1/* BEGIN_HEADER */ 2#include <stdint.h> 3 4#include "mbedtls/asn1.h" 5#include "mbedtls/asn1write.h" 6#include "mbedtls/oid.h" 7 8/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random() 9 * uses mbedtls_ctr_drbg internally. */ 10#include "mbedtls/ctr_drbg.h" 11 12#include "psa/crypto.h" 13#include "psa_crypto_slot_management.h" 14 15#include "test/asn1_helpers.h" 16#include "test/psa_crypto_helpers.h" 17#include "test/psa_exercise_key.h" 18#if defined(PSA_CRYPTO_DRIVER_TEST) 19#include "test/drivers/test_driver.h" 20#define TEST_DRIVER_LOCATION PSA_CRYPTO_TEST_DRIVER_LOCATION 21#else 22#define TEST_DRIVER_LOCATION 0x7fffff 23#endif 24 25/* If this comes up, it's a bug in the test code or in the test data. */ 26#define UNUSED 0xdeadbeef 27 28/* Assert that an operation is (not) active. 29 * This serves as a proxy for checking if the operation is aborted. */ 30#define ASSERT_OPERATION_IS_ACTIVE( operation ) TEST_ASSERT( operation.id != 0 ) 31#define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 ) 32 33/** An invalid export length that will never be set by psa_export_key(). */ 34static const size_t INVALID_EXPORT_LENGTH = ~0U; 35 36/** Test if a buffer contains a constant byte value. 37 * 38 * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`. 39 * 40 * \param buffer Pointer to the beginning of the buffer. 41 * \param c Expected value of every byte. 42 * \param size Size of the buffer in bytes. 43 * 44 * \return 1 if the buffer is all-bits-zero. 45 * \return 0 if there is at least one nonzero byte. 46 */ 47static int mem_is_char( void *buffer, unsigned char c, size_t size ) 48{ 49 size_t i; 50 for( i = 0; i < size; i++ ) 51 { 52 if( ( (unsigned char *) buffer )[i] != c ) 53 return( 0 ); 54 } 55 return( 1 ); 56} 57 58/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */ 59static int asn1_write_10x( unsigned char **p, 60 unsigned char *start, 61 size_t bits, 62 unsigned char x ) 63{ 64 int ret; 65 int len = bits / 8 + 1; 66 if( bits == 0 ) 67 return( MBEDTLS_ERR_ASN1_INVALID_DATA ); 68 if( bits <= 8 && x >= 1 << ( bits - 1 ) ) 69 return( MBEDTLS_ERR_ASN1_INVALID_DATA ); 70 if( *p < start || *p - start < (ptrdiff_t) len ) 71 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); 72 *p -= len; 73 ( *p )[len-1] = x; 74 if( bits % 8 == 0 ) 75 ( *p )[1] |= 1; 76 else 77 ( *p )[0] |= 1 << ( bits % 8 ); 78 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); 79 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, 80 MBEDTLS_ASN1_INTEGER ) ); 81 return( len ); 82} 83 84static int construct_fake_rsa_key( unsigned char *buffer, 85 size_t buffer_size, 86 unsigned char **p, 87 size_t bits, 88 int keypair ) 89{ 90 size_t half_bits = ( bits + 1 ) / 2; 91 int ret; 92 int len = 0; 93 /* Construct something that looks like a DER encoding of 94 * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2: 95 * RSAPrivateKey ::= SEQUENCE { 96 * version Version, 97 * modulus INTEGER, -- n 98 * publicExponent INTEGER, -- e 99 * privateExponent INTEGER, -- d 100 * prime1 INTEGER, -- p 101 * prime2 INTEGER, -- q 102 * exponent1 INTEGER, -- d mod (p-1) 103 * exponent2 INTEGER, -- d mod (q-1) 104 * coefficient INTEGER, -- (inverse of q) mod p 105 * otherPrimeInfos OtherPrimeInfos OPTIONAL 106 * } 107 * Or, for a public key, the same structure with only 108 * version, modulus and publicExponent. 109 */ 110 *p = buffer + buffer_size; 111 if( keypair ) 112 { 113 MBEDTLS_ASN1_CHK_ADD( len, /* pq */ 114 asn1_write_10x( p, buffer, half_bits, 1 ) ); 115 MBEDTLS_ASN1_CHK_ADD( len, /* dq */ 116 asn1_write_10x( p, buffer, half_bits, 1 ) ); 117 MBEDTLS_ASN1_CHK_ADD( len, /* dp */ 118 asn1_write_10x( p, buffer, half_bits, 1 ) ); 119 MBEDTLS_ASN1_CHK_ADD( len, /* q */ 120 asn1_write_10x( p, buffer, half_bits, 1 ) ); 121 MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */ 122 asn1_write_10x( p, buffer, half_bits, 3 ) ); 123 MBEDTLS_ASN1_CHK_ADD( len, /* d */ 124 asn1_write_10x( p, buffer, bits, 1 ) ); 125 } 126 MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */ 127 asn1_write_10x( p, buffer, 17, 1 ) ); 128 MBEDTLS_ASN1_CHK_ADD( len, /* n */ 129 asn1_write_10x( p, buffer, bits, 1 ) ); 130 if( keypair ) 131 MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */ 132 mbedtls_asn1_write_int( p, buffer, 0 ) ); 133 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) ); 134 { 135 const unsigned char tag = 136 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE; 137 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) ); 138 } 139 return( len ); 140} 141 142int exercise_mac_setup( psa_key_type_t key_type, 143 const unsigned char *key_bytes, 144 size_t key_length, 145 psa_algorithm_t alg, 146 psa_mac_operation_t *operation, 147 psa_status_t *status ) 148{ 149 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 150 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 151 152 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 153 psa_set_key_algorithm( &attributes, alg ); 154 psa_set_key_type( &attributes, key_type ); 155 PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) ); 156 157 *status = psa_mac_sign_setup( operation, key, alg ); 158 /* Whether setup succeeded or failed, abort must succeed. */ 159 PSA_ASSERT( psa_mac_abort( operation ) ); 160 /* If setup failed, reproduce the failure, so that the caller can 161 * test the resulting state of the operation object. */ 162 if( *status != PSA_SUCCESS ) 163 { 164 TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status ); 165 } 166 167 psa_destroy_key( key ); 168 return( 1 ); 169 170exit: 171 psa_destroy_key( key ); 172 return( 0 ); 173} 174 175int exercise_cipher_setup( psa_key_type_t key_type, 176 const unsigned char *key_bytes, 177 size_t key_length, 178 psa_algorithm_t alg, 179 psa_cipher_operation_t *operation, 180 psa_status_t *status ) 181{ 182 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 183 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 184 185 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 186 psa_set_key_algorithm( &attributes, alg ); 187 psa_set_key_type( &attributes, key_type ); 188 PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) ); 189 190 *status = psa_cipher_encrypt_setup( operation, key, alg ); 191 /* Whether setup succeeded or failed, abort must succeed. */ 192 PSA_ASSERT( psa_cipher_abort( operation ) ); 193 /* If setup failed, reproduce the failure, so that the caller can 194 * test the resulting state of the operation object. */ 195 if( *status != PSA_SUCCESS ) 196 { 197 TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ), 198 *status ); 199 } 200 201 psa_destroy_key( key ); 202 return( 1 ); 203 204exit: 205 psa_destroy_key( key ); 206 return( 0 ); 207} 208 209static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key ) 210{ 211 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 212 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 ); 213 uint8_t buffer[1]; 214 size_t length; 215 int ok = 0; 216 217 psa_set_key_id( &attributes, key_id ); 218 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 219 psa_set_key_algorithm( &attributes, PSA_ALG_CTR ); 220 psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); 221 TEST_EQUAL( psa_get_key_attributes( key, &attributes ), 222 PSA_ERROR_INVALID_HANDLE ); 223 TEST_EQUAL( 224 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); 225 TEST_EQUAL( 226 MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 ); 227 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 ); 228 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); 229 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); 230 TEST_EQUAL( psa_get_key_type( &attributes ), 0 ); 231 TEST_EQUAL( psa_get_key_bits( &attributes ), 0 ); 232 233 TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ), 234 PSA_ERROR_INVALID_HANDLE ); 235 TEST_EQUAL( psa_export_public_key( key, 236 buffer, sizeof( buffer ), &length ), 237 PSA_ERROR_INVALID_HANDLE ); 238 239 ok = 1; 240 241exit: 242 /* 243 * Key attributes may have been returned by psa_get_key_attributes() 244 * thus reset them as required. 245 */ 246 psa_reset_key_attributes( &attributes ); 247 248 return( ok ); 249} 250 251/* Assert that a key isn't reported as having a slot number. */ 252#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 253#define ASSERT_NO_SLOT_NUMBER( attributes ) \ 254 do \ 255 { \ 256 psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \ 257 TEST_EQUAL( psa_get_key_slot_number( \ 258 attributes, \ 259 &ASSERT_NO_SLOT_NUMBER_slot_number ), \ 260 PSA_ERROR_INVALID_ARGUMENT ); \ 261 } \ 262 while( 0 ) 263#else /* MBEDTLS_PSA_CRYPTO_SE_C */ 264#define ASSERT_NO_SLOT_NUMBER( attributes ) \ 265 ( (void) 0 ) 266#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 267 268/* An overapproximation of the amount of storage needed for a key of the 269 * given type and with the given content. The API doesn't make it easy 270 * to find a good value for the size. The current implementation doesn't 271 * care about the value anyway. */ 272#define KEY_BITS_FROM_DATA( type, data ) \ 273 ( data )->len 274 275typedef enum { 276 IMPORT_KEY = 0, 277 GENERATE_KEY = 1, 278 DERIVE_KEY = 2 279} generate_method; 280 281typedef enum 282{ 283 DO_NOT_SET_LENGTHS = 0, 284 SET_LENGTHS_BEFORE_NONCE = 1, 285 SET_LENGTHS_AFTER_NONCE = 2 286} set_lengths_method_t; 287 288typedef enum 289{ 290 USE_NULL_TAG = 0, 291 USE_GIVEN_TAG = 1, 292} tag_usage_method_t; 293 294/*! 295 * \brief Internal Function for AEAD multipart tests. 296 * \param key_type_arg Type of key passed in 297 * \param key_data The encryption / decryption key data 298 * \param alg_arg The type of algorithm used 299 * \param nonce Nonce data 300 * \param additional_data Additional data 301 * \param ad_part_len_arg If not -1, the length of chunks to 302 * feed additional data in to be encrypted / 303 * decrypted. If -1, no chunking. 304 * \param input_data Data to encrypt / decrypt 305 * \param data_part_len_arg If not -1, the length of chunks to feed 306 * the data in to be encrypted / decrypted. If 307 * -1, no chunking 308 * \param set_lengths_method A member of the set_lengths_method_t enum is 309 * expected here, this controls whether or not 310 * to set lengths, and in what order with 311 * respect to set nonce. 312 * \param expected_output Expected output 313 * \param is_encrypt If non-zero this is an encryption operation. 314 * \param do_zero_parts If non-zero, interleave zero length chunks 315 * with normal length chunks. 316 * \return int Zero on failure, non-zero on success. 317 */ 318static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, 319 int alg_arg, 320 data_t *nonce, 321 data_t *additional_data, 322 int ad_part_len_arg, 323 data_t *input_data, 324 int data_part_len_arg, 325 set_lengths_method_t set_lengths_method, 326 data_t *expected_output, 327 int is_encrypt, 328 int do_zero_parts ) 329{ 330 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 331 psa_key_type_t key_type = key_type_arg; 332 psa_algorithm_t alg = alg_arg; 333 psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 334 unsigned char *output_data = NULL; 335 unsigned char *part_data = NULL; 336 unsigned char *final_data = NULL; 337 size_t data_true_size = 0; 338 size_t part_data_size = 0; 339 size_t output_size = 0; 340 size_t final_output_size = 0; 341 size_t output_length = 0; 342 size_t key_bits = 0; 343 size_t tag_length = 0; 344 size_t part_offset = 0; 345 size_t part_length = 0; 346 size_t output_part_length = 0; 347 size_t tag_size = 0; 348 size_t ad_part_len = 0; 349 size_t data_part_len = 0; 350 uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 351 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 352 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 353 354 int test_ok = 0; 355 size_t part_count = 0; 356 357 PSA_ASSERT( psa_crypto_init( ) ); 358 359 if( is_encrypt ) 360 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 361 else 362 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 363 364 psa_set_key_algorithm( &attributes, alg ); 365 psa_set_key_type( &attributes, key_type ); 366 367 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 368 &key ) ); 369 370 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 371 key_bits = psa_get_key_bits( &attributes ); 372 373 tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); 374 375 if( is_encrypt ) 376 { 377 /* Tag gets written at end of buffer. */ 378 output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, 379 ( input_data->len + 380 tag_length ) ); 381 data_true_size = input_data->len; 382 } 383 else 384 { 385 output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, 386 ( input_data->len - 387 tag_length ) ); 388 389 /* Do not want to attempt to decrypt tag. */ 390 data_true_size = input_data->len - tag_length; 391 } 392 393 ASSERT_ALLOC( output_data, output_size ); 394 395 if( is_encrypt ) 396 { 397 final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); 398 TEST_ASSERT( final_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); 399 } 400 else 401 { 402 final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); 403 TEST_ASSERT( final_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); 404 } 405 406 ASSERT_ALLOC( final_data, final_output_size ); 407 408 if( is_encrypt ) 409 status = psa_aead_encrypt_setup( &operation, key, alg ); 410 else 411 status = psa_aead_decrypt_setup( &operation, key, alg ); 412 413 /* If the operation is not supported, just skip and not fail in case the 414 * encryption involves a common limitation of cryptography hardwares and 415 * an alternative implementation. */ 416 if( status == PSA_ERROR_NOT_SUPPORTED ) 417 { 418 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 419 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); 420 } 421 422 PSA_ASSERT( status ); 423 424 if( set_lengths_method == DO_NOT_SET_LENGTHS ) 425 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 426 else if( set_lengths_method == SET_LENGTHS_BEFORE_NONCE ) 427 { 428 PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, 429 data_true_size ) ); 430 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 431 } 432 else if( set_lengths_method == SET_LENGTHS_AFTER_NONCE ) 433 { 434 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 435 436 PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, 437 data_true_size ) ); 438 } 439 440 if( ad_part_len_arg != -1 ) 441 { 442 /* Pass additional data in parts */ 443 ad_part_len = (size_t) ad_part_len_arg; 444 445 for( part_offset = 0, part_count = 0; 446 part_offset < additional_data->len; 447 part_offset += part_length, part_count++ ) 448 { 449 if( do_zero_parts && ( part_count & 0x01 ) ) 450 { 451 part_length = 0; 452 } 453 else if( additional_data->len - part_offset < ad_part_len ) 454 { 455 part_length = additional_data->len - part_offset; 456 } 457 else 458 { 459 part_length = ad_part_len; 460 } 461 462 PSA_ASSERT( psa_aead_update_ad( &operation, 463 additional_data->x + part_offset, 464 part_length ) ); 465 466 } 467 } 468 else 469 { 470 /* Pass additional data in one go. */ 471 PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, 472 additional_data->len ) ); 473 } 474 475 if( data_part_len_arg != -1 ) 476 { 477 /* Pass data in parts */ 478 data_part_len = ( size_t ) data_part_len_arg; 479 part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, 480 ( size_t ) data_part_len ); 481 482 ASSERT_ALLOC( part_data, part_data_size ); 483 484 for( part_offset = 0, part_count = 0; 485 part_offset < data_true_size; 486 part_offset += part_length, part_count++ ) 487 { 488 if( do_zero_parts && ( part_count & 0x01 ) ) 489 { 490 part_length = 0; 491 } 492 else if( ( data_true_size - part_offset ) < data_part_len ) 493 { 494 part_length = ( data_true_size - part_offset ); 495 } 496 else 497 { 498 part_length = data_part_len; 499 } 500 501 PSA_ASSERT( psa_aead_update( &operation, 502 ( input_data->x + part_offset ), 503 part_length, part_data, 504 part_data_size, 505 &output_part_length ) ); 506 507 if( output_data && output_part_length ) 508 { 509 memcpy( ( output_data + part_offset ), part_data, 510 output_part_length ); 511 } 512 513 output_length += output_part_length; 514 } 515 } 516 else 517 { 518 /* Pass all data in one go. */ 519 PSA_ASSERT( psa_aead_update( &operation, input_data->x, 520 data_true_size, output_data, 521 output_size, &output_length ) ); 522 } 523 524 if( is_encrypt ) 525 PSA_ASSERT( psa_aead_finish( &operation, final_data, 526 final_output_size, 527 &output_part_length, 528 tag_buffer, tag_length, 529 &tag_size ) ); 530 else 531 { 532 PSA_ASSERT( psa_aead_verify( &operation, final_data, 533 final_output_size, 534 &output_part_length, 535 ( input_data->x + data_true_size ), 536 tag_length ) ); 537 } 538 539 if( output_data && output_part_length ) 540 memcpy( ( output_data + output_length ), final_data, 541 output_part_length ); 542 543 output_length += output_part_length; 544 545 546 /* For all currently defined algorithms, PSA_AEAD_xxx_OUTPUT_SIZE 547 * should be exact.*/ 548 if( is_encrypt ) 549 { 550 TEST_EQUAL( tag_length, tag_size ); 551 552 if( output_data && tag_length ) 553 memcpy( ( output_data + output_length ), tag_buffer, 554 tag_length ); 555 556 output_length += tag_length; 557 558 TEST_EQUAL( output_length, 559 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, 560 input_data->len ) ); 561 TEST_ASSERT( output_length <= 562 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); 563 } 564 else 565 { 566 TEST_EQUAL( output_length, 567 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, 568 input_data->len ) ); 569 TEST_ASSERT( output_length <= 570 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); 571 } 572 573 574 ASSERT_COMPARE( expected_output->x, expected_output->len, 575 output_data, output_length ); 576 577 578 test_ok = 1; 579 580exit: 581 psa_destroy_key( key ); 582 psa_aead_abort( &operation ); 583 mbedtls_free( output_data ); 584 mbedtls_free( part_data ); 585 mbedtls_free( final_data ); 586 PSA_DONE( ); 587 588 return( test_ok ); 589} 590 591/* END_HEADER */ 592 593/* BEGIN_DEPENDENCIES 594 * depends_on:MBEDTLS_PSA_CRYPTO_C 595 * END_DEPENDENCIES 596 */ 597 598/* BEGIN_CASE */ 599void static_checks( ) 600{ 601 size_t max_truncated_mac_size = 602 PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET; 603 604 /* Check that the length for a truncated MAC always fits in the algorithm 605 * encoding. The shifted mask is the maximum truncated value. The 606 * untruncated algorithm may be one byte larger. */ 607 TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size ); 608} 609/* END_CASE */ 610 611/* BEGIN_CASE */ 612void import_with_policy( int type_arg, 613 int usage_arg, int alg_arg, 614 int expected_status_arg ) 615{ 616 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 617 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 618 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 619 psa_key_type_t type = type_arg; 620 psa_key_usage_t usage = usage_arg; 621 psa_algorithm_t alg = alg_arg; 622 psa_status_t expected_status = expected_status_arg; 623 const uint8_t key_material[16] = {0}; 624 psa_status_t status; 625 626 PSA_ASSERT( psa_crypto_init( ) ); 627 628 psa_set_key_type( &attributes, type ); 629 psa_set_key_usage_flags( &attributes, usage ); 630 psa_set_key_algorithm( &attributes, alg ); 631 632 status = psa_import_key( &attributes, 633 key_material, sizeof( key_material ), 634 &key ); 635 TEST_EQUAL( status, expected_status ); 636 if( status != PSA_SUCCESS ) 637 goto exit; 638 639 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 640 TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); 641 TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), 642 mbedtls_test_update_key_usage_flags( usage ) ); 643 TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); 644 ASSERT_NO_SLOT_NUMBER( &got_attributes ); 645 646 PSA_ASSERT( psa_destroy_key( key ) ); 647 test_operations_on_invalid_key( key ); 648 649exit: 650 /* 651 * Key attributes may have been returned by psa_get_key_attributes() 652 * thus reset them as required. 653 */ 654 psa_reset_key_attributes( &got_attributes ); 655 656 psa_destroy_key( key ); 657 PSA_DONE( ); 658} 659/* END_CASE */ 660 661/* BEGIN_CASE */ 662void import_with_data( data_t *data, int type_arg, 663 int attr_bits_arg, 664 int expected_status_arg ) 665{ 666 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 667 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 668 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 669 psa_key_type_t type = type_arg; 670 size_t attr_bits = attr_bits_arg; 671 psa_status_t expected_status = expected_status_arg; 672 psa_status_t status; 673 674 PSA_ASSERT( psa_crypto_init( ) ); 675 676 psa_set_key_type( &attributes, type ); 677 psa_set_key_bits( &attributes, attr_bits ); 678 679 status = psa_import_key( &attributes, data->x, data->len, &key ); 680 TEST_EQUAL( status, expected_status ); 681 if( status != PSA_SUCCESS ) 682 goto exit; 683 684 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 685 TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); 686 if( attr_bits != 0 ) 687 TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) ); 688 ASSERT_NO_SLOT_NUMBER( &got_attributes ); 689 690 PSA_ASSERT( psa_destroy_key( key ) ); 691 test_operations_on_invalid_key( key ); 692 693exit: 694 /* 695 * Key attributes may have been returned by psa_get_key_attributes() 696 * thus reset them as required. 697 */ 698 psa_reset_key_attributes( &got_attributes ); 699 700 psa_destroy_key( key ); 701 PSA_DONE( ); 702} 703/* END_CASE */ 704 705/* BEGIN_CASE */ 706void import_large_key( int type_arg, int byte_size_arg, 707 int expected_status_arg ) 708{ 709 psa_key_type_t type = type_arg; 710 size_t byte_size = byte_size_arg; 711 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 712 psa_status_t expected_status = expected_status_arg; 713 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 714 psa_status_t status; 715 uint8_t *buffer = NULL; 716 size_t buffer_size = byte_size + 1; 717 size_t n; 718 719 /* Skip the test case if the target running the test cannot 720 * accomodate large keys due to heap size constraints */ 721 ASSERT_ALLOC_WEAK( buffer, buffer_size ); 722 memset( buffer, 'K', byte_size ); 723 724 PSA_ASSERT( psa_crypto_init( ) ); 725 726 /* Try importing the key */ 727 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); 728 psa_set_key_type( &attributes, type ); 729 status = psa_import_key( &attributes, buffer, byte_size, &key ); 730 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY ); 731 TEST_EQUAL( status, expected_status ); 732 733 if( status == PSA_SUCCESS ) 734 { 735 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 736 TEST_EQUAL( psa_get_key_type( &attributes ), type ); 737 TEST_EQUAL( psa_get_key_bits( &attributes ), 738 PSA_BYTES_TO_BITS( byte_size ) ); 739 ASSERT_NO_SLOT_NUMBER( &attributes ); 740 memset( buffer, 0, byte_size + 1 ); 741 PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) ); 742 for( n = 0; n < byte_size; n++ ) 743 TEST_EQUAL( buffer[n], 'K' ); 744 for( n = byte_size; n < buffer_size; n++ ) 745 TEST_EQUAL( buffer[n], 0 ); 746 } 747 748exit: 749 /* 750 * Key attributes may have been returned by psa_get_key_attributes() 751 * thus reset them as required. 752 */ 753 psa_reset_key_attributes( &attributes ); 754 755 psa_destroy_key( key ); 756 PSA_DONE( ); 757 mbedtls_free( buffer ); 758} 759/* END_CASE */ 760 761/* BEGIN_CASE */ 762void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) 763{ 764 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 765 size_t bits = bits_arg; 766 psa_status_t expected_status = expected_status_arg; 767 psa_status_t status; 768 psa_key_type_t type = 769 keypair ? PSA_KEY_TYPE_RSA_KEY_PAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY; 770 size_t buffer_size = /* Slight overapproximations */ 771 keypair ? bits * 9 / 16 + 80 : bits / 8 + 20; 772 unsigned char *buffer = NULL; 773 unsigned char *p; 774 int ret; 775 size_t length; 776 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 777 778 PSA_ASSERT( psa_crypto_init( ) ); 779 ASSERT_ALLOC( buffer, buffer_size ); 780 781 TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p, 782 bits, keypair ) ) >= 0 ); 783 length = ret; 784 785 /* Try importing the key */ 786 psa_set_key_type( &attributes, type ); 787 status = psa_import_key( &attributes, p, length, &key ); 788 TEST_EQUAL( status, expected_status ); 789 790 if( status == PSA_SUCCESS ) 791 PSA_ASSERT( psa_destroy_key( key ) ); 792 793exit: 794 mbedtls_free( buffer ); 795 PSA_DONE( ); 796} 797/* END_CASE */ 798 799/* BEGIN_CASE */ 800void import_export( data_t *data, 801 int type_arg, 802 int usage_arg, int alg_arg, 803 int lifetime_arg, 804 int expected_bits, 805 int export_size_delta, 806 int expected_export_status_arg, 807 int canonical_input ) 808{ 809 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 810 psa_key_type_t type = type_arg; 811 psa_algorithm_t alg = alg_arg; 812 psa_status_t expected_export_status = expected_export_status_arg; 813 psa_status_t status; 814 psa_key_lifetime_t lifetime = lifetime_arg; 815 unsigned char *exported = NULL; 816 unsigned char *reexported = NULL; 817 size_t export_size; 818 size_t exported_length = INVALID_EXPORT_LENGTH; 819 size_t reexported_length; 820 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 821 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 822 823 export_size = (ptrdiff_t) data->len + export_size_delta; 824 ASSERT_ALLOC( exported, export_size ); 825 if( ! canonical_input ) 826 ASSERT_ALLOC( reexported, export_size ); 827 PSA_ASSERT( psa_crypto_init( ) ); 828 829 psa_set_key_lifetime( &attributes, lifetime ); 830 psa_set_key_usage_flags( &attributes, usage_arg ); 831 psa_set_key_algorithm( &attributes, alg ); 832 psa_set_key_type( &attributes, type ); 833 834 /* Import the key */ 835 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); 836 837 /* Test the key information */ 838 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 839 TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); 840 TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits ); 841 ASSERT_NO_SLOT_NUMBER( &got_attributes ); 842 843 /* Export the key */ 844 status = psa_export_key( key, exported, export_size, &exported_length ); 845 TEST_EQUAL( status, expected_export_status ); 846 847 /* The exported length must be set by psa_export_key() to a value between 0 848 * and export_size. On errors, the exported length must be 0. */ 849 TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH ); 850 TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 ); 851 TEST_ASSERT( exported_length <= export_size ); 852 853 TEST_ASSERT( mem_is_char( exported + exported_length, 0, 854 export_size - exported_length ) ); 855 if( status != PSA_SUCCESS ) 856 { 857 TEST_EQUAL( exported_length, 0 ); 858 goto destroy; 859 } 860 861 /* Run sanity checks on the exported key. For non-canonical inputs, 862 * this validates the canonical representations. For canonical inputs, 863 * this doesn't directly validate the implementation, but it still helps 864 * by cross-validating the test data with the sanity check code. */ 865 if( !psa_key_lifetime_is_external( lifetime ) ) 866 { 867 if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) ) 868 goto exit; 869 } 870 871 if( canonical_input ) 872 ASSERT_COMPARE( data->x, data->len, exported, exported_length ); 873 else 874 { 875 mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; 876 PSA_ASSERT( psa_import_key( &attributes, exported, exported_length, 877 &key2 ) ); 878 PSA_ASSERT( psa_export_key( key2, 879 reexported, 880 export_size, 881 &reexported_length ) ); 882 ASSERT_COMPARE( exported, exported_length, 883 reexported, reexported_length ); 884 PSA_ASSERT( psa_destroy_key( key2 ) ); 885 } 886 TEST_ASSERT( exported_length <= 887 PSA_EXPORT_KEY_OUTPUT_SIZE( type, 888 psa_get_key_bits( &got_attributes ) ) ); 889 TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); 890 891destroy: 892 /* Destroy the key */ 893 PSA_ASSERT( psa_destroy_key( key ) ); 894 test_operations_on_invalid_key( key ); 895 896exit: 897 /* 898 * Key attributes may have been returned by psa_get_key_attributes() 899 * thus reset them as required. 900 */ 901 psa_reset_key_attributes( &got_attributes ); 902 psa_destroy_key( key ) ; 903 mbedtls_free( exported ); 904 mbedtls_free( reexported ); 905 PSA_DONE( ); 906} 907/* END_CASE */ 908 909/* BEGIN_CASE */ 910void import_export_public_key( data_t *data, 911 int type_arg, 912 int alg_arg, 913 int lifetime_arg, 914 int export_size_delta, 915 int expected_export_status_arg, 916 data_t *expected_public_key ) 917{ 918 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 919 psa_key_type_t type = type_arg; 920 psa_algorithm_t alg = alg_arg; 921 psa_status_t expected_export_status = expected_export_status_arg; 922 psa_status_t status; 923 psa_key_lifetime_t lifetime = lifetime_arg; 924 unsigned char *exported = NULL; 925 size_t export_size = expected_public_key->len + export_size_delta; 926 size_t exported_length = INVALID_EXPORT_LENGTH; 927 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 928 929 PSA_ASSERT( psa_crypto_init( ) ); 930 931 psa_set_key_lifetime( &attributes, lifetime ); 932 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); 933 psa_set_key_algorithm( &attributes, alg ); 934 psa_set_key_type( &attributes, type ); 935 936 /* Import the key */ 937 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); 938 939 /* Export the public key */ 940 ASSERT_ALLOC( exported, export_size ); 941 status = psa_export_public_key( key, 942 exported, export_size, 943 &exported_length ); 944 TEST_EQUAL( status, expected_export_status ); 945 if( status == PSA_SUCCESS ) 946 { 947 psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ); 948 size_t bits; 949 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 950 bits = psa_get_key_bits( &attributes ); 951 TEST_ASSERT( expected_public_key->len <= 952 PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) ); 953 TEST_ASSERT( expected_public_key->len <= 954 PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) ); 955 TEST_ASSERT( expected_public_key->len <= 956 PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); 957 ASSERT_COMPARE( expected_public_key->x, expected_public_key->len, 958 exported, exported_length ); 959 } 960exit: 961 /* 962 * Key attributes may have been returned by psa_get_key_attributes() 963 * thus reset them as required. 964 */ 965 psa_reset_key_attributes( &attributes ); 966 967 mbedtls_free( exported ); 968 psa_destroy_key( key ); 969 PSA_DONE( ); 970} 971/* END_CASE */ 972 973/* BEGIN_CASE */ 974void import_and_exercise_key( data_t *data, 975 int type_arg, 976 int bits_arg, 977 int alg_arg ) 978{ 979 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 980 psa_key_type_t type = type_arg; 981 size_t bits = bits_arg; 982 psa_algorithm_t alg = alg_arg; 983 psa_key_usage_t usage = mbedtls_test_psa_usage_to_exercise( type, alg ); 984 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 985 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 986 987 PSA_ASSERT( psa_crypto_init( ) ); 988 989 psa_set_key_usage_flags( &attributes, usage ); 990 psa_set_key_algorithm( &attributes, alg ); 991 psa_set_key_type( &attributes, type ); 992 993 /* Import the key */ 994 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); 995 996 /* Test the key information */ 997 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 998 TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); 999 TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); 1000 1001 /* Do something with the key according to its type and permitted usage. */ 1002 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) 1003 goto exit; 1004 1005 PSA_ASSERT( psa_destroy_key( key ) ); 1006 test_operations_on_invalid_key( key ); 1007 1008exit: 1009 /* 1010 * Key attributes may have been returned by psa_get_key_attributes() 1011 * thus reset them as required. 1012 */ 1013 psa_reset_key_attributes( &got_attributes ); 1014 1015 psa_reset_key_attributes( &attributes ); 1016 psa_destroy_key( key ); 1017 PSA_DONE( ); 1018} 1019/* END_CASE */ 1020 1021/* BEGIN_CASE */ 1022void effective_key_attributes( int type_arg, int expected_type_arg, 1023 int bits_arg, int expected_bits_arg, 1024 int usage_arg, int expected_usage_arg, 1025 int alg_arg, int expected_alg_arg ) 1026{ 1027 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1028 psa_key_type_t key_type = type_arg; 1029 psa_key_type_t expected_key_type = expected_type_arg; 1030 size_t bits = bits_arg; 1031 size_t expected_bits = expected_bits_arg; 1032 psa_algorithm_t alg = alg_arg; 1033 psa_algorithm_t expected_alg = expected_alg_arg; 1034 psa_key_usage_t usage = usage_arg; 1035 psa_key_usage_t expected_usage = expected_usage_arg; 1036 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1037 1038 PSA_ASSERT( psa_crypto_init( ) ); 1039 1040 psa_set_key_usage_flags( &attributes, usage ); 1041 psa_set_key_algorithm( &attributes, alg ); 1042 psa_set_key_type( &attributes, key_type ); 1043 psa_set_key_bits( &attributes, bits ); 1044 1045 PSA_ASSERT( psa_generate_key( &attributes, &key ) ); 1046 psa_reset_key_attributes( &attributes ); 1047 1048 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 1049 TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type ); 1050 TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); 1051 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage ); 1052 TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg ); 1053 1054exit: 1055 /* 1056 * Key attributes may have been returned by psa_get_key_attributes() 1057 * thus reset them as required. 1058 */ 1059 psa_reset_key_attributes( &attributes ); 1060 1061 psa_destroy_key( key ); 1062 PSA_DONE( ); 1063} 1064/* END_CASE */ 1065 1066/* BEGIN_CASE */ 1067void check_key_policy( int type_arg, int bits_arg, 1068 int usage_arg, int alg_arg ) 1069{ 1070 test_effective_key_attributes( type_arg, type_arg, bits_arg, bits_arg, 1071 usage_arg, 1072 mbedtls_test_update_key_usage_flags( usage_arg ), 1073 alg_arg, alg_arg ); 1074 goto exit; 1075} 1076/* END_CASE */ 1077 1078/* BEGIN_CASE */ 1079void key_attributes_init( ) 1080{ 1081 /* Test each valid way of initializing the object, except for `= {0}`, as 1082 * Clang 5 complains when `-Wmissing-field-initializers` is used, even 1083 * though it's OK by the C standard. We could test for this, but we'd need 1084 * to supress the Clang warning for the test. */ 1085 psa_key_attributes_t func = psa_key_attributes_init( ); 1086 psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT; 1087 psa_key_attributes_t zero; 1088 1089 memset( &zero, 0, sizeof( zero ) ); 1090 1091 TEST_EQUAL( psa_get_key_lifetime( &func ), PSA_KEY_LIFETIME_VOLATILE ); 1092 TEST_EQUAL( psa_get_key_lifetime( &init ), PSA_KEY_LIFETIME_VOLATILE ); 1093 TEST_EQUAL( psa_get_key_lifetime( &zero ), PSA_KEY_LIFETIME_VOLATILE ); 1094 1095 TEST_EQUAL( psa_get_key_type( &func ), 0 ); 1096 TEST_EQUAL( psa_get_key_type( &init ), 0 ); 1097 TEST_EQUAL( psa_get_key_type( &zero ), 0 ); 1098 1099 TEST_EQUAL( psa_get_key_bits( &func ), 0 ); 1100 TEST_EQUAL( psa_get_key_bits( &init ), 0 ); 1101 TEST_EQUAL( psa_get_key_bits( &zero ), 0 ); 1102 1103 TEST_EQUAL( psa_get_key_usage_flags( &func ), 0 ); 1104 TEST_EQUAL( psa_get_key_usage_flags( &init ), 0 ); 1105 TEST_EQUAL( psa_get_key_usage_flags( &zero ), 0 ); 1106 1107 TEST_EQUAL( psa_get_key_algorithm( &func ), 0 ); 1108 TEST_EQUAL( psa_get_key_algorithm( &init ), 0 ); 1109 TEST_EQUAL( psa_get_key_algorithm( &zero ), 0 ); 1110} 1111/* END_CASE */ 1112 1113/* BEGIN_CASE */ 1114void mac_key_policy( int policy_usage_arg, 1115 int policy_alg_arg, 1116 int key_type_arg, 1117 data_t *key_data, 1118 int exercise_alg_arg, 1119 int expected_status_sign_arg, 1120 int expected_status_verify_arg ) 1121{ 1122 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1123 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1124 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1125 psa_key_type_t key_type = key_type_arg; 1126 psa_algorithm_t policy_alg = policy_alg_arg; 1127 psa_algorithm_t exercise_alg = exercise_alg_arg; 1128 psa_key_usage_t policy_usage = policy_usage_arg; 1129 psa_status_t status; 1130 psa_status_t expected_status_sign = expected_status_sign_arg; 1131 psa_status_t expected_status_verify = expected_status_verify_arg; 1132 unsigned char mac[PSA_MAC_MAX_SIZE]; 1133 1134 PSA_ASSERT( psa_crypto_init( ) ); 1135 1136 psa_set_key_usage_flags( &attributes, policy_usage ); 1137 psa_set_key_algorithm( &attributes, policy_alg ); 1138 psa_set_key_type( &attributes, key_type ); 1139 1140 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1141 &key ) ); 1142 1143 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 1144 mbedtls_test_update_key_usage_flags( policy_usage ) ); 1145 1146 status = psa_mac_sign_setup( &operation, key, exercise_alg ); 1147 TEST_EQUAL( status, expected_status_sign ); 1148 1149 /* Calculate the MAC, one-shot case. */ 1150 uint8_t input[128] = {0}; 1151 size_t mac_len; 1152 TEST_EQUAL( psa_mac_compute( key, exercise_alg, 1153 input, 128, 1154 mac, PSA_MAC_MAX_SIZE, &mac_len ), 1155 expected_status_sign ); 1156 1157 /* Verify correct MAC, one-shot case. */ 1158 status = psa_mac_verify( key, exercise_alg, input, 128, 1159 mac, mac_len ); 1160 1161 if( expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS ) 1162 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); 1163 else 1164 TEST_EQUAL( status, expected_status_verify ); 1165 1166 psa_mac_abort( &operation ); 1167 1168 memset( mac, 0, sizeof( mac ) ); 1169 status = psa_mac_verify_setup( &operation, key, exercise_alg ); 1170 TEST_EQUAL( status, expected_status_verify ); 1171 1172exit: 1173 psa_mac_abort( &operation ); 1174 psa_destroy_key( key ); 1175 PSA_DONE( ); 1176} 1177/* END_CASE */ 1178 1179/* BEGIN_CASE */ 1180void cipher_key_policy( int policy_usage_arg, 1181 int policy_alg, 1182 int key_type, 1183 data_t *key_data, 1184 int exercise_alg ) 1185{ 1186 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1187 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1188 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1189 psa_key_usage_t policy_usage = policy_usage_arg; 1190 psa_status_t status; 1191 1192 PSA_ASSERT( psa_crypto_init( ) ); 1193 1194 psa_set_key_usage_flags( &attributes, policy_usage ); 1195 psa_set_key_algorithm( &attributes, policy_alg ); 1196 psa_set_key_type( &attributes, key_type ); 1197 1198 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1199 &key ) ); 1200 1201 /* Check if no key usage flag implication is done */ 1202 TEST_EQUAL( policy_usage, 1203 mbedtls_test_update_key_usage_flags( policy_usage ) ); 1204 1205 status = psa_cipher_encrypt_setup( &operation, key, exercise_alg ); 1206 if( policy_alg == exercise_alg && 1207 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 ) 1208 PSA_ASSERT( status ); 1209 else 1210 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1211 psa_cipher_abort( &operation ); 1212 1213 status = psa_cipher_decrypt_setup( &operation, key, exercise_alg ); 1214 if( policy_alg == exercise_alg && 1215 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 ) 1216 PSA_ASSERT( status ); 1217 else 1218 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1219 1220exit: 1221 psa_cipher_abort( &operation ); 1222 psa_destroy_key( key ); 1223 PSA_DONE( ); 1224} 1225/* END_CASE */ 1226 1227/* BEGIN_CASE */ 1228void aead_key_policy( int policy_usage_arg, 1229 int policy_alg, 1230 int key_type, 1231 data_t *key_data, 1232 int nonce_length_arg, 1233 int tag_length_arg, 1234 int exercise_alg, 1235 int expected_status_arg ) 1236{ 1237 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1238 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1239 psa_key_usage_t policy_usage = policy_usage_arg; 1240 psa_status_t status; 1241 psa_status_t expected_status = expected_status_arg; 1242 unsigned char nonce[16] = {0}; 1243 size_t nonce_length = nonce_length_arg; 1244 unsigned char tag[16]; 1245 size_t tag_length = tag_length_arg; 1246 size_t output_length; 1247 1248 TEST_ASSERT( nonce_length <= sizeof( nonce ) ); 1249 TEST_ASSERT( tag_length <= sizeof( tag ) ); 1250 1251 PSA_ASSERT( psa_crypto_init( ) ); 1252 1253 psa_set_key_usage_flags( &attributes, policy_usage ); 1254 psa_set_key_algorithm( &attributes, policy_alg ); 1255 psa_set_key_type( &attributes, key_type ); 1256 1257 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1258 &key ) ); 1259 1260 /* Check if no key usage implication is done */ 1261 TEST_EQUAL( policy_usage, 1262 mbedtls_test_update_key_usage_flags( policy_usage ) ); 1263 1264 status = psa_aead_encrypt( key, exercise_alg, 1265 nonce, nonce_length, 1266 NULL, 0, 1267 NULL, 0, 1268 tag, tag_length, 1269 &output_length ); 1270 if( ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 ) 1271 TEST_EQUAL( status, expected_status ); 1272 else 1273 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1274 1275 memset( tag, 0, sizeof( tag ) ); 1276 status = psa_aead_decrypt( key, exercise_alg, 1277 nonce, nonce_length, 1278 NULL, 0, 1279 tag, tag_length, 1280 NULL, 0, 1281 &output_length ); 1282 if( ( policy_usage & PSA_KEY_USAGE_DECRYPT ) == 0 ) 1283 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1284 else if( expected_status == PSA_SUCCESS ) 1285 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); 1286 else 1287 TEST_EQUAL( status, expected_status ); 1288 1289exit: 1290 psa_destroy_key( key ); 1291 PSA_DONE( ); 1292} 1293/* END_CASE */ 1294 1295/* BEGIN_CASE */ 1296void asymmetric_encryption_key_policy( int policy_usage_arg, 1297 int policy_alg, 1298 int key_type, 1299 data_t *key_data, 1300 int exercise_alg ) 1301{ 1302 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1303 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1304 psa_key_usage_t policy_usage = policy_usage_arg; 1305 psa_status_t status; 1306 size_t key_bits; 1307 size_t buffer_length; 1308 unsigned char *buffer = NULL; 1309 size_t output_length; 1310 1311 PSA_ASSERT( psa_crypto_init( ) ); 1312 1313 psa_set_key_usage_flags( &attributes, policy_usage ); 1314 psa_set_key_algorithm( &attributes, policy_alg ); 1315 psa_set_key_type( &attributes, key_type ); 1316 1317 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1318 &key ) ); 1319 1320 /* Check if no key usage implication is done */ 1321 TEST_EQUAL( policy_usage, 1322 mbedtls_test_update_key_usage_flags( policy_usage ) ); 1323 1324 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 1325 key_bits = psa_get_key_bits( &attributes ); 1326 buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, 1327 exercise_alg ); 1328 ASSERT_ALLOC( buffer, buffer_length ); 1329 1330 status = psa_asymmetric_encrypt( key, exercise_alg, 1331 NULL, 0, 1332 NULL, 0, 1333 buffer, buffer_length, 1334 &output_length ); 1335 if( policy_alg == exercise_alg && 1336 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 ) 1337 PSA_ASSERT( status ); 1338 else 1339 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1340 1341 if( buffer_length != 0 ) 1342 memset( buffer, 0, buffer_length ); 1343 status = psa_asymmetric_decrypt( key, exercise_alg, 1344 buffer, buffer_length, 1345 NULL, 0, 1346 buffer, buffer_length, 1347 &output_length ); 1348 if( policy_alg == exercise_alg && 1349 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 ) 1350 TEST_EQUAL( status, PSA_ERROR_INVALID_PADDING ); 1351 else 1352 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1353 1354exit: 1355 /* 1356 * Key attributes may have been returned by psa_get_key_attributes() 1357 * thus reset them as required. 1358 */ 1359 psa_reset_key_attributes( &attributes ); 1360 1361 psa_destroy_key( key ); 1362 PSA_DONE( ); 1363 mbedtls_free( buffer ); 1364} 1365/* END_CASE */ 1366 1367/* BEGIN_CASE */ 1368void asymmetric_signature_key_policy( int policy_usage_arg, 1369 int policy_alg, 1370 int key_type, 1371 data_t *key_data, 1372 int exercise_alg, 1373 int payload_length_arg, 1374 int expected_usage_arg ) 1375{ 1376 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1377 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1378 psa_key_usage_t policy_usage = policy_usage_arg; 1379 psa_key_usage_t expected_usage = expected_usage_arg; 1380 psa_status_t status; 1381 unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; 1382 /* If `payload_length_arg > 0`, `exercise_alg` is supposed to be 1383 * compatible with the policy and `payload_length_arg` is supposed to be 1384 * a valid input length to sign. If `payload_length_arg <= 0`, 1385 * `exercise_alg` is supposed to be forbidden by the policy. */ 1386 int compatible_alg = payload_length_arg > 0; 1387 size_t payload_length = compatible_alg ? payload_length_arg : 0; 1388 unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; 1389 size_t signature_length; 1390 1391 /* Check if all implicit usage flags are deployed 1392 in the expected usage flags. */ 1393 TEST_EQUAL( expected_usage, 1394 mbedtls_test_update_key_usage_flags( policy_usage ) ); 1395 1396 PSA_ASSERT( psa_crypto_init( ) ); 1397 1398 psa_set_key_usage_flags( &attributes, policy_usage ); 1399 psa_set_key_algorithm( &attributes, policy_alg ); 1400 psa_set_key_type( &attributes, key_type ); 1401 1402 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1403 &key ) ); 1404 1405 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage ); 1406 1407 status = psa_sign_hash( key, exercise_alg, 1408 payload, payload_length, 1409 signature, sizeof( signature ), 1410 &signature_length ); 1411 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 ) 1412 PSA_ASSERT( status ); 1413 else 1414 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1415 1416 memset( signature, 0, sizeof( signature ) ); 1417 status = psa_verify_hash( key, exercise_alg, 1418 payload, payload_length, 1419 signature, sizeof( signature ) ); 1420 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 ) 1421 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); 1422 else 1423 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1424 1425 if( PSA_ALG_IS_SIGN_HASH( exercise_alg ) && 1426 PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( exercise_alg ) ) ) 1427 { 1428 status = psa_sign_message( key, exercise_alg, 1429 payload, payload_length, 1430 signature, sizeof( signature ), 1431 &signature_length ); 1432 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE ) != 0 ) 1433 PSA_ASSERT( status ); 1434 else 1435 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1436 1437 memset( signature, 0, sizeof( signature ) ); 1438 status = psa_verify_message( key, exercise_alg, 1439 payload, payload_length, 1440 signature, sizeof( signature ) ); 1441 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_MESSAGE ) != 0 ) 1442 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); 1443 else 1444 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1445 } 1446 1447exit: 1448 psa_destroy_key( key ); 1449 PSA_DONE( ); 1450} 1451/* END_CASE */ 1452 1453/* BEGIN_CASE */ 1454void derive_key_policy( int policy_usage, 1455 int policy_alg, 1456 int key_type, 1457 data_t *key_data, 1458 int exercise_alg ) 1459{ 1460 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1461 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1462 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 1463 psa_status_t status; 1464 1465 PSA_ASSERT( psa_crypto_init( ) ); 1466 1467 psa_set_key_usage_flags( &attributes, policy_usage ); 1468 psa_set_key_algorithm( &attributes, policy_alg ); 1469 psa_set_key_type( &attributes, key_type ); 1470 1471 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1472 &key ) ); 1473 1474 PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); 1475 1476 if( PSA_ALG_IS_TLS12_PRF( exercise_alg ) || 1477 PSA_ALG_IS_TLS12_PSK_TO_MS( exercise_alg ) ) 1478 { 1479 PSA_ASSERT( psa_key_derivation_input_bytes( 1480 &operation, 1481 PSA_KEY_DERIVATION_INPUT_SEED, 1482 (const uint8_t*) "", 0) ); 1483 } 1484 1485 status = psa_key_derivation_input_key( &operation, 1486 PSA_KEY_DERIVATION_INPUT_SECRET, 1487 key ); 1488 1489 if( policy_alg == exercise_alg && 1490 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) 1491 PSA_ASSERT( status ); 1492 else 1493 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); 1494 1495exit: 1496 psa_key_derivation_abort( &operation ); 1497 psa_destroy_key( key ); 1498 PSA_DONE( ); 1499} 1500/* END_CASE */ 1501 1502/* BEGIN_CASE */ 1503void agreement_key_policy( int policy_usage, 1504 int policy_alg, 1505 int key_type_arg, 1506 data_t *key_data, 1507 int exercise_alg, 1508 int expected_status_arg ) 1509{ 1510 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1511 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1512 psa_key_type_t key_type = key_type_arg; 1513 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 1514 psa_status_t status; 1515 psa_status_t expected_status = expected_status_arg; 1516 1517 PSA_ASSERT( psa_crypto_init( ) ); 1518 1519 psa_set_key_usage_flags( &attributes, policy_usage ); 1520 psa_set_key_algorithm( &attributes, policy_alg ); 1521 psa_set_key_type( &attributes, key_type ); 1522 1523 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1524 &key ) ); 1525 1526 PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); 1527 status = mbedtls_test_psa_key_agreement_with_self( &operation, key ); 1528 1529 TEST_EQUAL( status, expected_status ); 1530 1531exit: 1532 psa_key_derivation_abort( &operation ); 1533 psa_destroy_key( key ); 1534 PSA_DONE( ); 1535} 1536/* END_CASE */ 1537 1538/* BEGIN_CASE */ 1539void key_policy_alg2( int key_type_arg, data_t *key_data, 1540 int usage_arg, int alg_arg, int alg2_arg ) 1541{ 1542 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1543 psa_key_type_t key_type = key_type_arg; 1544 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1545 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 1546 psa_key_usage_t usage = usage_arg; 1547 psa_algorithm_t alg = alg_arg; 1548 psa_algorithm_t alg2 = alg2_arg; 1549 1550 PSA_ASSERT( psa_crypto_init( ) ); 1551 1552 psa_set_key_usage_flags( &attributes, usage ); 1553 psa_set_key_algorithm( &attributes, alg ); 1554 psa_set_key_enrollment_algorithm( &attributes, alg2 ); 1555 psa_set_key_type( &attributes, key_type ); 1556 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1557 &key ) ); 1558 1559 /* Update the usage flags to obtain implicit usage flags */ 1560 usage = mbedtls_test_update_key_usage_flags( usage ); 1561 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 1562 TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage ); 1563 TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); 1564 TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 ); 1565 1566 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) 1567 goto exit; 1568 if( ! mbedtls_test_psa_exercise_key( key, usage, alg2 ) ) 1569 goto exit; 1570 1571exit: 1572 /* 1573 * Key attributes may have been returned by psa_get_key_attributes() 1574 * thus reset them as required. 1575 */ 1576 psa_reset_key_attributes( &got_attributes ); 1577 1578 psa_destroy_key( key ); 1579 PSA_DONE( ); 1580} 1581/* END_CASE */ 1582 1583/* BEGIN_CASE */ 1584void raw_agreement_key_policy( int policy_usage, 1585 int policy_alg, 1586 int key_type_arg, 1587 data_t *key_data, 1588 int exercise_alg, 1589 int expected_status_arg ) 1590{ 1591 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1592 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1593 psa_key_type_t key_type = key_type_arg; 1594 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 1595 psa_status_t status; 1596 psa_status_t expected_status = expected_status_arg; 1597 1598 PSA_ASSERT( psa_crypto_init( ) ); 1599 1600 psa_set_key_usage_flags( &attributes, policy_usage ); 1601 psa_set_key_algorithm( &attributes, policy_alg ); 1602 psa_set_key_type( &attributes, key_type ); 1603 1604 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 1605 &key ) ); 1606 1607 status = mbedtls_test_psa_raw_key_agreement_with_self( exercise_alg, key ); 1608 1609 TEST_EQUAL( status, expected_status ); 1610 1611exit: 1612 psa_key_derivation_abort( &operation ); 1613 psa_destroy_key( key ); 1614 PSA_DONE( ); 1615} 1616/* END_CASE */ 1617 1618/* BEGIN_CASE */ 1619void copy_success( int source_usage_arg, 1620 int source_alg_arg, int source_alg2_arg, 1621 unsigned int source_lifetime_arg, 1622 int type_arg, data_t *material, 1623 int copy_attributes, 1624 int target_usage_arg, 1625 int target_alg_arg, int target_alg2_arg, 1626 unsigned int target_lifetime_arg, 1627 int expected_usage_arg, 1628 int expected_alg_arg, int expected_alg2_arg ) 1629{ 1630 psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; 1631 psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; 1632 psa_key_usage_t expected_usage = expected_usage_arg; 1633 psa_algorithm_t expected_alg = expected_alg_arg; 1634 psa_algorithm_t expected_alg2 = expected_alg2_arg; 1635 psa_key_lifetime_t source_lifetime = source_lifetime_arg; 1636 psa_key_lifetime_t target_lifetime = target_lifetime_arg; 1637 mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; 1638 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; 1639 uint8_t *export_buffer = NULL; 1640 1641 PSA_ASSERT( psa_crypto_init( ) ); 1642 1643 /* Prepare the source key. */ 1644 psa_set_key_usage_flags( &source_attributes, source_usage_arg ); 1645 psa_set_key_algorithm( &source_attributes, source_alg_arg ); 1646 psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg ); 1647 psa_set_key_type( &source_attributes, type_arg ); 1648 psa_set_key_lifetime( &source_attributes, source_lifetime); 1649 PSA_ASSERT( psa_import_key( &source_attributes, 1650 material->x, material->len, 1651 &source_key ) ); 1652 PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) ); 1653 1654 /* Prepare the target attributes. */ 1655 if( copy_attributes ) 1656 { 1657 target_attributes = source_attributes; 1658 } 1659 psa_set_key_lifetime( &target_attributes, target_lifetime); 1660 1661 if( target_usage_arg != -1 ) 1662 psa_set_key_usage_flags( &target_attributes, target_usage_arg ); 1663 if( target_alg_arg != -1 ) 1664 psa_set_key_algorithm( &target_attributes, target_alg_arg ); 1665 if( target_alg2_arg != -1 ) 1666 psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); 1667 1668 1669 /* Copy the key. */ 1670 PSA_ASSERT( psa_copy_key( source_key, 1671 &target_attributes, &target_key ) ); 1672 1673 /* Destroy the source to ensure that this doesn't affect the target. */ 1674 PSA_ASSERT( psa_destroy_key( source_key ) ); 1675 1676 /* Test that the target slot has the expected content and policy. */ 1677 PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) ); 1678 TEST_EQUAL( psa_get_key_type( &source_attributes ), 1679 psa_get_key_type( &target_attributes ) ); 1680 TEST_EQUAL( psa_get_key_bits( &source_attributes ), 1681 psa_get_key_bits( &target_attributes ) ); 1682 TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) ); 1683 TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) ); 1684 TEST_EQUAL( expected_alg2, 1685 psa_get_key_enrollment_algorithm( &target_attributes ) ); 1686 if( expected_usage & PSA_KEY_USAGE_EXPORT ) 1687 { 1688 size_t length; 1689 ASSERT_ALLOC( export_buffer, material->len ); 1690 PSA_ASSERT( psa_export_key( target_key, export_buffer, 1691 material->len, &length ) ); 1692 ASSERT_COMPARE( material->x, material->len, 1693 export_buffer, length ); 1694 } 1695 1696 if( !psa_key_lifetime_is_external( target_lifetime ) ) 1697 { 1698 if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) ) 1699 goto exit; 1700 if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) ) 1701 goto exit; 1702 } 1703 1704 PSA_ASSERT( psa_destroy_key( target_key ) ); 1705 1706exit: 1707 /* 1708 * Source and target key attributes may have been returned by 1709 * psa_get_key_attributes() thus reset them as required. 1710 */ 1711 psa_reset_key_attributes( &source_attributes ); 1712 psa_reset_key_attributes( &target_attributes ); 1713 1714 PSA_DONE( ); 1715 mbedtls_free( export_buffer ); 1716} 1717/* END_CASE */ 1718 1719/* BEGIN_CASE */ 1720void copy_fail( int source_usage_arg, 1721 int source_alg_arg, int source_alg2_arg, 1722 int source_lifetime_arg, 1723 int type_arg, data_t *material, 1724 int target_type_arg, int target_bits_arg, 1725 int target_usage_arg, 1726 int target_alg_arg, int target_alg2_arg, 1727 int target_id_arg, int target_lifetime_arg, 1728 int expected_status_arg ) 1729{ 1730 psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; 1731 psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; 1732 mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; 1733 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; 1734 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, target_id_arg ); 1735 1736 PSA_ASSERT( psa_crypto_init( ) ); 1737 1738 /* Prepare the source key. */ 1739 psa_set_key_usage_flags( &source_attributes, source_usage_arg ); 1740 psa_set_key_algorithm( &source_attributes, source_alg_arg ); 1741 psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg ); 1742 psa_set_key_type( &source_attributes, type_arg ); 1743 psa_set_key_lifetime( &source_attributes, source_lifetime_arg ); 1744 PSA_ASSERT( psa_import_key( &source_attributes, 1745 material->x, material->len, 1746 &source_key ) ); 1747 1748 /* Prepare the target attributes. */ 1749 psa_set_key_id( &target_attributes, key_id ); 1750 psa_set_key_lifetime( &target_attributes, target_lifetime_arg ); 1751 psa_set_key_type( &target_attributes, target_type_arg ); 1752 psa_set_key_bits( &target_attributes, target_bits_arg ); 1753 psa_set_key_usage_flags( &target_attributes, target_usage_arg ); 1754 psa_set_key_algorithm( &target_attributes, target_alg_arg ); 1755 psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); 1756 1757 /* Try to copy the key. */ 1758 TEST_EQUAL( psa_copy_key( source_key, 1759 &target_attributes, &target_key ), 1760 expected_status_arg ); 1761 1762 PSA_ASSERT( psa_destroy_key( source_key ) ); 1763 1764exit: 1765 psa_reset_key_attributes( &source_attributes ); 1766 psa_reset_key_attributes( &target_attributes ); 1767 PSA_DONE( ); 1768} 1769/* END_CASE */ 1770 1771/* BEGIN_CASE */ 1772void hash_operation_init( ) 1773{ 1774 const uint8_t input[1] = { 0 }; 1775 /* Test each valid way of initializing the object, except for `= {0}`, as 1776 * Clang 5 complains when `-Wmissing-field-initializers` is used, even 1777 * though it's OK by the C standard. We could test for this, but we'd need 1778 * to supress the Clang warning for the test. */ 1779 psa_hash_operation_t func = psa_hash_operation_init( ); 1780 psa_hash_operation_t init = PSA_HASH_OPERATION_INIT; 1781 psa_hash_operation_t zero; 1782 1783 memset( &zero, 0, sizeof( zero ) ); 1784 1785 /* A freshly-initialized hash operation should not be usable. */ 1786 TEST_EQUAL( psa_hash_update( &func, input, sizeof( input ) ), 1787 PSA_ERROR_BAD_STATE ); 1788 TEST_EQUAL( psa_hash_update( &init, input, sizeof( input ) ), 1789 PSA_ERROR_BAD_STATE ); 1790 TEST_EQUAL( psa_hash_update( &zero, input, sizeof( input ) ), 1791 PSA_ERROR_BAD_STATE ); 1792 1793 /* A default hash operation should be abortable without error. */ 1794 PSA_ASSERT( psa_hash_abort( &func ) ); 1795 PSA_ASSERT( psa_hash_abort( &init ) ); 1796 PSA_ASSERT( psa_hash_abort( &zero ) ); 1797} 1798/* END_CASE */ 1799 1800/* BEGIN_CASE */ 1801void hash_setup( int alg_arg, 1802 int expected_status_arg ) 1803{ 1804 psa_algorithm_t alg = alg_arg; 1805 psa_status_t expected_status = expected_status_arg; 1806 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 1807 psa_status_t status; 1808 1809 PSA_ASSERT( psa_crypto_init( ) ); 1810 1811 status = psa_hash_setup( &operation, alg ); 1812 TEST_EQUAL( status, expected_status ); 1813 1814 /* Whether setup succeeded or failed, abort must succeed. */ 1815 PSA_ASSERT( psa_hash_abort( &operation ) ); 1816 1817 /* If setup failed, reproduce the failure, so as to 1818 * test the resulting state of the operation object. */ 1819 if( status != PSA_SUCCESS ) 1820 TEST_EQUAL( psa_hash_setup( &operation, alg ), status ); 1821 1822 /* Now the operation object should be reusable. */ 1823#if defined(KNOWN_SUPPORTED_HASH_ALG) 1824 PSA_ASSERT( psa_hash_setup( &operation, KNOWN_SUPPORTED_HASH_ALG ) ); 1825 PSA_ASSERT( psa_hash_abort( &operation ) ); 1826#endif 1827 1828exit: 1829 PSA_DONE( ); 1830} 1831/* END_CASE */ 1832 1833/* BEGIN_CASE */ 1834void hash_compute_fail( int alg_arg, data_t *input, 1835 int output_size_arg, int expected_status_arg ) 1836{ 1837 psa_algorithm_t alg = alg_arg; 1838 uint8_t *output = NULL; 1839 size_t output_size = output_size_arg; 1840 size_t output_length = INVALID_EXPORT_LENGTH; 1841 psa_status_t expected_status = expected_status_arg; 1842 psa_status_t status; 1843 1844 ASSERT_ALLOC( output, output_size ); 1845 1846 PSA_ASSERT( psa_crypto_init( ) ); 1847 1848 status = psa_hash_compute( alg, input->x, input->len, 1849 output, output_size, &output_length ); 1850 TEST_EQUAL( status, expected_status ); 1851 TEST_ASSERT( output_length <= output_size ); 1852 1853exit: 1854 mbedtls_free( output ); 1855 PSA_DONE( ); 1856} 1857/* END_CASE */ 1858 1859/* BEGIN_CASE */ 1860void hash_compare_fail( int alg_arg, data_t *input, 1861 data_t *reference_hash, 1862 int expected_status_arg ) 1863{ 1864 psa_algorithm_t alg = alg_arg; 1865 psa_status_t expected_status = expected_status_arg; 1866 psa_status_t status; 1867 1868 PSA_ASSERT( psa_crypto_init( ) ); 1869 1870 status = psa_hash_compare( alg, input->x, input->len, 1871 reference_hash->x, reference_hash->len ); 1872 TEST_EQUAL( status, expected_status ); 1873 1874exit: 1875 PSA_DONE( ); 1876} 1877/* END_CASE */ 1878 1879/* BEGIN_CASE */ 1880void hash_compute_compare( int alg_arg, data_t *input, 1881 data_t *expected_output ) 1882{ 1883 psa_algorithm_t alg = alg_arg; 1884 uint8_t output[PSA_HASH_MAX_SIZE + 1]; 1885 size_t output_length = INVALID_EXPORT_LENGTH; 1886 size_t i; 1887 1888 PSA_ASSERT( psa_crypto_init( ) ); 1889 1890 /* Compute with tight buffer */ 1891 PSA_ASSERT( psa_hash_compute( alg, input->x, input->len, 1892 output, PSA_HASH_LENGTH( alg ), 1893 &output_length ) ); 1894 TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) ); 1895 ASSERT_COMPARE( output, output_length, 1896 expected_output->x, expected_output->len ); 1897 1898 /* Compute with larger buffer */ 1899 PSA_ASSERT( psa_hash_compute( alg, input->x, input->len, 1900 output, sizeof( output ), 1901 &output_length ) ); 1902 TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) ); 1903 ASSERT_COMPARE( output, output_length, 1904 expected_output->x, expected_output->len ); 1905 1906 /* Compare with correct hash */ 1907 PSA_ASSERT( psa_hash_compare( alg, input->x, input->len, 1908 output, output_length ) ); 1909 1910 /* Compare with trailing garbage */ 1911 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len, 1912 output, output_length + 1 ), 1913 PSA_ERROR_INVALID_SIGNATURE ); 1914 1915 /* Compare with truncated hash */ 1916 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len, 1917 output, output_length - 1 ), 1918 PSA_ERROR_INVALID_SIGNATURE ); 1919 1920 /* Compare with corrupted value */ 1921 for( i = 0; i < output_length; i++ ) 1922 { 1923 mbedtls_test_set_step( i ); 1924 output[i] ^= 1; 1925 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len, 1926 output, output_length ), 1927 PSA_ERROR_INVALID_SIGNATURE ); 1928 output[i] ^= 1; 1929 } 1930 1931exit: 1932 PSA_DONE( ); 1933} 1934/* END_CASE */ 1935 1936/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 1937void hash_bad_order( ) 1938{ 1939 psa_algorithm_t alg = PSA_ALG_SHA_256; 1940 unsigned char input[] = ""; 1941 /* SHA-256 hash of an empty string */ 1942 const unsigned char valid_hash[] = { 1943 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 1944 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 1945 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 }; 1946 unsigned char hash[sizeof(valid_hash)] = { 0 }; 1947 size_t hash_len; 1948 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 1949 1950 PSA_ASSERT( psa_crypto_init( ) ); 1951 1952 /* Call setup twice in a row. */ 1953 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1954 ASSERT_OPERATION_IS_ACTIVE( operation ); 1955 TEST_EQUAL( psa_hash_setup( &operation, alg ), 1956 PSA_ERROR_BAD_STATE ); 1957 ASSERT_OPERATION_IS_INACTIVE( operation ); 1958 PSA_ASSERT( psa_hash_abort( &operation ) ); 1959 ASSERT_OPERATION_IS_INACTIVE( operation ); 1960 1961 /* Call update without calling setup beforehand. */ 1962 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ), 1963 PSA_ERROR_BAD_STATE ); 1964 PSA_ASSERT( psa_hash_abort( &operation ) ); 1965 1966 /* Check that update calls abort on error. */ 1967 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1968 operation.id = UINT_MAX; 1969 ASSERT_OPERATION_IS_ACTIVE( operation ); 1970 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ), 1971 PSA_ERROR_BAD_STATE ); 1972 ASSERT_OPERATION_IS_INACTIVE( operation ); 1973 PSA_ASSERT( psa_hash_abort( &operation ) ); 1974 ASSERT_OPERATION_IS_INACTIVE( operation ); 1975 1976 /* Call update after finish. */ 1977 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1978 PSA_ASSERT( psa_hash_finish( &operation, 1979 hash, sizeof( hash ), &hash_len ) ); 1980 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ), 1981 PSA_ERROR_BAD_STATE ); 1982 PSA_ASSERT( psa_hash_abort( &operation ) ); 1983 1984 /* Call verify without calling setup beforehand. */ 1985 TEST_EQUAL( psa_hash_verify( &operation, 1986 valid_hash, sizeof( valid_hash ) ), 1987 PSA_ERROR_BAD_STATE ); 1988 PSA_ASSERT( psa_hash_abort( &operation ) ); 1989 1990 /* Call verify after finish. */ 1991 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 1992 PSA_ASSERT( psa_hash_finish( &operation, 1993 hash, sizeof( hash ), &hash_len ) ); 1994 TEST_EQUAL( psa_hash_verify( &operation, 1995 valid_hash, sizeof( valid_hash ) ), 1996 PSA_ERROR_BAD_STATE ); 1997 PSA_ASSERT( psa_hash_abort( &operation ) ); 1998 1999 /* Call verify twice in a row. */ 2000 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 2001 ASSERT_OPERATION_IS_ACTIVE( operation ); 2002 PSA_ASSERT( psa_hash_verify( &operation, 2003 valid_hash, sizeof( valid_hash ) ) ); 2004 ASSERT_OPERATION_IS_INACTIVE( operation ); 2005 TEST_EQUAL( psa_hash_verify( &operation, 2006 valid_hash, sizeof( valid_hash ) ), 2007 PSA_ERROR_BAD_STATE ); 2008 ASSERT_OPERATION_IS_INACTIVE( operation ); 2009 PSA_ASSERT( psa_hash_abort( &operation ) ); 2010 2011 /* Call finish without calling setup beforehand. */ 2012 TEST_EQUAL( psa_hash_finish( &operation, 2013 hash, sizeof( hash ), &hash_len ), 2014 PSA_ERROR_BAD_STATE ); 2015 PSA_ASSERT( psa_hash_abort( &operation ) ); 2016 2017 /* Call finish twice in a row. */ 2018 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 2019 PSA_ASSERT( psa_hash_finish( &operation, 2020 hash, sizeof( hash ), &hash_len ) ); 2021 TEST_EQUAL( psa_hash_finish( &operation, 2022 hash, sizeof( hash ), &hash_len ), 2023 PSA_ERROR_BAD_STATE ); 2024 PSA_ASSERT( psa_hash_abort( &operation ) ); 2025 2026 /* Call finish after calling verify. */ 2027 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 2028 PSA_ASSERT( psa_hash_verify( &operation, 2029 valid_hash, sizeof( valid_hash ) ) ); 2030 TEST_EQUAL( psa_hash_finish( &operation, 2031 hash, sizeof( hash ), &hash_len ), 2032 PSA_ERROR_BAD_STATE ); 2033 PSA_ASSERT( psa_hash_abort( &operation ) ); 2034 2035exit: 2036 PSA_DONE( ); 2037} 2038/* END_CASE */ 2039 2040/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 2041void hash_verify_bad_args( ) 2042{ 2043 psa_algorithm_t alg = PSA_ALG_SHA_256; 2044 /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb) 2045 * appended to it */ 2046 unsigned char hash[] = { 2047 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 2048 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 2049 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb }; 2050 size_t expected_size = PSA_HASH_LENGTH( alg ); 2051 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2052 2053 PSA_ASSERT( psa_crypto_init( ) ); 2054 2055 /* psa_hash_verify with a smaller hash than expected */ 2056 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 2057 ASSERT_OPERATION_IS_ACTIVE( operation ); 2058 TEST_EQUAL( psa_hash_verify( &operation, hash, expected_size - 1 ), 2059 PSA_ERROR_INVALID_SIGNATURE ); 2060 ASSERT_OPERATION_IS_INACTIVE( operation ); 2061 PSA_ASSERT( psa_hash_abort( &operation ) ); 2062 ASSERT_OPERATION_IS_INACTIVE( operation ); 2063 2064 /* psa_hash_verify with a non-matching hash */ 2065 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 2066 TEST_EQUAL( psa_hash_verify( &operation, hash + 1, expected_size ), 2067 PSA_ERROR_INVALID_SIGNATURE ); 2068 2069 /* psa_hash_verify with a hash longer than expected */ 2070 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 2071 TEST_EQUAL( psa_hash_verify( &operation, hash, sizeof( hash ) ), 2072 PSA_ERROR_INVALID_SIGNATURE ); 2073 2074exit: 2075 PSA_DONE( ); 2076} 2077/* END_CASE */ 2078 2079/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 2080void hash_finish_bad_args( ) 2081{ 2082 psa_algorithm_t alg = PSA_ALG_SHA_256; 2083 unsigned char hash[PSA_HASH_MAX_SIZE]; 2084 size_t expected_size = PSA_HASH_LENGTH( alg ); 2085 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2086 size_t hash_len; 2087 2088 PSA_ASSERT( psa_crypto_init( ) ); 2089 2090 /* psa_hash_finish with a smaller hash buffer than expected */ 2091 PSA_ASSERT( psa_hash_setup( &operation, alg ) ); 2092 TEST_EQUAL( psa_hash_finish( &operation, 2093 hash, expected_size - 1, &hash_len ), 2094 PSA_ERROR_BUFFER_TOO_SMALL ); 2095 2096exit: 2097 PSA_DONE( ); 2098} 2099/* END_CASE */ 2100 2101/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 2102void hash_clone_source_state( ) 2103{ 2104 psa_algorithm_t alg = PSA_ALG_SHA_256; 2105 unsigned char hash[PSA_HASH_MAX_SIZE]; 2106 psa_hash_operation_t op_source = PSA_HASH_OPERATION_INIT; 2107 psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT; 2108 psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT; 2109 psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT; 2110 psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT; 2111 size_t hash_len; 2112 2113 PSA_ASSERT( psa_crypto_init( ) ); 2114 PSA_ASSERT( psa_hash_setup( &op_source, alg ) ); 2115 2116 PSA_ASSERT( psa_hash_setup( &op_setup, alg ) ); 2117 PSA_ASSERT( psa_hash_setup( &op_finished, alg ) ); 2118 PSA_ASSERT( psa_hash_finish( &op_finished, 2119 hash, sizeof( hash ), &hash_len ) ); 2120 PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) ); 2121 PSA_ASSERT( psa_hash_abort( &op_aborted ) ); 2122 2123 TEST_EQUAL( psa_hash_clone( &op_source, &op_setup ), 2124 PSA_ERROR_BAD_STATE ); 2125 2126 PSA_ASSERT( psa_hash_clone( &op_source, &op_init ) ); 2127 PSA_ASSERT( psa_hash_finish( &op_init, 2128 hash, sizeof( hash ), &hash_len ) ); 2129 PSA_ASSERT( psa_hash_clone( &op_source, &op_finished ) ); 2130 PSA_ASSERT( psa_hash_finish( &op_finished, 2131 hash, sizeof( hash ), &hash_len ) ); 2132 PSA_ASSERT( psa_hash_clone( &op_source, &op_aborted ) ); 2133 PSA_ASSERT( psa_hash_finish( &op_aborted, 2134 hash, sizeof( hash ), &hash_len ) ); 2135 2136exit: 2137 psa_hash_abort( &op_source ); 2138 psa_hash_abort( &op_init ); 2139 psa_hash_abort( &op_setup ); 2140 psa_hash_abort( &op_finished ); 2141 psa_hash_abort( &op_aborted ); 2142 PSA_DONE( ); 2143} 2144/* END_CASE */ 2145 2146/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 2147void hash_clone_target_state( ) 2148{ 2149 psa_algorithm_t alg = PSA_ALG_SHA_256; 2150 unsigned char hash[PSA_HASH_MAX_SIZE]; 2151 psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT; 2152 psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT; 2153 psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT; 2154 psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT; 2155 psa_hash_operation_t op_target = PSA_HASH_OPERATION_INIT; 2156 size_t hash_len; 2157 2158 PSA_ASSERT( psa_crypto_init( ) ); 2159 2160 PSA_ASSERT( psa_hash_setup( &op_setup, alg ) ); 2161 PSA_ASSERT( psa_hash_setup( &op_finished, alg ) ); 2162 PSA_ASSERT( psa_hash_finish( &op_finished, 2163 hash, sizeof( hash ), &hash_len ) ); 2164 PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) ); 2165 PSA_ASSERT( psa_hash_abort( &op_aborted ) ); 2166 2167 PSA_ASSERT( psa_hash_clone( &op_setup, &op_target ) ); 2168 PSA_ASSERT( psa_hash_finish( &op_target, 2169 hash, sizeof( hash ), &hash_len ) ); 2170 2171 TEST_EQUAL( psa_hash_clone( &op_init, &op_target ), PSA_ERROR_BAD_STATE ); 2172 TEST_EQUAL( psa_hash_clone( &op_finished, &op_target ), 2173 PSA_ERROR_BAD_STATE ); 2174 TEST_EQUAL( psa_hash_clone( &op_aborted, &op_target ), 2175 PSA_ERROR_BAD_STATE ); 2176 2177exit: 2178 psa_hash_abort( &op_target ); 2179 psa_hash_abort( &op_init ); 2180 psa_hash_abort( &op_setup ); 2181 psa_hash_abort( &op_finished ); 2182 psa_hash_abort( &op_aborted ); 2183 PSA_DONE( ); 2184} 2185/* END_CASE */ 2186 2187/* BEGIN_CASE */ 2188void mac_operation_init( ) 2189{ 2190 const uint8_t input[1] = { 0 }; 2191 2192 /* Test each valid way of initializing the object, except for `= {0}`, as 2193 * Clang 5 complains when `-Wmissing-field-initializers` is used, even 2194 * though it's OK by the C standard. We could test for this, but we'd need 2195 * to supress the Clang warning for the test. */ 2196 psa_mac_operation_t func = psa_mac_operation_init( ); 2197 psa_mac_operation_t init = PSA_MAC_OPERATION_INIT; 2198 psa_mac_operation_t zero; 2199 2200 memset( &zero, 0, sizeof( zero ) ); 2201 2202 /* A freshly-initialized MAC operation should not be usable. */ 2203 TEST_EQUAL( psa_mac_update( &func, 2204 input, sizeof( input ) ), 2205 PSA_ERROR_BAD_STATE ); 2206 TEST_EQUAL( psa_mac_update( &init, 2207 input, sizeof( input ) ), 2208 PSA_ERROR_BAD_STATE ); 2209 TEST_EQUAL( psa_mac_update( &zero, 2210 input, sizeof( input ) ), 2211 PSA_ERROR_BAD_STATE ); 2212 2213 /* A default MAC operation should be abortable without error. */ 2214 PSA_ASSERT( psa_mac_abort( &func ) ); 2215 PSA_ASSERT( psa_mac_abort( &init ) ); 2216 PSA_ASSERT( psa_mac_abort( &zero ) ); 2217} 2218/* END_CASE */ 2219 2220/* BEGIN_CASE */ 2221void mac_setup( int key_type_arg, 2222 data_t *key, 2223 int alg_arg, 2224 int expected_status_arg ) 2225{ 2226 psa_key_type_t key_type = key_type_arg; 2227 psa_algorithm_t alg = alg_arg; 2228 psa_status_t expected_status = expected_status_arg; 2229 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2230 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2231#if defined(KNOWN_SUPPORTED_MAC_ALG) 2232 const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk"; 2233#endif 2234 2235 PSA_ASSERT( psa_crypto_init( ) ); 2236 2237 if( ! exercise_mac_setup( key_type, key->x, key->len, alg, 2238 &operation, &status ) ) 2239 goto exit; 2240 TEST_EQUAL( status, expected_status ); 2241 2242 /* The operation object should be reusable. */ 2243#if defined(KNOWN_SUPPORTED_MAC_ALG) 2244 if( ! exercise_mac_setup( KNOWN_SUPPORTED_MAC_KEY_TYPE, 2245 smoke_test_key_data, 2246 sizeof( smoke_test_key_data ), 2247 KNOWN_SUPPORTED_MAC_ALG, 2248 &operation, &status ) ) 2249 goto exit; 2250 TEST_EQUAL( status, PSA_SUCCESS ); 2251#endif 2252 2253exit: 2254 PSA_DONE( ); 2255} 2256/* END_CASE */ 2257 2258/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_HMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256 */ 2259void mac_bad_order( ) 2260{ 2261 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2262 psa_key_type_t key_type = PSA_KEY_TYPE_HMAC; 2263 psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256); 2264 const uint8_t key_data[] = { 2265 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 2266 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 2267 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; 2268 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2269 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2270 uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 }; 2271 size_t sign_mac_length = 0; 2272 const uint8_t input[] = { 0xbb, 0xbb, 0xbb, 0xbb }; 2273 const uint8_t verify_mac[] = { 2274 0x74, 0x65, 0x93, 0x8c, 0xeb, 0x1d, 0xb3, 0x76, 0x5a, 0x38, 0xe7, 0xdd, 2275 0x85, 0xc5, 0xad, 0x4f, 0x07, 0xe7, 0xd5, 0xb2, 0x64, 0xf0, 0x1a, 0x1a, 2276 0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 }; 2277 2278 PSA_ASSERT( psa_crypto_init( ) ); 2279 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); 2280 psa_set_key_algorithm( &attributes, alg ); 2281 psa_set_key_type( &attributes, key_type ); 2282 2283 PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), 2284 &key ) ); 2285 2286 /* Call update without calling setup beforehand. */ 2287 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ), 2288 PSA_ERROR_BAD_STATE ); 2289 PSA_ASSERT( psa_mac_abort( &operation ) ); 2290 2291 /* Call sign finish without calling setup beforehand. */ 2292 TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), 2293 &sign_mac_length), 2294 PSA_ERROR_BAD_STATE ); 2295 PSA_ASSERT( psa_mac_abort( &operation ) ); 2296 2297 /* Call verify finish without calling setup beforehand. */ 2298 TEST_EQUAL( psa_mac_verify_finish( &operation, 2299 verify_mac, sizeof( verify_mac ) ), 2300 PSA_ERROR_BAD_STATE ); 2301 PSA_ASSERT( psa_mac_abort( &operation ) ); 2302 2303 /* Call setup twice in a row. */ 2304 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); 2305 ASSERT_OPERATION_IS_ACTIVE( operation ); 2306 TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ), 2307 PSA_ERROR_BAD_STATE ); 2308 ASSERT_OPERATION_IS_INACTIVE( operation ); 2309 PSA_ASSERT( psa_mac_abort( &operation ) ); 2310 ASSERT_OPERATION_IS_INACTIVE( operation ); 2311 2312 /* Call update after sign finish. */ 2313 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); 2314 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2315 PSA_ASSERT( psa_mac_sign_finish( &operation, 2316 sign_mac, sizeof( sign_mac ), 2317 &sign_mac_length ) ); 2318 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ), 2319 PSA_ERROR_BAD_STATE ); 2320 PSA_ASSERT( psa_mac_abort( &operation ) ); 2321 2322 /* Call update after verify finish. */ 2323 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2324 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2325 PSA_ASSERT( psa_mac_verify_finish( &operation, 2326 verify_mac, sizeof( verify_mac ) ) ); 2327 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ), 2328 PSA_ERROR_BAD_STATE ); 2329 PSA_ASSERT( psa_mac_abort( &operation ) ); 2330 2331 /* Call sign finish twice in a row. */ 2332 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); 2333 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2334 PSA_ASSERT( psa_mac_sign_finish( &operation, 2335 sign_mac, sizeof( sign_mac ), 2336 &sign_mac_length ) ); 2337 TEST_EQUAL( psa_mac_sign_finish( &operation, 2338 sign_mac, sizeof( sign_mac ), 2339 &sign_mac_length ), 2340 PSA_ERROR_BAD_STATE ); 2341 PSA_ASSERT( psa_mac_abort( &operation ) ); 2342 2343 /* Call verify finish twice in a row. */ 2344 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2345 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2346 PSA_ASSERT( psa_mac_verify_finish( &operation, 2347 verify_mac, sizeof( verify_mac ) ) ); 2348 TEST_EQUAL( psa_mac_verify_finish( &operation, 2349 verify_mac, sizeof( verify_mac ) ), 2350 PSA_ERROR_BAD_STATE ); 2351 PSA_ASSERT( psa_mac_abort( &operation ) ); 2352 2353 /* Setup sign but try verify. */ 2354 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); 2355 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2356 ASSERT_OPERATION_IS_ACTIVE( operation ); 2357 TEST_EQUAL( psa_mac_verify_finish( &operation, 2358 verify_mac, sizeof( verify_mac ) ), 2359 PSA_ERROR_BAD_STATE ); 2360 ASSERT_OPERATION_IS_INACTIVE( operation ); 2361 PSA_ASSERT( psa_mac_abort( &operation ) ); 2362 ASSERT_OPERATION_IS_INACTIVE( operation ); 2363 2364 /* Setup verify but try sign. */ 2365 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2366 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); 2367 ASSERT_OPERATION_IS_ACTIVE( operation ); 2368 TEST_EQUAL( psa_mac_sign_finish( &operation, 2369 sign_mac, sizeof( sign_mac ), 2370 &sign_mac_length ), 2371 PSA_ERROR_BAD_STATE ); 2372 ASSERT_OPERATION_IS_INACTIVE( operation ); 2373 PSA_ASSERT( psa_mac_abort( &operation ) ); 2374 ASSERT_OPERATION_IS_INACTIVE( operation ); 2375 2376 PSA_ASSERT( psa_destroy_key( key ) ); 2377 2378exit: 2379 PSA_DONE( ); 2380} 2381/* END_CASE */ 2382 2383/* BEGIN_CASE */ 2384void mac_sign( int key_type_arg, 2385 data_t *key_data, 2386 int alg_arg, 2387 data_t *input, 2388 data_t *expected_mac ) 2389{ 2390 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2391 psa_key_type_t key_type = key_type_arg; 2392 psa_algorithm_t alg = alg_arg; 2393 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2394 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2395 uint8_t *actual_mac = NULL; 2396 size_t mac_buffer_size = 2397 PSA_MAC_LENGTH( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg ); 2398 size_t mac_length = 0; 2399 const size_t output_sizes_to_test[] = { 2400 0, 2401 1, 2402 expected_mac->len - 1, 2403 expected_mac->len, 2404 expected_mac->len + 1, 2405 }; 2406 2407 TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE ); 2408 /* We expect PSA_MAC_LENGTH to be exact. */ 2409 TEST_ASSERT( expected_mac->len == mac_buffer_size ); 2410 2411 PSA_ASSERT( psa_crypto_init( ) ); 2412 2413 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 2414 psa_set_key_algorithm( &attributes, alg ); 2415 psa_set_key_type( &attributes, key_type ); 2416 2417 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2418 &key ) ); 2419 2420 for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ ) 2421 { 2422 const size_t output_size = output_sizes_to_test[i]; 2423 psa_status_t expected_status = 2424 ( output_size >= expected_mac->len ? PSA_SUCCESS : 2425 PSA_ERROR_BUFFER_TOO_SMALL ); 2426 2427 mbedtls_test_set_step( output_size ); 2428 ASSERT_ALLOC( actual_mac, output_size ); 2429 2430 /* Calculate the MAC, one-shot case. */ 2431 TEST_EQUAL( psa_mac_compute( key, alg, 2432 input->x, input->len, 2433 actual_mac, output_size, &mac_length ), 2434 expected_status ); 2435 if( expected_status == PSA_SUCCESS ) 2436 { 2437 ASSERT_COMPARE( expected_mac->x, expected_mac->len, 2438 actual_mac, mac_length ); 2439 } 2440 2441 if( output_size > 0 ) 2442 memset( actual_mac, 0, output_size ); 2443 2444 /* Calculate the MAC, multi-part case. */ 2445 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); 2446 PSA_ASSERT( psa_mac_update( &operation, 2447 input->x, input->len ) ); 2448 TEST_EQUAL( psa_mac_sign_finish( &operation, 2449 actual_mac, output_size, 2450 &mac_length ), 2451 expected_status ); 2452 PSA_ASSERT( psa_mac_abort( &operation ) ); 2453 2454 if( expected_status == PSA_SUCCESS ) 2455 { 2456 ASSERT_COMPARE( expected_mac->x, expected_mac->len, 2457 actual_mac, mac_length ); 2458 } 2459 mbedtls_free( actual_mac ); 2460 actual_mac = NULL; 2461 } 2462 2463exit: 2464 psa_mac_abort( &operation ); 2465 psa_destroy_key( key ); 2466 PSA_DONE( ); 2467 mbedtls_free( actual_mac ); 2468} 2469/* END_CASE */ 2470 2471/* BEGIN_CASE */ 2472void mac_verify( int key_type_arg, 2473 data_t *key_data, 2474 int alg_arg, 2475 data_t *input, 2476 data_t *expected_mac ) 2477{ 2478 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2479 psa_key_type_t key_type = key_type_arg; 2480 psa_algorithm_t alg = alg_arg; 2481 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2482 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2483 uint8_t *perturbed_mac = NULL; 2484 2485 TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE ); 2486 2487 PSA_ASSERT( psa_crypto_init( ) ); 2488 2489 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); 2490 psa_set_key_algorithm( &attributes, alg ); 2491 psa_set_key_type( &attributes, key_type ); 2492 2493 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2494 &key ) ); 2495 2496 /* Verify correct MAC, one-shot case. */ 2497 PSA_ASSERT( psa_mac_verify( key, alg, input->x, input->len, 2498 expected_mac->x, expected_mac->len ) ); 2499 2500 /* Verify correct MAC, multi-part case. */ 2501 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2502 PSA_ASSERT( psa_mac_update( &operation, 2503 input->x, input->len ) ); 2504 PSA_ASSERT( psa_mac_verify_finish( &operation, 2505 expected_mac->x, 2506 expected_mac->len ) ); 2507 2508 /* Test a MAC that's too short, one-shot case. */ 2509 TEST_EQUAL( psa_mac_verify( key, alg, 2510 input->x, input->len, 2511 expected_mac->x, 2512 expected_mac->len - 1 ), 2513 PSA_ERROR_INVALID_SIGNATURE ); 2514 2515 /* Test a MAC that's too short, multi-part case. */ 2516 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2517 PSA_ASSERT( psa_mac_update( &operation, 2518 input->x, input->len ) ); 2519 TEST_EQUAL( psa_mac_verify_finish( &operation, 2520 expected_mac->x, 2521 expected_mac->len - 1 ), 2522 PSA_ERROR_INVALID_SIGNATURE ); 2523 2524 /* Test a MAC that's too long, one-shot case. */ 2525 ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 ); 2526 memcpy( perturbed_mac, expected_mac->x, expected_mac->len ); 2527 TEST_EQUAL( psa_mac_verify( key, alg, 2528 input->x, input->len, 2529 perturbed_mac, expected_mac->len + 1 ), 2530 PSA_ERROR_INVALID_SIGNATURE ); 2531 2532 /* Test a MAC that's too long, multi-part case. */ 2533 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2534 PSA_ASSERT( psa_mac_update( &operation, 2535 input->x, input->len ) ); 2536 TEST_EQUAL( psa_mac_verify_finish( &operation, 2537 perturbed_mac, 2538 expected_mac->len + 1 ), 2539 PSA_ERROR_INVALID_SIGNATURE ); 2540 2541 /* Test changing one byte. */ 2542 for( size_t i = 0; i < expected_mac->len; i++ ) 2543 { 2544 mbedtls_test_set_step( i ); 2545 perturbed_mac[i] ^= 1; 2546 2547 TEST_EQUAL( psa_mac_verify( key, alg, 2548 input->x, input->len, 2549 perturbed_mac, expected_mac->len ), 2550 PSA_ERROR_INVALID_SIGNATURE ); 2551 2552 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); 2553 PSA_ASSERT( psa_mac_update( &operation, 2554 input->x, input->len ) ); 2555 TEST_EQUAL( psa_mac_verify_finish( &operation, 2556 perturbed_mac, 2557 expected_mac->len ), 2558 PSA_ERROR_INVALID_SIGNATURE ); 2559 perturbed_mac[i] ^= 1; 2560 } 2561 2562exit: 2563 psa_mac_abort( &operation ); 2564 psa_destroy_key( key ); 2565 PSA_DONE( ); 2566 mbedtls_free( perturbed_mac ); 2567} 2568/* END_CASE */ 2569 2570/* BEGIN_CASE */ 2571void cipher_operation_init( ) 2572{ 2573 const uint8_t input[1] = { 0 }; 2574 unsigned char output[1] = { 0 }; 2575 size_t output_length; 2576 /* Test each valid way of initializing the object, except for `= {0}`, as 2577 * Clang 5 complains when `-Wmissing-field-initializers` is used, even 2578 * though it's OK by the C standard. We could test for this, but we'd need 2579 * to supress the Clang warning for the test. */ 2580 psa_cipher_operation_t func = psa_cipher_operation_init( ); 2581 psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT; 2582 psa_cipher_operation_t zero; 2583 2584 memset( &zero, 0, sizeof( zero ) ); 2585 2586 /* A freshly-initialized cipher operation should not be usable. */ 2587 TEST_EQUAL( psa_cipher_update( &func, 2588 input, sizeof( input ), 2589 output, sizeof( output ), 2590 &output_length ), 2591 PSA_ERROR_BAD_STATE ); 2592 TEST_EQUAL( psa_cipher_update( &init, 2593 input, sizeof( input ), 2594 output, sizeof( output ), 2595 &output_length ), 2596 PSA_ERROR_BAD_STATE ); 2597 TEST_EQUAL( psa_cipher_update( &zero, 2598 input, sizeof( input ), 2599 output, sizeof( output ), 2600 &output_length ), 2601 PSA_ERROR_BAD_STATE ); 2602 2603 /* A default cipher operation should be abortable without error. */ 2604 PSA_ASSERT( psa_cipher_abort( &func ) ); 2605 PSA_ASSERT( psa_cipher_abort( &init ) ); 2606 PSA_ASSERT( psa_cipher_abort( &zero ) ); 2607} 2608/* END_CASE */ 2609 2610/* BEGIN_CASE */ 2611void cipher_setup( int key_type_arg, 2612 data_t *key, 2613 int alg_arg, 2614 int expected_status_arg ) 2615{ 2616 psa_key_type_t key_type = key_type_arg; 2617 psa_algorithm_t alg = alg_arg; 2618 psa_status_t expected_status = expected_status_arg; 2619 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2620 psa_status_t status; 2621#if defined(KNOWN_SUPPORTED_CIPHER_ALG) 2622 const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk"; 2623#endif 2624 2625 PSA_ASSERT( psa_crypto_init( ) ); 2626 2627 if( ! exercise_cipher_setup( key_type, key->x, key->len, alg, 2628 &operation, &status ) ) 2629 goto exit; 2630 TEST_EQUAL( status, expected_status ); 2631 2632 /* The operation object should be reusable. */ 2633#if defined(KNOWN_SUPPORTED_CIPHER_ALG) 2634 if( ! exercise_cipher_setup( KNOWN_SUPPORTED_CIPHER_KEY_TYPE, 2635 smoke_test_key_data, 2636 sizeof( smoke_test_key_data ), 2637 KNOWN_SUPPORTED_CIPHER_ALG, 2638 &operation, &status ) ) 2639 goto exit; 2640 TEST_EQUAL( status, PSA_SUCCESS ); 2641#endif 2642 2643exit: 2644 psa_cipher_abort( &operation ); 2645 PSA_DONE( ); 2646} 2647/* END_CASE */ 2648 2649/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_PKCS7 */ 2650void cipher_bad_order( ) 2651{ 2652 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2653 psa_key_type_t key_type = PSA_KEY_TYPE_AES; 2654 psa_algorithm_t alg = PSA_ALG_CBC_PKCS7; 2655 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2656 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2657 unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 }; 2658 const uint8_t key_data[] = { 2659 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 2660 0xaa, 0xaa, 0xaa, 0xaa }; 2661 const uint8_t text[] = { 2662 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 2663 0xbb, 0xbb, 0xbb, 0xbb }; 2664 uint8_t buffer[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 }; 2665 size_t length = 0; 2666 2667 PSA_ASSERT( psa_crypto_init( ) ); 2668 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 2669 psa_set_key_algorithm( &attributes, alg ); 2670 psa_set_key_type( &attributes, key_type ); 2671 PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), 2672 &key ) ); 2673 2674 /* Call encrypt setup twice in a row. */ 2675 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2676 ASSERT_OPERATION_IS_ACTIVE( operation ); 2677 TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ), 2678 PSA_ERROR_BAD_STATE ); 2679 ASSERT_OPERATION_IS_INACTIVE( operation ); 2680 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2681 ASSERT_OPERATION_IS_INACTIVE( operation ); 2682 2683 /* Call decrypt setup twice in a row. */ 2684 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); 2685 ASSERT_OPERATION_IS_ACTIVE( operation ); 2686 TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ), 2687 PSA_ERROR_BAD_STATE ); 2688 ASSERT_OPERATION_IS_INACTIVE( operation ); 2689 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2690 ASSERT_OPERATION_IS_INACTIVE( operation ); 2691 2692 /* Generate an IV without calling setup beforehand. */ 2693 TEST_EQUAL( psa_cipher_generate_iv( &operation, 2694 buffer, sizeof( buffer ), 2695 &length ), 2696 PSA_ERROR_BAD_STATE ); 2697 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2698 2699 /* Generate an IV twice in a row. */ 2700 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2701 PSA_ASSERT( psa_cipher_generate_iv( &operation, 2702 buffer, sizeof( buffer ), 2703 &length ) ); 2704 ASSERT_OPERATION_IS_ACTIVE( operation ); 2705 TEST_EQUAL( psa_cipher_generate_iv( &operation, 2706 buffer, sizeof( buffer ), 2707 &length ), 2708 PSA_ERROR_BAD_STATE ); 2709 ASSERT_OPERATION_IS_INACTIVE( operation ); 2710 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2711 ASSERT_OPERATION_IS_INACTIVE( operation ); 2712 2713 /* Generate an IV after it's already set. */ 2714 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2715 PSA_ASSERT( psa_cipher_set_iv( &operation, 2716 iv, sizeof( iv ) ) ); 2717 TEST_EQUAL( psa_cipher_generate_iv( &operation, 2718 buffer, sizeof( buffer ), 2719 &length ), 2720 PSA_ERROR_BAD_STATE ); 2721 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2722 2723 /* Set an IV without calling setup beforehand. */ 2724 TEST_EQUAL( psa_cipher_set_iv( &operation, 2725 iv, sizeof( iv ) ), 2726 PSA_ERROR_BAD_STATE ); 2727 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2728 2729 /* Set an IV after it's already set. */ 2730 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2731 PSA_ASSERT( psa_cipher_set_iv( &operation, 2732 iv, sizeof( iv ) ) ); 2733 ASSERT_OPERATION_IS_ACTIVE( operation ); 2734 TEST_EQUAL( psa_cipher_set_iv( &operation, 2735 iv, sizeof( iv ) ), 2736 PSA_ERROR_BAD_STATE ); 2737 ASSERT_OPERATION_IS_INACTIVE( operation ); 2738 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2739 ASSERT_OPERATION_IS_INACTIVE( operation ); 2740 2741 /* Set an IV after it's already generated. */ 2742 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2743 PSA_ASSERT( psa_cipher_generate_iv( &operation, 2744 buffer, sizeof( buffer ), 2745 &length ) ); 2746 TEST_EQUAL( psa_cipher_set_iv( &operation, 2747 iv, sizeof( iv ) ), 2748 PSA_ERROR_BAD_STATE ); 2749 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2750 2751 /* Call update without calling setup beforehand. */ 2752 TEST_EQUAL( psa_cipher_update( &operation, 2753 text, sizeof( text ), 2754 buffer, sizeof( buffer ), 2755 &length ), 2756 PSA_ERROR_BAD_STATE ); 2757 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2758 2759 /* Call update without an IV where an IV is required. */ 2760 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2761 ASSERT_OPERATION_IS_ACTIVE( operation ); 2762 TEST_EQUAL( psa_cipher_update( &operation, 2763 text, sizeof( text ), 2764 buffer, sizeof( buffer ), 2765 &length ), 2766 PSA_ERROR_BAD_STATE ); 2767 ASSERT_OPERATION_IS_INACTIVE( operation ); 2768 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2769 ASSERT_OPERATION_IS_INACTIVE( operation ); 2770 2771 /* Call update after finish. */ 2772 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2773 PSA_ASSERT( psa_cipher_set_iv( &operation, 2774 iv, sizeof( iv ) ) ); 2775 PSA_ASSERT( psa_cipher_finish( &operation, 2776 buffer, sizeof( buffer ), &length ) ); 2777 TEST_EQUAL( psa_cipher_update( &operation, 2778 text, sizeof( text ), 2779 buffer, sizeof( buffer ), 2780 &length ), 2781 PSA_ERROR_BAD_STATE ); 2782 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2783 2784 /* Call finish without calling setup beforehand. */ 2785 TEST_EQUAL( psa_cipher_finish( &operation, 2786 buffer, sizeof( buffer ), &length ), 2787 PSA_ERROR_BAD_STATE ); 2788 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2789 2790 /* Call finish without an IV where an IV is required. */ 2791 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2792 /* Not calling update means we are encrypting an empty buffer, which is OK 2793 * for cipher modes with padding. */ 2794 ASSERT_OPERATION_IS_ACTIVE( operation ); 2795 TEST_EQUAL( psa_cipher_finish( &operation, 2796 buffer, sizeof( buffer ), &length ), 2797 PSA_ERROR_BAD_STATE ); 2798 ASSERT_OPERATION_IS_INACTIVE( operation ); 2799 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2800 ASSERT_OPERATION_IS_INACTIVE( operation ); 2801 2802 /* Call finish twice in a row. */ 2803 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2804 PSA_ASSERT( psa_cipher_set_iv( &operation, 2805 iv, sizeof( iv ) ) ); 2806 PSA_ASSERT( psa_cipher_finish( &operation, 2807 buffer, sizeof( buffer ), &length ) ); 2808 TEST_EQUAL( psa_cipher_finish( &operation, 2809 buffer, sizeof( buffer ), &length ), 2810 PSA_ERROR_BAD_STATE ); 2811 PSA_ASSERT( psa_cipher_abort( &operation ) ); 2812 2813 PSA_ASSERT( psa_destroy_key( key ) ); 2814 2815exit: 2816 psa_cipher_abort( &operation ); 2817 PSA_DONE( ); 2818} 2819/* END_CASE */ 2820 2821/* BEGIN_CASE */ 2822void cipher_encrypt_fail( int alg_arg, 2823 int key_type_arg, 2824 data_t *key_data, 2825 data_t *input, 2826 int expected_status_arg ) 2827{ 2828 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2829 psa_status_t status; 2830 psa_key_type_t key_type = key_type_arg; 2831 psa_algorithm_t alg = alg_arg; 2832 psa_status_t expected_status = expected_status_arg; 2833 unsigned char *output = NULL; 2834 size_t output_buffer_size = 0; 2835 size_t output_length = 0; 2836 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2837 2838 if ( PSA_ERROR_BAD_STATE != expected_status ) 2839 { 2840 PSA_ASSERT( psa_crypto_init( ) ); 2841 2842 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 2843 psa_set_key_algorithm( &attributes, alg ); 2844 psa_set_key_type( &attributes, key_type ); 2845 2846 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, 2847 input->len ); 2848 ASSERT_ALLOC( output, output_buffer_size ); 2849 2850 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2851 &key ) ); 2852 } 2853 2854 status = psa_cipher_encrypt( key, alg, input->x, input->len, output, 2855 output_buffer_size, &output_length ); 2856 2857 TEST_EQUAL( status, expected_status ); 2858 2859exit: 2860 mbedtls_free( output ); 2861 psa_destroy_key( key ); 2862 PSA_DONE( ); 2863} 2864/* END_CASE */ 2865 2866/* BEGIN_CASE */ 2867void cipher_encrypt_validate_iv_length( int alg, int key_type, data_t* key_data, 2868 data_t *input, int iv_length, 2869 int expected_result ) 2870{ 2871 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2872 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2873 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2874 size_t output_buffer_size = 0; 2875 unsigned char *output = NULL; 2876 2877 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); 2878 ASSERT_ALLOC( output, output_buffer_size ); 2879 2880 PSA_ASSERT( psa_crypto_init( ) ); 2881 2882 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 2883 psa_set_key_algorithm( &attributes, alg ); 2884 psa_set_key_type( &attributes, key_type ); 2885 2886 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2887 &key ) ); 2888 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 2889 TEST_EQUAL( expected_result, psa_cipher_set_iv( &operation, output, 2890 iv_length ) ); 2891 2892exit: 2893 psa_cipher_abort( &operation ); 2894 mbedtls_free( output ); 2895 psa_destroy_key( key ); 2896 PSA_DONE( ); 2897} 2898/* END_CASE */ 2899 2900/* BEGIN_CASE */ 2901void cipher_encrypt_alg_without_iv( int alg_arg, 2902 int key_type_arg, 2903 data_t *key_data, 2904 data_t *input, 2905 data_t *expected_output ) 2906{ 2907 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2908 psa_key_type_t key_type = key_type_arg; 2909 psa_algorithm_t alg = alg_arg; 2910 unsigned char *output = NULL; 2911 size_t output_buffer_size = 0; 2912 size_t output_length = 0; 2913 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2914 2915 PSA_ASSERT( psa_crypto_init( ) ); 2916 2917 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 2918 psa_set_key_algorithm( &attributes, alg ); 2919 psa_set_key_type( &attributes, key_type ); 2920 2921 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); 2922 ASSERT_ALLOC( output, output_buffer_size ); 2923 2924 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2925 &key ) ); 2926 2927 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output, 2928 output_buffer_size, &output_length ) ); 2929 TEST_ASSERT( output_length <= 2930 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) ); 2931 TEST_ASSERT( output_length <= 2932 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); 2933 2934 ASSERT_COMPARE( expected_output->x, expected_output->len, 2935 output, output_length ); 2936exit: 2937 mbedtls_free( output ); 2938 psa_destroy_key( key ); 2939 PSA_DONE( ); 2940} 2941/* END_CASE */ 2942 2943/* BEGIN_CASE */ 2944void cipher_bad_key( int alg_arg, int key_type_arg, data_t *key_data ) 2945{ 2946 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2947 psa_algorithm_t alg = alg_arg; 2948 psa_key_type_t key_type = key_type_arg; 2949 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2950 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2951 psa_status_t status; 2952 2953 PSA_ASSERT( psa_crypto_init( ) ); 2954 2955 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 2956 psa_set_key_algorithm( &attributes, alg ); 2957 psa_set_key_type( &attributes, key_type ); 2958 2959 /* Usage of either of these two size macros would cause divide by zero 2960 * with incorrect key types previously. Input length should be irrelevant 2961 * here. */ 2962 TEST_EQUAL( PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, 16 ), 2963 0 ); 2964 TEST_EQUAL( PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, 16 ), 0 ); 2965 2966 2967 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 2968 &key ) ); 2969 2970 /* Should fail due to invalid alg type (to support invalid key type). 2971 * Encrypt or decrypt will end up in the same place. */ 2972 status = psa_cipher_encrypt_setup( &operation, key, alg ); 2973 2974 TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); 2975 2976exit: 2977 psa_cipher_abort( &operation ); 2978 psa_destroy_key( key ); 2979 PSA_DONE( ); 2980} 2981/* END_CASE */ 2982 2983/* BEGIN_CASE */ 2984void cipher_encrypt_validation( int alg_arg, 2985 int key_type_arg, 2986 data_t *key_data, 2987 data_t *input ) 2988{ 2989 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2990 psa_key_type_t key_type = key_type_arg; 2991 psa_algorithm_t alg = alg_arg; 2992 size_t iv_size = PSA_CIPHER_IV_LENGTH ( key_type, alg ); 2993 unsigned char *output1 = NULL; 2994 size_t output1_buffer_size = 0; 2995 size_t output1_length = 0; 2996 unsigned char *output2 = NULL; 2997 size_t output2_buffer_size = 0; 2998 size_t output2_length = 0; 2999 size_t function_output_length = 0; 3000 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 3001 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3002 3003 PSA_ASSERT( psa_crypto_init( ) ); 3004 3005 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 3006 psa_set_key_algorithm( &attributes, alg ); 3007 psa_set_key_type( &attributes, key_type ); 3008 3009 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); 3010 output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) + 3011 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ); 3012 ASSERT_ALLOC( output1, output1_buffer_size ); 3013 ASSERT_ALLOC( output2, output2_buffer_size ); 3014 3015 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3016 &key ) ); 3017 3018 /* The one-shot cipher encryption uses generated iv so validating 3019 the output is not possible. Validating with multipart encryption. */ 3020 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output1, 3021 output1_buffer_size, &output1_length ) ); 3022 TEST_ASSERT( output1_length <= 3023 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) ); 3024 TEST_ASSERT( output1_length <= 3025 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); 3026 3027 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 3028 PSA_ASSERT( psa_cipher_set_iv( &operation, output1, iv_size ) ); 3029 3030 PSA_ASSERT( psa_cipher_update( &operation, 3031 input->x, input->len, 3032 output2, output2_buffer_size, 3033 &function_output_length ) ); 3034 TEST_ASSERT( function_output_length <= 3035 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) ); 3036 TEST_ASSERT( function_output_length <= 3037 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); 3038 output2_length += function_output_length; 3039 3040 PSA_ASSERT( psa_cipher_finish( &operation, 3041 output2 + output2_length, 3042 output2_buffer_size - output2_length, 3043 &function_output_length ) ); 3044 TEST_ASSERT( function_output_length <= 3045 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); 3046 TEST_ASSERT( function_output_length <= 3047 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); 3048 output2_length += function_output_length; 3049 3050 PSA_ASSERT( psa_cipher_abort( &operation ) ); 3051 ASSERT_COMPARE( output1 + iv_size, output1_length - iv_size, 3052 output2, output2_length ); 3053 3054exit: 3055 psa_cipher_abort( &operation ); 3056 mbedtls_free( output1 ); 3057 mbedtls_free( output2 ); 3058 psa_destroy_key( key ); 3059 PSA_DONE( ); 3060} 3061/* END_CASE */ 3062 3063/* BEGIN_CASE */ 3064void cipher_encrypt_multipart( int alg_arg, int key_type_arg, 3065 data_t *key_data, data_t *iv, 3066 data_t *input, 3067 int first_part_size_arg, 3068 int output1_length_arg, int output2_length_arg, 3069 data_t *expected_output, 3070 int expected_status_arg ) 3071{ 3072 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3073 psa_key_type_t key_type = key_type_arg; 3074 psa_algorithm_t alg = alg_arg; 3075 psa_status_t status; 3076 psa_status_t expected_status = expected_status_arg; 3077 size_t first_part_size = first_part_size_arg; 3078 size_t output1_length = output1_length_arg; 3079 size_t output2_length = output2_length_arg; 3080 unsigned char *output = NULL; 3081 size_t output_buffer_size = 0; 3082 size_t function_output_length = 0; 3083 size_t total_output_length = 0; 3084 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 3085 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3086 3087 PSA_ASSERT( psa_crypto_init( ) ); 3088 3089 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 3090 psa_set_key_algorithm( &attributes, alg ); 3091 psa_set_key_type( &attributes, key_type ); 3092 3093 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3094 &key ) ); 3095 3096 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); 3097 3098 if( iv->len > 0 ) 3099 { 3100 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); 3101 } 3102 3103 output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) + 3104 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ); 3105 ASSERT_ALLOC( output, output_buffer_size ); 3106 3107 TEST_ASSERT( first_part_size <= input->len ); 3108 PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size, 3109 output, output_buffer_size, 3110 &function_output_length ) ); 3111 TEST_ASSERT( function_output_length == output1_length ); 3112 TEST_ASSERT( function_output_length <= 3113 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); 3114 TEST_ASSERT( function_output_length <= 3115 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) ); 3116 total_output_length += function_output_length; 3117 3118 if( first_part_size < input->len ) 3119 { 3120 PSA_ASSERT( psa_cipher_update( &operation, 3121 input->x + first_part_size, 3122 input->len - first_part_size, 3123 ( output_buffer_size == 0 ? NULL : 3124 output + total_output_length ), 3125 output_buffer_size - total_output_length, 3126 &function_output_length ) ); 3127 TEST_ASSERT( function_output_length == output2_length ); 3128 TEST_ASSERT( function_output_length <= 3129 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, 3130 alg, 3131 input->len - first_part_size ) ); 3132 TEST_ASSERT( function_output_length <= 3133 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); 3134 total_output_length += function_output_length; 3135 } 3136 3137 status = psa_cipher_finish( &operation, 3138 ( output_buffer_size == 0 ? NULL : 3139 output + total_output_length ), 3140 output_buffer_size - total_output_length, 3141 &function_output_length ); 3142 TEST_ASSERT( function_output_length <= 3143 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); 3144 TEST_ASSERT( function_output_length <= 3145 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); 3146 total_output_length += function_output_length; 3147 TEST_EQUAL( status, expected_status ); 3148 3149 if( expected_status == PSA_SUCCESS ) 3150 { 3151 PSA_ASSERT( psa_cipher_abort( &operation ) ); 3152 3153 ASSERT_COMPARE( expected_output->x, expected_output->len, 3154 output, total_output_length ); 3155 } 3156 3157exit: 3158 psa_cipher_abort( &operation ); 3159 mbedtls_free( output ); 3160 psa_destroy_key( key ); 3161 PSA_DONE( ); 3162} 3163/* END_CASE */ 3164 3165/* BEGIN_CASE */ 3166void cipher_decrypt_multipart( int alg_arg, int key_type_arg, 3167 data_t *key_data, data_t *iv, 3168 data_t *input, 3169 int first_part_size_arg, 3170 int output1_length_arg, int output2_length_arg, 3171 data_t *expected_output, 3172 int expected_status_arg ) 3173{ 3174 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3175 psa_key_type_t key_type = key_type_arg; 3176 psa_algorithm_t alg = alg_arg; 3177 psa_status_t status; 3178 psa_status_t expected_status = expected_status_arg; 3179 size_t first_part_size = first_part_size_arg; 3180 size_t output1_length = output1_length_arg; 3181 size_t output2_length = output2_length_arg; 3182 unsigned char *output = NULL; 3183 size_t output_buffer_size = 0; 3184 size_t function_output_length = 0; 3185 size_t total_output_length = 0; 3186 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 3187 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3188 3189 PSA_ASSERT( psa_crypto_init( ) ); 3190 3191 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 3192 psa_set_key_algorithm( &attributes, alg ); 3193 psa_set_key_type( &attributes, key_type ); 3194 3195 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3196 &key ) ); 3197 3198 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); 3199 3200 if( iv->len > 0 ) 3201 { 3202 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); 3203 } 3204 3205 output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) + 3206 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ); 3207 ASSERT_ALLOC( output, output_buffer_size ); 3208 3209 TEST_ASSERT( first_part_size <= input->len ); 3210 PSA_ASSERT( psa_cipher_update( &operation, 3211 input->x, first_part_size, 3212 output, output_buffer_size, 3213 &function_output_length ) ); 3214 TEST_ASSERT( function_output_length == output1_length ); 3215 TEST_ASSERT( function_output_length <= 3216 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); 3217 TEST_ASSERT( function_output_length <= 3218 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) ); 3219 total_output_length += function_output_length; 3220 3221 if( first_part_size < input->len ) 3222 { 3223 PSA_ASSERT( psa_cipher_update( &operation, 3224 input->x + first_part_size, 3225 input->len - first_part_size, 3226 ( output_buffer_size == 0 ? NULL : 3227 output + total_output_length ), 3228 output_buffer_size - total_output_length, 3229 &function_output_length ) ); 3230 TEST_ASSERT( function_output_length == output2_length ); 3231 TEST_ASSERT( function_output_length <= 3232 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, 3233 alg, 3234 input->len - first_part_size ) ); 3235 TEST_ASSERT( function_output_length <= 3236 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) ); 3237 total_output_length += function_output_length; 3238 } 3239 3240 status = psa_cipher_finish( &operation, 3241 ( output_buffer_size == 0 ? NULL : 3242 output + total_output_length ), 3243 output_buffer_size - total_output_length, 3244 &function_output_length ); 3245 TEST_ASSERT( function_output_length <= 3246 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); 3247 TEST_ASSERT( function_output_length <= 3248 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); 3249 total_output_length += function_output_length; 3250 TEST_EQUAL( status, expected_status ); 3251 3252 if( expected_status == PSA_SUCCESS ) 3253 { 3254 PSA_ASSERT( psa_cipher_abort( &operation ) ); 3255 3256 ASSERT_COMPARE( expected_output->x, expected_output->len, 3257 output, total_output_length ); 3258 } 3259 3260exit: 3261 psa_cipher_abort( &operation ); 3262 mbedtls_free( output ); 3263 psa_destroy_key( key ); 3264 PSA_DONE( ); 3265} 3266/* END_CASE */ 3267 3268/* BEGIN_CASE */ 3269void cipher_decrypt_fail( int alg_arg, 3270 int key_type_arg, 3271 data_t *key_data, 3272 data_t *iv, 3273 data_t *input_arg, 3274 int expected_status_arg ) 3275{ 3276 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3277 psa_status_t status; 3278 psa_key_type_t key_type = key_type_arg; 3279 psa_algorithm_t alg = alg_arg; 3280 psa_status_t expected_status = expected_status_arg; 3281 unsigned char *input = NULL; 3282 size_t input_buffer_size = 0; 3283 unsigned char *output = NULL; 3284 size_t output_buffer_size = 0; 3285 size_t output_length = 0; 3286 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3287 3288 if ( PSA_ERROR_BAD_STATE != expected_status ) 3289 { 3290 PSA_ASSERT( psa_crypto_init( ) ); 3291 3292 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 3293 psa_set_key_algorithm( &attributes, alg ); 3294 psa_set_key_type( &attributes, key_type ); 3295 3296 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3297 &key ) ); 3298 } 3299 3300 /* Allocate input buffer and copy the iv and the plaintext */ 3301 input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len ); 3302 if ( input_buffer_size > 0 ) 3303 { 3304 ASSERT_ALLOC( input, input_buffer_size ); 3305 memcpy( input, iv->x, iv->len ); 3306 memcpy( input + iv->len, input_arg->x, input_arg->len ); 3307 } 3308 3309 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ); 3310 ASSERT_ALLOC( output, output_buffer_size ); 3311 3312 status = psa_cipher_decrypt( key, alg, input, input_buffer_size, output, 3313 output_buffer_size, &output_length ); 3314 TEST_EQUAL( status, expected_status ); 3315 3316exit: 3317 mbedtls_free( input ); 3318 mbedtls_free( output ); 3319 psa_destroy_key( key ); 3320 PSA_DONE( ); 3321} 3322/* END_CASE */ 3323 3324/* BEGIN_CASE */ 3325void cipher_decrypt( int alg_arg, 3326 int key_type_arg, 3327 data_t *key_data, 3328 data_t *iv, 3329 data_t *input_arg, 3330 data_t *expected_output ) 3331{ 3332 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3333 psa_key_type_t key_type = key_type_arg; 3334 psa_algorithm_t alg = alg_arg; 3335 unsigned char *input = NULL; 3336 size_t input_buffer_size = 0; 3337 unsigned char *output = NULL; 3338 size_t output_buffer_size = 0; 3339 size_t output_length = 0; 3340 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3341 3342 PSA_ASSERT( psa_crypto_init( ) ); 3343 3344 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 3345 psa_set_key_algorithm( &attributes, alg ); 3346 psa_set_key_type( &attributes, key_type ); 3347 3348 /* Allocate input buffer and copy the iv and the plaintext */ 3349 input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len ); 3350 if ( input_buffer_size > 0 ) 3351 { 3352 ASSERT_ALLOC( input, input_buffer_size ); 3353 memcpy( input, iv->x, iv->len ); 3354 memcpy( input + iv->len, input_arg->x, input_arg->len ); 3355 } 3356 3357 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ); 3358 ASSERT_ALLOC( output, output_buffer_size ); 3359 3360 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3361 &key ) ); 3362 3363 PSA_ASSERT( psa_cipher_decrypt( key, alg, input, input_buffer_size, output, 3364 output_buffer_size, &output_length ) ); 3365 TEST_ASSERT( output_length <= 3366 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ) ); 3367 TEST_ASSERT( output_length <= 3368 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input_buffer_size ) ); 3369 3370 ASSERT_COMPARE( expected_output->x, expected_output->len, 3371 output, output_length ); 3372exit: 3373 mbedtls_free( input ); 3374 mbedtls_free( output ); 3375 psa_destroy_key( key ); 3376 PSA_DONE( ); 3377} 3378/* END_CASE */ 3379 3380/* BEGIN_CASE */ 3381void cipher_verify_output( int alg_arg, 3382 int key_type_arg, 3383 data_t *key_data, 3384 data_t *input ) 3385{ 3386 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3387 psa_key_type_t key_type = key_type_arg; 3388 psa_algorithm_t alg = alg_arg; 3389 unsigned char *output1 = NULL; 3390 size_t output1_size = 0; 3391 size_t output1_length = 0; 3392 unsigned char *output2 = NULL; 3393 size_t output2_size = 0; 3394 size_t output2_length = 0; 3395 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3396 3397 PSA_ASSERT( psa_crypto_init( ) ); 3398 3399 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 3400 psa_set_key_algorithm( &attributes, alg ); 3401 psa_set_key_type( &attributes, key_type ); 3402 3403 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3404 &key ) ); 3405 output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); 3406 ASSERT_ALLOC( output1, output1_size ); 3407 3408 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, 3409 output1, output1_size, 3410 &output1_length ) ); 3411 TEST_ASSERT( output1_length <= 3412 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) ); 3413 TEST_ASSERT( output1_length <= 3414 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); 3415 3416 output2_size = output1_length; 3417 ASSERT_ALLOC( output2, output2_size ); 3418 3419 PSA_ASSERT( psa_cipher_decrypt( key, alg, output1, output1_length, 3420 output2, output2_size, 3421 &output2_length ) ); 3422 TEST_ASSERT( output2_length <= 3423 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) ); 3424 TEST_ASSERT( output2_length <= 3425 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) ); 3426 3427 ASSERT_COMPARE( input->x, input->len, output2, output2_length ); 3428 3429exit: 3430 mbedtls_free( output1 ); 3431 mbedtls_free( output2 ); 3432 psa_destroy_key( key ); 3433 PSA_DONE( ); 3434} 3435/* END_CASE */ 3436 3437/* BEGIN_CASE */ 3438void cipher_verify_output_multipart( int alg_arg, 3439 int key_type_arg, 3440 data_t *key_data, 3441 data_t *input, 3442 int first_part_size_arg ) 3443{ 3444 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3445 psa_key_type_t key_type = key_type_arg; 3446 psa_algorithm_t alg = alg_arg; 3447 size_t first_part_size = first_part_size_arg; 3448 unsigned char iv[16] = {0}; 3449 size_t iv_size = 16; 3450 size_t iv_length = 0; 3451 unsigned char *output1 = NULL; 3452 size_t output1_buffer_size = 0; 3453 size_t output1_length = 0; 3454 unsigned char *output2 = NULL; 3455 size_t output2_buffer_size = 0; 3456 size_t output2_length = 0; 3457 size_t function_output_length; 3458 psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT; 3459 psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT; 3460 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3461 3462 PSA_ASSERT( psa_crypto_init( ) ); 3463 3464 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 3465 psa_set_key_algorithm( &attributes, alg ); 3466 psa_set_key_type( &attributes, key_type ); 3467 3468 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3469 &key ) ); 3470 3471 PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) ); 3472 PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) ); 3473 3474 if( alg != PSA_ALG_ECB_NO_PADDING ) 3475 { 3476 PSA_ASSERT( psa_cipher_generate_iv( &operation1, 3477 iv, iv_size, 3478 &iv_length ) ); 3479 } 3480 3481 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ); 3482 TEST_ASSERT( output1_buffer_size <= 3483 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) ); 3484 ASSERT_ALLOC( output1, output1_buffer_size ); 3485 3486 TEST_ASSERT( first_part_size <= input->len ); 3487 3488 PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size, 3489 output1, output1_buffer_size, 3490 &function_output_length ) ); 3491 TEST_ASSERT( function_output_length <= 3492 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); 3493 TEST_ASSERT( function_output_length <= 3494 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) ); 3495 output1_length += function_output_length; 3496 3497 PSA_ASSERT( psa_cipher_update( &operation1, 3498 input->x + first_part_size, 3499 input->len - first_part_size, 3500 output1, output1_buffer_size, 3501 &function_output_length ) ); 3502 TEST_ASSERT( function_output_length <= 3503 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, 3504 alg, 3505 input->len - first_part_size ) ); 3506 TEST_ASSERT( function_output_length <= 3507 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) ); 3508 output1_length += function_output_length; 3509 3510 PSA_ASSERT( psa_cipher_finish( &operation1, 3511 output1 + output1_length, 3512 output1_buffer_size - output1_length, 3513 &function_output_length ) ); 3514 TEST_ASSERT( function_output_length <= 3515 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); 3516 TEST_ASSERT( function_output_length <= 3517 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); 3518 output1_length += function_output_length; 3519 3520 PSA_ASSERT( psa_cipher_abort( &operation1 ) ); 3521 3522 output2_buffer_size = output1_length; 3523 TEST_ASSERT( output2_buffer_size <= 3524 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) ); 3525 TEST_ASSERT( output2_buffer_size <= 3526 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) ); 3527 ASSERT_ALLOC( output2, output2_buffer_size ); 3528 3529 if( iv_length > 0 ) 3530 { 3531 PSA_ASSERT( psa_cipher_set_iv( &operation2, 3532 iv, iv_length ) ); 3533 } 3534 3535 PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size, 3536 output2, output2_buffer_size, 3537 &function_output_length ) ); 3538 TEST_ASSERT( function_output_length <= 3539 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) ); 3540 TEST_ASSERT( function_output_length <= 3541 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) ); 3542 output2_length += function_output_length; 3543 3544 PSA_ASSERT( psa_cipher_update( &operation2, 3545 output1 + first_part_size, 3546 output1_length - first_part_size, 3547 output2, output2_buffer_size, 3548 &function_output_length ) ); 3549 TEST_ASSERT( function_output_length <= 3550 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, 3551 alg, 3552 output1_length - first_part_size ) ); 3553 TEST_ASSERT( function_output_length <= 3554 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) ); 3555 output2_length += function_output_length; 3556 3557 PSA_ASSERT( psa_cipher_finish( &operation2, 3558 output2 + output2_length, 3559 output2_buffer_size - output2_length, 3560 &function_output_length ) ); 3561 TEST_ASSERT( function_output_length <= 3562 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) ); 3563 TEST_ASSERT( function_output_length <= 3564 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE ); 3565 output2_length += function_output_length; 3566 3567 PSA_ASSERT( psa_cipher_abort( &operation2 ) ); 3568 3569 ASSERT_COMPARE( input->x, input->len, output2, output2_length ); 3570 3571exit: 3572 psa_cipher_abort( &operation1 ); 3573 psa_cipher_abort( &operation2 ); 3574 mbedtls_free( output1 ); 3575 mbedtls_free( output2 ); 3576 psa_destroy_key( key ); 3577 PSA_DONE( ); 3578} 3579/* END_CASE */ 3580 3581/* BEGIN_CASE */ 3582void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, 3583 int alg_arg, 3584 data_t *nonce, 3585 data_t *additional_data, 3586 data_t *input_data, 3587 int expected_result_arg ) 3588{ 3589 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3590 psa_key_type_t key_type = key_type_arg; 3591 psa_algorithm_t alg = alg_arg; 3592 size_t key_bits; 3593 unsigned char *output_data = NULL; 3594 size_t output_size = 0; 3595 size_t output_length = 0; 3596 unsigned char *output_data2 = NULL; 3597 size_t output_length2 = 0; 3598 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 3599 psa_status_t expected_result = expected_result_arg; 3600 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3601 3602 PSA_ASSERT( psa_crypto_init( ) ); 3603 3604 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 3605 psa_set_key_algorithm( &attributes, alg ); 3606 psa_set_key_type( &attributes, key_type ); 3607 3608 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3609 &key ) ); 3610 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 3611 key_bits = psa_get_key_bits( &attributes ); 3612 3613 output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits, 3614 alg ); 3615 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 3616 * should be exact. */ 3617 if( expected_result != PSA_ERROR_INVALID_ARGUMENT && 3618 expected_result != PSA_ERROR_NOT_SUPPORTED ) 3619 { 3620 TEST_EQUAL( output_size, 3621 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); 3622 TEST_ASSERT( output_size <= 3623 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); 3624 } 3625 ASSERT_ALLOC( output_data, output_size ); 3626 3627 status = psa_aead_encrypt( key, alg, 3628 nonce->x, nonce->len, 3629 additional_data->x, 3630 additional_data->len, 3631 input_data->x, input_data->len, 3632 output_data, output_size, 3633 &output_length ); 3634 3635 /* If the operation is not supported, just skip and not fail in case the 3636 * encryption involves a common limitation of cryptography hardwares and 3637 * an alternative implementation. */ 3638 if( status == PSA_ERROR_NOT_SUPPORTED ) 3639 { 3640 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 3641 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); 3642 } 3643 3644 TEST_EQUAL( status, expected_result ); 3645 3646 if( PSA_SUCCESS == expected_result ) 3647 { 3648 ASSERT_ALLOC( output_data2, output_length ); 3649 3650 /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE 3651 * should be exact. */ 3652 TEST_EQUAL( input_data->len, 3653 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, output_length ) ); 3654 3655 TEST_ASSERT( input_data->len <= 3656 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) ); 3657 3658 TEST_EQUAL( psa_aead_decrypt( key, alg, 3659 nonce->x, nonce->len, 3660 additional_data->x, 3661 additional_data->len, 3662 output_data, output_length, 3663 output_data2, output_length, 3664 &output_length2 ), 3665 expected_result ); 3666 3667 ASSERT_COMPARE( input_data->x, input_data->len, 3668 output_data2, output_length2 ); 3669 } 3670 3671exit: 3672 psa_destroy_key( key ); 3673 mbedtls_free( output_data ); 3674 mbedtls_free( output_data2 ); 3675 PSA_DONE( ); 3676} 3677/* END_CASE */ 3678 3679/* BEGIN_CASE */ 3680void aead_encrypt( int key_type_arg, data_t *key_data, 3681 int alg_arg, 3682 data_t *nonce, 3683 data_t *additional_data, 3684 data_t *input_data, 3685 data_t *expected_result ) 3686{ 3687 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3688 psa_key_type_t key_type = key_type_arg; 3689 psa_algorithm_t alg = alg_arg; 3690 size_t key_bits; 3691 unsigned char *output_data = NULL; 3692 size_t output_size = 0; 3693 size_t output_length = 0; 3694 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3695 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 3696 3697 PSA_ASSERT( psa_crypto_init( ) ); 3698 3699 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 3700 psa_set_key_algorithm( &attributes, alg ); 3701 psa_set_key_type( &attributes, key_type ); 3702 3703 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3704 &key ) ); 3705 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 3706 key_bits = psa_get_key_bits( &attributes ); 3707 3708 output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits, 3709 alg ); 3710 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 3711 * should be exact. */ 3712 TEST_EQUAL( output_size, 3713 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); 3714 TEST_ASSERT( output_size <= 3715 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); 3716 ASSERT_ALLOC( output_data, output_size ); 3717 3718 status = psa_aead_encrypt( key, alg, 3719 nonce->x, nonce->len, 3720 additional_data->x, additional_data->len, 3721 input_data->x, input_data->len, 3722 output_data, output_size, 3723 &output_length ); 3724 3725 /* If the operation is not supported, just skip and not fail in case the 3726 * encryption involves a common limitation of cryptography hardwares and 3727 * an alternative implementation. */ 3728 if( status == PSA_ERROR_NOT_SUPPORTED ) 3729 { 3730 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 3731 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); 3732 } 3733 3734 PSA_ASSERT( status ); 3735 ASSERT_COMPARE( expected_result->x, expected_result->len, 3736 output_data, output_length ); 3737 3738exit: 3739 psa_destroy_key( key ); 3740 mbedtls_free( output_data ); 3741 PSA_DONE( ); 3742} 3743/* END_CASE */ 3744 3745/* BEGIN_CASE */ 3746void aead_decrypt( int key_type_arg, data_t *key_data, 3747 int alg_arg, 3748 data_t *nonce, 3749 data_t *additional_data, 3750 data_t *input_data, 3751 data_t *expected_data, 3752 int expected_result_arg ) 3753{ 3754 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3755 psa_key_type_t key_type = key_type_arg; 3756 psa_algorithm_t alg = alg_arg; 3757 size_t key_bits; 3758 unsigned char *output_data = NULL; 3759 size_t output_size = 0; 3760 size_t output_length = 0; 3761 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3762 psa_status_t expected_result = expected_result_arg; 3763 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 3764 3765 PSA_ASSERT( psa_crypto_init( ) ); 3766 3767 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 3768 psa_set_key_algorithm( &attributes, alg ); 3769 psa_set_key_type( &attributes, key_type ); 3770 3771 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 3772 &key ) ); 3773 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 3774 key_bits = psa_get_key_bits( &attributes ); 3775 3776 output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits, 3777 alg ); 3778 if( expected_result != PSA_ERROR_INVALID_ARGUMENT && 3779 expected_result != PSA_ERROR_NOT_SUPPORTED ) 3780 { 3781 /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE 3782 * should be exact. */ 3783 TEST_EQUAL( output_size, 3784 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); 3785 TEST_ASSERT( output_size <= 3786 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); 3787 } 3788 ASSERT_ALLOC( output_data, output_size ); 3789 3790 status = psa_aead_decrypt( key, alg, 3791 nonce->x, nonce->len, 3792 additional_data->x, 3793 additional_data->len, 3794 input_data->x, input_data->len, 3795 output_data, output_size, 3796 &output_length ); 3797 3798 /* If the operation is not supported, just skip and not fail in case the 3799 * decryption involves a common limitation of cryptography hardwares and 3800 * an alternative implementation. */ 3801 if( status == PSA_ERROR_NOT_SUPPORTED ) 3802 { 3803 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 3804 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); 3805 } 3806 3807 TEST_EQUAL( status, expected_result ); 3808 3809 if( expected_result == PSA_SUCCESS ) 3810 ASSERT_COMPARE( expected_data->x, expected_data->len, 3811 output_data, output_length ); 3812 3813exit: 3814 psa_destroy_key( key ); 3815 mbedtls_free( output_data ); 3816 PSA_DONE( ); 3817} 3818/* END_CASE */ 3819 3820/* BEGIN_CASE */ 3821void aead_multipart_encrypt( int key_type_arg, data_t *key_data, 3822 int alg_arg, 3823 data_t *nonce, 3824 data_t *additional_data, 3825 data_t *input_data, 3826 int do_set_lengths, 3827 data_t *expected_output ) 3828{ 3829 size_t ad_part_len = 0; 3830 size_t data_part_len = 0; 3831 set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; 3832 3833 for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) 3834 { 3835 mbedtls_test_set_step( ad_part_len ); 3836 3837 if( do_set_lengths ) 3838 { 3839 if( ad_part_len & 0x01 ) 3840 set_lengths_method = SET_LENGTHS_AFTER_NONCE; 3841 else 3842 set_lengths_method = SET_LENGTHS_BEFORE_NONCE; 3843 } 3844 3845 /* Split ad into length(ad_part_len) parts. */ 3846 if( !aead_multipart_internal_func( key_type_arg, key_data, 3847 alg_arg, nonce, 3848 additional_data, 3849 ad_part_len, 3850 input_data, -1, 3851 set_lengths_method, 3852 expected_output, 3853 1, 0 ) ) 3854 break; 3855 3856 /* length(0) part, length(ad_part_len) part, length(0) part... */ 3857 mbedtls_test_set_step( 1000 + ad_part_len ); 3858 3859 if( !aead_multipart_internal_func( key_type_arg, key_data, 3860 alg_arg, nonce, 3861 additional_data, 3862 ad_part_len, 3863 input_data, -1, 3864 set_lengths_method, 3865 expected_output, 3866 1, 1 ) ) 3867 break; 3868 } 3869 3870 for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) 3871 { 3872 /* Split data into length(data_part_len) parts. */ 3873 mbedtls_test_set_step( 2000 + data_part_len ); 3874 3875 if( do_set_lengths ) 3876 { 3877 if( data_part_len & 0x01 ) 3878 set_lengths_method = SET_LENGTHS_AFTER_NONCE; 3879 else 3880 set_lengths_method = SET_LENGTHS_BEFORE_NONCE; 3881 } 3882 3883 if( !aead_multipart_internal_func( key_type_arg, key_data, 3884 alg_arg, nonce, 3885 additional_data, -1, 3886 input_data, data_part_len, 3887 set_lengths_method, 3888 expected_output, 3889 1, 0 ) ) 3890 break; 3891 3892 /* length(0) part, length(data_part_len) part, length(0) part... */ 3893 mbedtls_test_set_step( 3000 + data_part_len ); 3894 3895 if( !aead_multipart_internal_func( key_type_arg, key_data, 3896 alg_arg, nonce, 3897 additional_data, -1, 3898 input_data, data_part_len, 3899 set_lengths_method, 3900 expected_output, 3901 1, 1 ) ) 3902 break; 3903 } 3904 3905 /* Goto is required to silence warnings about unused labels, as we 3906 * don't actually do any test assertions in this function. */ 3907 goto exit; 3908} 3909/* END_CASE */ 3910 3911/* BEGIN_CASE */ 3912void aead_multipart_decrypt( int key_type_arg, data_t *key_data, 3913 int alg_arg, 3914 data_t *nonce, 3915 data_t *additional_data, 3916 data_t *input_data, 3917 int do_set_lengths, 3918 data_t *expected_output ) 3919{ 3920 size_t ad_part_len = 0; 3921 size_t data_part_len = 0; 3922 set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; 3923 3924 for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) 3925 { 3926 /* Split ad into length(ad_part_len) parts. */ 3927 mbedtls_test_set_step( ad_part_len ); 3928 3929 if( do_set_lengths ) 3930 { 3931 if( ad_part_len & 0x01 ) 3932 set_lengths_method = SET_LENGTHS_AFTER_NONCE; 3933 else 3934 set_lengths_method = SET_LENGTHS_BEFORE_NONCE; 3935 } 3936 3937 if( !aead_multipart_internal_func( key_type_arg, key_data, 3938 alg_arg, nonce, 3939 additional_data, 3940 ad_part_len, 3941 input_data, -1, 3942 set_lengths_method, 3943 expected_output, 3944 0, 0 ) ) 3945 break; 3946 3947 /* length(0) part, length(ad_part_len) part, length(0) part... */ 3948 mbedtls_test_set_step( 1000 + ad_part_len ); 3949 3950 if( !aead_multipart_internal_func( key_type_arg, key_data, 3951 alg_arg, nonce, 3952 additional_data, 3953 ad_part_len, 3954 input_data, -1, 3955 set_lengths_method, 3956 expected_output, 3957 0, 1 ) ) 3958 break; 3959 } 3960 3961 for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) 3962 { 3963 /* Split data into length(data_part_len) parts. */ 3964 mbedtls_test_set_step( 2000 + data_part_len ); 3965 3966 if( do_set_lengths ) 3967 { 3968 if( data_part_len & 0x01 ) 3969 set_lengths_method = SET_LENGTHS_AFTER_NONCE; 3970 else 3971 set_lengths_method = SET_LENGTHS_BEFORE_NONCE; 3972 } 3973 3974 if( !aead_multipart_internal_func( key_type_arg, key_data, 3975 alg_arg, nonce, 3976 additional_data, -1, 3977 input_data, data_part_len, 3978 set_lengths_method, 3979 expected_output, 3980 0, 0 ) ) 3981 break; 3982 3983 /* length(0) part, length(data_part_len) part, length(0) part... */ 3984 mbedtls_test_set_step( 3000 + data_part_len ); 3985 3986 if( !aead_multipart_internal_func( key_type_arg, key_data, 3987 alg_arg, nonce, 3988 additional_data, -1, 3989 input_data, data_part_len, 3990 set_lengths_method, 3991 expected_output, 3992 0, 1 ) ) 3993 break; 3994 } 3995 3996 /* Goto is required to silence warnings about unused labels, as we 3997 * don't actually do any test assertions in this function. */ 3998 goto exit; 3999} 4000/* END_CASE */ 4001 4002/* BEGIN_CASE */ 4003void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, 4004 int alg_arg, 4005 int nonce_length, 4006 int expected_nonce_length_arg, 4007 data_t *additional_data, 4008 data_t *input_data, 4009 int expected_status_arg ) 4010{ 4011 4012 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4013 psa_key_type_t key_type = key_type_arg; 4014 psa_algorithm_t alg = alg_arg; 4015 psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 4016 uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; 4017 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4018 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 4019 psa_status_t expected_status = expected_status_arg; 4020 size_t actual_nonce_length = 0; 4021 size_t expected_nonce_length = expected_nonce_length_arg; 4022 unsigned char *output = NULL; 4023 unsigned char *ciphertext = NULL; 4024 size_t output_size = 0; 4025 size_t ciphertext_size = 0; 4026 size_t ciphertext_length = 0; 4027 size_t tag_length = 0; 4028 uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 4029 4030 PSA_ASSERT( psa_crypto_init( ) ); 4031 4032 psa_set_key_usage_flags( & attributes, PSA_KEY_USAGE_ENCRYPT ); 4033 psa_set_key_algorithm( & attributes, alg ); 4034 psa_set_key_type( & attributes, key_type ); 4035 4036 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4037 &key ) ); 4038 4039 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 4040 4041 output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); 4042 4043 ASSERT_ALLOC( output, output_size ); 4044 4045 ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); 4046 4047 TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); 4048 4049 ASSERT_ALLOC( ciphertext, ciphertext_size ); 4050 4051 status = psa_aead_encrypt_setup( &operation, key, alg ); 4052 4053 /* If the operation is not supported, just skip and not fail in case the 4054 * encryption involves a common limitation of cryptography hardwares and 4055 * an alternative implementation. */ 4056 if( status == PSA_ERROR_NOT_SUPPORTED ) 4057 { 4058 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 4059 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length ); 4060 } 4061 4062 PSA_ASSERT( status ); 4063 4064 status = psa_aead_generate_nonce( &operation, nonce_buffer, 4065 nonce_length, 4066 &actual_nonce_length ); 4067 4068 TEST_EQUAL( status, expected_status ); 4069 4070 TEST_EQUAL( actual_nonce_length, expected_nonce_length ); 4071 4072 if( expected_status == PSA_SUCCESS ) 4073 TEST_EQUAL( actual_nonce_length, PSA_AEAD_NONCE_LENGTH( key_type, 4074 alg ) ); 4075 4076 TEST_ASSERT( actual_nonce_length < PSA_AEAD_NONCE_MAX_SIZE ); 4077 4078 if( expected_status == PSA_SUCCESS ) 4079 { 4080 4081 /* Ensure we can still complete operation. */ 4082 4083 PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, 4084 additional_data->len ) ); 4085 4086 PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, 4087 output, output_size, 4088 &ciphertext_length ) ); 4089 4090 PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, 4091 &ciphertext_length, tag_buffer, 4092 PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); 4093 } 4094 4095exit: 4096 psa_destroy_key( key ); 4097 mbedtls_free( output ); 4098 mbedtls_free( ciphertext ); 4099 psa_aead_abort( &operation ); 4100 PSA_DONE( ); 4101} 4102/* END_CASE */ 4103 4104/* BEGIN_CASE */ 4105void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, 4106 int alg_arg, 4107 int nonce_length_arg, 4108 data_t *additional_data, 4109 data_t *input_data, 4110 int expected_status_arg ) 4111{ 4112 4113 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4114 psa_key_type_t key_type = key_type_arg; 4115 psa_algorithm_t alg = alg_arg; 4116 psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 4117 uint8_t *nonce_buffer = NULL; 4118 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4119 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 4120 psa_status_t expected_status = expected_status_arg; 4121 unsigned char *output = NULL; 4122 unsigned char *ciphertext = NULL; 4123 size_t nonce_length; 4124 size_t output_size = 0; 4125 size_t ciphertext_size = 0; 4126 size_t ciphertext_length = 0; 4127 size_t tag_length = 0; 4128 uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 4129 size_t index = 0; 4130 4131 PSA_ASSERT( psa_crypto_init( ) ); 4132 4133 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 4134 psa_set_key_algorithm( &attributes, alg ); 4135 psa_set_key_type( &attributes, key_type ); 4136 4137 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4138 &key ) ); 4139 4140 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 4141 4142 output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); 4143 4144 ASSERT_ALLOC( output, output_size ); 4145 4146 ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); 4147 4148 TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); 4149 4150 ASSERT_ALLOC( ciphertext, ciphertext_size ); 4151 4152 status = psa_aead_encrypt_setup( &operation, key, alg ); 4153 4154 /* If the operation is not supported, just skip and not fail in case the 4155 * encryption involves a common limitation of cryptography hardwares and 4156 * an alternative implementation. */ 4157 if( status == PSA_ERROR_NOT_SUPPORTED ) 4158 { 4159 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 4160 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length_arg ); 4161 } 4162 4163 PSA_ASSERT( status ); 4164 4165 /* -1 == zero length and valid buffer, 0 = zero length and NULL buffer. */ 4166 if( nonce_length_arg == -1 ) 4167 { 4168 /* Arbitrary size buffer, to test zero length valid buffer. */ 4169 ASSERT_ALLOC( nonce_buffer, 4 ); 4170 nonce_length = 0; 4171 } 4172 else 4173 { 4174 /* If length is zero, then this will return NULL. */ 4175 nonce_length = ( size_t ) nonce_length_arg; 4176 ASSERT_ALLOC( nonce_buffer, nonce_length ); 4177 4178 if( nonce_buffer ) 4179 { 4180 for( index = 0; index < nonce_length - 1; ++index ) 4181 { 4182 nonce_buffer[index] = 'a' + index; 4183 } 4184 } 4185 } 4186 4187 status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_length ); 4188 4189 TEST_EQUAL( status, expected_status ); 4190 4191 if( expected_status == PSA_SUCCESS ) 4192 { 4193 /* Ensure we can still complete operation. */ 4194 4195 PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, 4196 additional_data->len ) ); 4197 4198 PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, 4199 output, output_size, 4200 &ciphertext_length ) ); 4201 4202 PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, 4203 &ciphertext_length, tag_buffer, 4204 PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); 4205 } 4206 4207exit: 4208 psa_destroy_key( key ); 4209 mbedtls_free( output ); 4210 mbedtls_free( ciphertext ); 4211 mbedtls_free( nonce_buffer ); 4212 psa_aead_abort( &operation ); 4213 PSA_DONE( ); 4214} 4215/* END_CASE */ 4216 4217/* BEGIN_CASE */ 4218void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data, 4219 int alg_arg, 4220 int output_size_arg, 4221 data_t *nonce, 4222 data_t *additional_data, 4223 data_t *input_data, 4224 int expected_status_arg ) 4225{ 4226 4227 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4228 psa_key_type_t key_type = key_type_arg; 4229 psa_algorithm_t alg = alg_arg; 4230 psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 4231 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4232 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 4233 psa_status_t expected_status = expected_status_arg; 4234 unsigned char *output = NULL; 4235 unsigned char *ciphertext = NULL; 4236 size_t output_size = output_size_arg; 4237 size_t ciphertext_size = 0; 4238 size_t ciphertext_length = 0; 4239 size_t tag_length = 0; 4240 uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 4241 4242 PSA_ASSERT( psa_crypto_init( ) ); 4243 4244 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 4245 psa_set_key_algorithm( &attributes, alg ); 4246 psa_set_key_type( &attributes, key_type ); 4247 4248 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4249 &key ) ); 4250 4251 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 4252 4253 ASSERT_ALLOC( output, output_size ); 4254 4255 ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); 4256 4257 ASSERT_ALLOC( ciphertext, ciphertext_size ); 4258 4259 status = psa_aead_encrypt_setup( &operation, key, alg ); 4260 4261 /* If the operation is not supported, just skip and not fail in case the 4262 * encryption involves a common limitation of cryptography hardwares and 4263 * an alternative implementation. */ 4264 if( status == PSA_ERROR_NOT_SUPPORTED ) 4265 { 4266 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 4267 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); 4268 } 4269 4270 PSA_ASSERT( status ); 4271 4272 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4273 4274 PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, 4275 additional_data->len ) ); 4276 4277 status = psa_aead_update( &operation, input_data->x, input_data->len, 4278 output, output_size, &ciphertext_length ); 4279 4280 TEST_EQUAL( status, expected_status ); 4281 4282 if( expected_status == PSA_SUCCESS ) 4283 { 4284 /* Ensure we can still complete operation. */ 4285 PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, 4286 &ciphertext_length, tag_buffer, 4287 PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); 4288 } 4289 4290exit: 4291 psa_destroy_key( key ); 4292 mbedtls_free( output ); 4293 mbedtls_free( ciphertext ); 4294 psa_aead_abort( &operation ); 4295 PSA_DONE( ); 4296} 4297/* END_CASE */ 4298 4299/* BEGIN_CASE */ 4300void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, 4301 int alg_arg, 4302 int finish_ciphertext_size_arg, 4303 int tag_size_arg, 4304 data_t *nonce, 4305 data_t *additional_data, 4306 data_t *input_data, 4307 int expected_status_arg ) 4308{ 4309 4310 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4311 psa_key_type_t key_type = key_type_arg; 4312 psa_algorithm_t alg = alg_arg; 4313 psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 4314 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4315 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 4316 psa_status_t expected_status = expected_status_arg; 4317 unsigned char *ciphertext = NULL; 4318 unsigned char *finish_ciphertext = NULL; 4319 unsigned char *tag_buffer = NULL; 4320 size_t ciphertext_size = 0; 4321 size_t ciphertext_length = 0; 4322 size_t finish_ciphertext_size = ( size_t ) finish_ciphertext_size_arg; 4323 size_t tag_size = ( size_t ) tag_size_arg; 4324 size_t tag_length = 0; 4325 4326 PSA_ASSERT( psa_crypto_init( ) ); 4327 4328 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 4329 psa_set_key_algorithm( &attributes, alg ); 4330 psa_set_key_type( &attributes, key_type ); 4331 4332 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4333 &key ) ); 4334 4335 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 4336 4337 ciphertext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); 4338 4339 ASSERT_ALLOC( ciphertext, ciphertext_size ); 4340 4341 ASSERT_ALLOC( finish_ciphertext, finish_ciphertext_size ); 4342 4343 ASSERT_ALLOC( tag_buffer, tag_size ); 4344 4345 status = psa_aead_encrypt_setup( &operation, key, alg ); 4346 4347 /* If the operation is not supported, just skip and not fail in case the 4348 * encryption involves a common limitation of cryptography hardwares and 4349 * an alternative implementation. */ 4350 if( status == PSA_ERROR_NOT_SUPPORTED ) 4351 { 4352 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 4353 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); 4354 } 4355 4356 PSA_ASSERT( status ); 4357 4358 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4359 4360 PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, 4361 additional_data->len ) ); 4362 4363 PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, 4364 ciphertext, ciphertext_size, &ciphertext_length ) ); 4365 4366 /* Ensure we can still complete operation. */ 4367 status = psa_aead_finish( &operation, finish_ciphertext, 4368 finish_ciphertext_size, 4369 &ciphertext_length, tag_buffer, 4370 tag_size, &tag_length ); 4371 4372 TEST_EQUAL( status, expected_status ); 4373 4374exit: 4375 psa_destroy_key( key ); 4376 mbedtls_free( ciphertext ); 4377 mbedtls_free( finish_ciphertext ); 4378 mbedtls_free( tag_buffer ); 4379 psa_aead_abort( &operation ); 4380 PSA_DONE( ); 4381} 4382/* END_CASE */ 4383 4384/* BEGIN_CASE */ 4385void aead_multipart_verify( int key_type_arg, data_t *key_data, 4386 int alg_arg, 4387 data_t *nonce, 4388 data_t *additional_data, 4389 data_t *input_data, 4390 data_t *tag, 4391 int tag_usage_arg, 4392 int expected_status_arg ) 4393{ 4394 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4395 psa_key_type_t key_type = key_type_arg; 4396 psa_algorithm_t alg = alg_arg; 4397 psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 4398 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4399 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 4400 psa_status_t expected_status = expected_status_arg; 4401 unsigned char *plaintext = NULL; 4402 unsigned char *finish_plaintext = NULL; 4403 size_t plaintext_size = 0; 4404 size_t plaintext_length = 0; 4405 size_t verify_plaintext_size = 0; 4406 tag_usage_method_t tag_usage = tag_usage_arg; 4407 unsigned char *tag_buffer = NULL; 4408 size_t tag_size = 0; 4409 4410 PSA_ASSERT( psa_crypto_init( ) ); 4411 4412 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 4413 psa_set_key_algorithm( &attributes, alg ); 4414 psa_set_key_type( &attributes, key_type ); 4415 4416 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4417 &key ) ); 4418 4419 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 4420 4421 plaintext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, 4422 input_data->len ); 4423 4424 ASSERT_ALLOC( plaintext, plaintext_size ); 4425 4426 verify_plaintext_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); 4427 4428 ASSERT_ALLOC( finish_plaintext, verify_plaintext_size ); 4429 4430 status = psa_aead_decrypt_setup( &operation, key, alg ); 4431 4432 /* If the operation is not supported, just skip and not fail in case the 4433 * encryption involves a common limitation of cryptography hardwares and 4434 * an alternative implementation. */ 4435 if( status == PSA_ERROR_NOT_SUPPORTED ) 4436 { 4437 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); 4438 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); 4439 } 4440 4441 PSA_ASSERT( status ); 4442 4443 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4444 4445 PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, 4446 additional_data->len ) ); 4447 4448 PSA_ASSERT( psa_aead_update( &operation, input_data->x, 4449 input_data->len, 4450 plaintext, plaintext_size, 4451 &plaintext_length ) ); 4452 4453 if( tag_usage == USE_GIVEN_TAG ) 4454 { 4455 tag_buffer = tag->x; 4456 tag_size = tag->len; 4457 } 4458 4459 status = psa_aead_verify( &operation, finish_plaintext, 4460 verify_plaintext_size, 4461 &plaintext_length, 4462 tag_buffer, tag_size ); 4463 4464 TEST_EQUAL( status, expected_status ); 4465 4466exit: 4467 psa_destroy_key( key ); 4468 mbedtls_free( plaintext ); 4469 mbedtls_free( finish_plaintext ); 4470 psa_aead_abort( &operation ); 4471 PSA_DONE( ); 4472} 4473/* END_CASE */ 4474 4475/* BEGIN_CASE */ 4476void aead_multipart_setup( int key_type_arg, data_t *key_data, 4477 int alg_arg, int expected_status_arg ) 4478{ 4479 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4480 psa_key_type_t key_type = key_type_arg; 4481 psa_algorithm_t alg = alg_arg; 4482 psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 4483 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4484 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 4485 psa_status_t expected_status = expected_status_arg; 4486 4487 PSA_ASSERT( psa_crypto_init( ) ); 4488 4489 psa_set_key_usage_flags( &attributes, 4490 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 4491 psa_set_key_algorithm( &attributes, alg ); 4492 psa_set_key_type( &attributes, key_type ); 4493 4494 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4495 &key ) ); 4496 4497 status = psa_aead_encrypt_setup( &operation, key, alg ); 4498 4499 TEST_EQUAL( status, expected_status ); 4500 4501 psa_aead_abort( &operation ); 4502 4503 status = psa_aead_decrypt_setup( &operation, key, alg ); 4504 4505 TEST_EQUAL(status, expected_status ); 4506 4507exit: 4508 psa_destroy_key( key ); 4509 psa_aead_abort( &operation ); 4510 PSA_DONE( ); 4511} 4512/* END_CASE */ 4513 4514/* BEGIN_CASE */ 4515void aead_multipart_state_test( int key_type_arg, data_t *key_data, 4516 int alg_arg, 4517 data_t *nonce, 4518 data_t *additional_data, 4519 data_t *input_data ) 4520{ 4521 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4522 psa_key_type_t key_type = key_type_arg; 4523 psa_algorithm_t alg = alg_arg; 4524 psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 4525 unsigned char *output_data = NULL; 4526 unsigned char *final_data = NULL; 4527 size_t output_size = 0; 4528 size_t finish_output_size = 0; 4529 size_t output_length = 0; 4530 size_t key_bits = 0; 4531 size_t tag_length = 0; 4532 size_t tag_size = 0; 4533 size_t nonce_length = 0; 4534 uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; 4535 uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 4536 size_t output_part_length = 0; 4537 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4538 4539 PSA_ASSERT( psa_crypto_init( ) ); 4540 4541 psa_set_key_usage_flags( & attributes, 4542 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 4543 psa_set_key_algorithm( & attributes, alg ); 4544 psa_set_key_type( & attributes, key_type ); 4545 4546 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 4547 &key ) ); 4548 4549 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 4550 key_bits = psa_get_key_bits( &attributes ); 4551 4552 tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); 4553 4554 TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); 4555 4556 output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); 4557 4558 ASSERT_ALLOC( output_data, output_size ); 4559 4560 finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); 4561 4562 TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); 4563 4564 ASSERT_ALLOC( final_data, finish_output_size ); 4565 4566 /* Test all operations error without calling setup first. */ 4567 4568 TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), 4569 PSA_ERROR_BAD_STATE ); 4570 4571 psa_aead_abort( &operation ); 4572 4573 TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, 4574 PSA_AEAD_NONCE_MAX_SIZE, 4575 &nonce_length ), 4576 PSA_ERROR_BAD_STATE ); 4577 4578 psa_aead_abort( &operation ); 4579 4580 /* ------------------------------------------------------- */ 4581 4582 TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, 4583 input_data->len ), 4584 PSA_ERROR_BAD_STATE ); 4585 4586 psa_aead_abort( &operation ); 4587 4588 /* ------------------------------------------------------- */ 4589 4590 TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, 4591 additional_data->len ), 4592 PSA_ERROR_BAD_STATE ); 4593 4594 psa_aead_abort( &operation ); 4595 4596 /* ------------------------------------------------------- */ 4597 4598 TEST_EQUAL( psa_aead_update( &operation, input_data->x, 4599 input_data->len, output_data, 4600 output_size, &output_length ), 4601 PSA_ERROR_BAD_STATE ); 4602 4603 psa_aead_abort( &operation ); 4604 4605 /* ------------------------------------------------------- */ 4606 4607 TEST_EQUAL( psa_aead_finish( &operation, final_data, 4608 finish_output_size, 4609 &output_part_length, 4610 tag_buffer, tag_length, 4611 &tag_size ), 4612 PSA_ERROR_BAD_STATE ); 4613 4614 psa_aead_abort( &operation ); 4615 4616 /* ------------------------------------------------------- */ 4617 4618 TEST_EQUAL( psa_aead_verify( &operation, final_data, 4619 finish_output_size, 4620 &output_part_length, 4621 tag_buffer, 4622 tag_length ), 4623 PSA_ERROR_BAD_STATE ); 4624 4625 psa_aead_abort( &operation ); 4626 4627 /* Test for double setups. */ 4628 4629 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4630 4631 TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ), 4632 PSA_ERROR_BAD_STATE ); 4633 4634 psa_aead_abort( &operation ); 4635 4636 /* ------------------------------------------------------- */ 4637 4638 PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); 4639 4640 TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ), 4641 PSA_ERROR_BAD_STATE ); 4642 4643 psa_aead_abort( &operation ); 4644 4645 /* ------------------------------------------------------- */ 4646 4647 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4648 4649 TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ), 4650 PSA_ERROR_BAD_STATE ); 4651 4652 psa_aead_abort( &operation ); 4653 4654 /* ------------------------------------------------------- */ 4655 4656 PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); 4657 4658 TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ), 4659 PSA_ERROR_BAD_STATE ); 4660 4661 psa_aead_abort( &operation ); 4662 4663 /* Test for not setting a nonce. */ 4664 4665 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4666 4667 TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, 4668 additional_data->len ), 4669 PSA_ERROR_BAD_STATE ); 4670 4671 psa_aead_abort( &operation ); 4672 4673 /* ------------------------------------------------------- */ 4674 4675 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4676 4677 TEST_EQUAL( psa_aead_update( &operation, input_data->x, 4678 input_data->len, output_data, 4679 output_size, &output_length ), 4680 PSA_ERROR_BAD_STATE ); 4681 4682 psa_aead_abort( &operation ); 4683 4684 /* ------------------------------------------------------- */ 4685 4686 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4687 4688 TEST_EQUAL( psa_aead_finish( &operation, final_data, 4689 finish_output_size, 4690 &output_part_length, 4691 tag_buffer, tag_length, 4692 &tag_size ), 4693 PSA_ERROR_BAD_STATE ); 4694 4695 psa_aead_abort( &operation ); 4696 4697 /* ------------------------------------------------------- */ 4698 4699 PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); 4700 4701 TEST_EQUAL( psa_aead_verify( &operation, final_data, 4702 finish_output_size, 4703 &output_part_length, 4704 tag_buffer, 4705 tag_length ), 4706 PSA_ERROR_BAD_STATE ); 4707 4708 psa_aead_abort( &operation ); 4709 4710 /* Test for double setting nonce. */ 4711 4712 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4713 4714 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4715 4716 TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), 4717 PSA_ERROR_BAD_STATE ); 4718 4719 psa_aead_abort( &operation ); 4720 4721 /* Test for double generating nonce. */ 4722 4723 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4724 4725 PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, 4726 PSA_AEAD_NONCE_MAX_SIZE, 4727 &nonce_length ) ); 4728 4729 TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, 4730 PSA_AEAD_NONCE_MAX_SIZE, 4731 &nonce_length ), 4732 PSA_ERROR_BAD_STATE ); 4733 4734 4735 psa_aead_abort( &operation ); 4736 4737 /* Test for generate nonce then set and vice versa */ 4738 4739 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4740 4741 PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, 4742 PSA_AEAD_NONCE_MAX_SIZE, 4743 &nonce_length ) ); 4744 4745 TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), 4746 PSA_ERROR_BAD_STATE ); 4747 4748 psa_aead_abort( &operation ); 4749 4750 /* ------------------------------------------------------- */ 4751 4752 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4753 4754 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4755 4756 TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, 4757 PSA_AEAD_NONCE_MAX_SIZE, 4758 &nonce_length ), 4759 PSA_ERROR_BAD_STATE ); 4760 4761 psa_aead_abort( &operation ); 4762 4763 /* Test for generating nonce in decrypt setup. */ 4764 4765 PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); 4766 4767 TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, 4768 PSA_AEAD_NONCE_MAX_SIZE, 4769 &nonce_length ), 4770 PSA_ERROR_BAD_STATE ); 4771 4772 psa_aead_abort( &operation ); 4773 4774 /* Test for setting lengths twice. */ 4775 4776 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4777 4778 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4779 4780 PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, 4781 input_data->len ) ); 4782 4783 TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, 4784 input_data->len ), 4785 PSA_ERROR_BAD_STATE ); 4786 4787 psa_aead_abort( &operation ); 4788 4789 /* Test for setting lengths after already starting data. */ 4790 4791 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4792 4793 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4794 4795 PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, 4796 additional_data->len ) ); 4797 4798 TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, 4799 input_data->len ), 4800 PSA_ERROR_BAD_STATE ); 4801 4802 psa_aead_abort( &operation ); 4803 4804 /* ------------------------------------------------------- */ 4805 4806 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4807 4808 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4809 4810 PSA_ASSERT( psa_aead_update( &operation, input_data->x, 4811 input_data->len, output_data, 4812 output_size, &output_length ) ); 4813 4814 TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, 4815 input_data->len ), 4816 PSA_ERROR_BAD_STATE ); 4817 4818 psa_aead_abort( &operation ); 4819 4820 /* Test for not sending any additional data or data after setting non zero 4821 * lengths for them. (encrypt) */ 4822 4823 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4824 4825 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4826 4827 PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, 4828 input_data->len ) ); 4829 4830 TEST_EQUAL( psa_aead_finish( &operation, final_data, 4831 finish_output_size, 4832 &output_part_length, 4833 tag_buffer, tag_length, 4834 &tag_size ), 4835 PSA_ERROR_INVALID_ARGUMENT ); 4836 4837 psa_aead_abort( &operation ); 4838 4839 /* Test for not sending any additional data or data after setting non-zero 4840 * lengths for them. (decrypt) */ 4841 4842 PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); 4843 4844 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4845 4846 PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, 4847 input_data->len ) ); 4848 4849 TEST_EQUAL( psa_aead_verify( &operation, final_data, 4850 finish_output_size, 4851 &output_part_length, 4852 tag_buffer, 4853 tag_length ), 4854 PSA_ERROR_INVALID_ARGUMENT ); 4855 4856 psa_aead_abort( &operation ); 4857 4858 /* Test for not sending any additional data after setting a non-zero length 4859 * for it. */ 4860 4861 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4862 4863 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4864 4865 PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, 4866 input_data->len ) ); 4867 4868 TEST_EQUAL( psa_aead_update( &operation, input_data->x, 4869 input_data->len, output_data, 4870 output_size, &output_length ), 4871 PSA_ERROR_INVALID_ARGUMENT ); 4872 4873 psa_aead_abort( &operation ); 4874 4875 /* Test for not sending any data after setting a non-zero length for it.*/ 4876 4877 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4878 4879 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4880 4881 PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, 4882 input_data->len ) ); 4883 4884 PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, 4885 additional_data->len ) ); 4886 4887 TEST_EQUAL( psa_aead_finish( &operation, final_data, 4888 finish_output_size, 4889 &output_part_length, 4890 tag_buffer, tag_length, 4891 &tag_size ), 4892 PSA_ERROR_INVALID_ARGUMENT ); 4893 4894 psa_aead_abort( &operation ); 4895 4896 /* Test for sending too much additional data after setting lengths. */ 4897 4898 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4899 4900 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4901 4902 PSA_ASSERT( psa_aead_set_lengths( &operation, 0, 0 ) ); 4903 4904 4905 TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, 4906 additional_data->len ), 4907 PSA_ERROR_INVALID_ARGUMENT ); 4908 4909 psa_aead_abort( &operation ); 4910 4911 /* ------------------------------------------------------- */ 4912 4913 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4914 4915 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4916 4917 PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, 4918 input_data->len ) ); 4919 4920 PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, 4921 additional_data->len ) ); 4922 4923 TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, 4924 1 ), 4925 PSA_ERROR_INVALID_ARGUMENT ); 4926 4927 psa_aead_abort( &operation ); 4928 4929 /* Test for sending too much data after setting lengths. */ 4930 4931 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4932 4933 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4934 4935 PSA_ASSERT( psa_aead_set_lengths( &operation, 0, 0 ) ); 4936 4937 TEST_EQUAL( psa_aead_update( &operation, input_data->x, 4938 input_data->len, output_data, 4939 output_size, &output_length ), 4940 PSA_ERROR_INVALID_ARGUMENT ); 4941 4942 psa_aead_abort( &operation ); 4943 4944 /* ------------------------------------------------------- */ 4945 4946 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4947 4948 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4949 4950 PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, 4951 input_data->len ) ); 4952 4953 PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, 4954 additional_data->len ) ); 4955 4956 PSA_ASSERT( psa_aead_update( &operation, input_data->x, 4957 input_data->len, output_data, 4958 output_size, &output_length ) ); 4959 4960 TEST_EQUAL( psa_aead_update( &operation, input_data->x, 4961 1, output_data, 4962 output_size, &output_length ), 4963 PSA_ERROR_INVALID_ARGUMENT ); 4964 4965 psa_aead_abort( &operation ); 4966 4967 /* Test sending additional data after data. */ 4968 4969 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 4970 4971 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4972 4973 PSA_ASSERT( psa_aead_update( &operation, input_data->x, 4974 input_data->len, output_data, 4975 output_size, &output_length ) ); 4976 4977 TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, 4978 additional_data->len ), 4979 PSA_ERROR_BAD_STATE ); 4980 4981 psa_aead_abort( &operation ); 4982 4983 /* Test calling finish on decryption. */ 4984 4985 PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); 4986 4987 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 4988 4989 TEST_EQUAL( psa_aead_finish( &operation, final_data, 4990 finish_output_size, 4991 &output_part_length, 4992 tag_buffer, tag_length, 4993 &tag_size ), 4994 PSA_ERROR_BAD_STATE ); 4995 4996 psa_aead_abort( &operation ); 4997 4998 /* Test calling verify on encryption. */ 4999 5000 PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); 5001 5002 PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); 5003 5004 TEST_EQUAL( psa_aead_verify( &operation, final_data, 5005 finish_output_size, 5006 &output_part_length, 5007 tag_buffer, 5008 tag_length ), 5009 PSA_ERROR_BAD_STATE ); 5010 5011 psa_aead_abort( &operation ); 5012 5013 5014exit: 5015 psa_destroy_key( key ); 5016 psa_aead_abort( &operation ); 5017 mbedtls_free( output_data ); 5018 mbedtls_free( final_data ); 5019 PSA_DONE( ); 5020} 5021/* END_CASE */ 5022 5023/* BEGIN_CASE */ 5024void signature_size( int type_arg, 5025 int bits, 5026 int alg_arg, 5027 int expected_size_arg ) 5028{ 5029 psa_key_type_t type = type_arg; 5030 psa_algorithm_t alg = alg_arg; 5031 size_t actual_size = PSA_SIGN_OUTPUT_SIZE( type, bits, alg ); 5032 5033 TEST_EQUAL( actual_size, (size_t) expected_size_arg ); 5034 5035exit: 5036 ; 5037} 5038/* END_CASE */ 5039 5040/* BEGIN_CASE */ 5041void sign_hash_deterministic( int key_type_arg, data_t *key_data, 5042 int alg_arg, data_t *input_data, 5043 data_t *output_data ) 5044{ 5045 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5046 psa_key_type_t key_type = key_type_arg; 5047 psa_algorithm_t alg = alg_arg; 5048 size_t key_bits; 5049 unsigned char *signature = NULL; 5050 size_t signature_size; 5051 size_t signature_length = 0xdeadbeef; 5052 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5053 5054 PSA_ASSERT( psa_crypto_init( ) ); 5055 5056 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 5057 psa_set_key_algorithm( &attributes, alg ); 5058 psa_set_key_type( &attributes, key_type ); 5059 5060 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5061 &key ) ); 5062 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 5063 key_bits = psa_get_key_bits( &attributes ); 5064 5065 /* Allocate a buffer which has the size advertized by the 5066 * library. */ 5067 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, 5068 key_bits, alg ); 5069 TEST_ASSERT( signature_size != 0 ); 5070 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); 5071 ASSERT_ALLOC( signature, signature_size ); 5072 5073 /* Perform the signature. */ 5074 PSA_ASSERT( psa_sign_hash( key, alg, 5075 input_data->x, input_data->len, 5076 signature, signature_size, 5077 &signature_length ) ); 5078 /* Verify that the signature is what is expected. */ 5079 ASSERT_COMPARE( output_data->x, output_data->len, 5080 signature, signature_length ); 5081 5082exit: 5083 /* 5084 * Key attributes may have been returned by psa_get_key_attributes() 5085 * thus reset them as required. 5086 */ 5087 psa_reset_key_attributes( &attributes ); 5088 5089 psa_destroy_key( key ); 5090 mbedtls_free( signature ); 5091 PSA_DONE( ); 5092} 5093/* END_CASE */ 5094 5095/* BEGIN_CASE */ 5096void sign_hash_fail( int key_type_arg, data_t *key_data, 5097 int alg_arg, data_t *input_data, 5098 int signature_size_arg, int expected_status_arg ) 5099{ 5100 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5101 psa_key_type_t key_type = key_type_arg; 5102 psa_algorithm_t alg = alg_arg; 5103 size_t signature_size = signature_size_arg; 5104 psa_status_t actual_status; 5105 psa_status_t expected_status = expected_status_arg; 5106 unsigned char *signature = NULL; 5107 size_t signature_length = 0xdeadbeef; 5108 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5109 5110 ASSERT_ALLOC( signature, signature_size ); 5111 5112 PSA_ASSERT( psa_crypto_init( ) ); 5113 5114 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 5115 psa_set_key_algorithm( &attributes, alg ); 5116 psa_set_key_type( &attributes, key_type ); 5117 5118 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5119 &key ) ); 5120 5121 actual_status = psa_sign_hash( key, alg, 5122 input_data->x, input_data->len, 5123 signature, signature_size, 5124 &signature_length ); 5125 TEST_EQUAL( actual_status, expected_status ); 5126 /* The value of *signature_length is unspecified on error, but 5127 * whatever it is, it should be less than signature_size, so that 5128 * if the caller tries to read *signature_length bytes without 5129 * checking the error code then they don't overflow a buffer. */ 5130 TEST_ASSERT( signature_length <= signature_size ); 5131 5132exit: 5133 psa_reset_key_attributes( &attributes ); 5134 psa_destroy_key( key ); 5135 mbedtls_free( signature ); 5136 PSA_DONE( ); 5137} 5138/* END_CASE */ 5139 5140/* BEGIN_CASE */ 5141void sign_verify_hash( int key_type_arg, data_t *key_data, 5142 int alg_arg, data_t *input_data ) 5143{ 5144 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5145 psa_key_type_t key_type = key_type_arg; 5146 psa_algorithm_t alg = alg_arg; 5147 size_t key_bits; 5148 unsigned char *signature = NULL; 5149 size_t signature_size; 5150 size_t signature_length = 0xdeadbeef; 5151 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5152 5153 PSA_ASSERT( psa_crypto_init( ) ); 5154 5155 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); 5156 psa_set_key_algorithm( &attributes, alg ); 5157 psa_set_key_type( &attributes, key_type ); 5158 5159 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5160 &key ) ); 5161 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 5162 key_bits = psa_get_key_bits( &attributes ); 5163 5164 /* Allocate a buffer which has the size advertized by the 5165 * library. */ 5166 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, 5167 key_bits, alg ); 5168 TEST_ASSERT( signature_size != 0 ); 5169 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); 5170 ASSERT_ALLOC( signature, signature_size ); 5171 5172 /* Perform the signature. */ 5173 PSA_ASSERT( psa_sign_hash( key, alg, 5174 input_data->x, input_data->len, 5175 signature, signature_size, 5176 &signature_length ) ); 5177 /* Check that the signature length looks sensible. */ 5178 TEST_ASSERT( signature_length <= signature_size ); 5179 TEST_ASSERT( signature_length > 0 ); 5180 5181 /* Use the library to verify that the signature is correct. */ 5182 PSA_ASSERT( psa_verify_hash( key, alg, 5183 input_data->x, input_data->len, 5184 signature, signature_length ) ); 5185 5186 if( input_data->len != 0 ) 5187 { 5188 /* Flip a bit in the input and verify that the signature is now 5189 * detected as invalid. Flip a bit at the beginning, not at the end, 5190 * because ECDSA may ignore the last few bits of the input. */ 5191 input_data->x[0] ^= 1; 5192 TEST_EQUAL( psa_verify_hash( key, alg, 5193 input_data->x, input_data->len, 5194 signature, signature_length ), 5195 PSA_ERROR_INVALID_SIGNATURE ); 5196 } 5197 5198exit: 5199 /* 5200 * Key attributes may have been returned by psa_get_key_attributes() 5201 * thus reset them as required. 5202 */ 5203 psa_reset_key_attributes( &attributes ); 5204 5205 psa_destroy_key( key ); 5206 mbedtls_free( signature ); 5207 PSA_DONE( ); 5208} 5209/* END_CASE */ 5210 5211/* BEGIN_CASE */ 5212void verify_hash( int key_type_arg, data_t *key_data, 5213 int alg_arg, data_t *hash_data, 5214 data_t *signature_data ) 5215{ 5216 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5217 psa_key_type_t key_type = key_type_arg; 5218 psa_algorithm_t alg = alg_arg; 5219 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5220 5221 TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE ); 5222 5223 PSA_ASSERT( psa_crypto_init( ) ); 5224 5225 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); 5226 psa_set_key_algorithm( &attributes, alg ); 5227 psa_set_key_type( &attributes, key_type ); 5228 5229 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5230 &key ) ); 5231 5232 PSA_ASSERT( psa_verify_hash( key, alg, 5233 hash_data->x, hash_data->len, 5234 signature_data->x, signature_data->len ) ); 5235 5236exit: 5237 psa_reset_key_attributes( &attributes ); 5238 psa_destroy_key( key ); 5239 PSA_DONE( ); 5240} 5241/* END_CASE */ 5242 5243/* BEGIN_CASE */ 5244void verify_hash_fail( int key_type_arg, data_t *key_data, 5245 int alg_arg, data_t *hash_data, 5246 data_t *signature_data, 5247 int expected_status_arg ) 5248{ 5249 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5250 psa_key_type_t key_type = key_type_arg; 5251 psa_algorithm_t alg = alg_arg; 5252 psa_status_t actual_status; 5253 psa_status_t expected_status = expected_status_arg; 5254 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5255 5256 PSA_ASSERT( psa_crypto_init( ) ); 5257 5258 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); 5259 psa_set_key_algorithm( &attributes, alg ); 5260 psa_set_key_type( &attributes, key_type ); 5261 5262 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5263 &key ) ); 5264 5265 actual_status = psa_verify_hash( key, alg, 5266 hash_data->x, hash_data->len, 5267 signature_data->x, signature_data->len ); 5268 TEST_EQUAL( actual_status, expected_status ); 5269 5270exit: 5271 psa_reset_key_attributes( &attributes ); 5272 psa_destroy_key( key ); 5273 PSA_DONE( ); 5274} 5275/* END_CASE */ 5276 5277/* BEGIN_CASE */ 5278void sign_message_deterministic( int key_type_arg, 5279 data_t *key_data, 5280 int alg_arg, 5281 data_t *input_data, 5282 data_t *output_data ) 5283{ 5284 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5285 psa_key_type_t key_type = key_type_arg; 5286 psa_algorithm_t alg = alg_arg; 5287 size_t key_bits; 5288 unsigned char *signature = NULL; 5289 size_t signature_size; 5290 size_t signature_length = 0xdeadbeef; 5291 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5292 5293 PSA_ASSERT( psa_crypto_init( ) ); 5294 5295 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); 5296 psa_set_key_algorithm( &attributes, alg ); 5297 psa_set_key_type( &attributes, key_type ); 5298 5299 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5300 &key ) ); 5301 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 5302 key_bits = psa_get_key_bits( &attributes ); 5303 5304 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); 5305 TEST_ASSERT( signature_size != 0 ); 5306 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); 5307 ASSERT_ALLOC( signature, signature_size ); 5308 5309 PSA_ASSERT( psa_sign_message( key, alg, 5310 input_data->x, input_data->len, 5311 signature, signature_size, 5312 &signature_length ) ); 5313 5314 ASSERT_COMPARE( output_data->x, output_data->len, 5315 signature, signature_length ); 5316 5317exit: 5318 psa_reset_key_attributes( &attributes ); 5319 5320 psa_destroy_key( key ); 5321 mbedtls_free( signature ); 5322 PSA_DONE( ); 5323 5324} 5325/* END_CASE */ 5326 5327/* BEGIN_CASE */ 5328void sign_message_fail( int key_type_arg, 5329 data_t *key_data, 5330 int alg_arg, 5331 data_t *input_data, 5332 int signature_size_arg, 5333 int expected_status_arg ) 5334{ 5335 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5336 psa_key_type_t key_type = key_type_arg; 5337 psa_algorithm_t alg = alg_arg; 5338 size_t signature_size = signature_size_arg; 5339 psa_status_t actual_status; 5340 psa_status_t expected_status = expected_status_arg; 5341 unsigned char *signature = NULL; 5342 size_t signature_length = 0xdeadbeef; 5343 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5344 5345 ASSERT_ALLOC( signature, signature_size ); 5346 5347 PSA_ASSERT( psa_crypto_init( ) ); 5348 5349 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); 5350 psa_set_key_algorithm( &attributes, alg ); 5351 psa_set_key_type( &attributes, key_type ); 5352 5353 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5354 &key ) ); 5355 5356 actual_status = psa_sign_message( key, alg, 5357 input_data->x, input_data->len, 5358 signature, signature_size, 5359 &signature_length ); 5360 TEST_EQUAL( actual_status, expected_status ); 5361 /* The value of *signature_length is unspecified on error, but 5362 * whatever it is, it should be less than signature_size, so that 5363 * if the caller tries to read *signature_length bytes without 5364 * checking the error code then they don't overflow a buffer. */ 5365 TEST_ASSERT( signature_length <= signature_size ); 5366 5367exit: 5368 psa_reset_key_attributes( &attributes ); 5369 psa_destroy_key( key ); 5370 mbedtls_free( signature ); 5371 PSA_DONE( ); 5372} 5373/* END_CASE */ 5374 5375/* BEGIN_CASE */ 5376void sign_verify_message( int key_type_arg, 5377 data_t *key_data, 5378 int alg_arg, 5379 data_t *input_data ) 5380{ 5381 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5382 psa_key_type_t key_type = key_type_arg; 5383 psa_algorithm_t alg = alg_arg; 5384 size_t key_bits; 5385 unsigned char *signature = NULL; 5386 size_t signature_size; 5387 size_t signature_length = 0xdeadbeef; 5388 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5389 5390 PSA_ASSERT( psa_crypto_init( ) ); 5391 5392 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE | 5393 PSA_KEY_USAGE_VERIFY_MESSAGE ); 5394 psa_set_key_algorithm( &attributes, alg ); 5395 psa_set_key_type( &attributes, key_type ); 5396 5397 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5398 &key ) ); 5399 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 5400 key_bits = psa_get_key_bits( &attributes ); 5401 5402 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); 5403 TEST_ASSERT( signature_size != 0 ); 5404 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); 5405 ASSERT_ALLOC( signature, signature_size ); 5406 5407 PSA_ASSERT( psa_sign_message( key, alg, 5408 input_data->x, input_data->len, 5409 signature, signature_size, 5410 &signature_length ) ); 5411 TEST_ASSERT( signature_length <= signature_size ); 5412 TEST_ASSERT( signature_length > 0 ); 5413 5414 PSA_ASSERT( psa_verify_message( key, alg, 5415 input_data->x, input_data->len, 5416 signature, signature_length ) ); 5417 5418 if( input_data->len != 0 ) 5419 { 5420 /* Flip a bit in the input and verify that the signature is now 5421 * detected as invalid. Flip a bit at the beginning, not at the end, 5422 * because ECDSA may ignore the last few bits of the input. */ 5423 input_data->x[0] ^= 1; 5424 TEST_EQUAL( psa_verify_message( key, alg, 5425 input_data->x, input_data->len, 5426 signature, signature_length ), 5427 PSA_ERROR_INVALID_SIGNATURE ); 5428 } 5429 5430exit: 5431 psa_reset_key_attributes( &attributes ); 5432 5433 psa_destroy_key( key ); 5434 mbedtls_free( signature ); 5435 PSA_DONE( ); 5436} 5437/* END_CASE */ 5438 5439/* BEGIN_CASE */ 5440void verify_message( int key_type_arg, 5441 data_t *key_data, 5442 int alg_arg, 5443 data_t *input_data, 5444 data_t *signature_data ) 5445{ 5446 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5447 psa_key_type_t key_type = key_type_arg; 5448 psa_algorithm_t alg = alg_arg; 5449 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5450 5451 TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE ); 5452 5453 PSA_ASSERT( psa_crypto_init( ) ); 5454 5455 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE ); 5456 psa_set_key_algorithm( &attributes, alg ); 5457 psa_set_key_type( &attributes, key_type ); 5458 5459 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5460 &key ) ); 5461 5462 PSA_ASSERT( psa_verify_message( key, alg, 5463 input_data->x, input_data->len, 5464 signature_data->x, signature_data->len ) ); 5465 5466exit: 5467 psa_reset_key_attributes( &attributes ); 5468 psa_destroy_key( key ); 5469 PSA_DONE( ); 5470} 5471/* END_CASE */ 5472 5473/* BEGIN_CASE */ 5474void verify_message_fail( int key_type_arg, 5475 data_t *key_data, 5476 int alg_arg, 5477 data_t *hash_data, 5478 data_t *signature_data, 5479 int expected_status_arg ) 5480{ 5481 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5482 psa_key_type_t key_type = key_type_arg; 5483 psa_algorithm_t alg = alg_arg; 5484 psa_status_t actual_status; 5485 psa_status_t expected_status = expected_status_arg; 5486 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5487 5488 PSA_ASSERT( psa_crypto_init( ) ); 5489 5490 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE ); 5491 psa_set_key_algorithm( &attributes, alg ); 5492 psa_set_key_type( &attributes, key_type ); 5493 5494 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5495 &key ) ); 5496 5497 actual_status = psa_verify_message( key, alg, 5498 hash_data->x, hash_data->len, 5499 signature_data->x, 5500 signature_data->len ); 5501 TEST_EQUAL( actual_status, expected_status ); 5502 5503exit: 5504 psa_reset_key_attributes( &attributes ); 5505 psa_destroy_key( key ); 5506 PSA_DONE( ); 5507} 5508/* END_CASE */ 5509 5510/* BEGIN_CASE */ 5511void asymmetric_encrypt( int key_type_arg, 5512 data_t *key_data, 5513 int alg_arg, 5514 data_t *input_data, 5515 data_t *label, 5516 int expected_output_length_arg, 5517 int expected_status_arg ) 5518{ 5519 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5520 psa_key_type_t key_type = key_type_arg; 5521 psa_algorithm_t alg = alg_arg; 5522 size_t expected_output_length = expected_output_length_arg; 5523 size_t key_bits; 5524 unsigned char *output = NULL; 5525 size_t output_size; 5526 size_t output_length = ~0; 5527 psa_status_t actual_status; 5528 psa_status_t expected_status = expected_status_arg; 5529 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5530 5531 PSA_ASSERT( psa_crypto_init( ) ); 5532 5533 /* Import the key */ 5534 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); 5535 psa_set_key_algorithm( &attributes, alg ); 5536 psa_set_key_type( &attributes, key_type ); 5537 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5538 &key ) ); 5539 5540 /* Determine the maximum output length */ 5541 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 5542 key_bits = psa_get_key_bits( &attributes ); 5543 5544 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); 5545 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE ); 5546 ASSERT_ALLOC( output, output_size ); 5547 5548 /* Encrypt the input */ 5549 actual_status = psa_asymmetric_encrypt( key, alg, 5550 input_data->x, input_data->len, 5551 label->x, label->len, 5552 output, output_size, 5553 &output_length ); 5554 TEST_EQUAL( actual_status, expected_status ); 5555 TEST_EQUAL( output_length, expected_output_length ); 5556 5557 /* If the label is empty, the test framework puts a non-null pointer 5558 * in label->x. Test that a null pointer works as well. */ 5559 if( label->len == 0 ) 5560 { 5561 output_length = ~0; 5562 if( output_size != 0 ) 5563 memset( output, 0, output_size ); 5564 actual_status = psa_asymmetric_encrypt( key, alg, 5565 input_data->x, input_data->len, 5566 NULL, label->len, 5567 output, output_size, 5568 &output_length ); 5569 TEST_EQUAL( actual_status, expected_status ); 5570 TEST_EQUAL( output_length, expected_output_length ); 5571 } 5572 5573exit: 5574 /* 5575 * Key attributes may have been returned by psa_get_key_attributes() 5576 * thus reset them as required. 5577 */ 5578 psa_reset_key_attributes( &attributes ); 5579 5580 psa_destroy_key( key ); 5581 mbedtls_free( output ); 5582 PSA_DONE( ); 5583} 5584/* END_CASE */ 5585 5586/* BEGIN_CASE */ 5587void asymmetric_encrypt_decrypt( int key_type_arg, 5588 data_t *key_data, 5589 int alg_arg, 5590 data_t *input_data, 5591 data_t *label ) 5592{ 5593 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5594 psa_key_type_t key_type = key_type_arg; 5595 psa_algorithm_t alg = alg_arg; 5596 size_t key_bits; 5597 unsigned char *output = NULL; 5598 size_t output_size; 5599 size_t output_length = ~0; 5600 unsigned char *output2 = NULL; 5601 size_t output2_size; 5602 size_t output2_length = ~0; 5603 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5604 5605 PSA_ASSERT( psa_crypto_init( ) ); 5606 5607 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); 5608 psa_set_key_algorithm( &attributes, alg ); 5609 psa_set_key_type( &attributes, key_type ); 5610 5611 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5612 &key ) ); 5613 5614 /* Determine the maximum ciphertext length */ 5615 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 5616 key_bits = psa_get_key_bits( &attributes ); 5617 5618 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); 5619 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE ); 5620 ASSERT_ALLOC( output, output_size ); 5621 5622 output2_size = input_data->len; 5623 TEST_ASSERT( output2_size <= 5624 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) ); 5625 TEST_ASSERT( output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE ); 5626 ASSERT_ALLOC( output2, output2_size ); 5627 5628 /* We test encryption by checking that encrypt-then-decrypt gives back 5629 * the original plaintext because of the non-optional random 5630 * part of encryption process which prevents using fixed vectors. */ 5631 PSA_ASSERT( psa_asymmetric_encrypt( key, alg, 5632 input_data->x, input_data->len, 5633 label->x, label->len, 5634 output, output_size, 5635 &output_length ) ); 5636 /* We don't know what ciphertext length to expect, but check that 5637 * it looks sensible. */ 5638 TEST_ASSERT( output_length <= output_size ); 5639 5640 PSA_ASSERT( psa_asymmetric_decrypt( key, alg, 5641 output, output_length, 5642 label->x, label->len, 5643 output2, output2_size, 5644 &output2_length ) ); 5645 ASSERT_COMPARE( input_data->x, input_data->len, 5646 output2, output2_length ); 5647 5648exit: 5649 /* 5650 * Key attributes may have been returned by psa_get_key_attributes() 5651 * thus reset them as required. 5652 */ 5653 psa_reset_key_attributes( &attributes ); 5654 5655 psa_destroy_key( key ); 5656 mbedtls_free( output ); 5657 mbedtls_free( output2 ); 5658 PSA_DONE( ); 5659} 5660/* END_CASE */ 5661 5662/* BEGIN_CASE */ 5663void asymmetric_decrypt( int key_type_arg, 5664 data_t *key_data, 5665 int alg_arg, 5666 data_t *input_data, 5667 data_t *label, 5668 data_t *expected_data ) 5669{ 5670 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5671 psa_key_type_t key_type = key_type_arg; 5672 psa_algorithm_t alg = alg_arg; 5673 size_t key_bits; 5674 unsigned char *output = NULL; 5675 size_t output_size = 0; 5676 size_t output_length = ~0; 5677 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5678 5679 PSA_ASSERT( psa_crypto_init( ) ); 5680 5681 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 5682 psa_set_key_algorithm( &attributes, alg ); 5683 psa_set_key_type( &attributes, key_type ); 5684 5685 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5686 &key ) ); 5687 5688 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 5689 key_bits = psa_get_key_bits( &attributes ); 5690 5691 /* Determine the maximum ciphertext length */ 5692 output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); 5693 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE ); 5694 ASSERT_ALLOC( output, output_size ); 5695 5696 PSA_ASSERT( psa_asymmetric_decrypt( key, alg, 5697 input_data->x, input_data->len, 5698 label->x, label->len, 5699 output, 5700 output_size, 5701 &output_length ) ); 5702 ASSERT_COMPARE( expected_data->x, expected_data->len, 5703 output, output_length ); 5704 5705 /* If the label is empty, the test framework puts a non-null pointer 5706 * in label->x. Test that a null pointer works as well. */ 5707 if( label->len == 0 ) 5708 { 5709 output_length = ~0; 5710 if( output_size != 0 ) 5711 memset( output, 0, output_size ); 5712 PSA_ASSERT( psa_asymmetric_decrypt( key, alg, 5713 input_data->x, input_data->len, 5714 NULL, label->len, 5715 output, 5716 output_size, 5717 &output_length ) ); 5718 ASSERT_COMPARE( expected_data->x, expected_data->len, 5719 output, output_length ); 5720 } 5721 5722exit: 5723 psa_reset_key_attributes( &attributes ); 5724 psa_destroy_key( key ); 5725 mbedtls_free( output ); 5726 PSA_DONE( ); 5727} 5728/* END_CASE */ 5729 5730/* BEGIN_CASE */ 5731void asymmetric_decrypt_fail( int key_type_arg, 5732 data_t *key_data, 5733 int alg_arg, 5734 data_t *input_data, 5735 data_t *label, 5736 int output_size_arg, 5737 int expected_status_arg ) 5738{ 5739 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5740 psa_key_type_t key_type = key_type_arg; 5741 psa_algorithm_t alg = alg_arg; 5742 unsigned char *output = NULL; 5743 size_t output_size = output_size_arg; 5744 size_t output_length = ~0; 5745 psa_status_t actual_status; 5746 psa_status_t expected_status = expected_status_arg; 5747 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5748 5749 ASSERT_ALLOC( output, output_size ); 5750 5751 PSA_ASSERT( psa_crypto_init( ) ); 5752 5753 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); 5754 psa_set_key_algorithm( &attributes, alg ); 5755 psa_set_key_type( &attributes, key_type ); 5756 5757 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 5758 &key ) ); 5759 5760 actual_status = psa_asymmetric_decrypt( key, alg, 5761 input_data->x, input_data->len, 5762 label->x, label->len, 5763 output, output_size, 5764 &output_length ); 5765 TEST_EQUAL( actual_status, expected_status ); 5766 TEST_ASSERT( output_length <= output_size ); 5767 5768 /* If the label is empty, the test framework puts a non-null pointer 5769 * in label->x. Test that a null pointer works as well. */ 5770 if( label->len == 0 ) 5771 { 5772 output_length = ~0; 5773 if( output_size != 0 ) 5774 memset( output, 0, output_size ); 5775 actual_status = psa_asymmetric_decrypt( key, alg, 5776 input_data->x, input_data->len, 5777 NULL, label->len, 5778 output, output_size, 5779 &output_length ); 5780 TEST_EQUAL( actual_status, expected_status ); 5781 TEST_ASSERT( output_length <= output_size ); 5782 } 5783 5784exit: 5785 psa_reset_key_attributes( &attributes ); 5786 psa_destroy_key( key ); 5787 mbedtls_free( output ); 5788 PSA_DONE( ); 5789} 5790/* END_CASE */ 5791 5792/* BEGIN_CASE */ 5793void key_derivation_init( ) 5794{ 5795 /* Test each valid way of initializing the object, except for `= {0}`, as 5796 * Clang 5 complains when `-Wmissing-field-initializers` is used, even 5797 * though it's OK by the C standard. We could test for this, but we'd need 5798 * to supress the Clang warning for the test. */ 5799 size_t capacity; 5800 psa_key_derivation_operation_t func = psa_key_derivation_operation_init( ); 5801 psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT; 5802 psa_key_derivation_operation_t zero; 5803 5804 memset( &zero, 0, sizeof( zero ) ); 5805 5806 /* A default operation should not be able to report its capacity. */ 5807 TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ), 5808 PSA_ERROR_BAD_STATE ); 5809 TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ), 5810 PSA_ERROR_BAD_STATE ); 5811 TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ), 5812 PSA_ERROR_BAD_STATE ); 5813 5814 /* A default operation should be abortable without error. */ 5815 PSA_ASSERT( psa_key_derivation_abort(&func) ); 5816 PSA_ASSERT( psa_key_derivation_abort(&init) ); 5817 PSA_ASSERT( psa_key_derivation_abort(&zero) ); 5818} 5819/* END_CASE */ 5820 5821/* BEGIN_CASE */ 5822void derive_setup( int alg_arg, int expected_status_arg ) 5823{ 5824 psa_algorithm_t alg = alg_arg; 5825 psa_status_t expected_status = expected_status_arg; 5826 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 5827 5828 PSA_ASSERT( psa_crypto_init( ) ); 5829 5830 TEST_EQUAL( psa_key_derivation_setup( &operation, alg ), 5831 expected_status ); 5832 5833exit: 5834 psa_key_derivation_abort( &operation ); 5835 PSA_DONE( ); 5836} 5837/* END_CASE */ 5838 5839/* BEGIN_CASE */ 5840void derive_set_capacity( int alg_arg, int capacity_arg, 5841 int expected_status_arg ) 5842{ 5843 psa_algorithm_t alg = alg_arg; 5844 size_t capacity = capacity_arg; 5845 psa_status_t expected_status = expected_status_arg; 5846 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 5847 5848 PSA_ASSERT( psa_crypto_init( ) ); 5849 5850 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); 5851 5852 TEST_EQUAL( psa_key_derivation_set_capacity( &operation, capacity ), 5853 expected_status ); 5854 5855exit: 5856 psa_key_derivation_abort( &operation ); 5857 PSA_DONE( ); 5858} 5859/* END_CASE */ 5860 5861/* BEGIN_CASE */ 5862void derive_input( int alg_arg, 5863 int step_arg1, int key_type_arg1, data_t *input1, 5864 int expected_status_arg1, 5865 int step_arg2, int key_type_arg2, data_t *input2, 5866 int expected_status_arg2, 5867 int step_arg3, int key_type_arg3, data_t *input3, 5868 int expected_status_arg3, 5869 int output_key_type_arg, int expected_output_status_arg ) 5870{ 5871 psa_algorithm_t alg = alg_arg; 5872 psa_key_derivation_step_t steps[] = {step_arg1, step_arg2, step_arg3}; 5873 psa_key_type_t key_types[] = {key_type_arg1, key_type_arg2, key_type_arg3}; 5874 psa_status_t expected_statuses[] = {expected_status_arg1, 5875 expected_status_arg2, 5876 expected_status_arg3}; 5877 data_t *inputs[] = {input1, input2, input3}; 5878 mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, 5879 MBEDTLS_SVC_KEY_ID_INIT, 5880 MBEDTLS_SVC_KEY_ID_INIT }; 5881 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 5882 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5883 size_t i; 5884 psa_key_type_t output_key_type = output_key_type_arg; 5885 mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT; 5886 psa_status_t expected_output_status = expected_output_status_arg; 5887 psa_status_t actual_output_status; 5888 5889 PSA_ASSERT( psa_crypto_init( ) ); 5890 5891 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 5892 psa_set_key_algorithm( &attributes, alg ); 5893 5894 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); 5895 5896 for( i = 0; i < ARRAY_LENGTH( steps ); i++ ) 5897 { 5898 mbedtls_test_set_step( i ); 5899 if( steps[i] == 0 ) 5900 { 5901 /* Skip this step */ 5902 } 5903 else if( key_types[i] != PSA_KEY_TYPE_NONE ) 5904 { 5905 psa_set_key_type( &attributes, key_types[i] ); 5906 PSA_ASSERT( psa_import_key( &attributes, 5907 inputs[i]->x, inputs[i]->len, 5908 &keys[i] ) ); 5909 if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) && 5910 steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET ) 5911 { 5912 // When taking a private key as secret input, use key agreement 5913 // to add the shared secret to the derivation 5914 TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self( 5915 &operation, keys[i] ), 5916 expected_statuses[i] ); 5917 } 5918 else 5919 { 5920 TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i], 5921 keys[i] ), 5922 expected_statuses[i] ); 5923 } 5924 } 5925 else 5926 { 5927 TEST_EQUAL( psa_key_derivation_input_bytes( 5928 &operation, steps[i], 5929 inputs[i]->x, inputs[i]->len ), 5930 expected_statuses[i] ); 5931 } 5932 } 5933 5934 if( output_key_type != PSA_KEY_TYPE_NONE ) 5935 { 5936 psa_reset_key_attributes( &attributes ); 5937 psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); 5938 psa_set_key_bits( &attributes, 8 ); 5939 actual_output_status = 5940 psa_key_derivation_output_key( &attributes, &operation, 5941 &output_key ); 5942 } 5943 else 5944 { 5945 uint8_t buffer[1]; 5946 actual_output_status = 5947 psa_key_derivation_output_bytes( &operation, 5948 buffer, sizeof( buffer ) ); 5949 } 5950 TEST_EQUAL( actual_output_status, expected_output_status ); 5951 5952exit: 5953 psa_key_derivation_abort( &operation ); 5954 for( i = 0; i < ARRAY_LENGTH( keys ); i++ ) 5955 psa_destroy_key( keys[i] ); 5956 psa_destroy_key( output_key ); 5957 PSA_DONE( ); 5958} 5959/* END_CASE */ 5960 5961/* BEGIN_CASE */ 5962void derive_over_capacity( int alg_arg ) 5963{ 5964 psa_algorithm_t alg = alg_arg; 5965 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5966 size_t key_type = PSA_KEY_TYPE_DERIVE; 5967 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 5968 unsigned char input1[] = "Input 1"; 5969 size_t input1_length = sizeof( input1 ); 5970 unsigned char input2[] = "Input 2"; 5971 size_t input2_length = sizeof( input2 ); 5972 uint8_t buffer[42]; 5973 size_t capacity = sizeof( buffer ); 5974 const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 5975 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 5976 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}; 5977 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5978 5979 PSA_ASSERT( psa_crypto_init( ) ); 5980 5981 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 5982 psa_set_key_algorithm( &attributes, alg ); 5983 psa_set_key_type( &attributes, key_type ); 5984 5985 PSA_ASSERT( psa_import_key( &attributes, 5986 key_data, sizeof( key_data ), 5987 &key ) ); 5988 5989 /* valid key derivation */ 5990 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, 5991 input1, input1_length, 5992 input2, input2_length, 5993 capacity ) ) 5994 goto exit; 5995 5996 /* state of operation shouldn't allow additional generation */ 5997 TEST_EQUAL( psa_key_derivation_setup( &operation, alg ), 5998 PSA_ERROR_BAD_STATE ); 5999 6000 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) ); 6001 6002 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ), 6003 PSA_ERROR_INSUFFICIENT_DATA ); 6004 6005exit: 6006 psa_key_derivation_abort( &operation ); 6007 psa_destroy_key( key ); 6008 PSA_DONE( ); 6009} 6010/* END_CASE */ 6011 6012/* BEGIN_CASE */ 6013void derive_actions_without_setup( ) 6014{ 6015 uint8_t output_buffer[16]; 6016 size_t buffer_size = 16; 6017 size_t capacity = 0; 6018 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 6019 6020 TEST_ASSERT( psa_key_derivation_output_bytes( &operation, 6021 output_buffer, buffer_size ) 6022 == PSA_ERROR_BAD_STATE ); 6023 6024 TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity ) 6025 == PSA_ERROR_BAD_STATE ); 6026 6027 PSA_ASSERT( psa_key_derivation_abort( &operation ) ); 6028 6029 TEST_ASSERT( psa_key_derivation_output_bytes( &operation, 6030 output_buffer, buffer_size ) 6031 == PSA_ERROR_BAD_STATE ); 6032 6033 TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity ) 6034 == PSA_ERROR_BAD_STATE ); 6035 6036exit: 6037 psa_key_derivation_abort( &operation ); 6038} 6039/* END_CASE */ 6040 6041/* BEGIN_CASE */ 6042void derive_output( int alg_arg, 6043 int step1_arg, data_t *input1, 6044 int step2_arg, data_t *input2, 6045 int step3_arg, data_t *input3, 6046 int requested_capacity_arg, 6047 data_t *expected_output1, 6048 data_t *expected_output2 ) 6049{ 6050 psa_algorithm_t alg = alg_arg; 6051 psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg}; 6052 data_t *inputs[] = {input1, input2, input3}; 6053 mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, 6054 MBEDTLS_SVC_KEY_ID_INIT, 6055 MBEDTLS_SVC_KEY_ID_INIT }; 6056 size_t requested_capacity = requested_capacity_arg; 6057 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 6058 uint8_t *expected_outputs[2] = 6059 {expected_output1->x, expected_output2->x}; 6060 size_t output_sizes[2] = 6061 {expected_output1->len, expected_output2->len}; 6062 size_t output_buffer_size = 0; 6063 uint8_t *output_buffer = NULL; 6064 size_t expected_capacity; 6065 size_t current_capacity; 6066 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6067 psa_status_t status; 6068 size_t i; 6069 6070 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ ) 6071 { 6072 if( output_sizes[i] > output_buffer_size ) 6073 output_buffer_size = output_sizes[i]; 6074 if( output_sizes[i] == 0 ) 6075 expected_outputs[i] = NULL; 6076 } 6077 ASSERT_ALLOC( output_buffer, output_buffer_size ); 6078 PSA_ASSERT( psa_crypto_init( ) ); 6079 6080 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 6081 psa_set_key_algorithm( &attributes, alg ); 6082 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); 6083 6084 /* Extraction phase. */ 6085 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); 6086 PSA_ASSERT( psa_key_derivation_set_capacity( &operation, 6087 requested_capacity ) ); 6088 for( i = 0; i < ARRAY_LENGTH( steps ); i++ ) 6089 { 6090 switch( steps[i] ) 6091 { 6092 case 0: 6093 break; 6094 case PSA_KEY_DERIVATION_INPUT_SECRET: 6095 PSA_ASSERT( psa_import_key( &attributes, 6096 inputs[i]->x, inputs[i]->len, 6097 &keys[i] ) ); 6098 6099 if ( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) 6100 { 6101 PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes ) ); 6102 TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes ) ) <= 6103 PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE ); 6104 } 6105 6106 PSA_ASSERT( psa_key_derivation_input_key( 6107 &operation, steps[i], keys[i] ) ); 6108 break; 6109 default: 6110 PSA_ASSERT( psa_key_derivation_input_bytes( 6111 &operation, steps[i], 6112 inputs[i]->x, inputs[i]->len ) ); 6113 break; 6114 } 6115 } 6116 6117 PSA_ASSERT( psa_key_derivation_get_capacity( &operation, 6118 ¤t_capacity ) ); 6119 TEST_EQUAL( current_capacity, requested_capacity ); 6120 expected_capacity = requested_capacity; 6121 6122 /* Expansion phase. */ 6123 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ ) 6124 { 6125 /* Read some bytes. */ 6126 status = psa_key_derivation_output_bytes( &operation, 6127 output_buffer, output_sizes[i] ); 6128 if( expected_capacity == 0 && output_sizes[i] == 0 ) 6129 { 6130 /* Reading 0 bytes when 0 bytes are available can go either way. */ 6131 TEST_ASSERT( status == PSA_SUCCESS || 6132 status == PSA_ERROR_INSUFFICIENT_DATA ); 6133 continue; 6134 } 6135 else if( expected_capacity == 0 || 6136 output_sizes[i] > expected_capacity ) 6137 { 6138 /* Capacity exceeded. */ 6139 TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA ); 6140 expected_capacity = 0; 6141 continue; 6142 } 6143 /* Success. Check the read data. */ 6144 PSA_ASSERT( status ); 6145 if( output_sizes[i] != 0 ) 6146 ASSERT_COMPARE( output_buffer, output_sizes[i], 6147 expected_outputs[i], output_sizes[i] ); 6148 /* Check the operation status. */ 6149 expected_capacity -= output_sizes[i]; 6150 PSA_ASSERT( psa_key_derivation_get_capacity( &operation, 6151 ¤t_capacity ) ); 6152 TEST_EQUAL( expected_capacity, current_capacity ); 6153 } 6154 PSA_ASSERT( psa_key_derivation_abort( &operation ) ); 6155 6156exit: 6157 mbedtls_free( output_buffer ); 6158 psa_key_derivation_abort( &operation ); 6159 for( i = 0; i < ARRAY_LENGTH( keys ); i++ ) 6160 psa_destroy_key( keys[i] ); 6161 PSA_DONE( ); 6162} 6163/* END_CASE */ 6164 6165/* BEGIN_CASE */ 6166void derive_full( int alg_arg, 6167 data_t *key_data, 6168 data_t *input1, 6169 data_t *input2, 6170 int requested_capacity_arg ) 6171{ 6172 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 6173 psa_algorithm_t alg = alg_arg; 6174 size_t requested_capacity = requested_capacity_arg; 6175 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 6176 unsigned char output_buffer[16]; 6177 size_t expected_capacity = requested_capacity; 6178 size_t current_capacity; 6179 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6180 6181 PSA_ASSERT( psa_crypto_init( ) ); 6182 6183 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 6184 psa_set_key_algorithm( &attributes, alg ); 6185 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); 6186 6187 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 6188 &key ) ); 6189 6190 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, 6191 input1->x, input1->len, 6192 input2->x, input2->len, 6193 requested_capacity ) ) 6194 goto exit; 6195 6196 PSA_ASSERT( psa_key_derivation_get_capacity( &operation, 6197 ¤t_capacity ) ); 6198 TEST_EQUAL( current_capacity, expected_capacity ); 6199 6200 /* Expansion phase. */ 6201 while( current_capacity > 0 ) 6202 { 6203 size_t read_size = sizeof( output_buffer ); 6204 if( read_size > current_capacity ) 6205 read_size = current_capacity; 6206 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 6207 output_buffer, 6208 read_size ) ); 6209 expected_capacity -= read_size; 6210 PSA_ASSERT( psa_key_derivation_get_capacity( &operation, 6211 ¤t_capacity ) ); 6212 TEST_EQUAL( current_capacity, expected_capacity ); 6213 } 6214 6215 /* Check that the operation refuses to go over capacity. */ 6216 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ), 6217 PSA_ERROR_INSUFFICIENT_DATA ); 6218 6219 PSA_ASSERT( psa_key_derivation_abort( &operation ) ); 6220 6221exit: 6222 psa_key_derivation_abort( &operation ); 6223 psa_destroy_key( key ); 6224 PSA_DONE( ); 6225} 6226/* END_CASE */ 6227 6228/* BEGIN_CASE */ 6229void derive_key_exercise( int alg_arg, 6230 data_t *key_data, 6231 data_t *input1, 6232 data_t *input2, 6233 int derived_type_arg, 6234 int derived_bits_arg, 6235 int derived_usage_arg, 6236 int derived_alg_arg ) 6237{ 6238 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 6239 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 6240 psa_algorithm_t alg = alg_arg; 6241 psa_key_type_t derived_type = derived_type_arg; 6242 size_t derived_bits = derived_bits_arg; 6243 psa_key_usage_t derived_usage = derived_usage_arg; 6244 psa_algorithm_t derived_alg = derived_alg_arg; 6245 size_t capacity = PSA_BITS_TO_BYTES( derived_bits ); 6246 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 6247 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6248 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 6249 6250 PSA_ASSERT( psa_crypto_init( ) ); 6251 6252 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 6253 psa_set_key_algorithm( &attributes, alg ); 6254 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); 6255 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, 6256 &base_key ) ); 6257 6258 /* Derive a key. */ 6259 if ( mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, 6260 input1->x, input1->len, 6261 input2->x, input2->len, 6262 capacity ) ) 6263 goto exit; 6264 6265 psa_set_key_usage_flags( &attributes, derived_usage ); 6266 psa_set_key_algorithm( &attributes, derived_alg ); 6267 psa_set_key_type( &attributes, derived_type ); 6268 psa_set_key_bits( &attributes, derived_bits ); 6269 PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, 6270 &derived_key ) ); 6271 6272 /* Test the key information */ 6273 PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) ); 6274 TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type ); 6275 TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits ); 6276 6277 /* Exercise the derived key. */ 6278 if( ! mbedtls_test_psa_exercise_key( derived_key, derived_usage, derived_alg ) ) 6279 goto exit; 6280 6281exit: 6282 /* 6283 * Key attributes may have been returned by psa_get_key_attributes() 6284 * thus reset them as required. 6285 */ 6286 psa_reset_key_attributes( &got_attributes ); 6287 6288 psa_key_derivation_abort( &operation ); 6289 psa_destroy_key( base_key ); 6290 psa_destroy_key( derived_key ); 6291 PSA_DONE( ); 6292} 6293/* END_CASE */ 6294 6295/* BEGIN_CASE */ 6296void derive_key_export( int alg_arg, 6297 data_t *key_data, 6298 data_t *input1, 6299 data_t *input2, 6300 int bytes1_arg, 6301 int bytes2_arg ) 6302{ 6303 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 6304 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 6305 psa_algorithm_t alg = alg_arg; 6306 size_t bytes1 = bytes1_arg; 6307 size_t bytes2 = bytes2_arg; 6308 size_t capacity = bytes1 + bytes2; 6309 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 6310 uint8_t *output_buffer = NULL; 6311 uint8_t *export_buffer = NULL; 6312 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 6313 psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; 6314 size_t length; 6315 6316 ASSERT_ALLOC( output_buffer, capacity ); 6317 ASSERT_ALLOC( export_buffer, capacity ); 6318 PSA_ASSERT( psa_crypto_init( ) ); 6319 6320 psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE ); 6321 psa_set_key_algorithm( &base_attributes, alg ); 6322 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); 6323 PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, 6324 &base_key ) ); 6325 6326 /* Derive some material and output it. */ 6327 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, 6328 input1->x, input1->len, 6329 input2->x, input2->len, 6330 capacity ) ) 6331 goto exit; 6332 6333 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 6334 output_buffer, 6335 capacity ) ); 6336 PSA_ASSERT( psa_key_derivation_abort( &operation ) ); 6337 6338 /* Derive the same output again, but this time store it in key objects. */ 6339 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, 6340 input1->x, input1->len, 6341 input2->x, input2->len, 6342 capacity ) ) 6343 goto exit; 6344 6345 psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT ); 6346 psa_set_key_algorithm( &derived_attributes, 0 ); 6347 psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA ); 6348 psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) ); 6349 PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, 6350 &derived_key ) ); 6351 PSA_ASSERT( psa_export_key( derived_key, 6352 export_buffer, bytes1, 6353 &length ) ); 6354 TEST_EQUAL( length, bytes1 ); 6355 PSA_ASSERT( psa_destroy_key( derived_key ) ); 6356 psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) ); 6357 PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, 6358 &derived_key ) ); 6359 PSA_ASSERT( psa_export_key( derived_key, 6360 export_buffer + bytes1, bytes2, 6361 &length ) ); 6362 TEST_EQUAL( length, bytes2 ); 6363 6364 /* Compare the outputs from the two runs. */ 6365 ASSERT_COMPARE( output_buffer, bytes1 + bytes2, 6366 export_buffer, capacity ); 6367 6368exit: 6369 mbedtls_free( output_buffer ); 6370 mbedtls_free( export_buffer ); 6371 psa_key_derivation_abort( &operation ); 6372 psa_destroy_key( base_key ); 6373 psa_destroy_key( derived_key ); 6374 PSA_DONE( ); 6375} 6376/* END_CASE */ 6377 6378/* BEGIN_CASE */ 6379void derive_key( int alg_arg, 6380 data_t *key_data, data_t *input1, data_t *input2, 6381 int type_arg, int bits_arg, 6382 int expected_status_arg, 6383 int is_large_output ) 6384{ 6385 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 6386 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 6387 psa_algorithm_t alg = alg_arg; 6388 psa_key_type_t type = type_arg; 6389 size_t bits = bits_arg; 6390 psa_status_t expected_status = expected_status_arg; 6391 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 6392 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 6393 psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; 6394 6395 PSA_ASSERT( psa_crypto_init( ) ); 6396 6397 psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE ); 6398 psa_set_key_algorithm( &base_attributes, alg ); 6399 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); 6400 PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, 6401 &base_key ) ); 6402 6403 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg, 6404 input1->x, input1->len, 6405 input2->x, input2->len, 6406 SIZE_MAX ) ) 6407 goto exit; 6408 6409 psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT ); 6410 psa_set_key_algorithm( &derived_attributes, 0 ); 6411 psa_set_key_type( &derived_attributes, type ); 6412 psa_set_key_bits( &derived_attributes, bits ); 6413 6414 psa_status_t status = 6415 psa_key_derivation_output_key( &derived_attributes, 6416 &operation, 6417 &derived_key ); 6418 if( is_large_output > 0 ) 6419 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY ); 6420 TEST_EQUAL( status, expected_status ); 6421 6422exit: 6423 psa_key_derivation_abort( &operation ); 6424 psa_destroy_key( base_key ); 6425 psa_destroy_key( derived_key ); 6426 PSA_DONE( ); 6427} 6428/* END_CASE */ 6429 6430/* BEGIN_CASE */ 6431void key_agreement_setup( int alg_arg, 6432 int our_key_type_arg, int our_key_alg_arg, 6433 data_t *our_key_data, data_t *peer_key_data, 6434 int expected_status_arg ) 6435{ 6436 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 6437 psa_algorithm_t alg = alg_arg; 6438 psa_algorithm_t our_key_alg = our_key_alg_arg; 6439 psa_key_type_t our_key_type = our_key_type_arg; 6440 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 6441 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6442 psa_status_t expected_status = expected_status_arg; 6443 psa_status_t status; 6444 6445 PSA_ASSERT( psa_crypto_init( ) ); 6446 6447 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 6448 psa_set_key_algorithm( &attributes, our_key_alg ); 6449 psa_set_key_type( &attributes, our_key_type ); 6450 PSA_ASSERT( psa_import_key( &attributes, 6451 our_key_data->x, our_key_data->len, 6452 &our_key ) ); 6453 6454 /* The tests currently include inputs that should fail at either step. 6455 * Test cases that fail at the setup step should be changed to call 6456 * key_derivation_setup instead, and this function should be renamed 6457 * to key_agreement_fail. */ 6458 status = psa_key_derivation_setup( &operation, alg ); 6459 if( status == PSA_SUCCESS ) 6460 { 6461 TEST_EQUAL( psa_key_derivation_key_agreement( 6462 &operation, PSA_KEY_DERIVATION_INPUT_SECRET, 6463 our_key, 6464 peer_key_data->x, peer_key_data->len ), 6465 expected_status ); 6466 } 6467 else 6468 { 6469 TEST_ASSERT( status == expected_status ); 6470 } 6471 6472exit: 6473 psa_key_derivation_abort( &operation ); 6474 psa_destroy_key( our_key ); 6475 PSA_DONE( ); 6476} 6477/* END_CASE */ 6478 6479/* BEGIN_CASE */ 6480void raw_key_agreement( int alg_arg, 6481 int our_key_type_arg, data_t *our_key_data, 6482 data_t *peer_key_data, 6483 data_t *expected_output ) 6484{ 6485 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 6486 psa_algorithm_t alg = alg_arg; 6487 psa_key_type_t our_key_type = our_key_type_arg; 6488 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6489 unsigned char *output = NULL; 6490 size_t output_length = ~0; 6491 size_t key_bits; 6492 6493 ASSERT_ALLOC( output, expected_output->len ); 6494 PSA_ASSERT( psa_crypto_init( ) ); 6495 6496 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 6497 psa_set_key_algorithm( &attributes, alg ); 6498 psa_set_key_type( &attributes, our_key_type ); 6499 PSA_ASSERT( psa_import_key( &attributes, 6500 our_key_data->x, our_key_data->len, 6501 &our_key ) ); 6502 6503 PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) ); 6504 key_bits = psa_get_key_bits( &attributes ); 6505 6506 PSA_ASSERT( psa_raw_key_agreement( alg, our_key, 6507 peer_key_data->x, peer_key_data->len, 6508 output, expected_output->len, 6509 &output_length ) ); 6510 ASSERT_COMPARE( output, output_length, 6511 expected_output->x, expected_output->len ); 6512 TEST_ASSERT( output_length <= 6513 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) ); 6514 TEST_ASSERT( output_length <= 6515 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ); 6516 6517exit: 6518 mbedtls_free( output ); 6519 psa_destroy_key( our_key ); 6520 PSA_DONE( ); 6521} 6522/* END_CASE */ 6523 6524/* BEGIN_CASE */ 6525void key_agreement_capacity( int alg_arg, 6526 int our_key_type_arg, data_t *our_key_data, 6527 data_t *peer_key_data, 6528 int expected_capacity_arg ) 6529{ 6530 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 6531 psa_algorithm_t alg = alg_arg; 6532 psa_key_type_t our_key_type = our_key_type_arg; 6533 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 6534 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6535 size_t actual_capacity; 6536 unsigned char output[16]; 6537 6538 PSA_ASSERT( psa_crypto_init( ) ); 6539 6540 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 6541 psa_set_key_algorithm( &attributes, alg ); 6542 psa_set_key_type( &attributes, our_key_type ); 6543 PSA_ASSERT( psa_import_key( &attributes, 6544 our_key_data->x, our_key_data->len, 6545 &our_key ) ); 6546 6547 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); 6548 PSA_ASSERT( psa_key_derivation_key_agreement( 6549 &operation, 6550 PSA_KEY_DERIVATION_INPUT_SECRET, our_key, 6551 peer_key_data->x, peer_key_data->len ) ); 6552 if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) 6553 { 6554 /* The test data is for info="" */ 6555 PSA_ASSERT( psa_key_derivation_input_bytes( &operation, 6556 PSA_KEY_DERIVATION_INPUT_INFO, 6557 NULL, 0 ) ); 6558 } 6559 6560 /* Test the advertized capacity. */ 6561 PSA_ASSERT( psa_key_derivation_get_capacity( 6562 &operation, &actual_capacity ) ); 6563 TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg ); 6564 6565 /* Test the actual capacity by reading the output. */ 6566 while( actual_capacity > sizeof( output ) ) 6567 { 6568 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 6569 output, sizeof( output ) ) ); 6570 actual_capacity -= sizeof( output ); 6571 } 6572 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 6573 output, actual_capacity ) ); 6574 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ), 6575 PSA_ERROR_INSUFFICIENT_DATA ); 6576 6577exit: 6578 psa_key_derivation_abort( &operation ); 6579 psa_destroy_key( our_key ); 6580 PSA_DONE( ); 6581} 6582/* END_CASE */ 6583 6584/* BEGIN_CASE */ 6585void key_agreement_output( int alg_arg, 6586 int our_key_type_arg, data_t *our_key_data, 6587 data_t *peer_key_data, 6588 data_t *expected_output1, data_t *expected_output2 ) 6589{ 6590 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 6591 psa_algorithm_t alg = alg_arg; 6592 psa_key_type_t our_key_type = our_key_type_arg; 6593 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 6594 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6595 uint8_t *actual_output = NULL; 6596 6597 ASSERT_ALLOC( actual_output, MAX( expected_output1->len, 6598 expected_output2->len ) ); 6599 6600 PSA_ASSERT( psa_crypto_init( ) ); 6601 6602 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); 6603 psa_set_key_algorithm( &attributes, alg ); 6604 psa_set_key_type( &attributes, our_key_type ); 6605 PSA_ASSERT( psa_import_key( &attributes, 6606 our_key_data->x, our_key_data->len, 6607 &our_key ) ); 6608 6609 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); 6610 PSA_ASSERT( psa_key_derivation_key_agreement( 6611 &operation, 6612 PSA_KEY_DERIVATION_INPUT_SECRET, our_key, 6613 peer_key_data->x, peer_key_data->len ) ); 6614 if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) 6615 { 6616 /* The test data is for info="" */ 6617 PSA_ASSERT( psa_key_derivation_input_bytes( &operation, 6618 PSA_KEY_DERIVATION_INPUT_INFO, 6619 NULL, 0 ) ); 6620 } 6621 6622 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 6623 actual_output, 6624 expected_output1->len ) ); 6625 ASSERT_COMPARE( actual_output, expected_output1->len, 6626 expected_output1->x, expected_output1->len ); 6627 if( expected_output2->len != 0 ) 6628 { 6629 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, 6630 actual_output, 6631 expected_output2->len ) ); 6632 ASSERT_COMPARE( actual_output, expected_output2->len, 6633 expected_output2->x, expected_output2->len ); 6634 } 6635 6636exit: 6637 psa_key_derivation_abort( &operation ); 6638 psa_destroy_key( our_key ); 6639 PSA_DONE( ); 6640 mbedtls_free( actual_output ); 6641} 6642/* END_CASE */ 6643 6644/* BEGIN_CASE */ 6645void generate_random( int bytes_arg ) 6646{ 6647 size_t bytes = bytes_arg; 6648 unsigned char *output = NULL; 6649 unsigned char *changed = NULL; 6650 size_t i; 6651 unsigned run; 6652 6653 TEST_ASSERT( bytes_arg >= 0 ); 6654 6655 ASSERT_ALLOC( output, bytes ); 6656 ASSERT_ALLOC( changed, bytes ); 6657 6658 PSA_ASSERT( psa_crypto_init( ) ); 6659 6660 /* Run several times, to ensure that every output byte will be 6661 * nonzero at least once with overwhelming probability 6662 * (2^(-8*number_of_runs)). */ 6663 for( run = 0; run < 10; run++ ) 6664 { 6665 if( bytes != 0 ) 6666 memset( output, 0, bytes ); 6667 PSA_ASSERT( psa_generate_random( output, bytes ) ); 6668 6669 for( i = 0; i < bytes; i++ ) 6670 { 6671 if( output[i] != 0 ) 6672 ++changed[i]; 6673 } 6674 } 6675 6676 /* Check that every byte was changed to nonzero at least once. This 6677 * validates that psa_generate_random is overwriting every byte of 6678 * the output buffer. */ 6679 for( i = 0; i < bytes; i++ ) 6680 { 6681 TEST_ASSERT( changed[i] != 0 ); 6682 } 6683 6684exit: 6685 PSA_DONE( ); 6686 mbedtls_free( output ); 6687 mbedtls_free( changed ); 6688} 6689/* END_CASE */ 6690 6691/* BEGIN_CASE */ 6692void generate_key( int type_arg, 6693 int bits_arg, 6694 int usage_arg, 6695 int alg_arg, 6696 int expected_status_arg, 6697 int is_large_key ) 6698{ 6699 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 6700 psa_key_type_t type = type_arg; 6701 psa_key_usage_t usage = usage_arg; 6702 size_t bits = bits_arg; 6703 psa_algorithm_t alg = alg_arg; 6704 psa_status_t expected_status = expected_status_arg; 6705 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6706 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 6707 6708 PSA_ASSERT( psa_crypto_init( ) ); 6709 6710 psa_set_key_usage_flags( &attributes, usage ); 6711 psa_set_key_algorithm( &attributes, alg ); 6712 psa_set_key_type( &attributes, type ); 6713 psa_set_key_bits( &attributes, bits ); 6714 6715 /* Generate a key */ 6716 psa_status_t status = psa_generate_key( &attributes, &key ); 6717 6718 if( is_large_key > 0 ) 6719 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY ); 6720 TEST_EQUAL( status , expected_status ); 6721 if( expected_status != PSA_SUCCESS ) 6722 goto exit; 6723 6724 /* Test the key information */ 6725 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); 6726 TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); 6727 TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); 6728 6729 /* Do something with the key according to its type and permitted usage. */ 6730 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) 6731 goto exit; 6732 6733exit: 6734 /* 6735 * Key attributes may have been returned by psa_get_key_attributes() 6736 * thus reset them as required. 6737 */ 6738 psa_reset_key_attributes( &got_attributes ); 6739 6740 psa_destroy_key( key ); 6741 PSA_DONE( ); 6742} 6743/* END_CASE */ 6744 6745/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_GENPRIME */ 6746void generate_key_rsa( int bits_arg, 6747 data_t *e_arg, 6748 int expected_status_arg ) 6749{ 6750 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 6751 psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; 6752 size_t bits = bits_arg; 6753 psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; 6754 psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW; 6755 psa_status_t expected_status = expected_status_arg; 6756 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6757 uint8_t *exported = NULL; 6758 size_t exported_size = 6759 PSA_EXPORT_KEY_OUTPUT_SIZE( PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits ); 6760 size_t exported_length = SIZE_MAX; 6761 uint8_t *e_read_buffer = NULL; 6762 int is_default_public_exponent = 0; 6763 size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE( type, bits ); 6764 size_t e_read_length = SIZE_MAX; 6765 6766 if( e_arg->len == 0 || 6767 ( e_arg->len == 3 && 6768 e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1 ) ) 6769 { 6770 is_default_public_exponent = 1; 6771 e_read_size = 0; 6772 } 6773 ASSERT_ALLOC( e_read_buffer, e_read_size ); 6774 ASSERT_ALLOC( exported, exported_size ); 6775 6776 PSA_ASSERT( psa_crypto_init( ) ); 6777 6778 psa_set_key_usage_flags( &attributes, usage ); 6779 psa_set_key_algorithm( &attributes, alg ); 6780 PSA_ASSERT( psa_set_key_domain_parameters( &attributes, type, 6781 e_arg->x, e_arg->len ) ); 6782 psa_set_key_bits( &attributes, bits ); 6783 6784 /* Generate a key */ 6785 TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status ); 6786 if( expected_status != PSA_SUCCESS ) 6787 goto exit; 6788 6789 /* Test the key information */ 6790 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 6791 TEST_EQUAL( psa_get_key_type( &attributes ), type ); 6792 TEST_EQUAL( psa_get_key_bits( &attributes ), bits ); 6793 PSA_ASSERT( psa_get_key_domain_parameters( &attributes, 6794 e_read_buffer, e_read_size, 6795 &e_read_length ) ); 6796 if( is_default_public_exponent ) 6797 TEST_EQUAL( e_read_length, 0 ); 6798 else 6799 ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len ); 6800 6801 /* Do something with the key according to its type and permitted usage. */ 6802 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) ) 6803 goto exit; 6804 6805 /* Export the key and check the public exponent. */ 6806 PSA_ASSERT( psa_export_public_key( key, 6807 exported, exported_size, 6808 &exported_length ) ); 6809 { 6810 uint8_t *p = exported; 6811 uint8_t *end = exported + exported_length; 6812 size_t len; 6813 /* RSAPublicKey ::= SEQUENCE { 6814 * modulus INTEGER, -- n 6815 * publicExponent INTEGER } -- e 6816 */ 6817 TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len, 6818 MBEDTLS_ASN1_SEQUENCE | 6819 MBEDTLS_ASN1_CONSTRUCTED ) ); 6820 TEST_ASSERT( mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ); 6821 TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len, 6822 MBEDTLS_ASN1_INTEGER ) ); 6823 if( len >= 1 && p[0] == 0 ) 6824 { 6825 ++p; 6826 --len; 6827 } 6828 if( e_arg->len == 0 ) 6829 { 6830 TEST_EQUAL( len, 3 ); 6831 TEST_EQUAL( p[0], 1 ); 6832 TEST_EQUAL( p[1], 0 ); 6833 TEST_EQUAL( p[2], 1 ); 6834 } 6835 else 6836 ASSERT_COMPARE( p, len, e_arg->x, e_arg->len ); 6837 } 6838 6839exit: 6840 /* 6841 * Key attributes may have been returned by psa_get_key_attributes() or 6842 * set by psa_set_key_domain_parameters() thus reset them as required. 6843 */ 6844 psa_reset_key_attributes( &attributes ); 6845 6846 psa_destroy_key( key ); 6847 PSA_DONE( ); 6848 mbedtls_free( e_read_buffer ); 6849 mbedtls_free( exported ); 6850} 6851/* END_CASE */ 6852 6853/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ 6854void persistent_key_load_key_from_storage( data_t *data, 6855 int type_arg, int bits_arg, 6856 int usage_flags_arg, int alg_arg, 6857 int generation_method ) 6858{ 6859 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 ); 6860 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6861 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 6862 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 6863 psa_key_type_t type = type_arg; 6864 size_t bits = bits_arg; 6865 psa_key_usage_t usage_flags = usage_flags_arg; 6866 psa_algorithm_t alg = alg_arg; 6867 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 6868 unsigned char *first_export = NULL; 6869 unsigned char *second_export = NULL; 6870 size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ); 6871 size_t first_exported_length; 6872 size_t second_exported_length; 6873 6874 if( usage_flags & PSA_KEY_USAGE_EXPORT ) 6875 { 6876 ASSERT_ALLOC( first_export, export_size ); 6877 ASSERT_ALLOC( second_export, export_size ); 6878 } 6879 6880 PSA_ASSERT( psa_crypto_init() ); 6881 6882 psa_set_key_id( &attributes, key_id ); 6883 psa_set_key_usage_flags( &attributes, usage_flags ); 6884 psa_set_key_algorithm( &attributes, alg ); 6885 psa_set_key_type( &attributes, type ); 6886 psa_set_key_bits( &attributes, bits ); 6887 6888 switch( generation_method ) 6889 { 6890 case IMPORT_KEY: 6891 /* Import the key */ 6892 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, 6893 &key ) ); 6894 break; 6895 6896 case GENERATE_KEY: 6897 /* Generate a key */ 6898 PSA_ASSERT( psa_generate_key( &attributes, &key ) ); 6899 break; 6900 6901 case DERIVE_KEY: 6902#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256) 6903 { 6904 /* Create base key */ 6905 psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 ); 6906 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 6907 psa_set_key_usage_flags( &base_attributes, 6908 PSA_KEY_USAGE_DERIVE ); 6909 psa_set_key_algorithm( &base_attributes, derive_alg ); 6910 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); 6911 PSA_ASSERT( psa_import_key( &base_attributes, 6912 data->x, data->len, 6913 &base_key ) ); 6914 /* Derive a key. */ 6915 PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) ); 6916 PSA_ASSERT( psa_key_derivation_input_key( 6917 &operation, 6918 PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) ); 6919 PSA_ASSERT( psa_key_derivation_input_bytes( 6920 &operation, PSA_KEY_DERIVATION_INPUT_INFO, 6921 NULL, 0 ) ); 6922 PSA_ASSERT( psa_key_derivation_output_key( &attributes, 6923 &operation, 6924 &key ) ); 6925 PSA_ASSERT( psa_key_derivation_abort( &operation ) ); 6926 PSA_ASSERT( psa_destroy_key( base_key ) ); 6927 base_key = MBEDTLS_SVC_KEY_ID_INIT; 6928 } 6929#else 6930 TEST_ASSUME( ! "KDF not supported in this configuration" ); 6931#endif 6932 break; 6933 6934 default: 6935 TEST_ASSERT( ! "generation_method not implemented in test" ); 6936 break; 6937 } 6938 psa_reset_key_attributes( &attributes ); 6939 6940 /* Export the key if permitted by the key policy. */ 6941 if( usage_flags & PSA_KEY_USAGE_EXPORT ) 6942 { 6943 PSA_ASSERT( psa_export_key( key, 6944 first_export, export_size, 6945 &first_exported_length ) ); 6946 if( generation_method == IMPORT_KEY ) 6947 ASSERT_COMPARE( data->x, data->len, 6948 first_export, first_exported_length ); 6949 } 6950 6951 /* Shutdown and restart */ 6952 PSA_ASSERT( psa_purge_key( key ) ); 6953 PSA_DONE(); 6954 PSA_ASSERT( psa_crypto_init() ); 6955 6956 /* Check key slot still contains key data */ 6957 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); 6958 TEST_ASSERT( mbedtls_svc_key_id_equal( 6959 psa_get_key_id( &attributes ), key_id ) ); 6960 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 6961 PSA_KEY_LIFETIME_PERSISTENT ); 6962 TEST_EQUAL( psa_get_key_type( &attributes ), type ); 6963 TEST_EQUAL( psa_get_key_bits( &attributes ), bits ); 6964 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 6965 mbedtls_test_update_key_usage_flags( usage_flags ) ); 6966 TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg ); 6967 6968 /* Export the key again if permitted by the key policy. */ 6969 if( usage_flags & PSA_KEY_USAGE_EXPORT ) 6970 { 6971 PSA_ASSERT( psa_export_key( key, 6972 second_export, export_size, 6973 &second_exported_length ) ); 6974 ASSERT_COMPARE( first_export, first_exported_length, 6975 second_export, second_exported_length ); 6976 } 6977 6978 /* Do something with the key according to its type and permitted usage. */ 6979 if( ! mbedtls_test_psa_exercise_key( key, usage_flags, alg ) ) 6980 goto exit; 6981 6982exit: 6983 /* 6984 * Key attributes may have been returned by psa_get_key_attributes() 6985 * thus reset them as required. 6986 */ 6987 psa_reset_key_attributes( &attributes ); 6988 6989 mbedtls_free( first_export ); 6990 mbedtls_free( second_export ); 6991 psa_key_derivation_abort( &operation ); 6992 psa_destroy_key( base_key ); 6993 psa_destroy_key( key ); 6994 PSA_DONE(); 6995} 6996/* END_CASE */ 6997