psasim: add AUT for symmetric encryption/decryption
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c
index 3eee631..b0f96be 100644
--- a/tests/psa-client-server/psasim/src/aut_main.c
+++ b/tests/psa-client-server/psasim/src/aut_main.c
@@ -21,7 +21,8 @@
int psa_hash_compute_main(void);
int psa_hash_main(void);
-int psa_aead_main(char *cipher_name);
+int psa_aead_encrypt_main(char *cipher_name);
+int psa_aead_encrypt_decrypt_main(void);
int psa_random_main(void);
int psa_mac_main(void);
int psa_key_agreement_main(void);
@@ -47,16 +48,17 @@
TEST_MODULE(psa_hash_compute_main());
TEST_MODULE(psa_hash_main());
- TEST_MODULE(psa_aead_main("aes128-gcm"));
- TEST_MODULE(psa_aead_main("aes256-gcm"));
- TEST_MODULE(psa_aead_main("aes128-gcm_8"));
- TEST_MODULE(psa_aead_main("chachapoly"));
+ TEST_MODULE(psa_aead_encrypt_main("aes128-gcm"));
+ TEST_MODULE(psa_aead_encrypt_main("aes256-gcm"));
+ TEST_MODULE(psa_aead_encrypt_main("aes128-gcm_8"));
+ TEST_MODULE(psa_aead_encrypt_main("chachapoly"));
TEST_MODULE(psa_random_main());
TEST_MODULE(psa_mac_main());
TEST_MODULE(psa_key_agreement_main());
TEST_MODULE(psa_sign_verify_main());
+ TEST_MODULE(psa_aead_encrypt_decrypt_main());
exit:
return (ret != 0) ? 1 : 0;
diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c
similarity index 77%
rename from tests/psa-client-server/psasim/src/aut_psa_aead.c
rename to tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c
index aa9dfb0..64463f5 100644
--- a/tests/psa-client-server/psasim/src/aut_psa_aead.c
+++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c
@@ -1,37 +1,8 @@
-/**
- * PSA API multi-part AEAD demonstration.
- *
- * This program AEAD-encrypts a message, using the algorithm and key size
- * specified on the command line, using the multi-part API.
- *
- * It comes with a companion program cipher/cipher_aead_demo.c, which does the
- * same operations with the legacy Cipher API. The goal is that comparing the
- * two programs will help people migrating to the PSA Crypto API.
- *
- * When used with multi-part AEAD operations, the `mbedtls_cipher_context`
- * serves a triple purpose (1) hold the key, (2) store the algorithm when no
- * operation is active, and (3) save progress information for the current
- * operation. With PSA those roles are held by disinct objects: (1) a
- * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the
- * algorithm, and (3) a psa_operation_t for multi-part progress.
- *
- * On the other hand, with PSA, the algorithms encodes the desired tag length;
- * with Cipher the desired tag length needs to be tracked separately.
- *
- * This program and its companion cipher/cipher_aead_demo.c illustrate this by
- * doing the same sequence of multi-part AEAD computation with both APIs;
- * looking at the two side by side should make the differences and
- * similarities clear.
- */
-
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-/* First include Mbed TLS headers to get the Mbed TLS configuration and
- * platform definitions that we'll use in this program. Also include
- * standard C headers for functions we'll use here. */
#include "mbedtls/build_info.h"
#include "psa/crypto.h"
@@ -40,25 +11,6 @@
#include <stdio.h>
#include <string.h>
-/* If the build options we need are not enabled, compile a placeholder. */
-#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
- (!defined(MBEDTLS_PSA_CRYPTO_C) || \
- !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
- !defined(MBEDTLS_CHACHAPOLY_C) || \
- defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER))
-int psa_aead_main(void)
-{
- printf("MBEDTLS_PSA_CRYPTO_CLIENT or "
- "MBEDTLS_PSA_CRYPTO_C and/or "
- "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
- "MBEDTLS_CHACHAPOLY_C not defined, and/or "
- "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n");
- return 0;
-}
-#else
-
-/* The real program starts here. */
-
const char usage[] =
"Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
@@ -257,7 +209,7 @@
/*
* Main function
*/
-int psa_aead_main(char *cipher_name)
+int psa_aead_encrypt_main(char *cipher_name)
{
psa_status_t status = PSA_SUCCESS;
@@ -273,5 +225,3 @@
exit:
return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
}
-
-#endif
diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c
new file mode 100644
index 0000000..ca090cc
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define BUFFER_SIZE 500
+
+static void print_bytestr(const uint8_t *bytes, size_t len)
+{
+ for (unsigned int idx = 0; idx < len; idx++) {
+ printf("%02X", bytes[idx]);
+ }
+}
+
+int psa_aead_encrypt_decrypt_main(void)
+{
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key_id = 0;
+ uint8_t encrypt[BUFFER_SIZE] = { 0 };
+ uint8_t decrypt[BUFFER_SIZE] = { 0 };
+ const uint8_t plaintext[] = "Hello World!";
+ const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+ uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)];
+ size_t nonce_length = sizeof(nonce);
+ size_t ciphertext_length;
+ size_t plaintext_length;
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_CCM);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, 256);
+
+ status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
+ if (status != PSA_SUCCESS) {
+ printf("psa_import_key failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_generate_random(nonce, nonce_length);
+ if (status != PSA_SUCCESS) {
+ printf("psa_generate_random failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_aead_encrypt(key_id, // key
+ PSA_ALG_CCM, // algorithm
+ nonce, nonce_length, // nonce
+ NULL, 0, // additional data
+ plaintext, sizeof(plaintext), // plaintext
+ encrypt, sizeof(encrypt), // ciphertext
+ &ciphertext_length); // length of output
+ if (status != PSA_SUCCESS) {
+ printf("psa_aead_encrypt failed\n");
+ return EXIT_FAILURE;
+ }
+
+ printf("AES-CCM encryption:\n");
+ printf("- Plaintext: '%s':\n", plaintext);
+ printf("- Key: ");
+ print_bytestr(key_bytes, sizeof(key_bytes));
+ printf("\n- Nonce: ");
+ print_bytestr(nonce, nonce_length);
+ printf("\n- No additional data\n");
+ printf("- Ciphertext:\n");
+
+ for (size_t j = 0; j < ciphertext_length; j++) {
+ if (j % 8 == 0) {
+ printf("\n ");
+ }
+ printf("%02x ", encrypt[j]);
+ }
+
+ printf("\n");
+
+ status = psa_aead_decrypt(key_id, // key
+ PSA_ALG_CCM, // algorithm
+ nonce, nonce_length, // nonce
+ NULL, 0, // additional data
+ encrypt, ciphertext_length, // ciphertext
+ decrypt, sizeof(decrypt), // plaintext
+ &plaintext_length); // length of output
+ if (status != PSA_SUCCESS) {
+ printf("psa_aead_decrypt failed\n");
+ return EXIT_FAILURE;
+ }
+
+ if (memcmp(plaintext, decrypt, sizeof(plaintext)) != 0) {
+ printf("\nEncryption/Decryption failed!\n");
+ } else {
+ printf("\nEncryption/Decryption successful!\n");
+ }
+
+ psa_destroy_key(key_id);
+ mbedtls_psa_crypto_free();
+ return 0;
+}