actual_output_status; 4429 4430 PSA_ASSERT( psa_crypto_init( ) ); 4431 4432 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 4433 psa_set_key_algorithm( &attributes, alg ); 4434 4435 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); 4436 4437 for( i = 0; i < ARRAY_LENGTH( steps ); i++ ) 4438 { 4439 mbedtls_test_set_step( i ); 4440 if( steps[i] == 0 ) 4441 { 4442 /* Skip this step */ 4443 } 4444 else if( key_types[i] != PSA_KEY_TYPE_NONE ) 4445 { 4446 psa_set_key_type( &attributes, key_types[i] ); 4447 PSA_ASSERT( psa_import_key( &attributes, 4448 inputs[i]->x, inputs[i]->len, 4449 &keys[i] ) ); 4450 if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) && 4451 steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET ) 4452 { 4453 // When taking a private key as secret input, use key agreement 4454 // to add the shared secret to the derivation 4455 TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self( 4456 &operation, keys[i] ), 4457 expected_statuses[i] ); 4458 } 4459 else 4460 { 4461 TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i], 4462 keys[i] ), 4463 expected_statuses[i] ); 4464 } 4465 } 4466 else 4467 { 4468 TEST_EQUAL( psa_key_derivation_input_bytes( 4469 &operation, steps[i], 4470 inputs[i]->x, inputs[i]->len ), 4471 expected_statuses[i] ); 4472 } 4473 } 4474 4475 if( output_key_type != PSA_KEY_TYPE_NONE ) 4476 { 4477 psa_reset_key_attributes( &attributes ); 4478 psa_set_key_type( &attributes, output_key_type ); 4479 psa_set_key_bits( &attributes, 8 ); 4480 actual_output_status = 4481 psa_key_derivation_output_key( &attributes, &operation, 4482 &output_key ); 4483 } 4484 else 4485 { 4486 uint8_t buffer[1]; 4487 actual_output_status = 4488 psa_key_derivation_output_bytes( &operation, 4489 buffer, sizeof( buffer ) ); 4490 } 4491 TEST_EQUAL( actual_output_status, expected_output_status ); 4492 4493exit: 4494 psa_key_derivation_abort( &operation ); 4495 for( i = 0; i < ARRAY_LENGTH( keys ); i++ ) 4496 psa_destroy_key( keys[i] ); 4497 psa_destroy_key( output_key ); 4498 PSA_DONE( ); 4499} 4500/* END_CASE */ 4501 4502/* BEGIN_CASE */ 4503void derive_over_capacity( int alg_arg ) 4504{ 4505 psa_algorithm_t alg = alg_arg; 4506 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4507 size_t key_type = PSA_KEY_TYPE_DERIVE; 4508 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4509 unsigned char input1[] = "Input 1"; 4510 size_t input1_length = sizeof( input1 ); 4511 unsigned char input2[] = "Input 2"; 4512 size_t input2_length = sizeof( input2 ); 4513 uint8_t buffer[42]; 4514 size_t capacity = sizeof( buffer ); 4515 const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 4516 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 4517 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}; 4518 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4519 4520 PSA_ASSERT( psa_crypto_init( ) ); 4521 4522 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 4523 psa_set_key_algorithm( &attributes, alg ); 4524 psa_set_key_type( &attributes, key_type ); 4525 4526 PSA_ASSERT( psa_import_key( &attributes, 4527 key_data, sizeof( key_data ), 4528 &key ) ); 4529 4530 /* valid key derivation */ 4531 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, 4532 input1, input1_length, 4533 input2, input2_length, 4534 capacity ) ) 4535 goto exit; 4536 4537 /* state of operation shouldn't allow additional generation */ 4538 TEST_EQUAL( psa_key_derivation_setup( &operation, alg ), 4539 PSA_ERROR_BAD_STATE ); 4540 4541 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) ); 4542 4543 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ), 4544 PSA_ERROR_INSUFFICIENT_DATA ); 4545 4546exit: 4547 psa_key_derivation_abort( &operation ); 4548 psa_destroy_key( key ); 4549 PSA_DONE( ); 4550} 4551/* END_CASE */ 4552 4553/* BEGIN_CASE */ 4554void derive_actions_without_setup( ) 4555{ 4556 uint8_t output_buffer[16]; 4557 size_t buffer_size = 16; 4558 size_t capacity = 0; 4559 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4560 4561 TEST_ASSERT( psa_key_derivation_output_bytes( &operation, 4562 output_buffer, buffer_size ) 4563 == PSA_ERROR_BAD_STATE ); 4564 4565 TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity ) 4566 == PSA_ERROR_BAD_STATE ); 4567 4568 PSA_ASSERT( psa_key_derivation_abort( &operation ) ); 4569 4570 TEST_ASSERT( psa_key_derivation_output_bytes( &operation, 4571 output_buffer, buffer_size ) 4572 == PSA_ERROR_BAD_STATE ); 4573 4574 TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity ) 4575 == PSA_ERROR_BAD_STATE ); 4576 4577exit: 4578 psa_key_derivation_abort( &operation ); 4579} 4580/* END_CASE */ 4581 4582/* BEGIN_CASE */ 4583void derive_output( int alg_arg, 4584 int step1_arg, data_t *input1, 4585 int step2_arg, data_t *input2, 4586 int step3_arg, data_t *input3, 4587 int requested_capacity_arg, 4588 data_t *expected_output1, 4589 data_t *expected_output2 ) 4590{ 4591 psa_algorithm_t alg = alg_arg; 4592 psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg}; 4593 data_t *inputs[] = {input1, input2, input3}; 4594 mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, 4595 MBEDTLS_SVC_KEY_ID_INIT, 4596 MBEDTLS_SVC_KEY_ID_INIT }; 4597 size_t requested_capacity = requested_capacity_arg; 4598 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4599 uint8_t *expected_outputs[2] = 4600 {expected_output1->x, expected_output2->x}; 4601 size_t output_sizes[2] = 4602 {expected_output1->len, expected_output2->len}; 4603 size_t output_buffer_size = 0; 4604 uint8_t *output_buffer = NULL; 4605 size_t expected_capacity; 4606 size_t current_capacity; 4607 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4608 psa_status_t status; 4609 size_t i; 4610 4611 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ ) 4612 { 4613 if( output_sizes[i] > output_buffer_size ) 4614 output_buffer_size = output_sizes[i]; 4615 if( output_sizes[i] == 0 ) 4616 expected_outputs[i] = NULL; 4617 } 4618 ASSERT_ALLOC( output_buffer, output_buffer_size ); 4619 PSA_ASSERT( psa_crypto_init( ) ); 4620 4621 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 4622 psa_set_key_algorithm( &attributes, alg ); 4623 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); 4624 4625 /* Extraction phase. */ 4626 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); 4627 PSA_ASSERT( psa_key_derivation_set_capacity( &operation, 4628 requested_capacity ) ); 4629 for( i = 0; i < ARRAY_LENGTH( steps ); i++ ) 4630 { 4631 switch( steps[i] ) 4632 { 4633 case 0: 4634 break; 4635 case PSA_KEY_DERIVATION_INPUT_SECRET: 4636 PSA_ASSERT( psa_import_key( &attributes, 4637 inputs[i]->x, inputs[i]->len, 4638 &keys[i] ) ); 4639 4640 if ( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) 4641 { 4642 PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes ) ); 4643 TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes ) ) <= 4644 PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE ); 4645 } 4646 4647 PSA_ASSERT( psa_key_derivation_input_key( 4648 &operation, steps[i], keys[i] ) ); 4649 break; 4650 default: 4651 PSA_ASSERT( psa_key_derivation_input_bytes( 4652 &operation, steps[i], 4653 inputs[i]->x, inputs[i]->len ) ); 4654 break; 4655 } 4656 } 4657 4658 PSA_ASSERT( psa_key_derivation_get_capacity( &operation, 4659 ¤t_capacity ) ); 4660 TEST_EQUAL( current_capacity, requested_capacity ); 4661 expected_capacity = requested_capacity; 4662 4663 /* Expansion phase. */ 4664 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ ) 4665 { 4666 /* Read some bytes. */ 4667 status = psa_key_derivation_output_bytes( &operation, 4668 output_buffer, output_sizes[i] ); 4669 if( expected_capacity == 0 && output_sizes[i] == 0 ) 4670 { 4671 /* Reading 0 bytes when 0 bytes are available can go either way. */ 4672 TEST_ASSERT( status == PSA_SUCCESS || 4673 status == PSA_ERROR_INSUFFICIENT_DATA ); 4674 continue; 4675 } 4676 else if( expected_capacity == 0 || 4677 output_sizes[i] > expected_capacity ) 4678 { 4679 /* Capacity exceeded. */ 4680 TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA ); 4681 expected_capacity = 0; 4682 continue; 4683 } 4684 /* Success. Check the read data. */ 4685 PSA_ASSERT( status ); 4686 if( output_sizes[i] != 0 ) 4687 ASSERT_COMPARE( output_buffer, output_sizes[i], 4688 expected_outputs[i], output_sizes[i] ); 4689 /* Check the operation status. */ 4690 expected_capacity -= output_sizes[i]; 4691 PSA_ASSERT( psa_key_derivation_get_capacity( &operation, 4692 ¤t_capacity ) ); 4693 TEST_EQUAL( expected_capacity, current_capacity ); 4694 } 4695 PSA_ASSERT( psa_key_derivation_abort( &operation ) ); 4696 4697exit: 4698 mbedtls_free( output_buffer ); 4699 psa_key_derivation_abort( &operation ); 4700 for( i = 0; i < ARRAY_LENGTH( keys ); i++ ) 4701 psa_destroy_key( keys[i] ); 4702 PSA_DONE( ); 4703} 4704/* END_CASE */ 4705 4706/* BEGIN_CASE */ 4707void derive_full( int alg_arg, 4708 data_t *key_data, 4709 data_t *input1, 4710 data_t *input2, 4711 int requested_capacity_arg ) 4712{ 4713 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4714 psa_algorithm_t alg = alg_arg; 4715 size_t requested_capacity = requested_capacity_arg; 4716 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4717 unsigned char output_buffer[16]; 4718 size_t expected_capacity = requested_capacity; 4719 size_t current_capacity; 4720 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4721 4722 PSA_ASSERT( psa_crypto_init( ) ); 4723 4724 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 4725 psa_set_key_algorithm( &attributes, alg ); 4726 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); 4727 4728 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4729 &key ) ); 4730 4731 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, 4732 input1->x, input1->len, 4733 input2->x, input2->len, 4734 requested_capacity ) ) 4735 goto exit; 4736 4737 PSA_ASSERT( psa_key_derivation_get_capacity( &operation, 4738 ¤t_capacity ) ); 4739 TEST_EQUAL( current_capacity, expected_capacity ); 4740 4741 /* Expansion phase. */ 4742 while( current_capacity > 0 ) 4743 { 4744 size_t read_size = sizeof( output_buffer ); 4745 if( read_size > current_capacity ) 4746 read_size = current_capacity; 4747 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 4748 output_buffer, 4749 read_size ) ); 4750 expected_capacity -= read_size; 4751 PSA_ASSERT( psa_key_derivation_get_capacity( &operation, 4752 ¤t_capacity ) ); 4753 TEST_EQUAL( current_capacity, expected_capacity ); 4754 } 4755 4756 /* Check that the operation refuses to go over capacity. */ 4757 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ), 4758 PSA_ERROR_INSUFFICIENT_DATA ); 4759 4760 PSA_ASSERT( psa_key_derivation_abort( &operation ) ); 4761 4762exit: 4763 psa_key_derivation_abort( &operation ); 4764 psa_destroy_key( key ); 4765 PSA_DONE( ); 4766} 4767/* END_CASE */ 4768 4769/* BEGIN_CASE */ 4770void derive_key_exercise( int alg_arg, 4771 data_t *key_data, 4772 data_t *input1, 4773 data_t *input2, 4774 int derived_type_arg, 4775 int derived_bits_arg, 4776 int derived_usage_arg, 4777 int derived_alg_arg ) 4778{ 4779 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 4780 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 4781 psa_algorithm_t alg = alg_arg; 4782 psa_key_type_t derived_type = derived_type_arg; 4783 size_t derived_bits = derived_bits_arg; 4784 psa_key_usage_t derived_usage = derived_usage_arg; 4785 psa_algorithm_t derived_alg = derived_alg_arg; 4786 size_t capacity = PSA_BITS_TO_BYTES( derived_bits ); 4787 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4788 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4789 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 4790 4791 PSA_ASSERT( psa_crypto_init( ) ); 4792 4793 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 4794 psa_set_key_algorithm( &attributes, alg ); 4795 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); 4796 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4797 &base_key ) ); 4798 4799 /* Derive a key. */ 4800 if ( mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, 4801 input1->x, input1->len, 4802 input2->x, input2->len, 4803 capacity ) ) 4804 goto exit; 4805 4806 psa_set_key_usage_flags( &attributes, derived_usage ); 4807 psa_set_key_algorithm( &attributes, derived_alg ); 4808 psa_set_key_type( &attributes, derived_type ); 4809 psa_set_key_bits( &attributes, derived_bits ); 4810 PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, 4811 &derived_key ) ); 4812 4813 /* Test the key information */ 4814 PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) ); 4815 TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type ); 4816 TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits ); 4817 4818 /* Exercise the derived key. */ 4819 if( ! mbedtls_test_psa_exercise_key( derived_key, derived_usage, derived_alg ) ) 4820 goto exit; 4821 4822exit: 4823 /* 4824 * Key attributes may have been returned by psa_get_key_attributes() 4825 * thus reset them as required. 4826 */ 4827 psa_reset_key_attributes( &got_attributes ); 4828 4829 psa_key_derivation_abort( &operation ); 4830 psa_destroy_key( base_key ); 4831 psa_destroy_key( derived_key ); 4832 PSA_DONE( ); 4833} 4834/* END_CASE */ 4835 4836/* BEGIN_CASE */ 4837void derive_key_export( int alg_arg, 4838 data_t *key_data, 4839 data_t *input1, 4840 data_t *input2, 4841 int bytes1_arg, 4842 int bytes2_arg ) 4843{ 4844 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 4845 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 4846 psa_algorithm_t alg = alg_arg; 4847 size_t bytes1 = bytes1_arg; 4848 size_t bytes2 = bytes2_arg; 4849 size_t capacity = bytes1 + bytes2; 4850 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4851 uint8_t *output_buffer = NULL; 4852 uint8_t *export_buffer = NULL; 4853 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 4854 psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; 4855 size_t length; 4856 4857 ASSERT_ALLOC( output_buffer, capacity ); 4858 ASSERT_ALLOC( export_buffer, capacity ); 4859 PSA_ASSERT( psa_crypto_init( ) ); 4860 4861 psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE ); 4862 psa_set_key_algorithm( &base_attributes, alg ); 4863 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); 4864 PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, 4865 &base_key ) ); 4866 4867 /* Derive some material and output it. */ 4868 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, 4869 input1->x, input1->len, 4870 input2->x, input2->len, 4871 capacity ) ) 4872 goto exit; 4873 4874 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 4875 output_buffer, 4876 capacity ) ); 4877 PSA_ASSERT( psa_key_derivation_abort( &operation ) ); 4878 4879 /* Derive the same output again, but this time store it in key objects. */ 4880 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, 4881 input1->x, input1->len, 4882 input2->x, input2->len, 4883 capacity ) ) 4884 goto exit; 4885 4886 psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT ); 4887 psa_set_key_algorithm( &derived_attributes, 0 ); 4888 psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA ); 4889 psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) ); 4890 PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, 4891 &derived_key ) ); 4892 PSA_ASSERT( psa_export_key( derived_key, 4893 export_buffer, bytes1, 4894 &length ) ); 4895 TEST_EQUAL( length, bytes1 ); 4896 PSA_ASSERT( psa_destroy_key( derived_key ) ); 4897 psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) ); 4898 PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, 4899 &derived_key ) ); 4900 PSA_ASSERT( psa_export_key( derived_key, 4901 export_buffer + bytes1, bytes2, 4902 &length ) ); 4903 TEST_EQUAL( length, bytes2 ); 4904 4905 /* Compare the outputs from the two runs. */ 4906 ASSERT_COMPARE( output_buffer, bytes1 + bytes2, 4907 export_buffer, capacity ); 4908 4909exit: 4910 mbedtls_free( output_buffer ); 4911 mbedtls_free( export_buffer ); 4912 psa_key_derivation_abort( &operation ); 4913 psa_destroy_key( base_key ); 4914 psa_destroy_key( derived_key ); 4915 PSA_DONE( ); 4916} 4917/* END_CASE */ 4918 4919/* BEGIN_CASE */ 4920void derive_key( int alg_arg, 4921 data_t *key_data, data_t *input1, data_t *input2, 4922 int type_arg, int bits_arg, 4923 int expected_status_arg, 4924 int is_large_output ) 4925{ 4926 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 4927 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 4928 psa_algorithm_t alg = alg_arg; 4929 psa_key_type_t type = type_arg; 4930 size_t bits = bits_arg; 4931 psa_status_t expected_status = expected_status_arg; 4932 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4933 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 4934 psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; 4935 4936 PSA_ASSERT( psa_crypto_init( ) ); 4937 4938 psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE ); 4939 psa_set_key_algorithm( &base_attributes, alg ); 4940 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); 4941 PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, 4942 &base_key ) ); 4943 4944 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, 4945 input1->x, input1->len, 4946 input2->x, input2->len, 4947 SIZE_MAX ) ) 4948 goto exit; 4949 4950 psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT ); 4951 psa_set_key_algorithm( &derived_attributes, 0 ); 4952 psa_set_key_type( &derived_attributes, type ); 4953 psa_set_key_bits( &derived_attributes, bits ); 4954 4955 psa_status_t status = 4956 psa_key_derivation_output_key( &derived_attributes, 4957 &operation, 4958 &derived_key ); 4959 if( is_large_output > 0 ) 4960 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY ); 4961 TEST_EQUAL( status, expected_status ); 4962 4963exit: 4964 psa_key_derivation_abort( &operation ); 4965 psa_destroy_key( base_key ); 4966 psa_destroy_key( derived_key ); 4967 PSA_DONE( ); 4968} 4969/* END_CASE */ 4970 4971/* BEGIN_CASE */ 4972void key_agreement_setup( int alg_arg, 4973 int our_key_type_arg, int our_key_alg_arg, 4974 data_t *our_key_data, data_t *peer_key_data, 4975 int expected_status_arg ) 4976{ 4977 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 4978 psa_algorithm_t alg = alg_arg; 4979 psa_algorithm_t our_key_alg = our_key_alg_arg; 4980 psa_key_type_t our_key_type = our_key_type_arg; 4981 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 4982 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4983 psa_status_t expected_status = expected_status_arg; 4984 psa_status_t status; 4985 4986 PSA_ASSERT( psa_crypto_init( ) ); 4987 4988 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 4989 psa_set_key_algorithm( &attributes, our_key_alg ); 4990 psa_set_key_type( &attributes, our_key_type ); 4991 PSA_ASSERT( psa_import_key( &attributes, 4992 our_key_data->x, our_key_data->len, 4993 &our_key ) ); 4994 4995 /* The tests currently include inputs that should fail at either step. 4996 * Test cases that fail at the setup step should be changed to call 4997 * key_derivation_setup instead, and this function should be renamed 4998 * to key_agreement_fail. */ 4999 status = psa_key_derivation_setup( &operation, alg ); 5000 if( status == PSA_SUCCESS ) 5001 { 5002 TEST_EQUAL( psa_key_derivation_key_agreement( 5003 &operation, PSA_KEY_DERIVATION_INPUT_SECRET, 5004 our_key, 5005 peer_key_data->x, peer_key_data->len ), 5006 expected_status ); 5007 } 5008 else 5009 { 5010 TEST_ASSERT( status == expected_status ); 5011 } 5012 5013exit: 5014 psa_key_derivation_abort( &operation ); 5015 psa_destroy_key( our_key ); 5016 PSA_DONE( ); 5017} 5018/* END_CASE */ 5019 5020/* BEGIN_CASE */ 5021void raw_key_agreement( int alg_arg, 5022 int our_key_type_arg, data_t *our_key_data, 5023 data_t *peer_key_data, 5024 data_t *expected_output ) 5025{ 5026 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 5027 psa_algorithm_t alg = alg_arg; 5028 psa_key_type_t our_key_type = our_key_type_arg; 5029 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5030 unsigned char *output = NULL; 5031 size_t output_length = ~0; 5032 size_t key_bits; 5033 5034 ASSERT_ALLOC( output, expected_output->len ); 5035 PSA_ASSERT( psa_crypto_init( ) ); 5036 5037 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 5038 psa_set_key_algorithm( &attributes, alg ); 5039 psa_set_key_type( &attributes, our_key_type ); 5040 PSA_ASSERT( psa_import_key( &attributes, 5041 our_key_data->x, our_key_data->len, 5042 &our_key ) ); 5043 5044 PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) ); 5045 key_bits = psa_get_key_bits( &attributes ); 5046 5047 PSA_ASSERT( psa_raw_key_agreement( alg, our_key, 5048 peer_key_data->x, peer_key_data->len, 5049 output, expected_output->len, 5050 &output_length ) ); 5051 ASSERT_COMPARE( output, output_length, 5052 expected_output->x, expected_output->len ); 5053 TEST_ASSERT( output_length <= 5054 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) ); 5055 TEST_ASSERT( output_length <= 5056 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ); 5057 5058exit: 5059 mbedtls_free( output ); 5060 psa_destroy_key( our_key ); 5061 PSA_DONE( ); 5062} 5063/* END_CASE */ 5064 5065/* BEGIN_CASE */ 5066void key_agreement_capacity( int alg_arg, 5067 int our_key_type_arg, data_t *our_key_data, 5068 data_t *peer_key_data, 5069 int expected_capacity_arg ) 5070{ 5071 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 5072 psa_algorithm_t alg = alg_arg; 5073 psa_key_type_t our_key_type = our_key_type_arg; 5074 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 5075 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5076 size_t actual_capacity; 5077 unsigned char output[16]; 5078 5079 PSA_ASSERT( psa_crypto_init( ) ); 5080 5081 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 5082 psa_set_key_algorithm( &attributes, alg ); 5083 psa_set_key_type( &attributes, our_key_type ); 5084 PSA_ASSERT( psa_import_key( &attributes, 5085 our_key_data->x, our_key_data->len, 5086 &our_key ) ); 5087 5088 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); 5089 PSA_ASSERT( psa_key_derivation_key_agreement( 5090 &operation, 5091 PSA_KEY_DERIVATION_INPUT_SECRET, our_key, 5092 peer_key_data->x, peer_key_data->len ) ); 5093 if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) 5094 { 5095 /* The test data is for info="" */ 5096 PSA_ASSERT( psa_key_derivation_input_bytes( &operation, 5097 PSA_KEY_DERIVATION_INPUT_INFO, 5098 NULL, 0 ) ); 5099 } 5100 5101 /* Test the advertized capacity. */ 5102 PSA_ASSERT( psa_key_derivation_get_capacity( 5103 &operation, &actual_capacity ) ); 5104 TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg ); 5105 5106 /* Test the actual capacity by reading the output. */ 5107 while( actual_capacity > sizeof( output ) ) 5108 { 5109 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 5110 output, sizeof( output ) ) ); 5111 actual_capacity -= sizeof( output ); 5112 } 5113 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 5114 output, actual_capacity ) ); 5115 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ), 5116 PSA_ERROR_INSUFFICIENT_DATA ); 5117 5118exit: 5119 psa_key_derivation_abort( &operation ); 5120 psa_destroy_key( our_key ); 5121 PSA_DONE( ); 5122} 5123/* END_CASE */ 5124 5125/* BEGIN_CASE */ 5126void key_agreement_output( int alg_arg, 5127 int our_key_type_arg, data_t *our_key_data, 5128 data_t *peer_key_data, 5129 data_t *expected_output1, data_t *expected_output2 ) 5130{ 5131 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 5132 psa_algorithm_t alg = alg_arg; 5133 psa_key_type_t our_key_type = our_key_type_arg; 5134 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 5135 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5136 uint8_t *actual_output = NULL; 5137 5138 ASSERT_ALLOC( actual_output, MAX( expected_output1->len, 5139 expected_output2->len ) ); 5140 5141 PSA_ASSERT( psa_crypto_init( ) ); 5142 5143 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 5144 psa_set_key_algorithm( &attributes, alg ); 5145 psa_set_key_type( &attributes, our_key_type ); 5146 PSA_ASSERT( psa_import_key( &attributes, 5147 our_key_data->x, our_key_data->len, 5148 &our_key ) ); 5149 5150 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); 5151 PSA_ASSERT( psa_key_derivation_key_agreement( 5152 &operation, 5153 PSA_KEY_DERIVATION_INPUT_SECRET, our_key, 5154 peer_key_data->x, peer_key_data->len ) ); 5155 if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) 5156 { 5157 /* The test data is for info="" */ 5158 PSA_ASSERT( psa_key_derivation_input_bytes( &operation, 5159 PSA_KEY_DERIVATION_INPUT_INFO, 5160 NULL, 0 ) ); 5161 } 5162 5163 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 5164 actual_output, 5165 expected_output1->len ) ); 5166 ASSERT_COMPARE( actual_output, expected_output1->len, 5167 expected_output1->x, expected_output1->len ); 5168 if( expected_output2->len != 0 ) 5169 { 5170 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 5171 actual_output, 5172 expected_output2->len ) ); 5173 ASSERT_COMPARE( actual_output, expected_output2->len, 5174 expected_output2->x, expected_output2->len ); 5175 } 5176 5177exit: 5178 psa_key_derivation_abort( &operation ); 5179 psa_destroy_key( our_key ); 5180 PSA_DONE( ); 5181 mbedtls_free( actual_output ); 5182} 5183/* END_CASE */ 5184 5185/* BEGIN_CASE */ 5186void generate_random( int bytes_arg ) 5187{ 5188 size_t bytes = bytes_arg; 5189 unsigned char *output = NULL; 5190 unsigned char *changed = NULL; 5191 size_t i; 5192 unsigned run; 5193 5194 TEST_ASSERT( bytes_arg >= 0 ); 5195 5196 ASSERT_ALLOC( output, bytes ); 5197 ASSERT_ALLOC( changed, bytes ); 5198 5199 PSA_ASSERT( psa_crypto_init( ) ); 5200 5201 /* Run several times, to ensure that every output byte will be 5202 * nonzero at least once with overwhelming probability 5203 * (2^(-8*number_of_runs)). */ 5204 for( run = 0; run < 10; run++ ) 5205 { 5206 if( bytes != 0 ) 5207 memset( output, 0, bytes ); 5208 PSA_ASSERT( psa_generate_random( output, bytes ) ); 5209 5210 for( i = 0; i < bytes; i++ ) 5211 { 5212 if( output[i] != 0 ) 5213 ++changed[i]; 5214 } 5215 } 5216 5217 /* Check that every byte was changed to nonzero at least once. This 5218 * validates that psa_generate_random is overwriting every byte of 5219 * the output buffer. */ 5220 for( i = 0; i < bytes; i++ ) 5221 { 5222 TEST_ASSERT( changed[i] != 0 ); 5223 } 5224 5225exit: 5226 PSA_DONE( ); 5227 mbedtls_free( output ); 5228 mbedtls_free( changed ); 5229} 5230/* END_CASE */ 5231 5232/* BEGIN_CASE */ 5233void generate_key( int type_arg, 5234 int bits_arg, 5235 int usage_arg, 5236 int alg_arg, 5237 int expected_status_arg, 5238 int is_large_key ) 5239{ 5240 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5241 psa_key_type_t type = type_arg; 5242 psa_key_usage_t usage = usage_arg; 5243 size_t bits = bits_arg; 5244 psa_algorithm_t alg = alg_arg; 5245 psa_status_t expected_status = expected_status_arg; 5246 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5247 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 5248 5249 PSA_ASSERT( psa_crypto_init( ) ); 5250 5251 psa_set_key_usage_flags( &attributes, usage ); 5252 psa_set_key_algorithm( &attributes, alg ); 5253 psa_set_key_type( &attributes, type ); 5254 psa_set_key_bits( &attributes, bits ); 5255 5256 /* Generate a key */ 5257 psa_status_t status = psa_generate_key( &attributes, &key ); 5258 5259 if( is_large_key > 0 ) 5260 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY ); 5261 TEST_EQUAL( status , expected_status ); 5262 if( expected_status != PSA_SUCCESS ) 5263 goto exit; 5264 5265 /* Test the key information */ 5266 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 5267 TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); 5268 TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); 5269 5270 /* Do something with the key according to its type and permitted usage. */ 5271 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) 5272 goto exit; 5273 5274exit: 5275 /* 5276 * Key attributes may have been returned by psa_get_key_attributes() 5277 * thus reset them as required. 5278 */ 5279 psa_reset_key_attributes( &got_attributes ); 5280 5281 psa_destroy_key( key ); 5282 PSA_DONE( ); 5283} 5284/* END_CASE */ 5285 5286/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_GENPRIME */ 5287void generate_key_rsa( int bits_arg, 5288 data_t *e_arg, 5289 int expected_status_arg ) 5290{ 5291 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5292 psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; 5293 size_t bits = bits_arg; 5294 psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; 5295 psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW; 5296 psa_status_t expected_status = expected_status_arg; 5297 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5298 uint8_t *exported = NULL; 5299 size_t exported_size = 5300 PSA_EXPORT_KEY_OUTPUT_SIZE( PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits ); 5301 size_t exported_length = SIZE_MAX; 5302 uint8_t *e_read_buffer = NULL; 5303 int is_default_public_exponent = 0; 5304 size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE( type, bits ); 5305 size_t e_read_length = SIZE_MAX; 5306 5307 if( e_arg->len == 0 || 5308 ( e_arg->len == 3 && 5309 e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1 ) ) 5310 { 5311 is_default_public_exponent = 1; 5312 e_read_size = 0; 5313 } 5314 ASSERT_ALLOC( e_read_buffer, e_read_size ); 5315 ASSERT_ALLOC( exported, exported_size ); 5316 5317 PSA_ASSERT( psa_crypto_init( ) ); 5318 5319 psa_set_key_usage_flags( &attributes, usage ); 5320 psa_set_key_algorithm( &attributes, alg ); 5321 PSA_ASSERT( psa_set_key_domain_parameters( &attributes, type, 5322 e_arg->x, e_arg->len ) ); 5323 psa_set_key_bits( &attributes, bits ); 5324 5325 /* Generate a key */ 5326 TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status ); 5327 if( expected_status != PSA_SUCCESS ) 5328 goto exit; 5329 5330 /* Test the key information */ 5331 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 5332 TEST_EQUAL( psa_get_key_type( &attributes ), type ); 5333 TEST_EQUAL( psa_get_key_bits( &attributes ), bits ); 5334 PSA_ASSERT( psa_get_key_domain_parameters( &attributes, 5335 e_read_buffer, e_read_size, 5336 &e_read_length ) ); 5337 if( is_default_public_exponent ) 5338 TEST_EQUAL( e_read_length, 0 ); 5339 else 5340 ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len ); 5341 5342 /* Do something with the key according to its type and permitted usage. */ 5343 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) 5344 goto exit; 5345 5346 /* Export the key and check the public exponent. */ 5347 PSA_ASSERT( psa_export_public_key( key, 5348 exported, exported_size, 5349 &exported_length ) ); 5350 { 5351 uint8_t *p = exported; 5352 uint8_t *end = exported + exported_length; 5353 size_t len; 5354 /* RSAPublicKey ::= SEQUENCE { 5355 * modulus INTEGER, -- n 5356 * publicExponent INTEGER } -- e 5357 */ 5358 TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len, 5359 MBEDTLS_ASN1_SEQUENCE | 5360 MBEDTLS_ASN1_CONSTRUCTED ) ); 5361 TEST_ASSERT( mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ); 5362 TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len, 5363 MBEDTLS_ASN1_INTEGER ) ); 5364 if( len >= 1 && p[0] == 0 ) 5365 { 5366 ++p; 5367 --len; 5368 } 5369 if( e_arg->len == 0 ) 5370 { 5371 TEST_EQUAL( len, 3 ); 5372 TEST_EQUAL( p[0], 1 ); 5373 TEST_EQUAL( p[1], 0 ); 5374 TEST_EQUAL( p[2], 1 ); 5375 } 5376 else 5377 ASSERT_COMPARE( p, len, e_arg->x, e_arg->len ); 5378 } 5379 5380exit: 5381 /* 5382 * Key attributes may have been returned by psa_get_key_attributes() or 5383 * set by psa_set_key_domain_parameters() thus reset them as required. 5384 */ 5385 psa_reset_key_attributes( &attributes ); 5386 5387 psa_destroy_key( key ); 5388 PSA_DONE( ); 5389 mbedtls_free( e_read_buffer ); 5390 mbedtls_free( exported ); 5391} 5392/* END_CASE */ 5393 5394/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ 5395void persistent_key_load_key_from_storage( data_t *data, 5396 int type_arg, int bits_arg, 5397 int usage_flags_arg, int alg_arg, 5398 int generation_method ) 5399{ 5400 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 ); 5401 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5402 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5403 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 5404 psa_key_type_t type = type_arg; 5405 size_t bits = bits_arg; 5406 psa_key_usage_t usage_flags = usage_flags_arg; 5407 psa_algorithm_t alg = alg_arg; 5408 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 5409 unsigned char *first_export = NULL; 5410 unsigned char *second_export = NULL; 5411 size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ); 5412 size_t first_exported_length; 5413 size_t second_exported_length; 5414 5415 if( usage_flags & PSA_KEY_USAGE_EXPORT ) 5416 { 5417 ASSERT_ALLOC( first_export, export_size ); 5418 ASSERT_ALLOC( second_export, export_size ); 5419 } 5420 5421 PSA_ASSERT( psa_crypto_init() ); 5422 5423 psa_set_key_id( &attributes, key_id ); 5424 psa_set_key_usage_flags( &attributes, usage_flags ); 5425 psa_set_key_algorithm( &attributes, alg ); 5426 psa_set_key_type( &attributes, type ); 5427 psa_set_key_bits( &attributes, bits ); 5428 5429 switch( generation_method ) 5430 { 5431 case IMPORT_KEY: 5432 /* Import the key */ 5433 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, 5434 &key ) ); 5435 break; 5436 5437 case GENERATE_KEY: 5438 /* Generate a key */ 5439 PSA_ASSERT( psa_generate_key( &attributes, &key ) ); 5440 break; 5441 5442 case DERIVE_KEY: 5443#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256) 5444 { 5445 /* Create base key */ 5446 psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 ); 5447 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 5448 psa_set_key_usage_flags( &base_attributes, 5449 PSA_KEY_USAGE_DERIVE ); 5450 psa_set_key_algorithm( &base_attributes, derive_alg ); 5451 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); 5452 PSA_ASSERT( psa_import_key( &base_attributes, 5453 data->x, data->len, 5454 &base_key ) ); 5455 /* Derive a key. */ 5456 PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) ); 5457 PSA_ASSERT( psa_key_derivation_input_key( 5458 &operation, 5459 PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) ); 5460 PSA_ASSERT( psa_key_derivation_input_bytes( 5461 &operation, PSA_KEY_DERIVATION_INPUT_INFO, 5462 NULL, 0 ) ); 5463 PSA_ASSERT( psa_key_derivation_output_key( &attributes, 5464 &operation, 5465 &key ) ); 5466 PSA_ASSERT( psa_key_derivation_abort( &operation ) ); 5467 PSA_ASSERT( psa_destroy_key( base_key ) ); 5468 base_key = MBEDTLS_SVC_KEY_ID_INIT; 5469 } 5470#else 5471 TEST_ASSUME( ! "KDF not supported in this configuration" ); 5472#endif 5473 break; 5474 5475 default: 5476 TEST_ASSERT( ! "generation_method not implemented in test" ); 5477 break; 5478 } 5479 psa_reset_key_attributes( &attributes ); 5480 5481 /* Export the key if permitted by the key policy. */ 5482 if( usage_flags & PSA_KEY_USAGE_EXPORT ) 5483 { 5484 PSA_ASSERT( psa_export_key( key, 5485 first_export, export_size, 5486 &first_exported_length ) ); 5487 if( generation_method == IMPORT_KEY ) 5488 ASSERT_COMPARE( data->x, data->len, 5489 first_export, first_exported_length ); 5490 } 5491 5492 /* Shutdown and restart */ 5493 PSA_ASSERT( psa_purge_key( key ) ); 5494 PSA_DONE(); 5495 PSA_ASSERT( psa_crypto_init() ); 5496 5497 /* Check key slot still contains key data */ 5498 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 5499 TEST_ASSERT( mbedtls_svc_key_id_equal( 5500 psa_get_key_id( &attributes ), key_id ) ); 5501 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 5502 PSA_KEY_LIFETIME_PERSISTENT ); 5503 TEST_EQUAL( psa_get_key_type( &attributes ), type ); 5504 TEST_EQUAL( psa_get_key_bits( &attributes ), bits ); 5505 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 5506 mbedtls_test_update_key_usage_flags( usage_flags ) ); 5507 TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg ); 5508 5509 /* Export the key again if permitted by the key policy. */ 5510 if( usage_flags & PSA_KEY_USAGE_EXPORT ) 5511 { 5512 PSA_ASSERT( psa_export_key( key, 5513 second_export, export_size, 5514 &second_exported_length ) ); 5515 ASSERT_COMPARE( first_export, first_exported_length, 5516 second_export, second_exported_length ); 5517 } 5518 5519 /* Do something with the key according to its type and permitted usage. */ 5520 if( ! mbedtls_test_psa_exercise_key( key, usage_flags, alg ) ) 5521 goto exit; 5522 5523exit: 5524 /* 5525 * Key attributes may have been returned by psa_get_key_attributes() 5526 * thus reset them as required. 5527 */ 5528 psa_reset_key_attributes( &attributes ); 5529 5530 mbedtls_free( first_export ); 5531 mbedtls_free( second_export ); 5532 psa_key_derivation_abort( &operation ); 5533 psa_destroy_key( base_key ); 5534 psa_destroy_key( key ); 5535 PSA_DONE(); 5536} 5537/* END_CASE */ 5538
