1/* BEGIN_HEADER */ 2/* Test macros that provide metadata about algorithms and key types. 3 * This test suite only contains tests that don't require executing 4 * code. Other test suites validate macros that require creating a key 5 * and using it. */ 6 7#if defined(MBEDTLS_PSA_CRYPTO_SPM) 8#include "spm/psa_defs.h" 9#endif 10 11#include "psa/crypto.h" 12#include "psa_crypto_invasive.h" 13 14/* Flags for algorithm classification macros. There is a flag for every 15 * algorithm classification macro PSA_ALG_IS_xxx except for the 16 * category test macros, which are hard-coded in each 17 * category-specific function. The name of the flag is the name of the 18 * classification macro without the PSA_ prefix. */ 19#define ALG_IS_VENDOR_DEFINED ( 1u << 0 ) 20#define ALG_IS_HMAC ( 1u << 1 ) 21#define ALG_IS_BLOCK_CIPHER_MAC ( 1u << 2 ) 22#define ALG_IS_STREAM_CIPHER ( 1u << 3 ) 23#define ALG_IS_RSA_PKCS1V15_SIGN ( 1u << 4 ) 24#define ALG_IS_RSA_PSS ( 1u << 5 ) 25#define ALG_IS_RSA_PSS_ANY_SALT ( 1u << 6 ) 26#define ALG_IS_RSA_PSS_STANDARD_SALT ( 1u << 7 ) 27#define ALG_IS_DSA ( 1u << 8 ) 28#define ALG_DSA_IS_DETERMINISTIC ( 1u << 9 ) 29#define ALG_IS_DETERMINISTIC_DSA ( 1u << 10 ) 30#define ALG_IS_RANDOMIZED_DSA ( 1u << 11 ) 31#define ALG_IS_ECDSA ( 1u << 12 ) 32#define ALG_ECDSA_IS_DETERMINISTIC ( 1u << 13 ) 33#define ALG_IS_DETERMINISTIC_ECDSA ( 1u << 14 ) 34#define ALG_IS_RANDOMIZED_ECDSA ( 1u << 15 ) 35#define ALG_IS_HASH_EDDSA ( 1u << 16 ) 36#define ALG_IS_SIGN_HASH ( 1u << 17 ) 37#define ALG_IS_HASH_AND_SIGN ( 1u << 18 ) 38#define ALG_IS_RSA_OAEP ( 1u << 19 ) 39#define ALG_IS_HKDF ( 1u << 20 ) 40#define ALG_IS_FFDH ( 1u << 21 ) 41#define ALG_IS_ECDH ( 1u << 22 ) 42#define ALG_IS_WILDCARD ( 1u << 23 ) 43#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 24 ) 44#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 25 ) 45#define ALG_IS_TLS12_PRF ( 1u << 26 ) 46#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 27 ) 47#define ALG_FLAG_MASK_PLUS_ONE ( 1u << 28 ) /* must be last! */ 48 49/* Flags for key type classification macros. There is a flag for every 50 * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that 51 * are tested as derived from other macros. The name of the flag is 52 * the name of the classification macro without the PSA_ prefix. */ 53#define KEY_TYPE_IS_VENDOR_DEFINED ( 1u << 0 ) 54#define KEY_TYPE_IS_UNSTRUCTURED ( 1u << 1 ) 55#define KEY_TYPE_IS_PUBLIC_KEY ( 1u << 2 ) 56#define KEY_TYPE_IS_KEY_PAIR ( 1u << 3 ) 57#define KEY_TYPE_IS_RSA ( 1u << 4 ) 58#define KEY_TYPE_IS_DSA ( 1u << 5 ) 59#define KEY_TYPE_IS_ECC ( 1u << 6 ) 60#define KEY_TYPE_IS_DH ( 1u << 7 ) 61#define KEY_TYPE_FLAG_MASK_PLUS_ONE ( 1u << 8 ) /* must be last! */ 62 63/* Flags for lifetime classification macros. There is a flag for every 64 * lifetime classification macro PSA_KEY_LIFETIME_IS_xxx. The name of the 65 * flag is the name of the classification macro without the PSA_ prefix. */ 66#define KEY_LIFETIME_IS_VOLATILE ( 1u << 0 ) 67#define KEY_LIFETIME_IS_READ_ONLY ( 1u << 1 ) 68#define KEY_LIFETIME_FLAG_MASK_PLUS_ONE ( 1u << 2 ) /* must be last! */ 69 70/* Check that in the value of flags, the bit flag (which should be a macro 71 * expanding to a number of the form 1 << k) is set if and only if 72 * PSA_##flag(alg) is true. 73 * 74 * Only perform this check if cond is true. Typically cond is 1, but it can 75 * be different if the value of the flag bit is only specified under specific 76 * conditions. 77 * 78 * Unconditionally mask flag into the ambient variable 79 * classification_flags_tested. 80 */ 81#define TEST_CLASSIFICATION_MACRO( cond, flag, alg, flags ) \ 82 do \ 83 { \ 84 if( cond ) \ 85 { \ 86 if( ( flags ) & ( flag ) ) \ 87 TEST_ASSERT( PSA_##flag( alg ) ); \ 88 else \ 89 TEST_ASSERT( ! PSA_##flag( alg ) ); \ 90 } \ 91 classification_flags_tested |= ( flag ); \ 92 } \ 93 while( 0 ) 94 95/* Check the parity of value. 96 * 97 * There are several numerical encodings for which the PSA Cryptography API 98 * specification deliberately defines encodings that all have the same 99 * parity. This way, a data glitch that flips one bit in the data cannot 100 * possibly turn a valid encoding into another valid encoding. Here in 101 * the tests, we check that the values (including Mbed TLS vendor-specific 102 * values) have the expected parity. 103 * 104 * The expected parity is even so that 0 is considered a valid encoding. 105 * 106 * Return a nonzero value if value has even parity and 0 otherwise. */ 107int has_even_parity( uint32_t value ) 108{ 109 value ^= value >> 16; 110 value ^= value >> 8; 111 value ^= value >> 4; 112 return( 0x9669 & 1 << ( value & 0xf ) ); 113} 114#define TEST_PARITY( value ) \ 115 TEST_ASSERT( has_even_parity( value ) ) 116 117void algorithm_classification( psa_algorithm_t alg, unsigned flags ) 118{ 119 unsigned classification_flags_tested = 0; 120 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_VENDOR_DEFINED, alg, flags ); 121 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HMAC, alg, flags ); 122 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_BLOCK_CIPHER_MAC, alg, flags ); 123 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_STREAM_CIPHER, alg, flags ); 124 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PKCS1V15_SIGN, alg, flags ); 125 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS, alg, flags ); 126 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_ANY_SALT, alg, flags ); 127 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_STANDARD_SALT, alg, flags ); 128 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DSA, alg, flags ); 129 TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_DSA( alg ), 130 ALG_DSA_IS_DETERMINISTIC, alg, flags ); 131 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_DSA, alg, flags ); 132 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_DSA, alg, flags ); 133 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDSA, alg, flags ); 134 TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_ECDSA( alg ), 135 ALG_ECDSA_IS_DETERMINISTIC, alg, flags ); 136 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_ECDSA, alg, flags ); 137 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_ECDSA, alg, flags ); 138 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_EDDSA, alg, flags ); 139 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_SIGN_HASH, alg, flags ); 140 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_AND_SIGN, alg, flags ); 141 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_OAEP, alg, flags ); 142 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF, alg, flags ); 143 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_WILDCARD, alg, flags ); 144 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDH, alg, flags ); 145 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags ); 146 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RAW_KEY_AGREEMENT, alg, flags ); 147 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags ); 148 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PRF, alg, flags ); 149 TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PSK_TO_MS, alg, flags ); 150 TEST_EQUAL( classification_flags_tested, ALG_FLAG_MASK_PLUS_ONE - 1 ); 151exit: ; 152} 153 154void key_type_classification( psa_key_type_t type, unsigned flags ) 155{ 156 unsigned classification_flags_tested = 0; 157 158 /* Macros tested based on the test case parameter */ 159 TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_VENDOR_DEFINED, type, flags ); 160 TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_UNSTRUCTURED, type, flags ); 161 TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_PUBLIC_KEY, type, flags ); 162 TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_KEY_PAIR, type, flags ); 163 TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_RSA, type, flags ); 164 TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DSA, type, flags ); 165 TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_ECC, type, flags ); 166 TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DH, type, flags ); 167 TEST_EQUAL( classification_flags_tested, KEY_TYPE_FLAG_MASK_PLUS_ONE - 1 ); 168 169 /* Macros with derived semantics */ 170 TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ), 171 ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) || 172 PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) ); 173 TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ), 174 ( PSA_KEY_TYPE_IS_ECC( type ) && 175 PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) ); 176 TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ), 177 ( PSA_KEY_TYPE_IS_ECC( type ) && 178 PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) ); 179 TEST_EQUAL( PSA_KEY_TYPE_IS_DH_KEY_PAIR( type ), 180 ( PSA_KEY_TYPE_IS_DH( type ) && 181 PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) ); 182 TEST_EQUAL( PSA_KEY_TYPE_IS_DH_PUBLIC_KEY( type ), 183 ( PSA_KEY_TYPE_IS_DH( type ) && 184 PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) ); 185 186 TEST_PARITY( type ); 187 188exit: ; 189} 190 191void mac_algorithm_core( psa_algorithm_t alg, int classification_flags, 192 psa_key_type_t key_type, size_t key_bits, 193 size_t length ) 194{ 195 /* Algorithm classification */ 196 TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); 197 TEST_ASSERT( PSA_ALG_IS_MAC( alg ) ); 198 TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); 199 TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); 200 TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); 201 TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); 202 TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); 203 TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); 204 TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); 205 algorithm_classification( alg, classification_flags ); 206 207 /* Length */ 208 TEST_EQUAL( length, PSA_MAC_LENGTH( key_type, key_bits, alg ) ); 209 210#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) 211 PSA_ASSERT( psa_mac_key_can_do( alg, key_type ) ); 212#endif 213 214exit: ; 215} 216 217void aead_algorithm_core( psa_algorithm_t alg, int classification_flags, 218 psa_key_type_t key_type, size_t key_bits, 219 size_t tag_length ) 220{ 221 /* Algorithm classification */ 222 TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); 223 TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); 224 TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); 225 TEST_ASSERT( PSA_ALG_IS_AEAD( alg ) ); 226 TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); 227 TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); 228 TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); 229 TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); 230 TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); 231 algorithm_classification( alg, classification_flags ); 232 233 /* Tag length */ 234 TEST_EQUAL( tag_length, PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ) ); 235 236exit: ; 237} 238 239/* END_HEADER */ 240 241/* BEGIN_DEPENDENCIES 242 * depends_on:MBEDTLS_PSA_CRYPTO_CLIENT 243 * END_DEPENDENCIES 244 */ 245 246/* BEGIN_CASE */ 247void hash_algorithm( int alg_arg, int length_arg ) 248{ 249 psa_algorithm_t alg = alg_arg; 250 size_t length = length_arg; 251 psa_algorithm_t hmac_alg = PSA_ALG_HMAC( alg ); 252 psa_algorithm_t rsa_pkcs1v15_sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN( alg ); 253 psa_algorithm_t rsa_pss_alg = PSA_ALG_RSA_PSS( alg ); 254 psa_algorithm_t dsa_alg = PSA_ALG_DSA( alg ); 255 psa_algorithm_t deterministic_dsa_alg = PSA_ALG_DETERMINISTIC_DSA( alg ); 256 psa_algorithm_t ecdsa_alg = PSA_ALG_ECDSA( alg ); 257 psa_algorithm_t deterministic_ecdsa_alg = PSA_ALG_DETERMINISTIC_ECDSA( alg ); 258 psa_algorithm_t rsa_oaep_alg = PSA_ALG_RSA_OAEP( alg ); 259 psa_algorithm_t hkdf_alg = PSA_ALG_HKDF( alg ); 260 261 /* Algorithm classification */ 262 TEST_ASSERT( PSA_ALG_IS_HASH( alg ) ); 263 TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); 264 TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); 265 TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); 266 TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); 267 TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); 268 TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); 269 TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); 270 TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); 271 algorithm_classification( alg, 0 ); 272 273 /* Dependent algorithms */ 274 TEST_EQUAL( PSA_ALG_HMAC_GET_HASH( hmac_alg ), alg ); 275 TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( rsa_pkcs1v15_sign_alg ), alg ); 276 TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( rsa_pss_alg ), alg ); 277 TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( dsa_alg ), alg ); 278 TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( deterministic_dsa_alg ), alg ); 279 TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( ecdsa_alg ), alg ); 280 TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( deterministic_ecdsa_alg ), alg ); 281 TEST_EQUAL( PSA_ALG_RSA_OAEP_GET_HASH( rsa_oaep_alg ), alg ); 282 TEST_EQUAL( PSA_ALG_HKDF_GET_HASH( hkdf_alg ), alg ); 283 284 /* Hash length */ 285 TEST_EQUAL( length, PSA_HASH_LENGTH( alg ) ); 286 TEST_ASSERT( length <= PSA_HASH_MAX_SIZE ); 287} 288/* END_CASE */ 289 290/* BEGIN_CASE */ 291void mac_algorithm( int alg_arg, int classification_flags, 292 int length_arg, 293 int key_type_arg, int key_bits_arg ) 294{ 295 psa_algorithm_t alg = alg_arg; 296 size_t length = length_arg; 297 size_t n; 298 size_t key_type = key_type_arg; 299 size_t key_bits = key_bits_arg; 300 301 mac_algorithm_core( alg, classification_flags, 302 key_type, key_bits, length ); 303 TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( alg ), alg ); 304 TEST_ASSERT( length <= PSA_MAC_MAX_SIZE ); 305 306 /* Truncated versions */ 307 for( n = 1; n <= length; n++ ) 308 { 309 psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC( alg, n ); 310 mac_algorithm_core( truncated_alg, classification_flags, 311 key_type, key_bits, n ); 312 TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( truncated_alg ), alg ); 313 /* Check that calling PSA_ALG_TRUNCATED_MAC twice gives the length 314 * of the outer truncation (even if the outer length is smaller than 315 * the inner length). */ 316 TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, 1 ), 317 PSA_ALG_TRUNCATED_MAC( alg, 1 ) ); 318 TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length - 1 ), 319 PSA_ALG_TRUNCATED_MAC( alg, length - 1) ); 320 TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length ), 321 PSA_ALG_TRUNCATED_MAC( alg, length ) ); 322 323 /* Check that calling PSA_ALG_TRUNCATED_MAC on an algorithm 324 * earlier constructed with PSA_ALG_AT_LEAST_THIS_LENGTH_MAC gives the 325 * length of the outer truncation (even if the outer length is smaller 326 * than the inner length). */ 327 TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( 328 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), 1 ), 329 PSA_ALG_TRUNCATED_MAC( alg, 1 ) ); 330 TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( 331 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), length - 1 ), 332 PSA_ALG_TRUNCATED_MAC( alg, length - 1) ); 333 TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( 334 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), length ), 335 PSA_ALG_TRUNCATED_MAC( alg, length ) ); 336 } 337 338 /* At-leat-this-length versions */ 339 for( n = 1; n <= length; n++ ) 340 { 341 psa_algorithm_t policy_alg = PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, n ); 342 mac_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD, 343 key_type, key_bits, n ); 344 TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( policy_alg ), alg ); 345 /* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC twice gives the 346 * length of the outer truncation (even if the outer length is smaller 347 * than the inner length). */ 348 TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, 1 ), 349 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, 1 ) ); 350 TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, length - 1 ), 351 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length - 1) ); 352 TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, length ), 353 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length ) ); 354 355 /* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC on an algorithm 356 * earlier constructed with PSA_ALG_TRUNCATED_MAC gives the length of 357 * the outer truncation (even if the outer length is smaller than the 358 * inner length). */ 359 TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( 360 PSA_ALG_TRUNCATED_MAC( policy_alg, n ), 1), 361 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, 1 ) ); 362 TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( 363 PSA_ALG_TRUNCATED_MAC( policy_alg, n ), length - 1 ), 364 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length - 1) ); 365 TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( 366 PSA_ALG_TRUNCATED_MAC( policy_alg, n ), length ), 367 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length ) ); 368 } 369} 370/* END_CASE */ 371 372/* BEGIN_CASE */ 373void hmac_algorithm( int alg_arg, 374 int length_arg, 375 int block_size_arg ) 376{ 377 psa_algorithm_t alg = alg_arg; 378 psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg ); 379 size_t block_size = block_size_arg; 380 size_t length = length_arg; 381 size_t n; 382 383 TEST_ASSERT( PSA_ALG_IS_HASH( hash_alg ) ); 384 TEST_EQUAL( PSA_ALG_HMAC( hash_alg ), alg ); 385 386 TEST_ASSERT( block_size == PSA_HASH_BLOCK_LENGTH( alg ) ); 387 TEST_ASSERT( block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE ); 388 389 test_mac_algorithm( alg_arg, ALG_IS_HMAC, length, 390 PSA_KEY_TYPE_HMAC, PSA_BYTES_TO_BITS( length ) ); 391 392 for( n = 1; n <= length; n++ ) 393 { 394 psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC( alg, n ); 395 TEST_EQUAL( PSA_ALG_HMAC_GET_HASH( truncated_alg ), hash_alg ); 396 } 397} 398/* END_CASE */ 399 400/* BEGIN_CASE */ 401void cipher_algorithm( int alg_arg, int classification_flags ) 402{ 403 psa_algorithm_t alg = alg_arg; 404 405 /* Algorithm classification */ 406 TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); 407 TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); 408 TEST_ASSERT( PSA_ALG_IS_CIPHER( alg ) ); 409 TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); 410 TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); 411 TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); 412 TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); 413 TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); 414 TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); 415 algorithm_classification( alg, classification_flags ); 416} 417/* END_CASE */ 418 419/* BEGIN_CASE */ 420void aead_algorithm( int alg_arg, int classification_flags, 421 int tag_length_arg, 422 int key_type_arg, int key_bits_arg ) 423{ 424 psa_algorithm_t alg = alg_arg; 425 size_t tag_length = tag_length_arg; 426 size_t n; 427 psa_key_type_t key_type = key_type_arg; 428 size_t key_bits = key_bits_arg; 429 430 aead_algorithm_core( alg, classification_flags, 431 key_type, key_bits, tag_length ); 432 433 /* Truncated versions */ 434 for( n = 1; n <= tag_length; n++ ) 435 { 436 psa_algorithm_t truncated_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, n ); 437 aead_algorithm_core( truncated_alg, classification_flags, 438 key_type, key_bits, n ); 439 TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( truncated_alg ), 440 alg ); 441 /* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG twice gives 442 * the length of the outer truncation (even if the outer length is 443 * smaller than the inner length). */ 444 TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, 1 ), 445 PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 1 ) ); 446 TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, tag_length - 1 ), 447 PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) ); 448 TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, tag_length ), 449 PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) ); 450 451 /* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG on an algorithm 452 * earlier constructed with PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG 453 * gives the length of the outer truncation (even if the outer length is 454 * smaller than the inner length). */ 455 TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( 456 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), 1 ), 457 PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 1 ) ); 458 TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( 459 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), tag_length - 1 ), 460 PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) ); 461 TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( 462 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), tag_length ), 463 PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) ); 464 } 465 466 /* At-leat-this-length versions */ 467 for( n = 1; n <= tag_length; n++ ) 468 { 469 psa_algorithm_t policy_alg = PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, n ); 470 aead_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD, 471 key_type, key_bits, n ); 472 TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( policy_alg ), 473 alg ); 474 /* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG twice 475 * gives the length of the outer truncation (even if the outer length is 476 * smaller than the inner length). */ 477 TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, 1 ), 478 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, 1 ) ); 479 TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, tag_length - 1 ), 480 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length - 1) ); 481 TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, tag_length ), 482 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length ) ); 483 484 /* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG on an 485 * algorithm earlier constructed with PSA_ALG_AEAD_WITH_SHORTENED_TAG 486 * gives the length of the outer truncation (even if the outer length is 487 * smaller than the inner length). */ 488 TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( 489 PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), 1), 490 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, 1 ) ); 491 TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( 492 PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), tag_length - 1 ), 493 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length - 1) ); 494 TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( 495 PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), tag_length ), 496 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length ) ); 497 } 498} 499/* END_CASE */ 500 501/* BEGIN_CASE */ 502void asymmetric_signature_algorithm( int alg_arg, int classification_flags ) 503{ 504 psa_algorithm_t alg = alg_arg; 505 506 /* Algorithm classification */ 507 TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); 508 TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); 509 TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); 510 TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); 511 TEST_ASSERT( PSA_ALG_IS_SIGN( alg ) ); 512 TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); 513 TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); 514 TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); 515 TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); 516 algorithm_classification( alg, classification_flags ); 517} 518/* END_CASE */ 519 520/* BEGIN_CASE */ 521void asymmetric_signature_wildcard( int alg_arg, int classification_flags ) 522{ 523 classification_flags |= ALG_IS_WILDCARD; 524 classification_flags |= ALG_IS_SIGN_HASH; 525 classification_flags |= ALG_IS_HASH_AND_SIGN; 526 test_asymmetric_signature_algorithm( alg_arg, classification_flags ); 527 /* Any failure of this test function comes from 528 * asymmetric_signature_algorithm. Pacify -Werror=unused-label. */ 529 goto exit; 530} 531/* END_CASE */ 532 533/* BEGIN_CASE */ 534void asymmetric_encryption_algorithm( int alg_arg, int classification_flags ) 535{ 536 psa_algorithm_t alg = alg_arg; 537 538 /* Algorithm classification */ 539 TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); 540 TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); 541 TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); 542 TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); 543 TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); 544 TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); 545 TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); 546 TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); 547 TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); 548 algorithm_classification( alg, classification_flags ); 549} 550/* END_CASE */ 551 552/* BEGIN_CASE */ 553void key_derivation_algorithm( int alg_arg, int classification_flags ) 554{ 555 psa_algorithm_t alg = alg_arg; 556 psa_algorithm_t ecdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, alg ); 557 psa_algorithm_t ffdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, alg ); 558 559 /* Algorithm classification */ 560 TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); 561 TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); 562 TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); 563 TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); 564 TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); 565 TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); 566 TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); 567 TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) ); 568 TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); 569 algorithm_classification( alg, classification_flags ); 570 571 /* Check combinations with key agreements */ 572 TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ecdh_alg ) ); 573 TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ffdh_alg ) ); 574 TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ecdh_alg ), alg ); 575 TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ffdh_alg ), alg ); 576} 577/* END_CASE */ 578 579/* BEGIN_CASE */ 580void key_agreement_algorithm( int alg_arg, int classification_flags, 581 int ka_alg_arg, int kdf_alg_arg ) 582{ 583 psa_algorithm_t alg = alg_arg; 584 psa_algorithm_t actual_ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg ); 585 psa_algorithm_t expected_ka_alg = ka_alg_arg; 586 psa_algorithm_t actual_kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); 587 psa_algorithm_t expected_kdf_alg = kdf_alg_arg; 588 589 /* Algorithm classification */ 590 TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); 591 TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); 592 TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); 593 TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); 594 TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); 595 TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); 596 TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) ); 597 TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); 598 TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); 599 algorithm_classification( alg, classification_flags ); 600 601 /* Shared secret derivation properties */ 602 TEST_EQUAL( actual_ka_alg, expected_ka_alg ); 603 TEST_EQUAL( actual_kdf_alg, expected_kdf_alg ); 604} 605/* END_CASE */ 606 607/* BEGIN_CASE */ 608void pake_algorithm( int alg_arg ) 609{ 610 psa_algorithm_t alg = alg_arg; 611 612 /* Algorithm classification */ 613 TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); 614 TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); 615 TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); 616 TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); 617 TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); 618 TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); 619 TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); 620 TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); 621 TEST_ASSERT( PSA_ALG_IS_PAKE( alg ) ); 622} 623 624/* END_CASE */ 625/* BEGIN_CASE */ 626void key_type( int type_arg, int classification_flags ) 627{ 628 psa_key_type_t type = type_arg; 629 630 key_type_classification( type, classification_flags ); 631 632 /* For asymmetric types, check the corresponding pair/public type */ 633 if( classification_flags & KEY_TYPE_IS_PUBLIC_KEY ) 634 { 635 psa_key_type_t pair_type = PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( type ); 636 TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( pair_type ), type ); 637 key_type_classification( pair_type, 638 ( classification_flags 639 & ~KEY_TYPE_IS_PUBLIC_KEY ) 640 | KEY_TYPE_IS_KEY_PAIR ); 641 TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ), type ); 642 } 643 if( classification_flags & KEY_TYPE_IS_KEY_PAIR ) 644 { 645 psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ); 646 TEST_EQUAL( PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( public_type ), type ); 647 key_type_classification( public_type, 648 ( classification_flags 649 & ~KEY_TYPE_IS_KEY_PAIR ) 650 | KEY_TYPE_IS_PUBLIC_KEY ); 651 TEST_EQUAL( PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( type ), type ); 652 } 653} 654/* END_CASE */ 655 656/* BEGIN_CASE */ 657void block_cipher_key_type( int type_arg, int block_size_arg ) 658{ 659 psa_key_type_t type = type_arg; 660 size_t block_size = block_size_arg; 661 662 test_key_type( type_arg, KEY_TYPE_IS_UNSTRUCTURED ); 663 664 TEST_EQUAL( type & PSA_KEY_TYPE_CATEGORY_MASK, 665 PSA_KEY_TYPE_CATEGORY_SYMMETRIC ); 666 TEST_EQUAL( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ), block_size ); 667 668 /* Check that the block size is a power of 2. This is required, at least, 669 for PSA_ROUND_UP_TO_MULTIPLE(block_size, length) in crypto_sizes.h. */ 670 TEST_ASSERT( ( ( block_size - 1 ) & block_size ) == 0 ); 671} 672/* END_CASE */ 673 674/* BEGIN_CASE */ 675void stream_cipher_key_type( int type_arg ) 676{ 677 psa_key_type_t type = type_arg; 678 679 test_key_type( type_arg, KEY_TYPE_IS_UNSTRUCTURED ); 680 681 TEST_EQUAL( type & PSA_KEY_TYPE_CATEGORY_MASK, 682 PSA_KEY_TYPE_CATEGORY_SYMMETRIC ); 683 TEST_EQUAL( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ), 1 ); 684} 685/* END_CASE */ 686 687/* BEGIN_CASE depends_on:PSA_KEY_TYPE_ECC_PUBLIC_KEY:PSA_KEY_TYPE_ECC_KEY_PAIR */ 688void ecc_key_family( int curve_arg ) 689{ 690 psa_ecc_family_t curve = curve_arg; 691 psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ); 692 psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve ); 693 694 TEST_PARITY( curve ); 695 696 test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY ); 697 test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEY_PAIR ); 698 699 TEST_EQUAL( PSA_KEY_TYPE_ECC_GET_FAMILY( public_type ), curve ); 700 TEST_EQUAL( PSA_KEY_TYPE_ECC_GET_FAMILY( pair_type ), curve ); 701} 702/* END_CASE */ 703 704/* BEGIN_CASE depends_on:MBEDTLS_DHM_C */ 705void dh_key_family( int group_arg ) 706{ 707 psa_dh_family_t group = group_arg; 708 psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY( group ); 709 psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR( group ); 710 711 TEST_PARITY( group ); 712 713 test_key_type( public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY ); 714 test_key_type( pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEY_PAIR ); 715 716 TEST_EQUAL( PSA_KEY_TYPE_DH_GET_FAMILY( public_type ), group ); 717 TEST_EQUAL( PSA_KEY_TYPE_DH_GET_FAMILY( pair_type ), group ); 718} 719/* END_CASE */ 720 721/* BEGIN_CASE */ 722void lifetime( int lifetime_arg, int classification_flags, 723 int persistence_arg, int location_arg ) 724{ 725 psa_key_lifetime_t lifetime = lifetime_arg; 726 psa_key_persistence_t persistence = persistence_arg; 727 psa_key_location_t location = location_arg; 728 unsigned flags = classification_flags; 729 unsigned classification_flags_tested = 0; 730 731 TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_VOLATILE, lifetime, flags ); 732 TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_READ_ONLY, lifetime, flags ); 733 TEST_EQUAL( classification_flags_tested, 734 KEY_LIFETIME_FLAG_MASK_PLUS_ONE - 1 ); 735 736 TEST_EQUAL( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime ), persistence ); 737 TEST_EQUAL( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ), location ); 738} 739/* END_CASE */ 740