blob: 75e0f3ff1b690afedab8ae69fe44d0435f991602 [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +01001/* BEGIN_HEADER */
itayzafrir3e02b3b2018-06-12 17:06:52 +03002#include <stdint.h>
mohammad160327010052018-07-03 13:16:15 +03003
Gilles Peskinedd2f95b2018-08-11 01:22:42 +02004#include "mbedtls/asn1.h"
Gilles Peskine0b352bc2018-06-28 00:16:11 +02005#include "mbedtls/asn1write.h"
Gilles Peskinedd2f95b2018-08-11 01:22:42 +02006#include "mbedtls/oid.h"
7
Gilles Peskinebdc96fd2019-08-07 12:08:04 +02008/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random()
9 * uses mbedtls_ctr_drbg internally. */
10#include "mbedtls/ctr_drbg.h"
11
Gilles Peskinebdc96fd2019-08-07 12:08:04 +020012#include "psa/crypto.h"
Ronald Cron41841072020-09-17 15:28:26 +020013#include "psa_crypto_slot_management.h"
Gilles Peskinebdc96fd2019-08-07 12:08:04 +020014
Gilles Peskine8e94efe2021-02-13 00:25:53 +010015#include "test/asn1_helpers.h"
Ronald Cron28a45ed2021-02-09 20:35:42 +010016#include "test/psa_crypto_helpers.h"
Gilles Peskinee78b0022021-02-13 00:41:11 +010017#include "test/psa_exercise_key.h"
Ronald Cron28a45ed2021-02-09 20:35:42 +010018
Gilles Peskinef6279312021-05-27 13:21:20 +020019/* If this comes up, it's a bug in the test code or in the test data. */
20#define UNUSED 0xdeadbeef
21
Dave Rodgman34b147d2021-06-23 12:49:59 +010022/* Assert that an operation is (not) active.
23 * This serves as a proxy for checking if the operation is aborted. */
24#define ASSERT_OPERATION_IS_ACTIVE( operation ) TEST_ASSERT( operation.id != 0 )
25#define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 )
26
Jaeden Amerof24c7f82018-06-27 17:20:43 +010027/** An invalid export length that will never be set by psa_export_key(). */
28static const size_t INVALID_EXPORT_LENGTH = ~0U;
29
Gilles Peskinea7aa4422018-08-14 15:17:54 +020030/** Test if a buffer contains a constant byte value.
31 *
32 * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020033 *
34 * \param buffer Pointer to the beginning of the buffer.
Gilles Peskinea7aa4422018-08-14 15:17:54 +020035 * \param c Expected value of every byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020036 * \param size Size of the buffer in bytes.
37 *
Gilles Peskine3f669c32018-06-21 09:21:51 +020038 * \return 1 if the buffer is all-bits-zero.
39 * \return 0 if there is at least one nonzero byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020040 */
Gilles Peskinea7aa4422018-08-14 15:17:54 +020041static int mem_is_char( void *buffer, unsigned char c, size_t size )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020042{
43 size_t i;
44 for( i = 0; i < size; i++ )
45 {
Gilles Peskinea7aa4422018-08-14 15:17:54 +020046 if( ( (unsigned char *) buffer )[i] != c )
Gilles Peskine3f669c32018-06-21 09:21:51 +020047 return( 0 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020048 }
Gilles Peskine3f669c32018-06-21 09:21:51 +020049 return( 1 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020050}
Andrzej Kureke0015962022-01-17 15:29:38 +010051#if defined(MBEDTLS_ASN1_WRITE_C)
Gilles Peskine0b352bc2018-06-28 00:16:11 +020052/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
53static int asn1_write_10x( unsigned char **p,
54 unsigned char *start,
55 size_t bits,
56 unsigned char x )
57{
58 int ret;
59 int len = bits / 8 + 1;
Gilles Peskine480416a2018-06-28 19:04:07 +020060 if( bits == 0 )
61 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
62 if( bits <= 8 && x >= 1 << ( bits - 1 ) )
Gilles Peskine0b352bc2018-06-28 00:16:11 +020063 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
Moran Pekercb088e72018-07-17 17:36:59 +030064 if( *p < start || *p - start < (ptrdiff_t) len )
Gilles Peskine0b352bc2018-06-28 00:16:11 +020065 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
66 *p -= len;
67 ( *p )[len-1] = x;
68 if( bits % 8 == 0 )
69 ( *p )[1] |= 1;
70 else
71 ( *p )[0] |= 1 << ( bits % 8 );
72 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
73 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
74 MBEDTLS_ASN1_INTEGER ) );
75 return( len );
76}
77
78static int construct_fake_rsa_key( unsigned char *buffer,
79 size_t buffer_size,
80 unsigned char **p,
81 size_t bits,
82 int keypair )
83{
84 size_t half_bits = ( bits + 1 ) / 2;
85 int ret;
86 int len = 0;
87 /* Construct something that looks like a DER encoding of
88 * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2:
89 * RSAPrivateKey ::= SEQUENCE {
90 * version Version,
91 * modulus INTEGER, -- n
92 * publicExponent INTEGER, -- e
93 * privateExponent INTEGER, -- d
94 * prime1 INTEGER, -- p
95 * prime2 INTEGER, -- q
96 * exponent1 INTEGER, -- d mod (p-1)
97 * exponent2 INTEGER, -- d mod (q-1)
98 * coefficient INTEGER, -- (inverse of q) mod p
99 * otherPrimeInfos OtherPrimeInfos OPTIONAL
100 * }
101 * Or, for a public key, the same structure with only
102 * version, modulus and publicExponent.
103 */
104 *p = buffer + buffer_size;
105 if( keypair )
106 {
107 MBEDTLS_ASN1_CHK_ADD( len, /* pq */
108 asn1_write_10x( p, buffer, half_bits, 1 ) );
109 MBEDTLS_ASN1_CHK_ADD( len, /* dq */
110 asn1_write_10x( p, buffer, half_bits, 1 ) );
111 MBEDTLS_ASN1_CHK_ADD( len, /* dp */
112 asn1_write_10x( p, buffer, half_bits, 1 ) );
113 MBEDTLS_ASN1_CHK_ADD( len, /* q */
114 asn1_write_10x( p, buffer, half_bits, 1 ) );
115 MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
116 asn1_write_10x( p, buffer, half_bits, 3 ) );
117 MBEDTLS_ASN1_CHK_ADD( len, /* d */
118 asn1_write_10x( p, buffer, bits, 1 ) );
119 }
120 MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
121 asn1_write_10x( p, buffer, 17, 1 ) );
122 MBEDTLS_ASN1_CHK_ADD( len, /* n */
123 asn1_write_10x( p, buffer, bits, 1 ) );
124 if( keypair )
125 MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
126 mbedtls_asn1_write_int( p, buffer, 0 ) );
127 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
128 {
129 const unsigned char tag =
130 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
131 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
132 }
133 return( len );
134}
Andrzej Kureke0015962022-01-17 15:29:38 +0100135#endif /* MBEDTLS_ASN1_WRITE_C */
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200136
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100137int exercise_mac_setup( psa_key_type_t key_type,
138 const unsigned char *key_bytes,
139 size_t key_length,
140 psa_algorithm_t alg,
141 psa_mac_operation_t *operation,
142 psa_status_t *status )
143{
Ronald Cron5425a212020-08-04 14:58:35 +0200144 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200145 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100146
Gilles Peskine89d8c5c2019-11-26 17:01:59 +0100147 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200148 psa_set_key_algorithm( &attributes, alg );
149 psa_set_key_type( &attributes, key_type );
Ronald Cron5425a212020-08-04 14:58:35 +0200150 PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100151
Ronald Cron5425a212020-08-04 14:58:35 +0200152 *status = psa_mac_sign_setup( operation, key, alg );
Gilles Peskine9e0a4a52019-02-25 22:11:18 +0100153 /* Whether setup succeeded or failed, abort must succeed. */
154 PSA_ASSERT( psa_mac_abort( operation ) );
155 /* If setup failed, reproduce the failure, so that the caller can
156 * test the resulting state of the operation object. */
157 if( *status != PSA_SUCCESS )
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100158 {
Ronald Cron5425a212020-08-04 14:58:35 +0200159 TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100160 }
161
Ronald Cron5425a212020-08-04 14:58:35 +0200162 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100163 return( 1 );
164
165exit:
Ronald Cron5425a212020-08-04 14:58:35 +0200166 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100167 return( 0 );
168}
169
170int exercise_cipher_setup( psa_key_type_t key_type,
171 const unsigned char *key_bytes,
172 size_t key_length,
173 psa_algorithm_t alg,
174 psa_cipher_operation_t *operation,
175 psa_status_t *status )
176{
Ronald Cron5425a212020-08-04 14:58:35 +0200177 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200178 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100179
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200180 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
181 psa_set_key_algorithm( &attributes, alg );
182 psa_set_key_type( &attributes, key_type );
Ronald Cron5425a212020-08-04 14:58:35 +0200183 PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100184
Ronald Cron5425a212020-08-04 14:58:35 +0200185 *status = psa_cipher_encrypt_setup( operation, key, alg );
Gilles Peskine9e0a4a52019-02-25 22:11:18 +0100186 /* Whether setup succeeded or failed, abort must succeed. */
187 PSA_ASSERT( psa_cipher_abort( operation ) );
188 /* If setup failed, reproduce the failure, so that the caller can
189 * test the resulting state of the operation object. */
190 if( *status != PSA_SUCCESS )
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100191 {
Ronald Cron5425a212020-08-04 14:58:35 +0200192 TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ),
Gilles Peskine9e0a4a52019-02-25 22:11:18 +0100193 *status );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100194 }
195
Ronald Cron5425a212020-08-04 14:58:35 +0200196 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100197 return( 1 );
198
199exit:
Ronald Cron5425a212020-08-04 14:58:35 +0200200 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100201 return( 0 );
202}
203
Ronald Cron5425a212020-08-04 14:58:35 +0200204static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key )
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200205{
206 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cronecfb2372020-07-23 17:13:42 +0200207 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200208 uint8_t buffer[1];
209 size_t length;
210 int ok = 0;
211
Ronald Cronecfb2372020-07-23 17:13:42 +0200212 psa_set_key_id( &attributes, key_id );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200213 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
214 psa_set_key_algorithm( &attributes, PSA_ALG_CTR );
215 psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
Ronald Cron5425a212020-08-04 14:58:35 +0200216 TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
Maulik Patel3240c9d2021-03-17 16:11:05 +0000217 PSA_ERROR_INVALID_HANDLE );
Ronald Cronecfb2372020-07-23 17:13:42 +0200218 TEST_EQUAL(
219 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
220 TEST_EQUAL(
221 MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 );
Gilles Peskine5c648ab2019-04-19 14:06:53 +0200222 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200223 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
224 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
225 TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
226 TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
227
Ronald Cron5425a212020-08-04 14:58:35 +0200228 TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ),
Maulik Patel3240c9d2021-03-17 16:11:05 +0000229 PSA_ERROR_INVALID_HANDLE );
Ronald Cron5425a212020-08-04 14:58:35 +0200230 TEST_EQUAL( psa_export_public_key( key,
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200231 buffer, sizeof( buffer ), &length ),
Maulik Patel3240c9d2021-03-17 16:11:05 +0000232 PSA_ERROR_INVALID_HANDLE );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200233
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200234 ok = 1;
235
236exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100237 /*
238 * Key attributes may have been returned by psa_get_key_attributes()
239 * thus reset them as required.
240 */
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200241 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100242
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200243 return( ok );
244}
245
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200246/* Assert that a key isn't reported as having a slot number. */
247#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
248#define ASSERT_NO_SLOT_NUMBER( attributes ) \
249 do \
250 { \
251 psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \
252 TEST_EQUAL( psa_get_key_slot_number( \
253 attributes, \
254 &ASSERT_NO_SLOT_NUMBER_slot_number ), \
255 PSA_ERROR_INVALID_ARGUMENT ); \
256 } \
257 while( 0 )
258#else /* MBEDTLS_PSA_CRYPTO_SE_C */
259#define ASSERT_NO_SLOT_NUMBER( attributes ) \
260 ( (void) 0 )
261#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
262
Gilles Peskinebdf309c2018-12-03 15:36:32 +0100263/* An overapproximation of the amount of storage needed for a key of the
264 * given type and with the given content. The API doesn't make it easy
265 * to find a good value for the size. The current implementation doesn't
266 * care about the value anyway. */
267#define KEY_BITS_FROM_DATA( type, data ) \
268 ( data )->len
269
Darryl Green0c6575a2018-11-07 16:05:30 +0000270typedef enum {
271 IMPORT_KEY = 0,
272 GENERATE_KEY = 1,
273 DERIVE_KEY = 2
274} generate_method;
275
Gilles Peskinee59236f2018-01-27 23:32:46 +0100276/* END_HEADER */
277
278/* BEGIN_DEPENDENCIES
279 * depends_on:MBEDTLS_PSA_CRYPTO_C
280 * END_DEPENDENCIES
281 */
282
283/* BEGIN_CASE */
Gilles Peskinee1f2d7d2018-08-21 14:54:54 +0200284void static_checks( )
285{
286 size_t max_truncated_mac_size =
287 PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
288
289 /* Check that the length for a truncated MAC always fits in the algorithm
290 * encoding. The shifted mask is the maximum truncated value. The
291 * untruncated algorithm may be one byte larger. */
292 TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
Gilles Peskine841b14b2019-11-26 17:37:37 +0100293
294#if defined(MBEDTLS_TEST_DEPRECATED)
295 /* Check deprecated constants. */
296 TEST_EQUAL( PSA_ERROR_UNKNOWN_ERROR, PSA_ERROR_GENERIC_ERROR );
297 TEST_EQUAL( PSA_ERROR_OCCUPIED_SLOT, PSA_ERROR_ALREADY_EXISTS );
298 TEST_EQUAL( PSA_ERROR_EMPTY_SLOT, PSA_ERROR_DOES_NOT_EXIST );
299 TEST_EQUAL( PSA_ERROR_INSUFFICIENT_CAPACITY, PSA_ERROR_INSUFFICIENT_DATA );
300 TEST_EQUAL( PSA_ERROR_TAMPERING_DETECTED, PSA_ERROR_CORRUPTION_DETECTED );
301 TEST_EQUAL( PSA_KEY_USAGE_SIGN, PSA_KEY_USAGE_SIGN_HASH );
302 TEST_EQUAL( PSA_KEY_USAGE_VERIFY, PSA_KEY_USAGE_VERIFY_HASH );
303 TEST_EQUAL( PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE, PSA_SIGNATURE_MAX_SIZE );
Gilles Peskineb87b7192019-12-04 16:24:10 +0100304
Paul Elliott8ff510a2020-06-02 17:19:28 +0100305 TEST_EQUAL( PSA_ECC_CURVE_SECP160K1, PSA_ECC_FAMILY_SECP_K1 );
306 TEST_EQUAL( PSA_ECC_CURVE_SECP192K1, PSA_ECC_FAMILY_SECP_K1 );
307 TEST_EQUAL( PSA_ECC_CURVE_SECP224K1, PSA_ECC_FAMILY_SECP_K1 );
308 TEST_EQUAL( PSA_ECC_CURVE_SECP256K1, PSA_ECC_FAMILY_SECP_K1 );
309 TEST_EQUAL( PSA_ECC_CURVE_SECP160R1, PSA_ECC_FAMILY_SECP_R1 );
310 TEST_EQUAL( PSA_ECC_CURVE_SECP192R1, PSA_ECC_FAMILY_SECP_R1 );
311 TEST_EQUAL( PSA_ECC_CURVE_SECP224R1, PSA_ECC_FAMILY_SECP_R1 );
312 TEST_EQUAL( PSA_ECC_CURVE_SECP256R1, PSA_ECC_FAMILY_SECP_R1 );
313 TEST_EQUAL( PSA_ECC_CURVE_SECP384R1, PSA_ECC_FAMILY_SECP_R1 );
314 TEST_EQUAL( PSA_ECC_CURVE_SECP521R1, PSA_ECC_FAMILY_SECP_R1 );
315 TEST_EQUAL( PSA_ECC_CURVE_SECP160R2, PSA_ECC_FAMILY_SECP_R2 );
316 TEST_EQUAL( PSA_ECC_CURVE_SECT163K1, PSA_ECC_FAMILY_SECT_K1 );
317 TEST_EQUAL( PSA_ECC_CURVE_SECT233K1, PSA_ECC_FAMILY_SECT_K1 );
318 TEST_EQUAL( PSA_ECC_CURVE_SECT239K1, PSA_ECC_FAMILY_SECT_K1 );
319 TEST_EQUAL( PSA_ECC_CURVE_SECT283K1, PSA_ECC_FAMILY_SECT_K1 );
320 TEST_EQUAL( PSA_ECC_CURVE_SECT409K1, PSA_ECC_FAMILY_SECT_K1 );
321 TEST_EQUAL( PSA_ECC_CURVE_SECT571K1, PSA_ECC_FAMILY_SECT_K1 );
322 TEST_EQUAL( PSA_ECC_CURVE_SECT163R1, PSA_ECC_FAMILY_SECT_R1 );
323 TEST_EQUAL( PSA_ECC_CURVE_SECT193R1, PSA_ECC_FAMILY_SECT_R1 );
324 TEST_EQUAL( PSA_ECC_CURVE_SECT233R1, PSA_ECC_FAMILY_SECT_R1 );
325 TEST_EQUAL( PSA_ECC_CURVE_SECT283R1, PSA_ECC_FAMILY_SECT_R1 );
326 TEST_EQUAL( PSA_ECC_CURVE_SECT409R1, PSA_ECC_FAMILY_SECT_R1 );
327 TEST_EQUAL( PSA_ECC_CURVE_SECT571R1, PSA_ECC_FAMILY_SECT_R1 );
328 TEST_EQUAL( PSA_ECC_CURVE_SECT163R2, PSA_ECC_FAMILY_SECT_R2 );
329 TEST_EQUAL( PSA_ECC_CURVE_SECT193R2, PSA_ECC_FAMILY_SECT_R2 );
330 TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
331 TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
332 TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
333 TEST_EQUAL( PSA_ECC_CURVE_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY );
334 TEST_EQUAL( PSA_ECC_CURVE_CURVE448, PSA_ECC_FAMILY_MONTGOMERY );
335
336 TEST_EQUAL( PSA_ECC_CURVE_SECP_K1, PSA_ECC_FAMILY_SECP_K1 );
337 TEST_EQUAL( PSA_ECC_CURVE_SECP_R1, PSA_ECC_FAMILY_SECP_R1 );
338 TEST_EQUAL( PSA_ECC_CURVE_SECP_R2, PSA_ECC_FAMILY_SECP_R2 );
339 TEST_EQUAL( PSA_ECC_CURVE_SECT_K1, PSA_ECC_FAMILY_SECT_K1 );
340 TEST_EQUAL( PSA_ECC_CURVE_SECT_R1, PSA_ECC_FAMILY_SECT_R1 );
341 TEST_EQUAL( PSA_ECC_CURVE_SECT_R2, PSA_ECC_FAMILY_SECT_R2 );
342 TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P_R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
343 TEST_EQUAL( PSA_ECC_CURVE_MONTGOMERY, PSA_ECC_FAMILY_MONTGOMERY );
Gilles Peskineb87b7192019-12-04 16:24:10 +0100344
Paul Elliott75e27032020-06-03 15:17:39 +0100345 TEST_EQUAL( PSA_DH_GROUP_FFDHE2048, PSA_DH_FAMILY_RFC7919 );
346 TEST_EQUAL( PSA_DH_GROUP_FFDHE3072, PSA_DH_FAMILY_RFC7919 );
347 TEST_EQUAL( PSA_DH_GROUP_FFDHE4096, PSA_DH_FAMILY_RFC7919 );
348 TEST_EQUAL( PSA_DH_GROUP_FFDHE6144, PSA_DH_FAMILY_RFC7919 );
349 TEST_EQUAL( PSA_DH_GROUP_FFDHE8192, PSA_DH_FAMILY_RFC7919 );
350
351 TEST_EQUAL( PSA_DH_GROUP_RFC7919, PSA_DH_FAMILY_RFC7919 );
352 TEST_EQUAL( PSA_DH_GROUP_CUSTOM, PSA_DH_FAMILY_CUSTOM );
Gilles Peskineb87b7192019-12-04 16:24:10 +0100353#endif
Gilles Peskinee1f2d7d2018-08-21 14:54:54 +0200354}
355/* END_CASE */
356
357/* BEGIN_CASE */
Gilles Peskine6edfa292019-07-31 15:53:45 +0200358void import_with_policy( int type_arg,
359 int usage_arg, int alg_arg,
360 int expected_status_arg )
361{
362 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
363 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +0200364 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine6edfa292019-07-31 15:53:45 +0200365 psa_key_type_t type = type_arg;
366 psa_key_usage_t usage = usage_arg;
367 psa_algorithm_t alg = alg_arg;
368 psa_status_t expected_status = expected_status_arg;
369 const uint8_t key_material[16] = {0};
370 psa_status_t status;
371
372 PSA_ASSERT( psa_crypto_init( ) );
373
374 psa_set_key_type( &attributes, type );
375 psa_set_key_usage_flags( &attributes, usage );
376 psa_set_key_algorithm( &attributes, alg );
377
378 status = psa_import_key( &attributes,
379 key_material, sizeof( key_material ),
Ronald Cron5425a212020-08-04 14:58:35 +0200380 &key );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200381 TEST_EQUAL( status, expected_status );
382 if( status != PSA_SUCCESS )
383 goto exit;
384
Ronald Cron5425a212020-08-04 14:58:35 +0200385 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200386 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
gabor-mezei-arm4d9009e2021-05-13 12:05:01 +0200387 TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ),
gabor-mezei-armff03fd62021-06-28 14:05:00 +0200388 mbedtls_test_update_key_usage_flags( usage ) );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200389 TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200390 ASSERT_NO_SLOT_NUMBER( &got_attributes );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200391
Ronald Cron5425a212020-08-04 14:58:35 +0200392 PSA_ASSERT( psa_destroy_key( key ) );
393 test_operations_on_invalid_key( key );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200394
395exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100396 /*
397 * Key attributes may have been returned by psa_get_key_attributes()
398 * thus reset them as required.
399 */
Gilles Peskine6edfa292019-07-31 15:53:45 +0200400 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100401
402 psa_destroy_key( key );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200403 PSA_DONE( );
404}
405/* END_CASE */
406
407/* BEGIN_CASE */
408void import_with_data( data_t *data, int type_arg,
409 int attr_bits_arg,
410 int expected_status_arg )
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200411{
412 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
413 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +0200414 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200415 psa_key_type_t type = type_arg;
Gilles Peskine8fb3a9e2019-05-03 16:59:21 +0200416 size_t attr_bits = attr_bits_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200417 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100418 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100419
Gilles Peskine8817f612018-12-18 00:18:46 +0100420 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100421
Gilles Peskine4747d192019-04-17 15:05:45 +0200422 psa_set_key_type( &attributes, type );
Gilles Peskine8fb3a9e2019-05-03 16:59:21 +0200423 psa_set_key_bits( &attributes, attr_bits );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200424
Ronald Cron5425a212020-08-04 14:58:35 +0200425 status = psa_import_key( &attributes, data->x, data->len, &key );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100426 TEST_EQUAL( status, expected_status );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200427 if( status != PSA_SUCCESS )
428 goto exit;
429
Ronald Cron5425a212020-08-04 14:58:35 +0200430 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200431 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
Gilles Peskine8fb3a9e2019-05-03 16:59:21 +0200432 if( attr_bits != 0 )
Gilles Peskine7e0cff92019-07-30 13:48:52 +0200433 TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200434 ASSERT_NO_SLOT_NUMBER( &got_attributes );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200435
Ronald Cron5425a212020-08-04 14:58:35 +0200436 PSA_ASSERT( psa_destroy_key( key ) );
437 test_operations_on_invalid_key( key );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100438
439exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100440 /*
441 * Key attributes may have been returned by psa_get_key_attributes()
442 * thus reset them as required.
443 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +0200444 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100445
446 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200447 PSA_DONE( );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100448}
449/* END_CASE */
450
451/* BEGIN_CASE */
Gilles Peskinec744d992019-07-30 17:26:54 +0200452void import_large_key( int type_arg, int byte_size_arg,
453 int expected_status_arg )
454{
455 psa_key_type_t type = type_arg;
456 size_t byte_size = byte_size_arg;
457 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
458 psa_status_t expected_status = expected_status_arg;
Ronald Cron5425a212020-08-04 14:58:35 +0200459 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinec744d992019-07-30 17:26:54 +0200460 psa_status_t status;
461 uint8_t *buffer = NULL;
462 size_t buffer_size = byte_size + 1;
463 size_t n;
464
Steven Cooreman69967ce2021-01-18 18:01:08 +0100465 /* Skip the test case if the target running the test cannot
466 * accomodate large keys due to heap size constraints */
467 ASSERT_ALLOC_WEAK( buffer, buffer_size );
Gilles Peskinec744d992019-07-30 17:26:54 +0200468 memset( buffer, 'K', byte_size );
469
470 PSA_ASSERT( psa_crypto_init( ) );
471
472 /* Try importing the key */
473 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
474 psa_set_key_type( &attributes, type );
Ronald Cron5425a212020-08-04 14:58:35 +0200475 status = psa_import_key( &attributes, buffer, byte_size, &key );
Steven Cooreman83fdb702021-01-21 14:24:39 +0100476 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
Gilles Peskinec744d992019-07-30 17:26:54 +0200477 TEST_EQUAL( status, expected_status );
478
479 if( status == PSA_SUCCESS )
480 {
Ronald Cron5425a212020-08-04 14:58:35 +0200481 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskinec744d992019-07-30 17:26:54 +0200482 TEST_EQUAL( psa_get_key_type( &attributes ), type );
483 TEST_EQUAL( psa_get_key_bits( &attributes ),
484 PSA_BYTES_TO_BITS( byte_size ) );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200485 ASSERT_NO_SLOT_NUMBER( &attributes );
Gilles Peskinec744d992019-07-30 17:26:54 +0200486 memset( buffer, 0, byte_size + 1 );
Ronald Cron5425a212020-08-04 14:58:35 +0200487 PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) );
Gilles Peskinec744d992019-07-30 17:26:54 +0200488 for( n = 0; n < byte_size; n++ )
489 TEST_EQUAL( buffer[n], 'K' );
490 for( n = byte_size; n < buffer_size; n++ )
491 TEST_EQUAL( buffer[n], 0 );
492 }
493
494exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100495 /*
496 * Key attributes may have been returned by psa_get_key_attributes()
497 * thus reset them as required.
498 */
499 psa_reset_key_attributes( &attributes );
500
Ronald Cron5425a212020-08-04 14:58:35 +0200501 psa_destroy_key( key );
Gilles Peskinec744d992019-07-30 17:26:54 +0200502 PSA_DONE( );
503 mbedtls_free( buffer );
504}
505/* END_CASE */
506
Andrzej Kureke0015962022-01-17 15:29:38 +0100507/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C */
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200508void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
509{
Ronald Cron5425a212020-08-04 14:58:35 +0200510 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200511 size_t bits = bits_arg;
512 psa_status_t expected_status = expected_status_arg;
513 psa_status_t status;
514 psa_key_type_t type =
Gilles Peskinec93b80c2019-05-16 19:39:54 +0200515 keypair ? PSA_KEY_TYPE_RSA_KEY_PAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200516 size_t buffer_size = /* Slight overapproximations */
517 keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200518 unsigned char *buffer = NULL;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200519 unsigned char *p;
520 int ret;
521 size_t length;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200522 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200523
Gilles Peskine8817f612018-12-18 00:18:46 +0100524 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200525 ASSERT_ALLOC( buffer, buffer_size );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200526
527 TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
528 bits, keypair ) ) >= 0 );
529 length = ret;
530
531 /* Try importing the key */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200532 psa_set_key_type( &attributes, type );
Ronald Cron5425a212020-08-04 14:58:35 +0200533 status = psa_import_key( &attributes, p, length, &key );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100534 TEST_EQUAL( status, expected_status );
Gilles Peskine76b29a72019-05-28 14:08:50 +0200535
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200536 if( status == PSA_SUCCESS )
Ronald Cron5425a212020-08-04 14:58:35 +0200537 PSA_ASSERT( psa_destroy_key( key ) );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200538
539exit:
540 mbedtls_free( buffer );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200541 PSA_DONE( );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200542}
543/* END_CASE */
544
545/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300546void import_export( data_t *data,
Moran Pekera964a8f2018-06-04 18:42:36 +0300547 int type_arg,
Gilles Peskine1ecf92c22019-05-24 15:00:06 +0200548 int usage_arg, int alg_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100549 int expected_bits,
550 int export_size_delta,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200551 int expected_export_status_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100552 int canonical_input )
553{
Ronald Cron5425a212020-08-04 14:58:35 +0200554 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100555 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200556 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200557 psa_status_t expected_export_status = expected_export_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100558 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100559 unsigned char *exported = NULL;
560 unsigned char *reexported = NULL;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100561 size_t export_size;
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100562 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100563 size_t reexported_length;
Gilles Peskine4747d192019-04-17 15:05:45 +0200564 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200565 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100566
Moran Pekercb088e72018-07-17 17:36:59 +0300567 export_size = (ptrdiff_t) data->len + export_size_delta;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200568 ASSERT_ALLOC( exported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100569 if( ! canonical_input )
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200570 ASSERT_ALLOC( reexported, export_size );
Gilles Peskine8817f612018-12-18 00:18:46 +0100571 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100572
Gilles Peskine4747d192019-04-17 15:05:45 +0200573 psa_set_key_usage_flags( &attributes, usage_arg );
574 psa_set_key_algorithm( &attributes, alg );
575 psa_set_key_type( &attributes, type );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700576
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100577 /* Import the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200578 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100579
580 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +0200581 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200582 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
583 TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200584 ASSERT_NO_SLOT_NUMBER( &got_attributes );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100585
586 /* Export the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200587 status = psa_export_key( key, exported, export_size, &exported_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100588 TEST_EQUAL( status, expected_export_status );
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100589
590 /* The exported length must be set by psa_export_key() to a value between 0
591 * and export_size. On errors, the exported length must be 0. */
592 TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
593 TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
594 TEST_ASSERT( exported_length <= export_size );
595
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200596 TEST_ASSERT( mem_is_char( exported + exported_length, 0,
Gilles Peskine3f669c32018-06-21 09:21:51 +0200597 export_size - exported_length ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100598 if( status != PSA_SUCCESS )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200599 {
Gilles Peskinefe11b722018-12-18 00:24:04 +0100600 TEST_EQUAL( exported_length, 0 );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100601 goto destroy;
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200602 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100603
Gilles Peskineea38a922021-02-13 00:05:16 +0100604 /* Run sanity checks on the exported key. For non-canonical inputs,
605 * this validates the canonical representations. For canonical inputs,
606 * this doesn't directly validate the implementation, but it still helps
607 * by cross-validating the test data with the sanity check code. */
608 if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) )
Gilles Peskine8f609232018-08-11 01:24:55 +0200609 goto exit;
610
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100611 if( canonical_input )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200612 ASSERT_COMPARE( data->x, data->len, exported, exported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100613 else
614 {
Ronald Cron5425a212020-08-04 14:58:35 +0200615 mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine049c7532019-05-15 20:22:09 +0200616 PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
Ronald Cron5425a212020-08-04 14:58:35 +0200617 &key2 ) );
618 PSA_ASSERT( psa_export_key( key2,
Gilles Peskine8817f612018-12-18 00:18:46 +0100619 reexported,
620 export_size,
621 &reexported_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200622 ASSERT_COMPARE( exported, exported_length,
623 reexported, reexported_length );
Ronald Cron5425a212020-08-04 14:58:35 +0200624 PSA_ASSERT( psa_destroy_key( key2 ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100625 }
gabor-mezei-armceface22021-01-21 12:26:17 +0100626 TEST_ASSERT( exported_length <=
627 PSA_EXPORT_KEY_OUTPUT_SIZE( type,
628 psa_get_key_bits( &got_attributes ) ) );
629 TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100630
631destroy:
632 /* Destroy the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200633 PSA_ASSERT( psa_destroy_key( key ) );
634 test_operations_on_invalid_key( key );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100635
636exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100637 /*
638 * Key attributes may have been returned by psa_get_key_attributes()
639 * thus reset them as required.
640 */
641 psa_reset_key_attributes( &got_attributes );
642
itayzafrir3e02b3b2018-06-12 17:06:52 +0300643 mbedtls_free( exported );
644 mbedtls_free( reexported );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200645 PSA_DONE( );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100646}
647/* END_CASE */
Gilles Peskine20035e32018-02-03 22:44:14 +0100648
Moran Pekerf709f4a2018-06-06 17:26:04 +0300649/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300650void import_export_public_key( data_t *data,
Gilles Peskine2d277862018-06-18 15:41:12 +0200651 int type_arg,
652 int alg_arg,
Gilles Peskine49c25912018-10-29 15:15:31 +0100653 int export_size_delta,
654 int expected_export_status_arg,
655 data_t *expected_public_key )
Moran Pekerf709f4a2018-06-06 17:26:04 +0300656{
Ronald Cron5425a212020-08-04 14:58:35 +0200657 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300658 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200659 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200660 psa_status_t expected_export_status = expected_export_status_arg;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300661 psa_status_t status;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300662 unsigned char *exported = NULL;
Gilles Peskine49c25912018-10-29 15:15:31 +0100663 size_t export_size = expected_public_key->len + export_size_delta;
Jaeden Amero2a671e92018-06-27 17:47:40 +0100664 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine4747d192019-04-17 15:05:45 +0200665 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300666
Gilles Peskine8817f612018-12-18 00:18:46 +0100667 PSA_ASSERT( psa_crypto_init( ) );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300668
Gilles Peskine4747d192019-04-17 15:05:45 +0200669 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
670 psa_set_key_algorithm( &attributes, alg );
671 psa_set_key_type( &attributes, type );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300672
673 /* Import the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200674 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300675
Gilles Peskine49c25912018-10-29 15:15:31 +0100676 /* Export the public key */
677 ASSERT_ALLOC( exported, export_size );
Ronald Cron5425a212020-08-04 14:58:35 +0200678 status = psa_export_public_key( key,
Gilles Peskine2d277862018-06-18 15:41:12 +0200679 exported, export_size,
680 &exported_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100681 TEST_EQUAL( status, expected_export_status );
Gilles Peskine49c25912018-10-29 15:15:31 +0100682 if( status == PSA_SUCCESS )
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100683 {
Gilles Peskinec93b80c2019-05-16 19:39:54 +0200684 psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100685 size_t bits;
Ronald Cron5425a212020-08-04 14:58:35 +0200686 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200687 bits = psa_get_key_bits( &attributes );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100688 TEST_ASSERT( expected_public_key->len <=
gabor-mezei-armcbcec212020-12-18 14:23:51 +0100689 PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) );
gabor-mezei-armceface22021-01-21 12:26:17 +0100690 TEST_ASSERT( expected_public_key->len <=
691 PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) );
692 TEST_ASSERT( expected_public_key->len <=
693 PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
Gilles Peskine49c25912018-10-29 15:15:31 +0100694 ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
695 exported, exported_length );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100696 }
Moran Pekerf709f4a2018-06-06 17:26:04 +0300697
698exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100699 /*
700 * Key attributes may have been returned by psa_get_key_attributes()
701 * thus reset them as required.
702 */
703 psa_reset_key_attributes( &attributes );
704
itayzafrir3e02b3b2018-06-12 17:06:52 +0300705 mbedtls_free( exported );
Ronald Cron5425a212020-08-04 14:58:35 +0200706 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200707 PSA_DONE( );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300708}
709/* END_CASE */
710
Gilles Peskine20035e32018-02-03 22:44:14 +0100711/* BEGIN_CASE */
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200712void import_and_exercise_key( data_t *data,
713 int type_arg,
714 int bits_arg,
715 int alg_arg )
716{
Ronald Cron5425a212020-08-04 14:58:35 +0200717 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200718 psa_key_type_t type = type_arg;
719 size_t bits = bits_arg;
720 psa_algorithm_t alg = alg_arg;
Gilles Peskinec18e25f2021-02-12 23:48:20 +0100721 psa_key_usage_t usage = mbedtls_test_psa_usage_to_exercise( type, alg );
Gilles Peskine4747d192019-04-17 15:05:45 +0200722 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200723 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200724
Gilles Peskine8817f612018-12-18 00:18:46 +0100725 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200726
Gilles Peskine4747d192019-04-17 15:05:45 +0200727 psa_set_key_usage_flags( &attributes, usage );
728 psa_set_key_algorithm( &attributes, alg );
729 psa_set_key_type( &attributes, type );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200730
731 /* Import the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200732 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200733
734 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +0200735 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200736 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
737 TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200738
739 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +0100740 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskine02b75072018-07-01 22:31:34 +0200741 goto exit;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200742
Ronald Cron5425a212020-08-04 14:58:35 +0200743 PSA_ASSERT( psa_destroy_key( key ) );
744 test_operations_on_invalid_key( key );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200745
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200746exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100747 /*
748 * Key attributes may have been returned by psa_get_key_attributes()
749 * thus reset them as required.
750 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +0200751 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100752
753 psa_reset_key_attributes( &attributes );
754 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200755 PSA_DONE( );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200756}
757/* END_CASE */
758
759/* BEGIN_CASE */
Gilles Peskine06c28892019-11-26 18:07:46 +0100760void effective_key_attributes( int type_arg, int expected_type_arg,
761 int bits_arg, int expected_bits_arg,
762 int usage_arg, int expected_usage_arg,
763 int alg_arg, int expected_alg_arg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200764{
Ronald Cron5425a212020-08-04 14:58:35 +0200765 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine1a960492019-11-26 17:12:21 +0100766 psa_key_type_t key_type = type_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100767 psa_key_type_t expected_key_type = expected_type_arg;
Gilles Peskine1a960492019-11-26 17:12:21 +0100768 size_t bits = bits_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100769 size_t expected_bits = expected_bits_arg;
Gilles Peskined5b33222018-06-18 22:20:03 +0200770 psa_algorithm_t alg = alg_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100771 psa_algorithm_t expected_alg = expected_alg_arg;
Gilles Peskined5b33222018-06-18 22:20:03 +0200772 psa_key_usage_t usage = usage_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100773 psa_key_usage_t expected_usage = expected_usage_arg;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200774 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskined5b33222018-06-18 22:20:03 +0200775
Gilles Peskine8817f612018-12-18 00:18:46 +0100776 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskined5b33222018-06-18 22:20:03 +0200777
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200778 psa_set_key_usage_flags( &attributes, usage );
779 psa_set_key_algorithm( &attributes, alg );
780 psa_set_key_type( &attributes, key_type );
Gilles Peskine1a960492019-11-26 17:12:21 +0100781 psa_set_key_bits( &attributes, bits );
Gilles Peskined5b33222018-06-18 22:20:03 +0200782
Ronald Cron5425a212020-08-04 14:58:35 +0200783 PSA_ASSERT( psa_generate_key( &attributes, &key ) );
Gilles Peskine1a960492019-11-26 17:12:21 +0100784 psa_reset_key_attributes( &attributes );
Gilles Peskined5b33222018-06-18 22:20:03 +0200785
Ronald Cron5425a212020-08-04 14:58:35 +0200786 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine06c28892019-11-26 18:07:46 +0100787 TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type );
788 TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits );
789 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage );
790 TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg );
Gilles Peskined5b33222018-06-18 22:20:03 +0200791
792exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100793 /*
794 * Key attributes may have been returned by psa_get_key_attributes()
795 * thus reset them as required.
796 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +0200797 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100798
799 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200800 PSA_DONE( );
Gilles Peskined5b33222018-06-18 22:20:03 +0200801}
802/* END_CASE */
803
804/* BEGIN_CASE */
Gilles Peskine06c28892019-11-26 18:07:46 +0100805void check_key_policy( int type_arg, int bits_arg,
806 int usage_arg, int alg_arg )
807{
808 test_effective_key_attributes( type_arg, type_arg, bits_arg, bits_arg,
gabor-mezei-arm58e510f2021-06-28 14:36:03 +0200809 usage_arg,
810 mbedtls_test_update_key_usage_flags( usage_arg ),
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +0200811 alg_arg, alg_arg );
Gilles Peskine06c28892019-11-26 18:07:46 +0100812 goto exit;
813}
814/* END_CASE */
815
816/* BEGIN_CASE */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200817void key_attributes_init( )
Jaeden Amero70261c52019-01-04 11:47:20 +0000818{
819 /* Test each valid way of initializing the object, except for `= {0}`, as
820 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
821 * though it's OK by the C standard. We could test for this, but we'd need
822 * to supress the Clang warning for the test. */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200823 psa_key_attributes_t func = psa_key_attributes_init( );
824 psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
825 psa_key_attributes_t zero;
Jaeden Amero70261c52019-01-04 11:47:20 +0000826
827 memset( &zero, 0, sizeof( zero ) );
828
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200829 TEST_EQUAL( psa_get_key_lifetime( &func ), PSA_KEY_LIFETIME_VOLATILE );
830 TEST_EQUAL( psa_get_key_lifetime( &init ), PSA_KEY_LIFETIME_VOLATILE );
831 TEST_EQUAL( psa_get_key_lifetime( &zero ), PSA_KEY_LIFETIME_VOLATILE );
Jaeden Amero5229bbb2019-02-07 16:33:37 +0000832
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200833 TEST_EQUAL( psa_get_key_type( &func ), 0 );
834 TEST_EQUAL( psa_get_key_type( &init ), 0 );
835 TEST_EQUAL( psa_get_key_type( &zero ), 0 );
836
837 TEST_EQUAL( psa_get_key_bits( &func ), 0 );
838 TEST_EQUAL( psa_get_key_bits( &init ), 0 );
839 TEST_EQUAL( psa_get_key_bits( &zero ), 0 );
840
841 TEST_EQUAL( psa_get_key_usage_flags( &func ), 0 );
842 TEST_EQUAL( psa_get_key_usage_flags( &init ), 0 );
843 TEST_EQUAL( psa_get_key_usage_flags( &zero ), 0 );
844
845 TEST_EQUAL( psa_get_key_algorithm( &func ), 0 );
846 TEST_EQUAL( psa_get_key_algorithm( &init ), 0 );
847 TEST_EQUAL( psa_get_key_algorithm( &zero ), 0 );
Jaeden Amero70261c52019-01-04 11:47:20 +0000848}
849/* END_CASE */
850
851/* BEGIN_CASE */
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +0200852void mac_key_policy( int policy_usage_arg,
853 int policy_alg_arg,
854 int key_type_arg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200855 data_t *key_data,
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +0200856 int exercise_alg_arg,
Mateusz Starzyk25e65db2021-08-24 11:01:23 +0200857 int expected_status_sign_arg,
858 int expected_status_verify_arg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200859{
Ronald Cron5425a212020-08-04 14:58:35 +0200860 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200861 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Amero769ce272019-01-04 11:48:03 +0000862 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +0200863 psa_key_type_t key_type = key_type_arg;
864 psa_algorithm_t policy_alg = policy_alg_arg;
865 psa_algorithm_t exercise_alg = exercise_alg_arg;
866 psa_key_usage_t policy_usage = policy_usage_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200867 psa_status_t status;
Mateusz Starzyk25e65db2021-08-24 11:01:23 +0200868 psa_status_t expected_status_sign = expected_status_sign_arg;
869 psa_status_t expected_status_verify = expected_status_verify_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200870 unsigned char mac[PSA_MAC_MAX_SIZE];
Gilles Peskined5b33222018-06-18 22:20:03 +0200871
Gilles Peskine8817f612018-12-18 00:18:46 +0100872 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskined5b33222018-06-18 22:20:03 +0200873
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200874 psa_set_key_usage_flags( &attributes, policy_usage );
875 psa_set_key_algorithm( &attributes, policy_alg );
876 psa_set_key_type( &attributes, key_type );
Gilles Peskined5b33222018-06-18 22:20:03 +0200877
Gilles Peskine049c7532019-05-15 20:22:09 +0200878 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +0200879 &key ) );
Gilles Peskined5b33222018-06-18 22:20:03 +0200880
gabor-mezei-arm659af9e2021-06-29 11:06:16 +0200881 TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
882 mbedtls_test_update_key_usage_flags( policy_usage ) );
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +0200883
Ronald Cron5425a212020-08-04 14:58:35 +0200884 status = psa_mac_sign_setup( &operation, key, exercise_alg );
Mateusz Starzyk25e65db2021-08-24 11:01:23 +0200885 TEST_EQUAL( status, expected_status_sign );
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100886
Mateusz Starzyke6e02b62021-08-30 17:09:03 +0200887 /* Calculate the MAC, one-shot case. */
888 uint8_t input[128] = {0};
889 size_t mac_len;
890 TEST_EQUAL( psa_mac_compute( key, exercise_alg,
891 input, 128,
892 mac, PSA_MAC_MAX_SIZE, &mac_len ),
893 expected_status_sign );
894
895 /* Verify correct MAC, one-shot case. */
896 status = psa_mac_verify( key, exercise_alg, input, 128,
897 mac, mac_len );
898
899 if( expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS )
900 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
901 else
902 TEST_EQUAL( status, expected_status_verify );
903
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200904 psa_mac_abort( &operation );
Gilles Peskined5b33222018-06-18 22:20:03 +0200905
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200906 memset( mac, 0, sizeof( mac ) );
Ronald Cron5425a212020-08-04 14:58:35 +0200907 status = psa_mac_verify_setup( &operation, key, exercise_alg );
Mateusz Starzyk25e65db2021-08-24 11:01:23 +0200908 TEST_EQUAL( status, expected_status_verify );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200909
910exit:
911 psa_mac_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +0200912 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200913 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200914}
915/* END_CASE */
916
917/* BEGIN_CASE */
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +0200918void cipher_key_policy( int policy_usage_arg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200919 int policy_alg,
920 int key_type,
921 data_t *key_data,
922 int exercise_alg )
923{
Ronald Cron5425a212020-08-04 14:58:35 +0200924 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200925 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Amero5bae2272019-01-04 11:48:27 +0000926 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +0200927 psa_key_usage_t policy_usage = policy_usage_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200928 psa_status_t status;
929
Gilles Peskine8817f612018-12-18 00:18:46 +0100930 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200931
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200932 psa_set_key_usage_flags( &attributes, policy_usage );
933 psa_set_key_algorithm( &attributes, policy_alg );
934 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200935
Gilles Peskine049c7532019-05-15 20:22:09 +0200936 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +0200937 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200938
gabor-mezei-armff03fd62021-06-28 14:05:00 +0200939 /* Check if no key usage flag implication is done */
940 TEST_EQUAL( policy_usage,
941 mbedtls_test_update_key_usage_flags( policy_usage ) );
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +0200942
Ronald Cron5425a212020-08-04 14:58:35 +0200943 status = psa_cipher_encrypt_setup( &operation, key, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200944 if( policy_alg == exercise_alg &&
945 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +0100946 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200947 else
Gilles Peskinefe11b722018-12-18 00:24:04 +0100948 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200949 psa_cipher_abort( &operation );
950
Ronald Cron5425a212020-08-04 14:58:35 +0200951 status = psa_cipher_decrypt_setup( &operation, key, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200952 if( policy_alg == exercise_alg &&
953 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +0100954 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200955 else
Gilles Peskinefe11b722018-12-18 00:24:04 +0100956 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200957
958exit:
959 psa_cipher_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +0200960 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200961 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200962}
963/* END_CASE */
964
965/* BEGIN_CASE */
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +0200966void aead_key_policy( int policy_usage_arg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200967 int policy_alg,
968 int key_type,
969 data_t *key_data,
970 int nonce_length_arg,
971 int tag_length_arg,
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100972 int exercise_alg,
973 int expected_status_arg )
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200974{
Ronald Cron5425a212020-08-04 14:58:35 +0200975 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200976 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +0200977 psa_key_usage_t policy_usage = policy_usage_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200978 psa_status_t status;
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100979 psa_status_t expected_status = expected_status_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200980 unsigned char nonce[16] = {0};
981 size_t nonce_length = nonce_length_arg;
982 unsigned char tag[16];
983 size_t tag_length = tag_length_arg;
984 size_t output_length;
985
986 TEST_ASSERT( nonce_length <= sizeof( nonce ) );
987 TEST_ASSERT( tag_length <= sizeof( tag ) );
988
Gilles Peskine8817f612018-12-18 00:18:46 +0100989 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200990
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200991 psa_set_key_usage_flags( &attributes, policy_usage );
992 psa_set_key_algorithm( &attributes, policy_alg );
993 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200994
Gilles Peskine049c7532019-05-15 20:22:09 +0200995 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +0200996 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200997
gabor-mezei-armff03fd62021-06-28 14:05:00 +0200998 /* Check if no key usage implication is done */
999 TEST_EQUAL( policy_usage,
1000 mbedtls_test_update_key_usage_flags( policy_usage ) );
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001001
Ronald Cron5425a212020-08-04 14:58:35 +02001002 status = psa_aead_encrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001003 nonce, nonce_length,
1004 NULL, 0,
1005 NULL, 0,
1006 tag, tag_length,
1007 &output_length );
Steven Cooremanb3ce8152021-02-18 12:03:50 +01001008 if( ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1009 TEST_EQUAL( status, expected_status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001010 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001011 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001012
1013 memset( tag, 0, sizeof( tag ) );
Ronald Cron5425a212020-08-04 14:58:35 +02001014 status = psa_aead_decrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001015 nonce, nonce_length,
1016 NULL, 0,
1017 tag, tag_length,
1018 NULL, 0,
1019 &output_length );
Steven Cooremanb3ce8152021-02-18 12:03:50 +01001020 if( ( policy_usage & PSA_KEY_USAGE_DECRYPT ) == 0 )
1021 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
1022 else if( expected_status == PSA_SUCCESS )
Gilles Peskinefe11b722018-12-18 00:24:04 +01001023 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001024 else
Steven Cooremanb3ce8152021-02-18 12:03:50 +01001025 TEST_EQUAL( status, expected_status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001026
1027exit:
Ronald Cron5425a212020-08-04 14:58:35 +02001028 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001029 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001030}
1031/* END_CASE */
1032
1033/* BEGIN_CASE */
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001034void asymmetric_encryption_key_policy( int policy_usage_arg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001035 int policy_alg,
1036 int key_type,
1037 data_t *key_data,
1038 int exercise_alg )
1039{
Ronald Cron5425a212020-08-04 14:58:35 +02001040 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001041 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001042 psa_key_usage_t policy_usage = policy_usage_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001043 psa_status_t status;
1044 size_t key_bits;
1045 size_t buffer_length;
1046 unsigned char *buffer = NULL;
1047 size_t output_length;
1048
Gilles Peskine8817f612018-12-18 00:18:46 +01001049 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001050
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001051 psa_set_key_usage_flags( &attributes, policy_usage );
1052 psa_set_key_algorithm( &attributes, policy_alg );
1053 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001054
Gilles Peskine049c7532019-05-15 20:22:09 +02001055 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001056 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001057
gabor-mezei-armff03fd62021-06-28 14:05:00 +02001058 /* Check if no key usage implication is done */
1059 TEST_EQUAL( policy_usage,
1060 mbedtls_test_update_key_usage_flags( policy_usage ) );
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001061
Ronald Cron5425a212020-08-04 14:58:35 +02001062 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02001063 key_bits = psa_get_key_bits( &attributes );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001064 buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
1065 exercise_alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02001066 ASSERT_ALLOC( buffer, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001067
Ronald Cron5425a212020-08-04 14:58:35 +02001068 status = psa_asymmetric_encrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001069 NULL, 0,
1070 NULL, 0,
1071 buffer, buffer_length,
1072 &output_length );
1073 if( policy_alg == exercise_alg &&
1074 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +01001075 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001076 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001077 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001078
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02001079 if( buffer_length != 0 )
1080 memset( buffer, 0, buffer_length );
Ronald Cron5425a212020-08-04 14:58:35 +02001081 status = psa_asymmetric_decrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001082 buffer, buffer_length,
1083 NULL, 0,
1084 buffer, buffer_length,
1085 &output_length );
1086 if( policy_alg == exercise_alg &&
1087 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
Gilles Peskinefe11b722018-12-18 00:24:04 +01001088 TEST_EQUAL( status, PSA_ERROR_INVALID_PADDING );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001089 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001090 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001091
1092exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001093 /*
1094 * Key attributes may have been returned by psa_get_key_attributes()
1095 * thus reset them as required.
1096 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02001097 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001098
1099 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001100 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001101 mbedtls_free( buffer );
1102}
1103/* END_CASE */
1104
1105/* BEGIN_CASE */
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001106void asymmetric_signature_key_policy( int policy_usage_arg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001107 int policy_alg,
1108 int key_type,
1109 data_t *key_data,
Gilles Peskine30f77cd2019-01-14 16:06:39 +01001110 int exercise_alg,
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001111 int payload_length_arg,
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001112 int expected_usage_arg )
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001113{
Ronald Cron5425a212020-08-04 14:58:35 +02001114 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001115 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001116 psa_key_usage_t policy_usage = policy_usage_arg;
1117 psa_key_usage_t expected_usage = expected_usage_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001118 psa_status_t status;
Gilles Peskine30f77cd2019-01-14 16:06:39 +01001119 unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
1120 /* If `payload_length_arg > 0`, `exercise_alg` is supposed to be
1121 * compatible with the policy and `payload_length_arg` is supposed to be
1122 * a valid input length to sign. If `payload_length_arg <= 0`,
1123 * `exercise_alg` is supposed to be forbidden by the policy. */
1124 int compatible_alg = payload_length_arg > 0;
1125 size_t payload_length = compatible_alg ? payload_length_arg : 0;
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001126 unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001127 size_t signature_length;
1128
gabor-mezei-armff03fd62021-06-28 14:05:00 +02001129 /* Check if all implicit usage flags are deployed
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001130 in the expected usage flags. */
gabor-mezei-armff03fd62021-06-28 14:05:00 +02001131 TEST_EQUAL( expected_usage,
1132 mbedtls_test_update_key_usage_flags( policy_usage ) );
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001133
Gilles Peskine8817f612018-12-18 00:18:46 +01001134 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001135
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001136 psa_set_key_usage_flags( &attributes, policy_usage );
1137 psa_set_key_algorithm( &attributes, policy_alg );
1138 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001139
Gilles Peskine049c7532019-05-15 20:22:09 +02001140 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001141 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001142
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001143 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage );
1144
Ronald Cron5425a212020-08-04 14:58:35 +02001145 status = psa_sign_hash( key, exercise_alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001146 payload, payload_length,
1147 signature, sizeof( signature ),
1148 &signature_length );
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001149 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +01001150 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001151 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001152 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001153
1154 memset( signature, 0, sizeof( signature ) );
Ronald Cron5425a212020-08-04 14:58:35 +02001155 status = psa_verify_hash( key, exercise_alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001156 payload, payload_length,
1157 signature, sizeof( signature ) );
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001158 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
Gilles Peskinefe11b722018-12-18 00:24:04 +01001159 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001160 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001161 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskined5b33222018-06-18 22:20:03 +02001162
Gilles Peskine8cb22c82021-09-22 16:15:05 +02001163 if( PSA_ALG_IS_SIGN_HASH( exercise_alg ) &&
gabor-mezei-arm79df41d2021-06-28 14:53:49 +02001164 PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( exercise_alg ) ) )
gabor-mezei-arm3e5f6cd2021-05-13 16:17:16 +02001165 {
1166 status = psa_sign_message( key, exercise_alg,
1167 payload, payload_length,
1168 signature, sizeof( signature ),
1169 &signature_length );
1170 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE ) != 0 )
1171 PSA_ASSERT( status );
1172 else
1173 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
1174
1175 memset( signature, 0, sizeof( signature ) );
1176 status = psa_verify_message( key, exercise_alg,
1177 payload, payload_length,
1178 signature, sizeof( signature ) );
1179 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_MESSAGE ) != 0 )
1180 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
1181 else
1182 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
1183 }
1184
Gilles Peskined5b33222018-06-18 22:20:03 +02001185exit:
Ronald Cron5425a212020-08-04 14:58:35 +02001186 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001187 PSA_DONE( );
Gilles Peskined5b33222018-06-18 22:20:03 +02001188}
1189/* END_CASE */
1190
Janos Follathba3fab92019-06-11 14:50:16 +01001191/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +02001192void derive_key_policy( int policy_usage,
1193 int policy_alg,
1194 int key_type,
1195 data_t *key_data,
1196 int exercise_alg )
1197{
Ronald Cron5425a212020-08-04 14:58:35 +02001198 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001199 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001200 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineea0fb492018-07-12 17:17:20 +02001201 psa_status_t status;
1202
Gilles Peskine8817f612018-12-18 00:18:46 +01001203 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001204
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001205 psa_set_key_usage_flags( &attributes, policy_usage );
1206 psa_set_key_algorithm( &attributes, policy_alg );
1207 psa_set_key_type( &attributes, key_type );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001208
Gilles Peskine049c7532019-05-15 20:22:09 +02001209 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001210 &key ) );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001211
Janos Follathba3fab92019-06-11 14:50:16 +01001212 PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
1213
1214 if( PSA_ALG_IS_TLS12_PRF( exercise_alg ) ||
1215 PSA_ALG_IS_TLS12_PSK_TO_MS( exercise_alg ) )
Janos Follath0c1ed842019-06-28 13:35:36 +01001216 {
Janos Follathba3fab92019-06-11 14:50:16 +01001217 PSA_ASSERT( psa_key_derivation_input_bytes(
1218 &operation,
1219 PSA_KEY_DERIVATION_INPUT_SEED,
1220 (const uint8_t*) "", 0) );
Janos Follath0c1ed842019-06-28 13:35:36 +01001221 }
Janos Follathba3fab92019-06-11 14:50:16 +01001222
1223 status = psa_key_derivation_input_key( &operation,
1224 PSA_KEY_DERIVATION_INPUT_SECRET,
Ronald Cron5425a212020-08-04 14:58:35 +02001225 key );
Janos Follathba3fab92019-06-11 14:50:16 +01001226
Gilles Peskineea0fb492018-07-12 17:17:20 +02001227 if( policy_alg == exercise_alg &&
1228 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +01001229 PSA_ASSERT( status );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001230 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001231 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001232
1233exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001234 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02001235 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001236 PSA_DONE( );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001237}
1238/* END_CASE */
1239
1240/* BEGIN_CASE */
Gilles Peskine01d718c2018-09-18 12:01:02 +02001241void agreement_key_policy( int policy_usage,
1242 int policy_alg,
1243 int key_type_arg,
1244 data_t *key_data,
Steven Cooremance48e852020-10-05 16:02:45 +02001245 int exercise_alg,
1246 int expected_status_arg )
Gilles Peskine01d718c2018-09-18 12:01:02 +02001247{
Ronald Cron5425a212020-08-04 14:58:35 +02001248 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001249 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +02001250 psa_key_type_t key_type = key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001251 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +02001252 psa_status_t status;
Steven Cooremance48e852020-10-05 16:02:45 +02001253 psa_status_t expected_status = expected_status_arg;
Gilles Peskine01d718c2018-09-18 12:01:02 +02001254
Gilles Peskine8817f612018-12-18 00:18:46 +01001255 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001256
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001257 psa_set_key_usage_flags( &attributes, policy_usage );
1258 psa_set_key_algorithm( &attributes, policy_alg );
1259 psa_set_key_type( &attributes, key_type );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001260
Gilles Peskine049c7532019-05-15 20:22:09 +02001261 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001262 &key ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001263
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001264 PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001265 status = mbedtls_test_psa_key_agreement_with_self( &operation, key );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001266
Steven Cooremance48e852020-10-05 16:02:45 +02001267 TEST_EQUAL( status, expected_status );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001268
1269exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001270 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02001271 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001272 PSA_DONE( );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001273}
1274/* END_CASE */
1275
1276/* BEGIN_CASE */
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001277void key_policy_alg2( int key_type_arg, data_t *key_data,
1278 int usage_arg, int alg_arg, int alg2_arg )
1279{
Ronald Cron5425a212020-08-04 14:58:35 +02001280 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001281 psa_key_type_t key_type = key_type_arg;
1282 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
1283 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
1284 psa_key_usage_t usage = usage_arg;
1285 psa_algorithm_t alg = alg_arg;
1286 psa_algorithm_t alg2 = alg2_arg;
1287
1288 PSA_ASSERT( psa_crypto_init( ) );
1289
1290 psa_set_key_usage_flags( &attributes, usage );
1291 psa_set_key_algorithm( &attributes, alg );
1292 psa_set_key_enrollment_algorithm( &attributes, alg2 );
1293 psa_set_key_type( &attributes, key_type );
1294 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001295 &key ) );
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001296
gabor-mezei-armff03fd62021-06-28 14:05:00 +02001297 /* Update the usage flags to obtain implicit usage flags */
1298 usage = mbedtls_test_update_key_usage_flags( usage );
Ronald Cron5425a212020-08-04 14:58:35 +02001299 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001300 TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
1301 TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
1302 TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 );
1303
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001304 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001305 goto exit;
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001306 if( ! mbedtls_test_psa_exercise_key( key, usage, alg2 ) )
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001307 goto exit;
1308
1309exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001310 /*
1311 * Key attributes may have been returned by psa_get_key_attributes()
1312 * thus reset them as required.
1313 */
1314 psa_reset_key_attributes( &got_attributes );
1315
Ronald Cron5425a212020-08-04 14:58:35 +02001316 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001317 PSA_DONE( );
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001318}
1319/* END_CASE */
1320
1321/* BEGIN_CASE */
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001322void raw_agreement_key_policy( int policy_usage,
1323 int policy_alg,
1324 int key_type_arg,
1325 data_t *key_data,
Steven Cooremance48e852020-10-05 16:02:45 +02001326 int exercise_alg,
1327 int expected_status_arg )
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001328{
Ronald Cron5425a212020-08-04 14:58:35 +02001329 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001330 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001331 psa_key_type_t key_type = key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001332 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001333 psa_status_t status;
Steven Cooremance48e852020-10-05 16:02:45 +02001334 psa_status_t expected_status = expected_status_arg;
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001335
1336 PSA_ASSERT( psa_crypto_init( ) );
1337
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001338 psa_set_key_usage_flags( &attributes, policy_usage );
1339 psa_set_key_algorithm( &attributes, policy_alg );
1340 psa_set_key_type( &attributes, key_type );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001341
Gilles Peskine049c7532019-05-15 20:22:09 +02001342 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001343 &key ) );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001344
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001345 status = mbedtls_test_psa_raw_key_agreement_with_self( exercise_alg, key );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001346
Steven Cooremance48e852020-10-05 16:02:45 +02001347 TEST_EQUAL( status, expected_status );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001348
1349exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001350 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02001351 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001352 PSA_DONE( );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001353}
1354/* END_CASE */
1355
1356/* BEGIN_CASE */
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001357void copy_success( int source_usage_arg,
1358 int source_alg_arg, int source_alg2_arg,
Gilles Peskine4a644642019-05-03 17:14:08 +02001359 int type_arg, data_t *material,
1360 int copy_attributes,
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001361 int target_usage_arg,
1362 int target_alg_arg, int target_alg2_arg,
1363 int expected_usage_arg,
1364 int expected_alg_arg, int expected_alg2_arg )
Gilles Peskine57ab7212019-01-28 13:03:09 +01001365{
Gilles Peskineca25db92019-04-19 11:43:08 +02001366 psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
1367 psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine57ab7212019-01-28 13:03:09 +01001368 psa_key_usage_t expected_usage = expected_usage_arg;
1369 psa_algorithm_t expected_alg = expected_alg_arg;
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001370 psa_algorithm_t expected_alg2 = expected_alg2_arg;
Ronald Cron5425a212020-08-04 14:58:35 +02001371 mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
1372 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine57ab7212019-01-28 13:03:09 +01001373 uint8_t *export_buffer = NULL;
1374
Gilles Peskine57ab7212019-01-28 13:03:09 +01001375 PSA_ASSERT( psa_crypto_init( ) );
1376
Gilles Peskineca25db92019-04-19 11:43:08 +02001377 /* Prepare the source key. */
1378 psa_set_key_usage_flags( &source_attributes, source_usage_arg );
1379 psa_set_key_algorithm( &source_attributes, source_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001380 psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
Gilles Peskineca25db92019-04-19 11:43:08 +02001381 psa_set_key_type( &source_attributes, type_arg );
Gilles Peskine049c7532019-05-15 20:22:09 +02001382 PSA_ASSERT( psa_import_key( &source_attributes,
1383 material->x, material->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001384 &source_key ) );
1385 PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001386
Gilles Peskineca25db92019-04-19 11:43:08 +02001387 /* Prepare the target attributes. */
1388 if( copy_attributes )
Ronald Cron65f38a32020-10-23 17:11:13 +02001389 {
Gilles Peskineca25db92019-04-19 11:43:08 +02001390 target_attributes = source_attributes;
Ronald Cron65f38a32020-10-23 17:11:13 +02001391 /* Set volatile lifetime to reset the key identifier to 0. */
1392 psa_set_key_lifetime( &target_attributes, PSA_KEY_LIFETIME_VOLATILE );
1393 }
1394
Gilles Peskineca25db92019-04-19 11:43:08 +02001395 if( target_usage_arg != -1 )
1396 psa_set_key_usage_flags( &target_attributes, target_usage_arg );
1397 if( target_alg_arg != -1 )
1398 psa_set_key_algorithm( &target_attributes, target_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001399 if( target_alg2_arg != -1 )
1400 psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001401
1402 /* Copy the key. */
Ronald Cron5425a212020-08-04 14:58:35 +02001403 PSA_ASSERT( psa_copy_key( source_key,
1404 &target_attributes, &target_key ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001405
1406 /* Destroy the source to ensure that this doesn't affect the target. */
Ronald Cron5425a212020-08-04 14:58:35 +02001407 PSA_ASSERT( psa_destroy_key( source_key ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001408
1409 /* Test that the target slot has the expected content and policy. */
Ronald Cron5425a212020-08-04 14:58:35 +02001410 PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) );
Gilles Peskineca25db92019-04-19 11:43:08 +02001411 TEST_EQUAL( psa_get_key_type( &source_attributes ),
1412 psa_get_key_type( &target_attributes ) );
1413 TEST_EQUAL( psa_get_key_bits( &source_attributes ),
1414 psa_get_key_bits( &target_attributes ) );
1415 TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
1416 TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001417 TEST_EQUAL( expected_alg2,
1418 psa_get_key_enrollment_algorithm( &target_attributes ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001419 if( expected_usage & PSA_KEY_USAGE_EXPORT )
1420 {
1421 size_t length;
1422 ASSERT_ALLOC( export_buffer, material->len );
Ronald Cron5425a212020-08-04 14:58:35 +02001423 PSA_ASSERT( psa_export_key( target_key, export_buffer,
Gilles Peskine57ab7212019-01-28 13:03:09 +01001424 material->len, &length ) );
1425 ASSERT_COMPARE( material->x, material->len,
1426 export_buffer, length );
1427 }
Steven Cooremanb3ce8152021-02-18 12:03:50 +01001428
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001429 if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) )
Gilles Peskine57ab7212019-01-28 13:03:09 +01001430 goto exit;
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001431 if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) )
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001432 goto exit;
Gilles Peskine57ab7212019-01-28 13:03:09 +01001433
Ronald Cron5425a212020-08-04 14:58:35 +02001434 PSA_ASSERT( psa_destroy_key( target_key ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001435
1436exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001437 /*
1438 * Source and target key attributes may have been returned by
1439 * psa_get_key_attributes() thus reset them as required.
1440 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02001441 psa_reset_key_attributes( &source_attributes );
1442 psa_reset_key_attributes( &target_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001443
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001444 PSA_DONE( );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001445 mbedtls_free( export_buffer );
1446}
1447/* END_CASE */
1448
1449/* BEGIN_CASE */
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001450void copy_fail( int source_usage_arg,
1451 int source_alg_arg, int source_alg2_arg,
Gilles Peskine4a644642019-05-03 17:14:08 +02001452 int type_arg, data_t *material,
1453 int target_type_arg, int target_bits_arg,
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001454 int target_usage_arg,
1455 int target_alg_arg, int target_alg2_arg,
Ronald Cron88a55462021-03-31 09:39:07 +02001456 int target_id_arg, int target_lifetime_arg,
Gilles Peskine4a644642019-05-03 17:14:08 +02001457 int expected_status_arg )
1458{
1459 psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
1460 psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +02001461 mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
1462 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
Ronald Cron88a55462021-03-31 09:39:07 +02001463 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, target_id_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001464
1465 PSA_ASSERT( psa_crypto_init( ) );
1466
1467 /* Prepare the source key. */
1468 psa_set_key_usage_flags( &source_attributes, source_usage_arg );
1469 psa_set_key_algorithm( &source_attributes, source_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001470 psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001471 psa_set_key_type( &source_attributes, type_arg );
Gilles Peskine049c7532019-05-15 20:22:09 +02001472 PSA_ASSERT( psa_import_key( &source_attributes,
1473 material->x, material->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001474 &source_key ) );
Gilles Peskine4a644642019-05-03 17:14:08 +02001475
1476 /* Prepare the target attributes. */
Ronald Cron88a55462021-03-31 09:39:07 +02001477 psa_set_key_id( &target_attributes, key_id );
1478 psa_set_key_lifetime( &target_attributes, target_lifetime_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001479 psa_set_key_type( &target_attributes, target_type_arg );
1480 psa_set_key_bits( &target_attributes, target_bits_arg );
1481 psa_set_key_usage_flags( &target_attributes, target_usage_arg );
1482 psa_set_key_algorithm( &target_attributes, target_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001483 psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001484
1485 /* Try to copy the key. */
Ronald Cron5425a212020-08-04 14:58:35 +02001486 TEST_EQUAL( psa_copy_key( source_key,
1487 &target_attributes, &target_key ),
Gilles Peskine4a644642019-05-03 17:14:08 +02001488 expected_status_arg );
Gilles Peskine76b29a72019-05-28 14:08:50 +02001489
Ronald Cron5425a212020-08-04 14:58:35 +02001490 PSA_ASSERT( psa_destroy_key( source_key ) );
Gilles Peskine76b29a72019-05-28 14:08:50 +02001491
Gilles Peskine4a644642019-05-03 17:14:08 +02001492exit:
1493 psa_reset_key_attributes( &source_attributes );
1494 psa_reset_key_attributes( &target_attributes );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001495 PSA_DONE( );
Gilles Peskine4a644642019-05-03 17:14:08 +02001496}
1497/* END_CASE */
1498
1499/* BEGIN_CASE */
Jaeden Amero6a25b412019-01-04 11:47:44 +00001500void hash_operation_init( )
1501{
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001502 const uint8_t input[1] = { 0 };
Jaeden Amero6a25b412019-01-04 11:47:44 +00001503 /* Test each valid way of initializing the object, except for `= {0}`, as
1504 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
1505 * though it's OK by the C standard. We could test for this, but we'd need
1506 * to supress the Clang warning for the test. */
1507 psa_hash_operation_t func = psa_hash_operation_init( );
1508 psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
1509 psa_hash_operation_t zero;
1510
1511 memset( &zero, 0, sizeof( zero ) );
1512
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001513 /* A freshly-initialized hash operation should not be usable. */
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001514 TEST_EQUAL( psa_hash_update( &func, input, sizeof( input ) ),
1515 PSA_ERROR_BAD_STATE );
1516 TEST_EQUAL( psa_hash_update( &init, input, sizeof( input ) ),
1517 PSA_ERROR_BAD_STATE );
1518 TEST_EQUAL( psa_hash_update( &zero, input, sizeof( input ) ),
1519 PSA_ERROR_BAD_STATE );
1520
Jaeden Amero5229bbb2019-02-07 16:33:37 +00001521 /* A default hash operation should be abortable without error. */
1522 PSA_ASSERT( psa_hash_abort( &func ) );
1523 PSA_ASSERT( psa_hash_abort( &init ) );
1524 PSA_ASSERT( psa_hash_abort( &zero ) );
Jaeden Amero6a25b412019-01-04 11:47:44 +00001525}
1526/* END_CASE */
1527
1528/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001529void hash_setup( int alg_arg,
1530 int expected_status_arg )
1531{
1532 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02001533 psa_status_t expected_status = expected_status_arg;
Jaeden Amero6a25b412019-01-04 11:47:44 +00001534 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001535 psa_status_t status;
1536
Gilles Peskine8817f612018-12-18 00:18:46 +01001537 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001538
Gilles Peskineda8191d1c2018-07-08 19:46:38 +02001539 status = psa_hash_setup( &operation, alg );
Gilles Peskinefe11b722018-12-18 00:24:04 +01001540 TEST_EQUAL( status, expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001541
Gilles Peskine9e0a4a52019-02-25 22:11:18 +01001542 /* Whether setup succeeded or failed, abort must succeed. */
1543 PSA_ASSERT( psa_hash_abort( &operation ) );
1544
1545 /* If setup failed, reproduce the failure, so as to
1546 * test the resulting state of the operation object. */
1547 if( status != PSA_SUCCESS )
1548 TEST_EQUAL( psa_hash_setup( &operation, alg ), status );
1549
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001550 /* Now the operation object should be reusable. */
1551#if defined(KNOWN_SUPPORTED_HASH_ALG)
1552 PSA_ASSERT( psa_hash_setup( &operation, KNOWN_SUPPORTED_HASH_ALG ) );
1553 PSA_ASSERT( psa_hash_abort( &operation ) );
1554#endif
1555
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001556exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001557 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001558}
1559/* END_CASE */
1560
1561/* BEGIN_CASE */
Gilles Peskine0a749c82019-11-28 19:33:58 +01001562void hash_compute_fail( int alg_arg, data_t *input,
1563 int output_size_arg, int expected_status_arg )
1564{
1565 psa_algorithm_t alg = alg_arg;
1566 uint8_t *output = NULL;
1567 size_t output_size = output_size_arg;
1568 size_t output_length = INVALID_EXPORT_LENGTH;
1569 psa_status_t expected_status = expected_status_arg;
1570 psa_status_t status;
1571
1572 ASSERT_ALLOC( output, output_size );
1573
1574 PSA_ASSERT( psa_crypto_init( ) );
1575
1576 status = psa_hash_compute( alg, input->x, input->len,
1577 output, output_size, &output_length );
1578 TEST_EQUAL( status, expected_status );
1579 TEST_ASSERT( output_length <= output_size );
1580
1581exit:
1582 mbedtls_free( output );
1583 PSA_DONE( );
1584}
1585/* END_CASE */
1586
1587/* BEGIN_CASE */
Gilles Peskine88e08462020-01-28 20:43:00 +01001588void hash_compare_fail( int alg_arg, data_t *input,
1589 data_t *reference_hash,
1590 int expected_status_arg )
1591{
1592 psa_algorithm_t alg = alg_arg;
1593 psa_status_t expected_status = expected_status_arg;
1594 psa_status_t status;
1595
1596 PSA_ASSERT( psa_crypto_init( ) );
1597
1598 status = psa_hash_compare( alg, input->x, input->len,
1599 reference_hash->x, reference_hash->len );
1600 TEST_EQUAL( status, expected_status );
1601
1602exit:
1603 PSA_DONE( );
1604}
1605/* END_CASE */
1606
1607/* BEGIN_CASE */
Gilles Peskine0a749c82019-11-28 19:33:58 +01001608void hash_compute_compare( int alg_arg, data_t *input,
1609 data_t *expected_output )
1610{
1611 psa_algorithm_t alg = alg_arg;
1612 uint8_t output[PSA_HASH_MAX_SIZE + 1];
1613 size_t output_length = INVALID_EXPORT_LENGTH;
1614 size_t i;
1615
1616 PSA_ASSERT( psa_crypto_init( ) );
1617
1618 /* Compute with tight buffer */
1619 PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001620 output, PSA_HASH_LENGTH( alg ),
Gilles Peskine0a749c82019-11-28 19:33:58 +01001621 &output_length ) );
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001622 TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) );
Gilles Peskine0a749c82019-11-28 19:33:58 +01001623 ASSERT_COMPARE( output, output_length,
1624 expected_output->x, expected_output->len );
1625
1626 /* Compute with larger buffer */
1627 PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
1628 output, sizeof( output ),
1629 &output_length ) );
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001630 TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) );
Gilles Peskine0a749c82019-11-28 19:33:58 +01001631 ASSERT_COMPARE( output, output_length,
1632 expected_output->x, expected_output->len );
1633
1634 /* Compare with correct hash */
1635 PSA_ASSERT( psa_hash_compare( alg, input->x, input->len,
1636 output, output_length ) );
1637
1638 /* Compare with trailing garbage */
1639 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
1640 output, output_length + 1 ),
1641 PSA_ERROR_INVALID_SIGNATURE );
1642
1643 /* Compare with truncated hash */
1644 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
1645 output, output_length - 1 ),
1646 PSA_ERROR_INVALID_SIGNATURE );
1647
1648 /* Compare with corrupted value */
1649 for( i = 0; i < output_length; i++ )
1650 {
Chris Jones9634bb12021-01-20 15:56:42 +00001651 mbedtls_test_set_step( i );
Gilles Peskine0a749c82019-11-28 19:33:58 +01001652 output[i] ^= 1;
1653 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
1654 output, output_length ),
1655 PSA_ERROR_INVALID_SIGNATURE );
1656 output[i] ^= 1;
1657 }
1658
1659exit:
1660 PSA_DONE( );
1661}
1662/* END_CASE */
1663
Gilles Peskined6dc40c2021-01-12 12:55:31 +01001664/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
itayzafrirf86548d2018-11-01 10:44:32 +02001665void hash_bad_order( )
1666{
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001667 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrirf86548d2018-11-01 10:44:32 +02001668 unsigned char input[] = "";
1669 /* SHA-256 hash of an empty string */
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001670 const unsigned char valid_hash[] = {
itayzafrirf86548d2018-11-01 10:44:32 +02001671 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1672 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1673 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 };
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001674 unsigned char hash[sizeof(valid_hash)] = { 0 };
itayzafrirf86548d2018-11-01 10:44:32 +02001675 size_t hash_len;
Jaeden Amero6a25b412019-01-04 11:47:44 +00001676 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
itayzafrirf86548d2018-11-01 10:44:32 +02001677
Gilles Peskine8817f612018-12-18 00:18:46 +01001678 PSA_ASSERT( psa_crypto_init( ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001679
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001680 /* Call setup twice in a row. */
1681 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01001682 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001683 TEST_EQUAL( psa_hash_setup( &operation, alg ),
1684 PSA_ERROR_BAD_STATE );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01001685 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001686 PSA_ASSERT( psa_hash_abort( &operation ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01001687 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001688
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001689 /* Call update without calling setup beforehand. */
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001690 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001691 PSA_ERROR_BAD_STATE );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001692 PSA_ASSERT( psa_hash_abort( &operation ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001693
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01001694 /* Check that update calls abort on error. */
1695 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Dave Rodgman54f73512021-06-24 18:14:52 +01001696 operation.id = UINT_MAX;
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01001697 ASSERT_OPERATION_IS_ACTIVE( operation );
1698 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
1699 PSA_ERROR_BAD_STATE );
1700 ASSERT_OPERATION_IS_INACTIVE( operation );
1701 PSA_ASSERT( psa_hash_abort( &operation ) );
1702 ASSERT_OPERATION_IS_INACTIVE( operation );
1703
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001704 /* Call update after finish. */
1705 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1706 PSA_ASSERT( psa_hash_finish( &operation,
1707 hash, sizeof( hash ), &hash_len ) );
1708 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001709 PSA_ERROR_BAD_STATE );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001710 PSA_ASSERT( psa_hash_abort( &operation ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001711
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001712 /* Call verify without calling setup beforehand. */
1713 TEST_EQUAL( psa_hash_verify( &operation,
1714 valid_hash, sizeof( valid_hash ) ),
1715 PSA_ERROR_BAD_STATE );
1716 PSA_ASSERT( psa_hash_abort( &operation ) );
1717
1718 /* Call verify after finish. */
1719 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1720 PSA_ASSERT( psa_hash_finish( &operation,
1721 hash, sizeof( hash ), &hash_len ) );
1722 TEST_EQUAL( psa_hash_verify( &operation,
1723 valid_hash, sizeof( valid_hash ) ),
1724 PSA_ERROR_BAD_STATE );
1725 PSA_ASSERT( psa_hash_abort( &operation ) );
1726
1727 /* Call verify twice in a row. */
1728 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01001729 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001730 PSA_ASSERT( psa_hash_verify( &operation,
1731 valid_hash, sizeof( valid_hash ) ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01001732 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001733 TEST_EQUAL( psa_hash_verify( &operation,
1734 valid_hash, sizeof( valid_hash ) ),
1735 PSA_ERROR_BAD_STATE );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01001736 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001737 PSA_ASSERT( psa_hash_abort( &operation ) );
1738
1739 /* Call finish without calling setup beforehand. */
Gilles Peskinefe11b722018-12-18 00:24:04 +01001740 TEST_EQUAL( psa_hash_finish( &operation,
1741 hash, sizeof( hash ), &hash_len ),
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001742 PSA_ERROR_BAD_STATE );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001743 PSA_ASSERT( psa_hash_abort( &operation ) );
1744
1745 /* Call finish twice in a row. */
1746 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1747 PSA_ASSERT( psa_hash_finish( &operation,
1748 hash, sizeof( hash ), &hash_len ) );
1749 TEST_EQUAL( psa_hash_finish( &operation,
1750 hash, sizeof( hash ), &hash_len ),
1751 PSA_ERROR_BAD_STATE );
1752 PSA_ASSERT( psa_hash_abort( &operation ) );
1753
1754 /* Call finish after calling verify. */
1755 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1756 PSA_ASSERT( psa_hash_verify( &operation,
1757 valid_hash, sizeof( valid_hash ) ) );
1758 TEST_EQUAL( psa_hash_finish( &operation,
1759 hash, sizeof( hash ), &hash_len ),
1760 PSA_ERROR_BAD_STATE );
1761 PSA_ASSERT( psa_hash_abort( &operation ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001762
1763exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001764 PSA_DONE( );
itayzafrirf86548d2018-11-01 10:44:32 +02001765}
1766/* END_CASE */
1767
Gilles Peskined6dc40c2021-01-12 12:55:31 +01001768/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
itayzafrir27e69452018-11-01 14:26:34 +02001769void hash_verify_bad_args( )
itayzafrirec93d302018-10-18 18:01:10 +03001770{
1771 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrir27e69452018-11-01 14:26:34 +02001772 /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb)
1773 * appended to it */
1774 unsigned char hash[] = {
1775 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1776 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1777 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb };
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001778 size_t expected_size = PSA_HASH_LENGTH( alg );
Jaeden Amero6a25b412019-01-04 11:47:44 +00001779 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
itayzafrirec93d302018-10-18 18:01:10 +03001780
Gilles Peskine8817f612018-12-18 00:18:46 +01001781 PSA_ASSERT( psa_crypto_init( ) );
itayzafrirec93d302018-10-18 18:01:10 +03001782
itayzafrir27e69452018-11-01 14:26:34 +02001783 /* psa_hash_verify with a smaller hash than expected */
Gilles Peskine8817f612018-12-18 00:18:46 +01001784 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01001785 ASSERT_OPERATION_IS_ACTIVE( operation );
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001786 TEST_EQUAL( psa_hash_verify( &operation, hash, expected_size - 1 ),
Gilles Peskinefe11b722018-12-18 00:24:04 +01001787 PSA_ERROR_INVALID_SIGNATURE );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01001788 ASSERT_OPERATION_IS_INACTIVE( operation );
1789 PSA_ASSERT( psa_hash_abort( &operation ) );
1790 ASSERT_OPERATION_IS_INACTIVE( operation );
itayzafrirec93d302018-10-18 18:01:10 +03001791
itayzafrir27e69452018-11-01 14:26:34 +02001792 /* psa_hash_verify with a non-matching hash */
Gilles Peskine8817f612018-12-18 00:18:46 +01001793 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001794 TEST_EQUAL( psa_hash_verify( &operation, hash + 1, expected_size ),
Gilles Peskinefe11b722018-12-18 00:24:04 +01001795 PSA_ERROR_INVALID_SIGNATURE );
itayzafrirec93d302018-10-18 18:01:10 +03001796
itayzafrir27e69452018-11-01 14:26:34 +02001797 /* psa_hash_verify with a hash longer than expected */
Gilles Peskine8817f612018-12-18 00:18:46 +01001798 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001799 TEST_EQUAL( psa_hash_verify( &operation, hash, sizeof( hash ) ),
Gilles Peskinefe11b722018-12-18 00:24:04 +01001800 PSA_ERROR_INVALID_SIGNATURE );
itayzafrir4271df92018-10-24 18:16:19 +03001801
itayzafrirec93d302018-10-18 18:01:10 +03001802exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001803 PSA_DONE( );
itayzafrirec93d302018-10-18 18:01:10 +03001804}
1805/* END_CASE */
1806
Ronald Cronee414c72021-03-18 18:50:08 +01001807/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
itayzafrirb2dd5ed2018-11-01 11:58:59 +02001808void hash_finish_bad_args( )
itayzafrir58028322018-10-25 10:22:01 +03001809{
1810 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrirb2dd5ed2018-11-01 11:58:59 +02001811 unsigned char hash[PSA_HASH_MAX_SIZE];
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001812 size_t expected_size = PSA_HASH_LENGTH( alg );
Jaeden Amero6a25b412019-01-04 11:47:44 +00001813 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
itayzafrir58028322018-10-25 10:22:01 +03001814 size_t hash_len;
1815
Gilles Peskine8817f612018-12-18 00:18:46 +01001816 PSA_ASSERT( psa_crypto_init( ) );
itayzafrir58028322018-10-25 10:22:01 +03001817
itayzafrir58028322018-10-25 10:22:01 +03001818 /* psa_hash_finish with a smaller hash buffer than expected */
Gilles Peskine8817f612018-12-18 00:18:46 +01001819 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01001820 TEST_EQUAL( psa_hash_finish( &operation,
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001821 hash, expected_size - 1, &hash_len ),
1822 PSA_ERROR_BUFFER_TOO_SMALL );
itayzafrir58028322018-10-25 10:22:01 +03001823
1824exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001825 PSA_DONE( );
itayzafrir58028322018-10-25 10:22:01 +03001826}
1827/* END_CASE */
1828
Ronald Cronee414c72021-03-18 18:50:08 +01001829/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001830void hash_clone_source_state( )
1831{
1832 psa_algorithm_t alg = PSA_ALG_SHA_256;
1833 unsigned char hash[PSA_HASH_MAX_SIZE];
1834 psa_hash_operation_t op_source = PSA_HASH_OPERATION_INIT;
1835 psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT;
1836 psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT;
1837 psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT;
1838 psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
1839 size_t hash_len;
1840
1841 PSA_ASSERT( psa_crypto_init( ) );
1842 PSA_ASSERT( psa_hash_setup( &op_source, alg ) );
1843
1844 PSA_ASSERT( psa_hash_setup( &op_setup, alg ) );
1845 PSA_ASSERT( psa_hash_setup( &op_finished, alg ) );
1846 PSA_ASSERT( psa_hash_finish( &op_finished,
1847 hash, sizeof( hash ), &hash_len ) );
1848 PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) );
1849 PSA_ASSERT( psa_hash_abort( &op_aborted ) );
1850
1851 TEST_EQUAL( psa_hash_clone( &op_source, &op_setup ),
1852 PSA_ERROR_BAD_STATE );
1853
1854 PSA_ASSERT( psa_hash_clone( &op_source, &op_init ) );
1855 PSA_ASSERT( psa_hash_finish( &op_init,
1856 hash, sizeof( hash ), &hash_len ) );
1857 PSA_ASSERT( psa_hash_clone( &op_source, &op_finished ) );
1858 PSA_ASSERT( psa_hash_finish( &op_finished,
1859 hash, sizeof( hash ), &hash_len ) );
1860 PSA_ASSERT( psa_hash_clone( &op_source, &op_aborted ) );
1861 PSA_ASSERT( psa_hash_finish( &op_aborted,
1862 hash, sizeof( hash ), &hash_len ) );
1863
1864exit:
1865 psa_hash_abort( &op_source );
1866 psa_hash_abort( &op_init );
1867 psa_hash_abort( &op_setup );
1868 psa_hash_abort( &op_finished );
1869 psa_hash_abort( &op_aborted );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001870 PSA_DONE( );
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001871}
1872/* END_CASE */
1873
Ronald Cronee414c72021-03-18 18:50:08 +01001874/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001875void hash_clone_target_state( )
1876{
1877 psa_algorithm_t alg = PSA_ALG_SHA_256;
1878 unsigned char hash[PSA_HASH_MAX_SIZE];
1879 psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT;
1880 psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT;
1881 psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT;
1882 psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
1883 psa_hash_operation_t op_target = PSA_HASH_OPERATION_INIT;
1884 size_t hash_len;
1885
1886 PSA_ASSERT( psa_crypto_init( ) );
1887
1888 PSA_ASSERT( psa_hash_setup( &op_setup, alg ) );
1889 PSA_ASSERT( psa_hash_setup( &op_finished, alg ) );
1890 PSA_ASSERT( psa_hash_finish( &op_finished,
1891 hash, sizeof( hash ), &hash_len ) );
1892 PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) );
1893 PSA_ASSERT( psa_hash_abort( &op_aborted ) );
1894
1895 PSA_ASSERT( psa_hash_clone( &op_setup, &op_target ) );
1896 PSA_ASSERT( psa_hash_finish( &op_target,
1897 hash, sizeof( hash ), &hash_len ) );
1898
1899 TEST_EQUAL( psa_hash_clone( &op_init, &op_target ), PSA_ERROR_BAD_STATE );
1900 TEST_EQUAL( psa_hash_clone( &op_finished, &op_target ),
1901 PSA_ERROR_BAD_STATE );
1902 TEST_EQUAL( psa_hash_clone( &op_aborted, &op_target ),
1903 PSA_ERROR_BAD_STATE );
1904
1905exit:
1906 psa_hash_abort( &op_target );
1907 psa_hash_abort( &op_init );
1908 psa_hash_abort( &op_setup );
1909 psa_hash_abort( &op_finished );
1910 psa_hash_abort( &op_aborted );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001911 PSA_DONE( );
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001912}
1913/* END_CASE */
1914
itayzafrir58028322018-10-25 10:22:01 +03001915/* BEGIN_CASE */
Jaeden Amero769ce272019-01-04 11:48:03 +00001916void mac_operation_init( )
1917{
Jaeden Amero252ef282019-02-15 14:05:35 +00001918 const uint8_t input[1] = { 0 };
1919
Jaeden Amero769ce272019-01-04 11:48:03 +00001920 /* Test each valid way of initializing the object, except for `= {0}`, as
1921 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
1922 * though it's OK by the C standard. We could test for this, but we'd need
1923 * to supress the Clang warning for the test. */
1924 psa_mac_operation_t func = psa_mac_operation_init( );
1925 psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
1926 psa_mac_operation_t zero;
1927
1928 memset( &zero, 0, sizeof( zero ) );
1929
Jaeden Amero252ef282019-02-15 14:05:35 +00001930 /* A freshly-initialized MAC operation should not be usable. */
1931 TEST_EQUAL( psa_mac_update( &func,
1932 input, sizeof( input ) ),
1933 PSA_ERROR_BAD_STATE );
1934 TEST_EQUAL( psa_mac_update( &init,
1935 input, sizeof( input ) ),
1936 PSA_ERROR_BAD_STATE );
1937 TEST_EQUAL( psa_mac_update( &zero,
1938 input, sizeof( input ) ),
1939 PSA_ERROR_BAD_STATE );
1940
Jaeden Amero5229bbb2019-02-07 16:33:37 +00001941 /* A default MAC operation should be abortable without error. */
1942 PSA_ASSERT( psa_mac_abort( &func ) );
1943 PSA_ASSERT( psa_mac_abort( &init ) );
1944 PSA_ASSERT( psa_mac_abort( &zero ) );
Jaeden Amero769ce272019-01-04 11:48:03 +00001945}
1946/* END_CASE */
1947
1948/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001949void mac_setup( int key_type_arg,
1950 data_t *key,
1951 int alg_arg,
1952 int expected_status_arg )
1953{
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001954 psa_key_type_t key_type = key_type_arg;
1955 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02001956 psa_status_t expected_status = expected_status_arg;
Jaeden Amero769ce272019-01-04 11:48:03 +00001957 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001958 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
1959#if defined(KNOWN_SUPPORTED_MAC_ALG)
1960 const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
1961#endif
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001962
Gilles Peskine8817f612018-12-18 00:18:46 +01001963 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001964
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001965 if( ! exercise_mac_setup( key_type, key->x, key->len, alg,
1966 &operation, &status ) )
1967 goto exit;
Gilles Peskinefe11b722018-12-18 00:24:04 +01001968 TEST_EQUAL( status, expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001969
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001970 /* The operation object should be reusable. */
1971#if defined(KNOWN_SUPPORTED_MAC_ALG)
1972 if( ! exercise_mac_setup( KNOWN_SUPPORTED_MAC_KEY_TYPE,
1973 smoke_test_key_data,
1974 sizeof( smoke_test_key_data ),
1975 KNOWN_SUPPORTED_MAC_ALG,
1976 &operation, &status ) )
1977 goto exit;
1978 TEST_EQUAL( status, PSA_SUCCESS );
1979#endif
1980
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001981exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001982 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001983}
1984/* END_CASE */
1985
Gilles Peskined6dc40c2021-01-12 12:55:31 +01001986/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_HMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256 */
Jaeden Amero252ef282019-02-15 14:05:35 +00001987void mac_bad_order( )
1988{
Ronald Cron5425a212020-08-04 14:58:35 +02001989 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Jaeden Amero252ef282019-02-15 14:05:35 +00001990 psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
1991 psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
Ronald Cron5425a212020-08-04 14:58:35 +02001992 const uint8_t key_data[] = {
Jaeden Amero252ef282019-02-15 14:05:35 +00001993 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1994 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1995 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001996 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Amero252ef282019-02-15 14:05:35 +00001997 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
1998 uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 };
1999 size_t sign_mac_length = 0;
2000 const uint8_t input[] = { 0xbb, 0xbb, 0xbb, 0xbb };
2001 const uint8_t verify_mac[] = {
2002 0x74, 0x65, 0x93, 0x8c, 0xeb, 0x1d, 0xb3, 0x76, 0x5a, 0x38, 0xe7, 0xdd,
2003 0x85, 0xc5, 0xad, 0x4f, 0x07, 0xe7, 0xd5, 0xb2, 0x64, 0xf0, 0x1a, 0x1a,
2004 0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 };
2005
2006 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01002007 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002008 psa_set_key_algorithm( &attributes, alg );
2009 psa_set_key_type( &attributes, key_type );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002010
Ronald Cron5425a212020-08-04 14:58:35 +02002011 PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
2012 &key ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002013
Jaeden Amero252ef282019-02-15 14:05:35 +00002014 /* Call update without calling setup beforehand. */
2015 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
2016 PSA_ERROR_BAD_STATE );
2017 PSA_ASSERT( psa_mac_abort( &operation ) );
2018
2019 /* Call sign finish without calling setup beforehand. */
2020 TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ),
2021 &sign_mac_length),
2022 PSA_ERROR_BAD_STATE );
2023 PSA_ASSERT( psa_mac_abort( &operation ) );
2024
2025 /* Call verify finish without calling setup beforehand. */
2026 TEST_EQUAL( psa_mac_verify_finish( &operation,
2027 verify_mac, sizeof( verify_mac ) ),
2028 PSA_ERROR_BAD_STATE );
2029 PSA_ASSERT( psa_mac_abort( &operation ) );
2030
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002031 /* Call setup twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002032 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01002033 ASSERT_OPERATION_IS_ACTIVE( operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002034 TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ),
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002035 PSA_ERROR_BAD_STATE );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01002036 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002037 PSA_ASSERT( psa_mac_abort( &operation ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01002038 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002039
Jaeden Amero252ef282019-02-15 14:05:35 +00002040 /* Call update after sign finish. */
Ronald Cron5425a212020-08-04 14:58:35 +02002041 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002042 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
2043 PSA_ASSERT( psa_mac_sign_finish( &operation,
2044 sign_mac, sizeof( sign_mac ),
2045 &sign_mac_length ) );
2046 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
2047 PSA_ERROR_BAD_STATE );
2048 PSA_ASSERT( psa_mac_abort( &operation ) );
2049
2050 /* Call update after verify finish. */
Ronald Cron5425a212020-08-04 14:58:35 +02002051 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002052 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
2053 PSA_ASSERT( psa_mac_verify_finish( &operation,
2054 verify_mac, sizeof( verify_mac ) ) );
2055 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
2056 PSA_ERROR_BAD_STATE );
2057 PSA_ASSERT( psa_mac_abort( &operation ) );
2058
2059 /* Call sign finish twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002060 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002061 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
2062 PSA_ASSERT( psa_mac_sign_finish( &operation,
2063 sign_mac, sizeof( sign_mac ),
2064 &sign_mac_length ) );
2065 TEST_EQUAL( psa_mac_sign_finish( &operation,
2066 sign_mac, sizeof( sign_mac ),
2067 &sign_mac_length ),
2068 PSA_ERROR_BAD_STATE );
2069 PSA_ASSERT( psa_mac_abort( &operation ) );
2070
2071 /* Call verify finish twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002072 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002073 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
2074 PSA_ASSERT( psa_mac_verify_finish( &operation,
2075 verify_mac, sizeof( verify_mac ) ) );
2076 TEST_EQUAL( psa_mac_verify_finish( &operation,
2077 verify_mac, sizeof( verify_mac ) ),
2078 PSA_ERROR_BAD_STATE );
2079 PSA_ASSERT( psa_mac_abort( &operation ) );
2080
2081 /* Setup sign but try verify. */
Ronald Cron5425a212020-08-04 14:58:35 +02002082 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002083 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002084 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Amero252ef282019-02-15 14:05:35 +00002085 TEST_EQUAL( psa_mac_verify_finish( &operation,
2086 verify_mac, sizeof( verify_mac ) ),
2087 PSA_ERROR_BAD_STATE );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002088 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero252ef282019-02-15 14:05:35 +00002089 PSA_ASSERT( psa_mac_abort( &operation ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002090 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero252ef282019-02-15 14:05:35 +00002091
2092 /* Setup verify but try sign. */
Ronald Cron5425a212020-08-04 14:58:35 +02002093 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002094 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002095 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Amero252ef282019-02-15 14:05:35 +00002096 TEST_EQUAL( psa_mac_sign_finish( &operation,
2097 sign_mac, sizeof( sign_mac ),
2098 &sign_mac_length ),
2099 PSA_ERROR_BAD_STATE );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002100 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero252ef282019-02-15 14:05:35 +00002101 PSA_ASSERT( psa_mac_abort( &operation ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002102 ASSERT_OPERATION_IS_INACTIVE( operation );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002103
Ronald Cron5425a212020-08-04 14:58:35 +02002104 PSA_ASSERT( psa_destroy_key( key ) );
Gilles Peskine76b29a72019-05-28 14:08:50 +02002105
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002106exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002107 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002108}
2109/* END_CASE */
2110
2111/* BEGIN_CASE */
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002112void mac_sign( int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002113 data_t *key_data,
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002114 int alg_arg,
2115 data_t *input,
2116 data_t *expected_mac )
2117{
Ronald Cron5425a212020-08-04 14:58:35 +02002118 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002119 psa_key_type_t key_type = key_type_arg;
2120 psa_algorithm_t alg = alg_arg;
Jaeden Amero769ce272019-01-04 11:48:03 +00002121 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002122 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine5e65cec2020-08-25 23:38:39 +02002123 uint8_t *actual_mac = NULL;
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002124 size_t mac_buffer_size =
gabor-mezei-armcbcec212020-12-18 14:23:51 +01002125 PSA_MAC_LENGTH( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002126 size_t mac_length = 0;
Gilles Peskine8b356b52020-08-25 23:44:59 +02002127 const size_t output_sizes_to_test[] = {
2128 0,
2129 1,
2130 expected_mac->len - 1,
2131 expected_mac->len,
2132 expected_mac->len + 1,
2133 };
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002134
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002135 TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
gabor-mezei-armcbcec212020-12-18 14:23:51 +01002136 /* We expect PSA_MAC_LENGTH to be exact. */
Gilles Peskine3d404d62020-08-25 23:47:36 +02002137 TEST_ASSERT( expected_mac->len == mac_buffer_size );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002138
Gilles Peskine8817f612018-12-18 00:18:46 +01002139 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002140
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01002141 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002142 psa_set_key_algorithm( &attributes, alg );
2143 psa_set_key_type( &attributes, key_type );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002144
Ronald Cron5425a212020-08-04 14:58:35 +02002145 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2146 &key ) );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002147
Gilles Peskine8b356b52020-08-25 23:44:59 +02002148 for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ )
2149 {
2150 const size_t output_size = output_sizes_to_test[i];
2151 psa_status_t expected_status =
2152 ( output_size >= expected_mac->len ? PSA_SUCCESS :
2153 PSA_ERROR_BUFFER_TOO_SMALL );
Gilles Peskine5e65cec2020-08-25 23:38:39 +02002154
Chris Jones9634bb12021-01-20 15:56:42 +00002155 mbedtls_test_set_step( output_size );
Gilles Peskine8b356b52020-08-25 23:44:59 +02002156 ASSERT_ALLOC( actual_mac, output_size );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002157
gabor-mezei-arma93e4232021-03-01 15:35:48 +01002158 /* Calculate the MAC, one-shot case. */
2159 TEST_EQUAL( psa_mac_compute( key, alg,
2160 input->x, input->len,
2161 actual_mac, output_size, &mac_length ),
2162 expected_status );
2163 if( expected_status == PSA_SUCCESS )
2164 {
2165 ASSERT_COMPARE( expected_mac->x, expected_mac->len,
2166 actual_mac, mac_length );
2167 }
2168
2169 if( output_size > 0 )
2170 memset( actual_mac, 0, output_size );
2171
2172 /* Calculate the MAC, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002173 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Gilles Peskine8b356b52020-08-25 23:44:59 +02002174 PSA_ASSERT( psa_mac_update( &operation,
2175 input->x, input->len ) );
2176 TEST_EQUAL( psa_mac_sign_finish( &operation,
2177 actual_mac, output_size,
2178 &mac_length ),
2179 expected_status );
2180 PSA_ASSERT( psa_mac_abort( &operation ) );
2181
2182 if( expected_status == PSA_SUCCESS )
2183 {
2184 ASSERT_COMPARE( expected_mac->x, expected_mac->len,
2185 actual_mac, mac_length );
2186 }
2187 mbedtls_free( actual_mac );
2188 actual_mac = NULL;
2189 }
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002190
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002191exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002192 psa_mac_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002193 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002194 PSA_DONE( );
Gilles Peskine5e65cec2020-08-25 23:38:39 +02002195 mbedtls_free( actual_mac );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002196}
2197/* END_CASE */
2198
2199/* BEGIN_CASE */
Gilles Peskinec0ec9722018-06-18 17:03:37 +02002200void mac_verify( int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002201 data_t *key_data,
Gilles Peskinec0ec9722018-06-18 17:03:37 +02002202 int alg_arg,
2203 data_t *input,
2204 data_t *expected_mac )
Gilles Peskine8c9def32018-02-08 10:02:12 +01002205{
Ronald Cron5425a212020-08-04 14:58:35 +02002206 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine8c9def32018-02-08 10:02:12 +01002207 psa_key_type_t key_type = key_type_arg;
2208 psa_algorithm_t alg = alg_arg;
Jaeden Amero769ce272019-01-04 11:48:03 +00002209 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002210 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002211 uint8_t *perturbed_mac = NULL;
Gilles Peskine8c9def32018-02-08 10:02:12 +01002212
Gilles Peskine69c12672018-06-28 00:07:19 +02002213 TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
2214
Gilles Peskine8817f612018-12-18 00:18:46 +01002215 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +01002216
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01002217 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002218 psa_set_key_algorithm( &attributes, alg );
2219 psa_set_key_type( &attributes, key_type );
mohammad16036df908f2018-04-02 08:34:15 -07002220
Ronald Cron5425a212020-08-04 14:58:35 +02002221 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2222 &key ) );
Gilles Peskinec0ec9722018-06-18 17:03:37 +02002223
gabor-mezei-arma93e4232021-03-01 15:35:48 +01002224 /* Verify correct MAC, one-shot case. */
2225 PSA_ASSERT( psa_mac_verify( key, alg, input->x, input->len,
2226 expected_mac->x, expected_mac->len ) );
2227
2228 /* Verify correct MAC, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002229 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine8817f612018-12-18 00:18:46 +01002230 PSA_ASSERT( psa_mac_update( &operation,
2231 input->x, input->len ) );
2232 PSA_ASSERT( psa_mac_verify_finish( &operation,
2233 expected_mac->x,
2234 expected_mac->len ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +01002235
gabor-mezei-arma93e4232021-03-01 15:35:48 +01002236 /* Test a MAC that's too short, one-shot case. */
2237 TEST_EQUAL( psa_mac_verify( key, alg,
2238 input->x, input->len,
2239 expected_mac->x,
2240 expected_mac->len - 1 ),
2241 PSA_ERROR_INVALID_SIGNATURE );
2242
2243 /* Test a MAC that's too short, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002244 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002245 PSA_ASSERT( psa_mac_update( &operation,
2246 input->x, input->len ) );
2247 TEST_EQUAL( psa_mac_verify_finish( &operation,
2248 expected_mac->x,
2249 expected_mac->len - 1 ),
2250 PSA_ERROR_INVALID_SIGNATURE );
2251
gabor-mezei-arma93e4232021-03-01 15:35:48 +01002252 /* Test a MAC that's too long, one-shot case. */
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002253 ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 );
2254 memcpy( perturbed_mac, expected_mac->x, expected_mac->len );
gabor-mezei-arma93e4232021-03-01 15:35:48 +01002255 TEST_EQUAL( psa_mac_verify( key, alg,
2256 input->x, input->len,
2257 perturbed_mac, expected_mac->len + 1 ),
2258 PSA_ERROR_INVALID_SIGNATURE );
2259
2260 /* Test a MAC that's too long, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002261 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002262 PSA_ASSERT( psa_mac_update( &operation,
2263 input->x, input->len ) );
2264 TEST_EQUAL( psa_mac_verify_finish( &operation,
2265 perturbed_mac,
2266 expected_mac->len + 1 ),
2267 PSA_ERROR_INVALID_SIGNATURE );
2268
2269 /* Test changing one byte. */
2270 for( size_t i = 0; i < expected_mac->len; i++ )
2271 {
Chris Jones9634bb12021-01-20 15:56:42 +00002272 mbedtls_test_set_step( i );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002273 perturbed_mac[i] ^= 1;
gabor-mezei-arma93e4232021-03-01 15:35:48 +01002274
2275 TEST_EQUAL( psa_mac_verify( key, alg,
2276 input->x, input->len,
2277 perturbed_mac, expected_mac->len ),
2278 PSA_ERROR_INVALID_SIGNATURE );
2279
Ronald Cron5425a212020-08-04 14:58:35 +02002280 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002281 PSA_ASSERT( psa_mac_update( &operation,
2282 input->x, input->len ) );
2283 TEST_EQUAL( psa_mac_verify_finish( &operation,
2284 perturbed_mac,
2285 expected_mac->len ),
2286 PSA_ERROR_INVALID_SIGNATURE );
2287 perturbed_mac[i] ^= 1;
2288 }
2289
Gilles Peskine8c9def32018-02-08 10:02:12 +01002290exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002291 psa_mac_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002292 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002293 PSA_DONE( );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002294 mbedtls_free( perturbed_mac );
Gilles Peskine8c9def32018-02-08 10:02:12 +01002295}
2296/* END_CASE */
2297
2298/* BEGIN_CASE */
Jaeden Amero5bae2272019-01-04 11:48:27 +00002299void cipher_operation_init( )
2300{
Jaeden Ameroab439972019-02-15 14:12:05 +00002301 const uint8_t input[1] = { 0 };
2302 unsigned char output[1] = { 0 };
2303 size_t output_length;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002304 /* Test each valid way of initializing the object, except for `= {0}`, as
2305 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
2306 * though it's OK by the C standard. We could test for this, but we'd need
2307 * to supress the Clang warning for the test. */
2308 psa_cipher_operation_t func = psa_cipher_operation_init( );
2309 psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
2310 psa_cipher_operation_t zero;
2311
2312 memset( &zero, 0, sizeof( zero ) );
2313
Jaeden Ameroab439972019-02-15 14:12:05 +00002314 /* A freshly-initialized cipher operation should not be usable. */
2315 TEST_EQUAL( psa_cipher_update( &func,
2316 input, sizeof( input ),
2317 output, sizeof( output ),
2318 &output_length ),
2319 PSA_ERROR_BAD_STATE );
2320 TEST_EQUAL( psa_cipher_update( &init,
2321 input, sizeof( input ),
2322 output, sizeof( output ),
2323 &output_length ),
2324 PSA_ERROR_BAD_STATE );
2325 TEST_EQUAL( psa_cipher_update( &zero,
2326 input, sizeof( input ),
2327 output, sizeof( output ),
2328 &output_length ),
2329 PSA_ERROR_BAD_STATE );
2330
Jaeden Amero5229bbb2019-02-07 16:33:37 +00002331 /* A default cipher operation should be abortable without error. */
2332 PSA_ASSERT( psa_cipher_abort( &func ) );
2333 PSA_ASSERT( psa_cipher_abort( &init ) );
2334 PSA_ASSERT( psa_cipher_abort( &zero ) );
Jaeden Amero5bae2272019-01-04 11:48:27 +00002335}
2336/* END_CASE */
2337
2338/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002339void cipher_setup( int key_type_arg,
2340 data_t *key,
2341 int alg_arg,
2342 int expected_status_arg )
2343{
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002344 psa_key_type_t key_type = key_type_arg;
2345 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02002346 psa_status_t expected_status = expected_status_arg;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002347 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002348 psa_status_t status;
Gilles Peskine612ffd22021-01-20 18:51:00 +01002349#if defined(KNOWN_SUPPORTED_CIPHER_ALG)
Gilles Peskinef426e0f2019-02-25 17:42:03 +01002350 const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
2351#endif
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002352
Gilles Peskine8817f612018-12-18 00:18:46 +01002353 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002354
Gilles Peskinef426e0f2019-02-25 17:42:03 +01002355 if( ! exercise_cipher_setup( key_type, key->x, key->len, alg,
2356 &operation, &status ) )
2357 goto exit;
Gilles Peskinefe11b722018-12-18 00:24:04 +01002358 TEST_EQUAL( status, expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002359
Gilles Peskinef426e0f2019-02-25 17:42:03 +01002360 /* The operation object should be reusable. */
2361#if defined(KNOWN_SUPPORTED_CIPHER_ALG)
2362 if( ! exercise_cipher_setup( KNOWN_SUPPORTED_CIPHER_KEY_TYPE,
2363 smoke_test_key_data,
2364 sizeof( smoke_test_key_data ),
2365 KNOWN_SUPPORTED_CIPHER_ALG,
2366 &operation, &status ) )
2367 goto exit;
2368 TEST_EQUAL( status, PSA_SUCCESS );
2369#endif
2370
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002371exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002372 psa_cipher_abort( &operation );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002373 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002374}
2375/* END_CASE */
2376
Ronald Cronee414c72021-03-18 18:50:08 +01002377/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_PKCS7 */
Jaeden Ameroab439972019-02-15 14:12:05 +00002378void cipher_bad_order( )
2379{
Ronald Cron5425a212020-08-04 14:58:35 +02002380 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Jaeden Ameroab439972019-02-15 14:12:05 +00002381 psa_key_type_t key_type = PSA_KEY_TYPE_AES;
2382 psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002383 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Ameroab439972019-02-15 14:12:05 +00002384 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
gabor-mezei-armcbcec212020-12-18 14:23:51 +01002385 unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 };
Ronald Cron5425a212020-08-04 14:58:35 +02002386 const uint8_t key_data[] = {
Jaeden Ameroab439972019-02-15 14:12:05 +00002387 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
2388 0xaa, 0xaa, 0xaa, 0xaa };
2389 const uint8_t text[] = {
2390 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
2391 0xbb, 0xbb, 0xbb, 0xbb };
gabor-mezei-armcbcec212020-12-18 14:23:51 +01002392 uint8_t buffer[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 };
Jaeden Ameroab439972019-02-15 14:12:05 +00002393 size_t length = 0;
2394
2395 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002396 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
2397 psa_set_key_algorithm( &attributes, alg );
2398 psa_set_key_type( &attributes, key_type );
Ronald Cron5425a212020-08-04 14:58:35 +02002399 PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
2400 &key ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002401
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002402 /* Call encrypt setup twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002403 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01002404 ASSERT_OPERATION_IS_ACTIVE( operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002405 TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ),
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002406 PSA_ERROR_BAD_STATE );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01002407 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002408 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01002409 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002410
2411 /* Call decrypt setup twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002412 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01002413 ASSERT_OPERATION_IS_ACTIVE( operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002414 TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ),
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002415 PSA_ERROR_BAD_STATE );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01002416 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002417 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgmanff8d52b2021-06-24 11:36:14 +01002418 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002419
Jaeden Ameroab439972019-02-15 14:12:05 +00002420 /* Generate an IV without calling setup beforehand. */
2421 TEST_EQUAL( psa_cipher_generate_iv( &operation,
2422 buffer, sizeof( buffer ),
2423 &length ),
2424 PSA_ERROR_BAD_STATE );
2425 PSA_ASSERT( psa_cipher_abort( &operation ) );
2426
2427 /* Generate an IV twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002428 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002429 PSA_ASSERT( psa_cipher_generate_iv( &operation,
2430 buffer, sizeof( buffer ),
2431 &length ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002432 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002433 TEST_EQUAL( psa_cipher_generate_iv( &operation,
2434 buffer, sizeof( buffer ),
2435 &length ),
2436 PSA_ERROR_BAD_STATE );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002437 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002438 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002439 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002440
2441 /* Generate an IV after it's already set. */
Ronald Cron5425a212020-08-04 14:58:35 +02002442 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002443 PSA_ASSERT( psa_cipher_set_iv( &operation,
2444 iv, sizeof( iv ) ) );
2445 TEST_EQUAL( psa_cipher_generate_iv( &operation,
2446 buffer, sizeof( buffer ),
2447 &length ),
2448 PSA_ERROR_BAD_STATE );
2449 PSA_ASSERT( psa_cipher_abort( &operation ) );
2450
2451 /* Set an IV without calling setup beforehand. */
2452 TEST_EQUAL( psa_cipher_set_iv( &operation,
2453 iv, sizeof( iv ) ),
2454 PSA_ERROR_BAD_STATE );
2455 PSA_ASSERT( psa_cipher_abort( &operation ) );
2456
2457 /* Set an IV after it's already set. */
Ronald Cron5425a212020-08-04 14:58:35 +02002458 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002459 PSA_ASSERT( psa_cipher_set_iv( &operation,
2460 iv, sizeof( iv ) ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002461 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002462 TEST_EQUAL( psa_cipher_set_iv( &operation,
2463 iv, sizeof( iv ) ),
2464 PSA_ERROR_BAD_STATE );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002465 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002466 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002467 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002468
2469 /* Set an IV after it's already generated. */
Ronald Cron5425a212020-08-04 14:58:35 +02002470 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002471 PSA_ASSERT( psa_cipher_generate_iv( &operation,
2472 buffer, sizeof( buffer ),
2473 &length ) );
2474 TEST_EQUAL( psa_cipher_set_iv( &operation,
2475 iv, sizeof( iv ) ),
2476 PSA_ERROR_BAD_STATE );
2477 PSA_ASSERT( psa_cipher_abort( &operation ) );
2478
2479 /* Call update without calling setup beforehand. */
2480 TEST_EQUAL( psa_cipher_update( &operation,
2481 text, sizeof( text ),
2482 buffer, sizeof( buffer ),
2483 &length ),
2484 PSA_ERROR_BAD_STATE );
2485 PSA_ASSERT( psa_cipher_abort( &operation ) );
2486
2487 /* Call update without an IV where an IV is required. */
Dave Rodgman33b58ee2021-06-23 12:48:52 +01002488 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002489 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002490 TEST_EQUAL( psa_cipher_update( &operation,
2491 text, sizeof( text ),
2492 buffer, sizeof( buffer ),
2493 &length ),
2494 PSA_ERROR_BAD_STATE );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002495 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002496 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002497 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002498
2499 /* Call update after finish. */
Ronald Cron5425a212020-08-04 14:58:35 +02002500 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002501 PSA_ASSERT( psa_cipher_set_iv( &operation,
2502 iv, sizeof( iv ) ) );
2503 PSA_ASSERT( psa_cipher_finish( &operation,
2504 buffer, sizeof( buffer ), &length ) );
2505 TEST_EQUAL( psa_cipher_update( &operation,
2506 text, sizeof( text ),
2507 buffer, sizeof( buffer ),
2508 &length ),
2509 PSA_ERROR_BAD_STATE );
2510 PSA_ASSERT( psa_cipher_abort( &operation ) );
2511
2512 /* Call finish without calling setup beforehand. */
2513 TEST_EQUAL( psa_cipher_finish( &operation,
2514 buffer, sizeof( buffer ), &length ),
2515 PSA_ERROR_BAD_STATE );
2516 PSA_ASSERT( psa_cipher_abort( &operation ) );
2517
2518 /* Call finish without an IV where an IV is required. */
Ronald Cron5425a212020-08-04 14:58:35 +02002519 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002520 /* Not calling update means we are encrypting an empty buffer, which is OK
2521 * for cipher modes with padding. */
Dave Rodgman34b147d2021-06-23 12:49:59 +01002522 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002523 TEST_EQUAL( psa_cipher_finish( &operation,
2524 buffer, sizeof( buffer ), &length ),
2525 PSA_ERROR_BAD_STATE );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002526 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002527 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgman34b147d2021-06-23 12:49:59 +01002528 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002529
2530 /* Call finish twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002531 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002532 PSA_ASSERT( psa_cipher_set_iv( &operation,
2533 iv, sizeof( iv ) ) );
2534 PSA_ASSERT( psa_cipher_finish( &operation,
2535 buffer, sizeof( buffer ), &length ) );
2536 TEST_EQUAL( psa_cipher_finish( &operation,
2537 buffer, sizeof( buffer ), &length ),
2538 PSA_ERROR_BAD_STATE );
2539 PSA_ASSERT( psa_cipher_abort( &operation ) );
2540
Ronald Cron5425a212020-08-04 14:58:35 +02002541 PSA_ASSERT( psa_destroy_key( key ) );
Gilles Peskine76b29a72019-05-28 14:08:50 +02002542
Jaeden Ameroab439972019-02-15 14:12:05 +00002543exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002544 psa_cipher_abort( &operation );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002545 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002546}
2547/* END_CASE */
2548
2549/* BEGIN_CASE */
gabor-mezei-arm43611b02021-06-25 15:49:14 +02002550void cipher_encrypt_fail( int alg_arg,
2551 int key_type_arg,
2552 data_t *key_data,
2553 data_t *input,
2554 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +02002555{
Ronald Cron5425a212020-08-04 14:58:35 +02002556 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002557 psa_status_t status;
2558 psa_key_type_t key_type = key_type_arg;
2559 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02002560 psa_status_t expected_status = expected_status_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002561 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002562 size_t output_buffer_size = 0;
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002563 size_t output_length = 0;
2564 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2565
2566 if ( PSA_ERROR_BAD_STATE != expected_status )
2567 {
2568 PSA_ASSERT( psa_crypto_init( ) );
2569
2570 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2571 psa_set_key_algorithm( &attributes, alg );
2572 psa_set_key_type( &attributes, key_type );
2573
2574 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg,
2575 input->len );
2576 ASSERT_ALLOC( output, output_buffer_size );
2577
2578 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2579 &key ) );
2580 }
2581
2582 status = psa_cipher_encrypt( key, alg, input->x, input->len, output,
2583 output_buffer_size, &output_length );
2584
2585 TEST_EQUAL( status, expected_status );
2586
2587exit:
2588 mbedtls_free( output );
2589 psa_destroy_key( key );
2590 PSA_DONE( );
2591}
2592/* END_CASE */
2593
2594/* BEGIN_CASE */
gabor-mezei-arm43611b02021-06-25 15:49:14 +02002595void cipher_encrypt_alg_without_iv( int alg_arg,
2596 int key_type_arg,
2597 data_t *key_data,
2598 data_t *input,
2599 data_t *expected_output )
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002600{
2601 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
2602 psa_key_type_t key_type = key_type_arg;
2603 psa_algorithm_t alg = alg_arg;
Ronald Cron33c69682021-07-15 09:38:11 +02002604 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
2605 uint8_t iv[1] = { 0x5a };
2606 size_t iv_length;
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002607 unsigned char *output = NULL;
2608 size_t output_buffer_size = 0;
2609 size_t output_length = 0;
2610 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2611
2612 PSA_ASSERT( psa_crypto_init( ) );
2613
2614 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2615 psa_set_key_algorithm( &attributes, alg );
2616 psa_set_key_type( &attributes, key_type );
2617
2618 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
2619 ASSERT_ALLOC( output, output_buffer_size );
2620
2621 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2622 &key ) );
2623
Ronald Cron33c69682021-07-15 09:38:11 +02002624 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
2625 TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ),
2626 PSA_ERROR_BAD_STATE );
2627 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
2628 TEST_EQUAL( psa_cipher_generate_iv( &operation, iv, sizeof( iv ),
2629 &iv_length ),
2630 PSA_ERROR_BAD_STATE );
2631
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002632 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output,
2633 output_buffer_size, &output_length ) );
2634 TEST_ASSERT( output_length <=
2635 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
2636 TEST_ASSERT( output_length <=
2637 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
2638
2639 ASSERT_COMPARE( expected_output->x, expected_output->len,
2640 output, output_length );
2641exit:
2642 mbedtls_free( output );
2643 psa_destroy_key( key );
2644 PSA_DONE( );
2645}
2646/* END_CASE */
2647
2648/* BEGIN_CASE */
Paul Elliotted33ef12021-07-14 12:31:21 +01002649void cipher_bad_key( int alg_arg, int key_type_arg, data_t *key_data )
2650{
2651 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
2652 psa_algorithm_t alg = alg_arg;
2653 psa_key_type_t key_type = key_type_arg;
2654 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2655 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
2656 psa_status_t status;
2657
2658 PSA_ASSERT( psa_crypto_init( ) );
2659
2660 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2661 psa_set_key_algorithm( &attributes, alg );
2662 psa_set_key_type( &attributes, key_type );
2663
2664 /* Usage of either of these two size macros would cause divide by zero
2665 * with incorrect key types previously. Input length should be irrelevant
2666 * here. */
2667 TEST_EQUAL( PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, 16 ),
2668 0 );
2669 TEST_EQUAL( PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, 16 ), 0 );
2670
2671
2672 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2673 &key ) );
2674
2675 /* Should fail due to invalid alg type (to support invalid key type).
2676 * Encrypt or decrypt will end up in the same place. */
2677 status = psa_cipher_encrypt_setup( &operation, key, alg );
2678
2679 TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
2680
2681exit:
2682 psa_cipher_abort( &operation );
2683 psa_destroy_key( key );
2684 PSA_DONE( );
2685}
2686/* END_CASE */
2687
2688/* BEGIN_CASE */
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002689void cipher_encrypt_validation( int alg_arg,
2690 int key_type_arg,
2691 data_t *key_data,
2692 data_t *input )
2693{
2694 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
2695 psa_key_type_t key_type = key_type_arg;
2696 psa_algorithm_t alg = alg_arg;
2697 size_t iv_size = PSA_CIPHER_IV_LENGTH ( key_type, alg );
2698 unsigned char *output1 = NULL;
2699 size_t output1_buffer_size = 0;
2700 size_t output1_length = 0;
2701 unsigned char *output2 = NULL;
2702 size_t output2_buffer_size = 0;
2703 size_t output2_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002704 size_t function_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002705 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002706 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002707
Gilles Peskine8817f612018-12-18 00:18:46 +01002708 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002709
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002710 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2711 psa_set_key_algorithm( &attributes, alg );
2712 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002713
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002714 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
2715 output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
2716 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
2717 ASSERT_ALLOC( output1, output1_buffer_size );
2718 ASSERT_ALLOC( output2, output2_buffer_size );
2719
Ronald Cron5425a212020-08-04 14:58:35 +02002720 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2721 &key ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002722
gabor-mezei-arm7aa1efd2021-06-25 15:47:50 +02002723 /* The one-shot cipher encryption uses generated iv so validating
2724 the output is not possible. Validating with multipart encryption. */
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002725 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output1,
2726 output1_buffer_size, &output1_length ) );
2727 TEST_ASSERT( output1_length <=
2728 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
2729 TEST_ASSERT( output1_length <=
gabor-mezei-armceface22021-01-21 12:26:17 +01002730 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002731
2732 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
2733 PSA_ASSERT( psa_cipher_set_iv( &operation, output1, iv_size ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002734
Gilles Peskine8817f612018-12-18 00:18:46 +01002735 PSA_ASSERT( psa_cipher_update( &operation,
2736 input->x, input->len,
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002737 output2, output2_buffer_size,
Gilles Peskine8817f612018-12-18 00:18:46 +01002738 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002739 TEST_ASSERT( function_output_length <=
2740 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
2741 TEST_ASSERT( function_output_length <=
2742 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002743 output2_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002744
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002745 PSA_ASSERT( psa_cipher_finish( &operation,
2746 output2 + output2_length,
2747 output2_buffer_size - output2_length,
2748 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002749 TEST_ASSERT( function_output_length <=
2750 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2751 TEST_ASSERT( function_output_length <=
2752 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002753 output2_length += function_output_length;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002754
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002755 PSA_ASSERT( psa_cipher_abort( &operation ) );
2756 ASSERT_COMPARE( output1 + iv_size, output1_length - iv_size,
2757 output2, output2_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002758
Gilles Peskine50e586b2018-06-08 14:28:46 +02002759exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002760 psa_cipher_abort( &operation );
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002761 mbedtls_free( output1 );
2762 mbedtls_free( output2 );
Ronald Cron5425a212020-08-04 14:58:35 +02002763 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002764 PSA_DONE( );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002765}
2766/* END_CASE */
2767
2768/* BEGIN_CASE */
2769void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002770 data_t *key_data, data_t *iv,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002771 data_t *input,
Gilles Peskinee0866522019-02-19 19:44:00 +01002772 int first_part_size_arg,
2773 int output1_length_arg, int output2_length_arg,
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002774 data_t *expected_output,
2775 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +02002776{
Ronald Cron5425a212020-08-04 14:58:35 +02002777 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002778 psa_key_type_t key_type = key_type_arg;
2779 psa_algorithm_t alg = alg_arg;
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002780 psa_status_t status;
2781 psa_status_t expected_status = expected_status_arg;
Gilles Peskinee0866522019-02-19 19:44:00 +01002782 size_t first_part_size = first_part_size_arg;
2783 size_t output1_length = output1_length_arg;
2784 size_t output2_length = output2_length_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002785 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002786 size_t output_buffer_size = 0;
2787 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002788 size_t total_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002789 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002790 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002791
Gilles Peskine8817f612018-12-18 00:18:46 +01002792 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002793
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002794 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2795 psa_set_key_algorithm( &attributes, alg );
2796 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002797
Ronald Cron5425a212020-08-04 14:58:35 +02002798 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2799 &key ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002800
Ronald Cron5425a212020-08-04 14:58:35 +02002801 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002802
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002803 if( iv->len > 0 )
2804 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002805 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002806 }
2807
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002808 output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
2809 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002810 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002811
Gilles Peskinee0866522019-02-19 19:44:00 +01002812 TEST_ASSERT( first_part_size <= input->len );
Gilles Peskine8817f612018-12-18 00:18:46 +01002813 PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
2814 output, output_buffer_size,
2815 &function_output_length ) );
Gilles Peskinee0866522019-02-19 19:44:00 +01002816 TEST_ASSERT( function_output_length == output1_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002817 TEST_ASSERT( function_output_length <=
2818 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
2819 TEST_ASSERT( function_output_length <=
2820 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002821 total_output_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002822
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002823 if( first_part_size < input->len )
2824 {
2825 PSA_ASSERT( psa_cipher_update( &operation,
2826 input->x + first_part_size,
2827 input->len - first_part_size,
2828 ( output_buffer_size == 0 ? NULL :
2829 output + total_output_length ),
2830 output_buffer_size - total_output_length,
2831 &function_output_length ) );
2832 TEST_ASSERT( function_output_length == output2_length );
2833 TEST_ASSERT( function_output_length <=
2834 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
2835 alg,
2836 input->len - first_part_size ) );
2837 TEST_ASSERT( function_output_length <=
2838 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
2839 total_output_length += function_output_length;
2840 }
gabor-mezei-armceface22021-01-21 12:26:17 +01002841
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002842 status = psa_cipher_finish( &operation,
2843 ( output_buffer_size == 0 ? NULL :
2844 output + total_output_length ),
2845 output_buffer_size - total_output_length,
2846 &function_output_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002847 TEST_ASSERT( function_output_length <=
2848 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2849 TEST_ASSERT( function_output_length <=
2850 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002851 total_output_length += function_output_length;
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002852 TEST_EQUAL( status, expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002853
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002854 if( expected_status == PSA_SUCCESS )
2855 {
2856 PSA_ASSERT( psa_cipher_abort( &operation ) );
2857
2858 ASSERT_COMPARE( expected_output->x, expected_output->len,
2859 output, total_output_length );
2860 }
Gilles Peskine50e586b2018-06-08 14:28:46 +02002861
2862exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002863 psa_cipher_abort( &operation );
itayzafrir3e02b3b2018-06-12 17:06:52 +03002864 mbedtls_free( output );
Ronald Cron5425a212020-08-04 14:58:35 +02002865 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002866 PSA_DONE( );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002867}
2868/* END_CASE */
2869
2870/* BEGIN_CASE */
2871void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002872 data_t *key_data, data_t *iv,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002873 data_t *input,
Gilles Peskinee0866522019-02-19 19:44:00 +01002874 int first_part_size_arg,
2875 int output1_length_arg, int output2_length_arg,
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002876 data_t *expected_output,
2877 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +02002878{
Ronald Cron5425a212020-08-04 14:58:35 +02002879 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002880 psa_key_type_t key_type = key_type_arg;
2881 psa_algorithm_t alg = alg_arg;
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002882 psa_status_t status;
2883 psa_status_t expected_status = expected_status_arg;
Gilles Peskinee0866522019-02-19 19:44:00 +01002884 size_t first_part_size = first_part_size_arg;
2885 size_t output1_length = output1_length_arg;
2886 size_t output2_length = output2_length_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002887 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002888 size_t output_buffer_size = 0;
2889 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002890 size_t total_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002891 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002892 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002893
Gilles Peskine8817f612018-12-18 00:18:46 +01002894 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002895
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002896 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
2897 psa_set_key_algorithm( &attributes, alg );
2898 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002899
Ronald Cron5425a212020-08-04 14:58:35 +02002900 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2901 &key ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002902
Ronald Cron5425a212020-08-04 14:58:35 +02002903 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002904
Steven Cooreman177deba2020-09-07 17:14:14 +02002905 if( iv->len > 0 )
2906 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002907 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002908 }
Gilles Peskine50e586b2018-06-08 14:28:46 +02002909
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002910 output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
2911 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002912 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002913
Gilles Peskinee0866522019-02-19 19:44:00 +01002914 TEST_ASSERT( first_part_size <= input->len );
Gilles Peskine8817f612018-12-18 00:18:46 +01002915 PSA_ASSERT( psa_cipher_update( &operation,
2916 input->x, first_part_size,
2917 output, output_buffer_size,
2918 &function_output_length ) );
Gilles Peskinee0866522019-02-19 19:44:00 +01002919 TEST_ASSERT( function_output_length == output1_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002920 TEST_ASSERT( function_output_length <=
2921 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
2922 TEST_ASSERT( function_output_length <=
2923 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002924 total_output_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002925
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002926 if( first_part_size < input->len )
Steven Cooreman177deba2020-09-07 17:14:14 +02002927 {
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002928 PSA_ASSERT( psa_cipher_update( &operation,
2929 input->x + first_part_size,
2930 input->len - first_part_size,
2931 ( output_buffer_size == 0 ? NULL :
2932 output + total_output_length ),
2933 output_buffer_size - total_output_length,
2934 &function_output_length ) );
2935 TEST_ASSERT( function_output_length == output2_length );
2936 TEST_ASSERT( function_output_length <=
2937 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
2938 alg,
2939 input->len - first_part_size ) );
2940 TEST_ASSERT( function_output_length <=
2941 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
2942 total_output_length += function_output_length;
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002943 }
Gilles Peskine50e586b2018-06-08 14:28:46 +02002944
Gilles Peskine50e586b2018-06-08 14:28:46 +02002945 status = psa_cipher_finish( &operation,
Gilles Peskine0c510f32021-03-24 00:41:51 +01002946 ( output_buffer_size == 0 ? NULL :
2947 output + total_output_length ),
Gilles Peskineee46fe72019-02-19 19:05:33 +01002948 output_buffer_size - total_output_length,
Gilles Peskine50e586b2018-06-08 14:28:46 +02002949 &function_output_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002950 TEST_ASSERT( function_output_length <=
2951 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2952 TEST_ASSERT( function_output_length <=
2953 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002954 total_output_length += function_output_length;
Gilles Peskinefe11b722018-12-18 00:24:04 +01002955 TEST_EQUAL( status, expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002956
2957 if( expected_status == PSA_SUCCESS )
2958 {
Gilles Peskine8817f612018-12-18 00:18:46 +01002959 PSA_ASSERT( psa_cipher_abort( &operation ) );
gabor-mezei-arm9ac48472021-06-25 18:21:33 +02002960
Gilles Peskinebd7dea92018-09-27 13:57:19 +02002961 ASSERT_COMPARE( expected_output->x, expected_output->len,
2962 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002963 }
2964
Gilles Peskine50e586b2018-06-08 14:28:46 +02002965exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002966 psa_cipher_abort( &operation );
itayzafrir3e02b3b2018-06-12 17:06:52 +03002967 mbedtls_free( output );
Ronald Cron5425a212020-08-04 14:58:35 +02002968 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002969 PSA_DONE( );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002970}
2971/* END_CASE */
2972
Gilles Peskine50e586b2018-06-08 14:28:46 +02002973/* BEGIN_CASE */
gabor-mezei-arm43611b02021-06-25 15:49:14 +02002974void cipher_decrypt_fail( int alg_arg,
2975 int key_type_arg,
2976 data_t *key_data,
2977 data_t *iv,
2978 data_t *input_arg,
2979 int expected_status_arg )
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01002980{
2981 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
2982 psa_status_t status;
2983 psa_key_type_t key_type = key_type_arg;
2984 psa_algorithm_t alg = alg_arg;
2985 psa_status_t expected_status = expected_status_arg;
2986 unsigned char *input = NULL;
2987 size_t input_buffer_size = 0;
2988 unsigned char *output = NULL;
2989 size_t output_buffer_size = 0;
2990 size_t output_length = 0;
2991 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2992
2993 if ( PSA_ERROR_BAD_STATE != expected_status )
2994 {
2995 PSA_ASSERT( psa_crypto_init( ) );
2996
2997 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
2998 psa_set_key_algorithm( &attributes, alg );
2999 psa_set_key_type( &attributes, key_type );
3000
3001 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3002 &key ) );
3003 }
3004
3005 /* Allocate input buffer and copy the iv and the plaintext */
3006 input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
3007 if ( input_buffer_size > 0 )
3008 {
3009 ASSERT_ALLOC( input, input_buffer_size );
3010 memcpy( input, iv->x, iv->len );
3011 memcpy( input + iv->len, input_arg->x, input_arg->len );
3012 }
3013
3014 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
3015 ASSERT_ALLOC( output, output_buffer_size );
3016
3017 status = psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
3018 output_buffer_size, &output_length );
3019 TEST_EQUAL( status, expected_status );
3020
3021exit:
3022 mbedtls_free( input );
3023 mbedtls_free( output );
3024 psa_destroy_key( key );
3025 PSA_DONE( );
3026}
3027/* END_CASE */
3028
3029/* BEGIN_CASE */
3030void cipher_decrypt( int alg_arg,
3031 int key_type_arg,
3032 data_t *key_data,
3033 data_t *iv,
3034 data_t *input_arg,
3035 data_t *expected_output )
3036{
3037 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3038 psa_key_type_t key_type = key_type_arg;
3039 psa_algorithm_t alg = alg_arg;
3040 unsigned char *input = NULL;
3041 size_t input_buffer_size = 0;
3042 unsigned char *output = NULL;
3043 size_t output_buffer_size = 0;
3044 size_t output_length = 0;
3045 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3046
3047 PSA_ASSERT( psa_crypto_init( ) );
3048
3049 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
3050 psa_set_key_algorithm( &attributes, alg );
3051 psa_set_key_type( &attributes, key_type );
3052
3053 /* Allocate input buffer and copy the iv and the plaintext */
3054 input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
3055 if ( input_buffer_size > 0 )
3056 {
3057 ASSERT_ALLOC( input, input_buffer_size );
3058 memcpy( input, iv->x, iv->len );
3059 memcpy( input + iv->len, input_arg->x, input_arg->len );
3060 }
3061
3062 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
3063 ASSERT_ALLOC( output, output_buffer_size );
3064
3065 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3066 &key ) );
3067
3068 PSA_ASSERT( psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
3069 output_buffer_size, &output_length ) );
3070 TEST_ASSERT( output_length <=
3071 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ) );
3072 TEST_ASSERT( output_length <=
3073 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input_buffer_size ) );
3074
3075 ASSERT_COMPARE( expected_output->x, expected_output->len,
3076 output, output_length );
3077exit:
3078 mbedtls_free( input );
3079 mbedtls_free( output );
3080 psa_destroy_key( key );
3081 PSA_DONE( );
3082}
3083/* END_CASE */
3084
3085/* BEGIN_CASE */
3086void cipher_verify_output( int alg_arg,
3087 int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02003088 data_t *key_data,
itayzafrir3e02b3b2018-06-12 17:06:52 +03003089 data_t *input )
mohammad1603d7d7ba52018-03-12 18:51:53 +02003090{
Ronald Cron5425a212020-08-04 14:58:35 +02003091 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
mohammad1603d7d7ba52018-03-12 18:51:53 +02003092 psa_key_type_t key_type = key_type_arg;
3093 psa_algorithm_t alg = alg_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03003094 unsigned char *output1 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +02003095 size_t output1_size = 0;
3096 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +03003097 unsigned char *output2 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +02003098 size_t output2_size = 0;
3099 size_t output2_length = 0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003100 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mohammad1603d7d7ba52018-03-12 18:51:53 +02003101
Gilles Peskine8817f612018-12-18 00:18:46 +01003102 PSA_ASSERT( psa_crypto_init( ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003103
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003104 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
3105 psa_set_key_algorithm( &attributes, alg );
3106 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03003107
Ronald Cron5425a212020-08-04 14:58:35 +02003108 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3109 &key ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003110 output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003111 ASSERT_ALLOC( output1, output1_size );
Moran Pekerded84402018-06-06 16:36:50 +03003112
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01003113 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len,
3114 output1, output1_size,
3115 &output1_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003116 TEST_ASSERT( output1_length <=
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01003117 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003118 TEST_ASSERT( output1_length <=
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01003119 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
Moran Pekerded84402018-06-06 16:36:50 +03003120
3121 output2_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003122 ASSERT_ALLOC( output2, output2_size );
Moran Pekerded84402018-06-06 16:36:50 +03003123
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01003124 PSA_ASSERT( psa_cipher_decrypt( key, alg, output1, output1_length,
3125 output2, output2_size,
3126 &output2_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003127 TEST_ASSERT( output2_length <=
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01003128 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003129 TEST_ASSERT( output2_length <=
gabor-mezei-armd086e6e2021-03-01 15:11:46 +01003130 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
Moran Pekerded84402018-06-06 16:36:50 +03003131
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003132 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
Moran Pekerded84402018-06-06 16:36:50 +03003133
3134exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +03003135 mbedtls_free( output1 );
3136 mbedtls_free( output2 );
Ronald Cron5425a212020-08-04 14:58:35 +02003137 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003138 PSA_DONE( );
Moran Pekerded84402018-06-06 16:36:50 +03003139}
3140/* END_CASE */
3141
3142/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +02003143void cipher_verify_output_multipart( int alg_arg,
3144 int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02003145 data_t *key_data,
itayzafrir3e02b3b2018-06-12 17:06:52 +03003146 data_t *input,
Gilles Peskinee0866522019-02-19 19:44:00 +01003147 int first_part_size_arg )
Moran Pekerded84402018-06-06 16:36:50 +03003148{
Ronald Cron5425a212020-08-04 14:58:35 +02003149 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Moran Pekerded84402018-06-06 16:36:50 +03003150 psa_key_type_t key_type = key_type_arg;
3151 psa_algorithm_t alg = alg_arg;
Gilles Peskinee0866522019-02-19 19:44:00 +01003152 size_t first_part_size = first_part_size_arg;
Moran Pekerded84402018-06-06 16:36:50 +03003153 unsigned char iv[16] = {0};
3154 size_t iv_size = 16;
3155 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +03003156 unsigned char *output1 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +02003157 size_t output1_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +03003158 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +03003159 unsigned char *output2 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +02003160 size_t output2_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +03003161 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +02003162 size_t function_output_length;
Jaeden Amero5bae2272019-01-04 11:48:27 +00003163 psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
3164 psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003165 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Moran Pekerded84402018-06-06 16:36:50 +03003166
Gilles Peskine8817f612018-12-18 00:18:46 +01003167 PSA_ASSERT( psa_crypto_init( ) );
Moran Pekerded84402018-06-06 16:36:50 +03003168
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003169 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
3170 psa_set_key_algorithm( &attributes, alg );
3171 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03003172
Ronald Cron5425a212020-08-04 14:58:35 +02003173 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3174 &key ) );
Moran Pekerded84402018-06-06 16:36:50 +03003175
Ronald Cron5425a212020-08-04 14:58:35 +02003176 PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
3177 PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
Moran Pekerded84402018-06-06 16:36:50 +03003178
Steven Cooreman177deba2020-09-07 17:14:14 +02003179 if( alg != PSA_ALG_ECB_NO_PADDING )
3180 {
Steven Cooremana6033e92020-08-25 11:47:50 +02003181 PSA_ASSERT( psa_cipher_generate_iv( &operation1,
3182 iv, iv_size,
3183 &iv_length ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02003184 }
3185
gabor-mezei-armceface22021-01-21 12:26:17 +01003186 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
3187 TEST_ASSERT( output1_buffer_size <=
3188 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003189 ASSERT_ALLOC( output1, output1_buffer_size );
Moran Pekerded84402018-06-06 16:36:50 +03003190
Gilles Peskinee0866522019-02-19 19:44:00 +01003191 TEST_ASSERT( first_part_size <= input->len );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +02003192
Gilles Peskine8817f612018-12-18 00:18:46 +01003193 PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
3194 output1, output1_buffer_size,
3195 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003196 TEST_ASSERT( function_output_length <=
3197 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
3198 TEST_ASSERT( function_output_length <=
3199 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003200 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03003201
Gilles Peskine8817f612018-12-18 00:18:46 +01003202 PSA_ASSERT( psa_cipher_update( &operation1,
3203 input->x + first_part_size,
3204 input->len - first_part_size,
3205 output1, output1_buffer_size,
3206 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003207 TEST_ASSERT( function_output_length <=
3208 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
3209 alg,
3210 input->len - first_part_size ) );
3211 TEST_ASSERT( function_output_length <=
3212 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003213 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03003214
Gilles Peskine8817f612018-12-18 00:18:46 +01003215 PSA_ASSERT( psa_cipher_finish( &operation1,
3216 output1 + output1_length,
3217 output1_buffer_size - output1_length,
3218 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003219 TEST_ASSERT( function_output_length <=
3220 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
3221 TEST_ASSERT( function_output_length <=
3222 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003223 output1_length += function_output_length;
mohammad1603d7d7ba52018-03-12 18:51:53 +02003224
Gilles Peskine8817f612018-12-18 00:18:46 +01003225 PSA_ASSERT( psa_cipher_abort( &operation1 ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003226
Gilles Peskine048b7f02018-06-08 14:20:49 +02003227 output2_buffer_size = output1_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01003228 TEST_ASSERT( output2_buffer_size <=
3229 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
3230 TEST_ASSERT( output2_buffer_size <=
3231 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003232 ASSERT_ALLOC( output2, output2_buffer_size );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003233
Steven Cooreman177deba2020-09-07 17:14:14 +02003234 if( iv_length > 0 )
3235 {
Steven Cooremana6033e92020-08-25 11:47:50 +02003236 PSA_ASSERT( psa_cipher_set_iv( &operation2,
3237 iv, iv_length ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02003238 }
Moran Pekerded84402018-06-06 16:36:50 +03003239
Gilles Peskine8817f612018-12-18 00:18:46 +01003240 PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
3241 output2, output2_buffer_size,
3242 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003243 TEST_ASSERT( function_output_length <=
3244 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
3245 TEST_ASSERT( function_output_length <=
3246 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003247 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03003248
Gilles Peskine8817f612018-12-18 00:18:46 +01003249 PSA_ASSERT( psa_cipher_update( &operation2,
3250 output1 + first_part_size,
3251 output1_length - first_part_size,
3252 output2, output2_buffer_size,
3253 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003254 TEST_ASSERT( function_output_length <=
3255 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
3256 alg,
3257 output1_length - first_part_size ) );
3258 TEST_ASSERT( function_output_length <=
3259 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003260 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03003261
Gilles Peskine8817f612018-12-18 00:18:46 +01003262 PSA_ASSERT( psa_cipher_finish( &operation2,
3263 output2 + output2_length,
3264 output2_buffer_size - output2_length,
3265 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003266 TEST_ASSERT( function_output_length <=
3267 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
3268 TEST_ASSERT( function_output_length <=
3269 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003270 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +02003271
Gilles Peskine8817f612018-12-18 00:18:46 +01003272 PSA_ASSERT( psa_cipher_abort( &operation2 ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003273
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003274 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003275
3276exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02003277 psa_cipher_abort( &operation1 );
3278 psa_cipher_abort( &operation2 );
itayzafrir3e02b3b2018-06-12 17:06:52 +03003279 mbedtls_free( output1 );
3280 mbedtls_free( output2 );
Ronald Cron5425a212020-08-04 14:58:35 +02003281 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003282 PSA_DONE( );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003283}
3284/* END_CASE */
Gilles Peskine7268afc2018-06-06 15:19:24 +02003285
Gilles Peskine20035e32018-02-03 22:44:14 +01003286/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +02003287void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02003288 int alg_arg,
Gilles Peskine7da96b02018-08-17 18:45:42 +02003289 data_t *nonce,
3290 data_t *additional_data,
3291 data_t *input_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02003292 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +02003293{
Ronald Cron5425a212020-08-04 14:58:35 +02003294 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003295 psa_key_type_t key_type = key_type_arg;
3296 psa_algorithm_t alg = alg_arg;
Bence Szépkútiec174e22021-03-19 18:46:15 +01003297 size_t key_bits;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003298 unsigned char *output_data = NULL;
3299 size_t output_size = 0;
3300 size_t output_length = 0;
3301 unsigned char *output_data2 = NULL;
3302 size_t output_length2 = 0;
Steven Cooremanf49478b2021-02-15 15:19:25 +01003303 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
Gilles Peskine4abf7412018-06-18 16:35:34 +02003304 psa_status_t expected_result = expected_result_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003305 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003306
Gilles Peskine8817f612018-12-18 00:18:46 +01003307 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003308
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003309 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
3310 psa_set_key_algorithm( &attributes, alg );
3311 psa_set_key_type( &attributes, key_type );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003312
Gilles Peskine049c7532019-05-15 20:22:09 +02003313 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003314 &key ) );
Bence Szépkútiec174e22021-03-19 18:46:15 +01003315 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3316 key_bits = psa_get_key_bits( &attributes );
3317
3318 output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
3319 alg );
3320 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
3321 * should be exact. */
3322 if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
3323 expected_result != PSA_ERROR_NOT_SUPPORTED )
3324 {
3325 TEST_EQUAL( output_size,
3326 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
3327 TEST_ASSERT( output_size <=
3328 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
3329 }
3330 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003331
Steven Cooremanf49478b2021-02-15 15:19:25 +01003332 status = psa_aead_encrypt( key, alg,
3333 nonce->x, nonce->len,
3334 additional_data->x,
3335 additional_data->len,
3336 input_data->x, input_data->len,
3337 output_data, output_size,
3338 &output_length );
3339
3340 /* If the operation is not supported, just skip and not fail in case the
3341 * encryption involves a common limitation of cryptography hardwares and
3342 * an alternative implementation. */
3343 if( status == PSA_ERROR_NOT_SUPPORTED )
3344 {
3345 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
3346 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
3347 }
3348
3349 TEST_EQUAL( status, expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003350
3351 if( PSA_SUCCESS == expected_result )
3352 {
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003353 ASSERT_ALLOC( output_data2, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003354
Gilles Peskine003a4a92019-05-14 16:09:40 +02003355 /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
3356 * should be exact. */
3357 TEST_EQUAL( input_data->len,
Bence Szépkútiec174e22021-03-19 18:46:15 +01003358 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, output_length ) );
Gilles Peskine003a4a92019-05-14 16:09:40 +02003359
gabor-mezei-armceface22021-01-21 12:26:17 +01003360 TEST_ASSERT( input_data->len <=
3361 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) );
3362
Ronald Cron5425a212020-08-04 14:58:35 +02003363 TEST_EQUAL( psa_aead_decrypt( key, alg,
Gilles Peskinefe11b722018-12-18 00:24:04 +01003364 nonce->x, nonce->len,
3365 additional_data->x,
3366 additional_data->len,
3367 output_data, output_length,
3368 output_data2, output_length,
Gilles Peskinef812dcf2018-12-18 00:33:25 +01003369 &output_length2 ),
3370 expected_result );
Gilles Peskine2d277862018-06-18 15:41:12 +02003371
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003372 ASSERT_COMPARE( input_data->x, input_data->len,
3373 output_data2, output_length2 );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003374 }
Gilles Peskine2d277862018-06-18 15:41:12 +02003375
Gilles Peskinea1cac842018-06-11 19:33:02 +02003376exit:
Ronald Cron5425a212020-08-04 14:58:35 +02003377 psa_destroy_key( key );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003378 mbedtls_free( output_data );
3379 mbedtls_free( output_data2 );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003380 PSA_DONE( );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003381}
3382/* END_CASE */
3383
3384/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +02003385void aead_encrypt( int key_type_arg, data_t *key_data,
3386 int alg_arg,
3387 data_t *nonce,
3388 data_t *additional_data,
3389 data_t *input_data,
3390 data_t *expected_result )
Gilles Peskinea1cac842018-06-11 19:33:02 +02003391{
Ronald Cron5425a212020-08-04 14:58:35 +02003392 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003393 psa_key_type_t key_type = key_type_arg;
3394 psa_algorithm_t alg = alg_arg;
Bence Szépkútiec174e22021-03-19 18:46:15 +01003395 size_t key_bits;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003396 unsigned char *output_data = NULL;
3397 size_t output_size = 0;
3398 size_t output_length = 0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003399 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Steven Cooremand588ea12021-01-11 19:36:04 +01003400 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003401
Gilles Peskine8817f612018-12-18 00:18:46 +01003402 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003403
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003404 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
3405 psa_set_key_algorithm( &attributes, alg );
3406 psa_set_key_type( &attributes, key_type );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003407
Gilles Peskine049c7532019-05-15 20:22:09 +02003408 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003409 &key ) );
Bence Szépkútiec174e22021-03-19 18:46:15 +01003410 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3411 key_bits = psa_get_key_bits( &attributes );
3412
3413 output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
3414 alg );
3415 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
3416 * should be exact. */
3417 TEST_EQUAL( output_size,
3418 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
3419 TEST_ASSERT( output_size <=
3420 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
3421 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003422
Steven Cooremand588ea12021-01-11 19:36:04 +01003423 status = psa_aead_encrypt( key, alg,
3424 nonce->x, nonce->len,
3425 additional_data->x, additional_data->len,
3426 input_data->x, input_data->len,
3427 output_data, output_size,
3428 &output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003429
Ronald Cron28a45ed2021-02-09 20:35:42 +01003430 /* If the operation is not supported, just skip and not fail in case the
3431 * encryption involves a common limitation of cryptography hardwares and
3432 * an alternative implementation. */
3433 if( status == PSA_ERROR_NOT_SUPPORTED )
Steven Cooremand588ea12021-01-11 19:36:04 +01003434 {
Ronald Cron28a45ed2021-02-09 20:35:42 +01003435 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
3436 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
Steven Cooremand588ea12021-01-11 19:36:04 +01003437 }
Steven Cooremand588ea12021-01-11 19:36:04 +01003438
3439 PSA_ASSERT( status );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003440 ASSERT_COMPARE( expected_result->x, expected_result->len,
3441 output_data, output_length );
Gilles Peskine2d277862018-06-18 15:41:12 +02003442
Gilles Peskinea1cac842018-06-11 19:33:02 +02003443exit:
Ronald Cron5425a212020-08-04 14:58:35 +02003444 psa_destroy_key( key );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003445 mbedtls_free( output_data );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003446 PSA_DONE( );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003447}
3448/* END_CASE */
3449
3450/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +02003451void aead_decrypt( int key_type_arg, data_t *key_data,
3452 int alg_arg,
3453 data_t *nonce,
3454 data_t *additional_data,
3455 data_t *input_data,
3456 data_t *expected_data,
3457 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +02003458{
Ronald Cron5425a212020-08-04 14:58:35 +02003459 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003460 psa_key_type_t key_type = key_type_arg;
3461 psa_algorithm_t alg = alg_arg;
Bence Szépkútiec174e22021-03-19 18:46:15 +01003462 size_t key_bits;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003463 unsigned char *output_data = NULL;
3464 size_t output_size = 0;
3465 size_t output_length = 0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003466 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine4abf7412018-06-18 16:35:34 +02003467 psa_status_t expected_result = expected_result_arg;
Steven Cooremand588ea12021-01-11 19:36:04 +01003468 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003469
Gilles Peskine8817f612018-12-18 00:18:46 +01003470 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003471
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003472 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
3473 psa_set_key_algorithm( &attributes, alg );
3474 psa_set_key_type( &attributes, key_type );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003475
Gilles Peskine049c7532019-05-15 20:22:09 +02003476 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003477 &key ) );
Bence Szépkútiec174e22021-03-19 18:46:15 +01003478 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3479 key_bits = psa_get_key_bits( &attributes );
3480
3481 output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits,
3482 alg );
3483 if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
3484 expected_result != PSA_ERROR_NOT_SUPPORTED )
3485 {
3486 /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
3487 * should be exact. */
3488 TEST_EQUAL( output_size,
3489 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
3490 TEST_ASSERT( output_size <=
3491 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
3492 }
3493 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003494
Steven Cooremand588ea12021-01-11 19:36:04 +01003495 status = psa_aead_decrypt( key, alg,
3496 nonce->x, nonce->len,
3497 additional_data->x,
3498 additional_data->len,
3499 input_data->x, input_data->len,
3500 output_data, output_size,
3501 &output_length );
3502
Ronald Cron28a45ed2021-02-09 20:35:42 +01003503 /* If the operation is not supported, just skip and not fail in case the
3504 * decryption involves a common limitation of cryptography hardwares and
3505 * an alternative implementation. */
3506 if( status == PSA_ERROR_NOT_SUPPORTED )
Steven Cooremand588ea12021-01-11 19:36:04 +01003507 {
Ronald Cron28a45ed2021-02-09 20:35:42 +01003508 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
3509 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
Steven Cooremand588ea12021-01-11 19:36:04 +01003510 }
Steven Cooremand588ea12021-01-11 19:36:04 +01003511
3512 TEST_EQUAL( status, expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003513
Gilles Peskine2d277862018-06-18 15:41:12 +02003514 if( expected_result == PSA_SUCCESS )
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003515 ASSERT_COMPARE( expected_data->x, expected_data->len,
3516 output_data, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003517
Gilles Peskinea1cac842018-06-11 19:33:02 +02003518exit:
Ronald Cron5425a212020-08-04 14:58:35 +02003519 psa_destroy_key( key );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003520 mbedtls_free( output_data );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003521 PSA_DONE( );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003522}
3523/* END_CASE */
3524
3525/* BEGIN_CASE */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02003526void signature_size( int type_arg,
3527 int bits,
3528 int alg_arg,
3529 int expected_size_arg )
Gilles Peskinee59236f2018-01-27 23:32:46 +01003530{
3531 psa_key_type_t type = type_arg;
3532 psa_algorithm_t alg = alg_arg;
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003533 size_t actual_size = PSA_SIGN_OUTPUT_SIZE( type, bits, alg );
Gilles Peskine841b14b2019-11-26 17:37:37 +01003534
Gilles Peskinefe11b722018-12-18 00:24:04 +01003535 TEST_EQUAL( actual_size, (size_t) expected_size_arg );
Gilles Peskine841b14b2019-11-26 17:37:37 +01003536#if defined(MBEDTLS_TEST_DEPRECATED)
3537 TEST_EQUAL( actual_size,
3538 PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg ) );
3539#endif /* MBEDTLS_TEST_DEPRECATED */
3540
Gilles Peskinee59236f2018-01-27 23:32:46 +01003541exit:
3542 ;
3543}
3544/* END_CASE */
3545
3546/* BEGIN_CASE */
gabor-mezei-armdc76df42021-04-16 14:21:21 +02003547void sign_hash_deterministic( int key_type_arg, data_t *key_data,
3548 int alg_arg, data_t *input_data,
3549 data_t *output_data )
Gilles Peskinee59236f2018-01-27 23:32:46 +01003550{
Ronald Cron5425a212020-08-04 14:58:35 +02003551 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinee59236f2018-01-27 23:32:46 +01003552 psa_key_type_t key_type = key_type_arg;
3553 psa_algorithm_t alg = alg_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +01003554 size_t key_bits;
Gilles Peskine20035e32018-02-03 22:44:14 +01003555 unsigned char *signature = NULL;
3556 size_t signature_size;
3557 size_t signature_length = 0xdeadbeef;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003558 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine20035e32018-02-03 22:44:14 +01003559
Gilles Peskine8817f612018-12-18 00:18:46 +01003560 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine20035e32018-02-03 22:44:14 +01003561
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003562 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003563 psa_set_key_algorithm( &attributes, alg );
3564 psa_set_key_type( &attributes, key_type );
mohammad1603a97cb8c2018-03-28 03:46:26 -07003565
Gilles Peskine049c7532019-05-15 20:22:09 +02003566 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003567 &key ) );
3568 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003569 key_bits = psa_get_key_bits( &attributes );
Gilles Peskine20035e32018-02-03 22:44:14 +01003570
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003571 /* Allocate a buffer which has the size advertized by the
3572 * library. */
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003573 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02003574 key_bits, alg );
Gilles Peskine20035e32018-02-03 22:44:14 +01003575 TEST_ASSERT( signature_size != 0 );
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003576 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003577 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +01003578
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003579 /* Perform the signature. */
Ronald Cron5425a212020-08-04 14:58:35 +02003580 PSA_ASSERT( psa_sign_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003581 input_data->x, input_data->len,
3582 signature, signature_size,
3583 &signature_length ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003584 /* Verify that the signature is what is expected. */
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003585 ASSERT_COMPARE( output_data->x, output_data->len,
3586 signature, signature_length );
Gilles Peskine20035e32018-02-03 22:44:14 +01003587
Gilles Peskine0627f982019-11-26 19:12:16 +01003588#if defined(MBEDTLS_TEST_DEPRECATED)
Gilles Peskine895242b2019-11-29 12:15:40 +01003589 memset( signature, 0, signature_size );
3590 signature_length = INVALID_EXPORT_LENGTH;
Ronald Cron5425a212020-08-04 14:58:35 +02003591 PSA_ASSERT( psa_asymmetric_sign( key, alg,
Gilles Peskine0627f982019-11-26 19:12:16 +01003592 input_data->x, input_data->len,
3593 signature, signature_size,
3594 &signature_length ) );
3595 ASSERT_COMPARE( output_data->x, output_data->len,
3596 signature, signature_length );
3597#endif /* MBEDTLS_TEST_DEPRECATED */
3598
Gilles Peskine20035e32018-02-03 22:44:14 +01003599exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003600 /*
3601 * Key attributes may have been returned by psa_get_key_attributes()
3602 * thus reset them as required.
3603 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003604 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003605
Ronald Cron5425a212020-08-04 14:58:35 +02003606 psa_destroy_key( key );
Gilles Peskine0189e752018-02-03 23:57:22 +01003607 mbedtls_free( signature );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003608 PSA_DONE( );
Gilles Peskine20035e32018-02-03 22:44:14 +01003609}
3610/* END_CASE */
3611
3612/* BEGIN_CASE */
gabor-mezei-armdc76df42021-04-16 14:21:21 +02003613void sign_hash_fail( int key_type_arg, data_t *key_data,
3614 int alg_arg, data_t *input_data,
3615 int signature_size_arg, int expected_status_arg )
Gilles Peskine20035e32018-02-03 22:44:14 +01003616{
Ronald Cron5425a212020-08-04 14:58:35 +02003617 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine20035e32018-02-03 22:44:14 +01003618 psa_key_type_t key_type = key_type_arg;
3619 psa_algorithm_t alg = alg_arg;
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003620 size_t signature_size = signature_size_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +01003621 psa_status_t actual_status;
3622 psa_status_t expected_status = expected_status_arg;
Gilles Peskine40f68b92018-03-07 16:43:36 +01003623 unsigned char *signature = NULL;
Gilles Peskine93aa0332018-02-03 23:58:03 +01003624 size_t signature_length = 0xdeadbeef;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003625 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine20035e32018-02-03 22:44:14 +01003626
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003627 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +01003628
Gilles Peskine8817f612018-12-18 00:18:46 +01003629 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine20035e32018-02-03 22:44:14 +01003630
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003631 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003632 psa_set_key_algorithm( &attributes, alg );
3633 psa_set_key_type( &attributes, key_type );
mohammad1603a97cb8c2018-03-28 03:46:26 -07003634
Gilles Peskine049c7532019-05-15 20:22:09 +02003635 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003636 &key ) );
Gilles Peskine20035e32018-02-03 22:44:14 +01003637
Ronald Cron5425a212020-08-04 14:58:35 +02003638 actual_status = psa_sign_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003639 input_data->x, input_data->len,
3640 signature, signature_size,
3641 &signature_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003642 TEST_EQUAL( actual_status, expected_status );
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003643 /* The value of *signature_length is unspecified on error, but
3644 * whatever it is, it should be less than signature_size, so that
3645 * if the caller tries to read *signature_length bytes without
3646 * checking the error code then they don't overflow a buffer. */
3647 TEST_ASSERT( signature_length <= signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +01003648
Gilles Peskine895242b2019-11-29 12:15:40 +01003649#if defined(MBEDTLS_TEST_DEPRECATED)
3650 signature_length = INVALID_EXPORT_LENGTH;
Ronald Cron5425a212020-08-04 14:58:35 +02003651 TEST_EQUAL( psa_asymmetric_sign( key, alg,
Gilles Peskine895242b2019-11-29 12:15:40 +01003652 input_data->x, input_data->len,
3653 signature, signature_size,
3654 &signature_length ),
3655 expected_status );
3656 TEST_ASSERT( signature_length <= signature_size );
3657#endif /* MBEDTLS_TEST_DEPRECATED */
3658
Gilles Peskine20035e32018-02-03 22:44:14 +01003659exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003660 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003661 psa_destroy_key( key );
Gilles Peskine20035e32018-02-03 22:44:14 +01003662 mbedtls_free( signature );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003663 PSA_DONE( );
Gilles Peskine20035e32018-02-03 22:44:14 +01003664}
3665/* END_CASE */
mohammad16038cc1cee2018-03-28 01:21:33 +03003666
3667/* BEGIN_CASE */
gabor-mezei-armdc76df42021-04-16 14:21:21 +02003668void sign_verify_hash( int key_type_arg, data_t *key_data,
3669 int alg_arg, data_t *input_data )
Gilles Peskine9911b022018-06-29 17:30:48 +02003670{
Ronald Cron5425a212020-08-04 14:58:35 +02003671 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine9911b022018-06-29 17:30:48 +02003672 psa_key_type_t key_type = key_type_arg;
3673 psa_algorithm_t alg = alg_arg;
3674 size_t key_bits;
3675 unsigned char *signature = NULL;
3676 size_t signature_size;
3677 size_t signature_length = 0xdeadbeef;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003678 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine9911b022018-06-29 17:30:48 +02003679
Gilles Peskine8817f612018-12-18 00:18:46 +01003680 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003681
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003682 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003683 psa_set_key_algorithm( &attributes, alg );
3684 psa_set_key_type( &attributes, key_type );
Gilles Peskine9911b022018-06-29 17:30:48 +02003685
Gilles Peskine049c7532019-05-15 20:22:09 +02003686 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003687 &key ) );
3688 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003689 key_bits = psa_get_key_bits( &attributes );
Gilles Peskine9911b022018-06-29 17:30:48 +02003690
3691 /* Allocate a buffer which has the size advertized by the
3692 * library. */
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003693 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
Gilles Peskine9911b022018-06-29 17:30:48 +02003694 key_bits, alg );
3695 TEST_ASSERT( signature_size != 0 );
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003696 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003697 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine9911b022018-06-29 17:30:48 +02003698
3699 /* Perform the signature. */
Ronald Cron5425a212020-08-04 14:58:35 +02003700 PSA_ASSERT( psa_sign_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003701 input_data->x, input_data->len,
3702 signature, signature_size,
3703 &signature_length ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003704 /* Check that the signature length looks sensible. */
3705 TEST_ASSERT( signature_length <= signature_size );
3706 TEST_ASSERT( signature_length > 0 );
3707
3708 /* Use the library to verify that the signature is correct. */
Ronald Cron5425a212020-08-04 14:58:35 +02003709 PSA_ASSERT( psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003710 input_data->x, input_data->len,
3711 signature, signature_length ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003712
3713 if( input_data->len != 0 )
3714 {
3715 /* Flip a bit in the input and verify that the signature is now
3716 * detected as invalid. Flip a bit at the beginning, not at the end,
3717 * because ECDSA may ignore the last few bits of the input. */
3718 input_data->x[0] ^= 1;
Ronald Cron5425a212020-08-04 14:58:35 +02003719 TEST_EQUAL( psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003720 input_data->x, input_data->len,
3721 signature, signature_length ),
Gilles Peskinef812dcf2018-12-18 00:33:25 +01003722 PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine9911b022018-06-29 17:30:48 +02003723 }
3724
3725exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003726 /*
3727 * Key attributes may have been returned by psa_get_key_attributes()
3728 * thus reset them as required.
3729 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003730 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003731
Ronald Cron5425a212020-08-04 14:58:35 +02003732 psa_destroy_key( key );
Gilles Peskine9911b022018-06-29 17:30:48 +02003733 mbedtls_free( signature );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003734 PSA_DONE( );
Gilles Peskine9911b022018-06-29 17:30:48 +02003735}
3736/* END_CASE */
3737
3738/* BEGIN_CASE */
gabor-mezei-armdc76df42021-04-16 14:21:21 +02003739void verify_hash( int key_type_arg, data_t *key_data,
3740 int alg_arg, data_t *hash_data,
3741 data_t *signature_data )
itayzafrir5c753392018-05-08 11:18:38 +03003742{
Ronald Cron5425a212020-08-04 14:58:35 +02003743 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
itayzafrir5c753392018-05-08 11:18:38 +03003744 psa_key_type_t key_type = key_type_arg;
3745 psa_algorithm_t alg = alg_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003746 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
itayzafrir5c753392018-05-08 11:18:38 +03003747
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003748 TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE );
Gilles Peskine69c12672018-06-28 00:07:19 +02003749
Gilles Peskine8817f612018-12-18 00:18:46 +01003750 PSA_ASSERT( psa_crypto_init( ) );
itayzafrir5c753392018-05-08 11:18:38 +03003751
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003752 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003753 psa_set_key_algorithm( &attributes, alg );
3754 psa_set_key_type( &attributes, key_type );
itayzafrir5c753392018-05-08 11:18:38 +03003755
Gilles Peskine049c7532019-05-15 20:22:09 +02003756 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003757 &key ) );
itayzafrir5c753392018-05-08 11:18:38 +03003758
Ronald Cron5425a212020-08-04 14:58:35 +02003759 PSA_ASSERT( psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003760 hash_data->x, hash_data->len,
3761 signature_data->x, signature_data->len ) );
Gilles Peskine0627f982019-11-26 19:12:16 +01003762
3763#if defined(MBEDTLS_TEST_DEPRECATED)
Ronald Cron5425a212020-08-04 14:58:35 +02003764 PSA_ASSERT( psa_asymmetric_verify( key, alg,
Gilles Peskine0627f982019-11-26 19:12:16 +01003765 hash_data->x, hash_data->len,
3766 signature_data->x,
3767 signature_data->len ) );
3768
3769#endif /* MBEDTLS_TEST_DEPRECATED */
3770
itayzafrir5c753392018-05-08 11:18:38 +03003771exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003772 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003773 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003774 PSA_DONE( );
itayzafrir5c753392018-05-08 11:18:38 +03003775}
3776/* END_CASE */
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003777
3778/* BEGIN_CASE */
gabor-mezei-armdc76df42021-04-16 14:21:21 +02003779void verify_hash_fail( int key_type_arg, data_t *key_data,
3780 int alg_arg, data_t *hash_data,
3781 data_t *signature_data,
3782 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003783{
Ronald Cron5425a212020-08-04 14:58:35 +02003784 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003785 psa_key_type_t key_type = key_type_arg;
3786 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003787 psa_status_t actual_status;
3788 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003789 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003790
Gilles Peskine8817f612018-12-18 00:18:46 +01003791 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003792
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003793 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003794 psa_set_key_algorithm( &attributes, alg );
3795 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03003796
Gilles Peskine049c7532019-05-15 20:22:09 +02003797 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003798 &key ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003799
Ronald Cron5425a212020-08-04 14:58:35 +02003800 actual_status = psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003801 hash_data->x, hash_data->len,
3802 signature_data->x, signature_data->len );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003803 TEST_EQUAL( actual_status, expected_status );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003804
Gilles Peskine895242b2019-11-29 12:15:40 +01003805#if defined(MBEDTLS_TEST_DEPRECATED)
Ronald Cron5425a212020-08-04 14:58:35 +02003806 TEST_EQUAL( psa_asymmetric_verify( key, alg,
Gilles Peskine895242b2019-11-29 12:15:40 +01003807 hash_data->x, hash_data->len,
3808 signature_data->x, signature_data->len ),
3809 expected_status );
3810#endif /* MBEDTLS_TEST_DEPRECATED */
3811
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003812exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003813 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003814 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003815 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003816}
3817/* END_CASE */
3818
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003819/* BEGIN_CASE */
gabor-mezei-armabd72582021-04-15 18:19:50 +02003820void sign_message_deterministic( int key_type_arg,
3821 data_t *key_data,
3822 int alg_arg,
3823 data_t *input_data,
3824 data_t *output_data )
3825{
3826 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3827 psa_key_type_t key_type = key_type_arg;
3828 psa_algorithm_t alg = alg_arg;
3829 size_t key_bits;
3830 unsigned char *signature = NULL;
3831 size_t signature_size;
3832 size_t signature_length = 0xdeadbeef;
3833 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3834
3835 PSA_ASSERT( psa_crypto_init( ) );
3836
3837 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
3838 psa_set_key_algorithm( &attributes, alg );
3839 psa_set_key_type( &attributes, key_type );
3840
3841 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3842 &key ) );
3843 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3844 key_bits = psa_get_key_bits( &attributes );
3845
3846 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
3847 TEST_ASSERT( signature_size != 0 );
3848 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
3849 ASSERT_ALLOC( signature, signature_size );
3850
3851 PSA_ASSERT( psa_sign_message( key, alg,
3852 input_data->x, input_data->len,
3853 signature, signature_size,
3854 &signature_length ) );
3855
3856 ASSERT_COMPARE( output_data->x, output_data->len,
3857 signature, signature_length );
3858
3859exit:
3860 psa_reset_key_attributes( &attributes );
3861
3862 psa_destroy_key( key );
3863 mbedtls_free( signature );
3864 PSA_DONE( );
3865
3866}
3867/* END_CASE */
3868
3869/* BEGIN_CASE */
3870void sign_message_fail( int key_type_arg,
3871 data_t *key_data,
3872 int alg_arg,
3873 data_t *input_data,
3874 int signature_size_arg,
3875 int expected_status_arg )
3876{
3877 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3878 psa_key_type_t key_type = key_type_arg;
3879 psa_algorithm_t alg = alg_arg;
3880 size_t signature_size = signature_size_arg;
3881 psa_status_t actual_status;
3882 psa_status_t expected_status = expected_status_arg;
3883 unsigned char *signature = NULL;
3884 size_t signature_length = 0xdeadbeef;
3885 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3886
3887 ASSERT_ALLOC( signature, signature_size );
3888
3889 PSA_ASSERT( psa_crypto_init( ) );
3890
3891 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
3892 psa_set_key_algorithm( &attributes, alg );
3893 psa_set_key_type( &attributes, key_type );
3894
3895 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3896 &key ) );
3897
3898 actual_status = psa_sign_message( key, alg,
3899 input_data->x, input_data->len,
3900 signature, signature_size,
3901 &signature_length );
3902 TEST_EQUAL( actual_status, expected_status );
3903 /* The value of *signature_length is unspecified on error, but
3904 * whatever it is, it should be less than signature_size, so that
3905 * if the caller tries to read *signature_length bytes without
3906 * checking the error code then they don't overflow a buffer. */
3907 TEST_ASSERT( signature_length <= signature_size );
3908
3909exit:
3910 psa_reset_key_attributes( &attributes );
3911 psa_destroy_key( key );
3912 mbedtls_free( signature );
3913 PSA_DONE( );
3914}
3915/* END_CASE */
3916
3917/* BEGIN_CASE */
3918void sign_verify_message( int key_type_arg,
3919 data_t *key_data,
3920 int alg_arg,
3921 data_t *input_data )
3922{
3923 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3924 psa_key_type_t key_type = key_type_arg;
3925 psa_algorithm_t alg = alg_arg;
3926 size_t key_bits;
3927 unsigned char *signature = NULL;
3928 size_t signature_size;
3929 size_t signature_length = 0xdeadbeef;
3930 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3931
3932 PSA_ASSERT( psa_crypto_init( ) );
3933
3934 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE |
3935 PSA_KEY_USAGE_VERIFY_MESSAGE );
3936 psa_set_key_algorithm( &attributes, alg );
3937 psa_set_key_type( &attributes, key_type );
3938
3939 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3940 &key ) );
3941 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3942 key_bits = psa_get_key_bits( &attributes );
3943
3944 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
3945 TEST_ASSERT( signature_size != 0 );
3946 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
3947 ASSERT_ALLOC( signature, signature_size );
3948
3949 PSA_ASSERT( psa_sign_message( key, alg,
3950 input_data->x, input_data->len,
3951 signature, signature_size,
3952 &signature_length ) );
3953 TEST_ASSERT( signature_length <= signature_size );
3954 TEST_ASSERT( signature_length > 0 );
3955
3956 PSA_ASSERT( psa_verify_message( key, alg,
3957 input_data->x, input_data->len,
3958 signature, signature_length ) );
3959
3960 if( input_data->len != 0 )
3961 {
3962 /* Flip a bit in the input and verify that the signature is now
3963 * detected as invalid. Flip a bit at the beginning, not at the end,
3964 * because ECDSA may ignore the last few bits of the input. */
3965 input_data->x[0] ^= 1;
3966 TEST_EQUAL( psa_verify_message( key, alg,
3967 input_data->x, input_data->len,
3968 signature, signature_length ),
3969 PSA_ERROR_INVALID_SIGNATURE );
3970 }
3971
3972exit:
3973 psa_reset_key_attributes( &attributes );
3974
3975 psa_destroy_key( key );
3976 mbedtls_free( signature );
3977 PSA_DONE( );
3978}
3979/* END_CASE */
3980
3981/* BEGIN_CASE */
3982void verify_message( int key_type_arg,
3983 data_t *key_data,
3984 int alg_arg,
3985 data_t *input_data,
3986 data_t *signature_data )
3987{
3988 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3989 psa_key_type_t key_type = key_type_arg;
3990 psa_algorithm_t alg = alg_arg;
3991 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3992
3993 TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE );
3994
3995 PSA_ASSERT( psa_crypto_init( ) );
3996
3997 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
3998 psa_set_key_algorithm( &attributes, alg );
3999 psa_set_key_type( &attributes, key_type );
4000
4001 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
4002 &key ) );
4003
4004 PSA_ASSERT( psa_verify_message( key, alg,
4005 input_data->x, input_data->len,
4006 signature_data->x, signature_data->len ) );
4007
4008exit:
4009 psa_reset_key_attributes( &attributes );
4010 psa_destroy_key( key );
4011 PSA_DONE( );
4012}
4013/* END_CASE */
4014
4015/* BEGIN_CASE */
4016void verify_message_fail( int key_type_arg,
4017 data_t *key_data,
4018 int alg_arg,
4019 data_t *hash_data,
4020 data_t *signature_data,
4021 int expected_status_arg )
4022{
4023 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
4024 psa_key_type_t key_type = key_type_arg;
4025 psa_algorithm_t alg = alg_arg;
4026 psa_status_t actual_status;
4027 psa_status_t expected_status = expected_status_arg;
4028 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
4029
4030 PSA_ASSERT( psa_crypto_init( ) );
4031
4032 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
4033 psa_set_key_algorithm( &attributes, alg );
4034 psa_set_key_type( &attributes, key_type );
4035
4036 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
4037 &key ) );
4038
4039 actual_status = psa_verify_message( key, alg,
4040 hash_data->x, hash_data->len,
4041 signature_data->x,
4042 signature_data->len );
4043 TEST_EQUAL( actual_status, expected_status );
4044
4045exit:
4046 psa_reset_key_attributes( &attributes );
4047 psa_destroy_key( key );
4048 PSA_DONE( );
4049}
4050/* END_CASE */
4051
4052/* BEGIN_CASE */
Gilles Peskine656896e2018-06-29 19:12:28 +02004053void asymmetric_encrypt( int key_type_arg,
4054 data_t *key_data,
4055 int alg_arg,
4056 data_t *input_data,
Gilles Peskine68428122018-06-30 18:42:41 +02004057 data_t *label,
Gilles Peskine656896e2018-06-29 19:12:28 +02004058 int expected_output_length_arg,
4059 int expected_status_arg )
4060{
Ronald Cron5425a212020-08-04 14:58:35 +02004061 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine656896e2018-06-29 19:12:28 +02004062 psa_key_type_t key_type = key_type_arg;
4063 psa_algorithm_t alg = alg_arg;
4064 size_t expected_output_length = expected_output_length_arg;
4065 size_t key_bits;
4066 unsigned char *output = NULL;
4067 size_t output_size;
4068 size_t output_length = ~0;
4069 psa_status_t actual_status;
4070 psa_status_t expected_status = expected_status_arg;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004071 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine656896e2018-06-29 19:12:28 +02004072
Gilles Peskine8817f612018-12-18 00:18:46 +01004073 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinebdf309c2018-12-03 15:36:32 +01004074
Gilles Peskine656896e2018-06-29 19:12:28 +02004075 /* Import the key */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004076 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
4077 psa_set_key_algorithm( &attributes, alg );
4078 psa_set_key_type( &attributes, key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02004079 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004080 &key ) );
Gilles Peskine656896e2018-06-29 19:12:28 +02004081
4082 /* Determine the maximum output length */
Ronald Cron5425a212020-08-04 14:58:35 +02004083 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004084 key_bits = psa_get_key_bits( &attributes );
gabor-mezei-armceface22021-01-21 12:26:17 +01004085
Gilles Peskine656896e2018-06-29 19:12:28 +02004086 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
gabor-mezei-armceface22021-01-21 12:26:17 +01004087 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004088 ASSERT_ALLOC( output, output_size );
Gilles Peskine656896e2018-06-29 19:12:28 +02004089
4090 /* Encrypt the input */
Ronald Cron5425a212020-08-04 14:58:35 +02004091 actual_status = psa_asymmetric_encrypt( key, alg,
Gilles Peskine656896e2018-06-29 19:12:28 +02004092 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +02004093 label->x, label->len,
Gilles Peskine656896e2018-06-29 19:12:28 +02004094 output, output_size,
4095 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004096 TEST_EQUAL( actual_status, expected_status );
4097 TEST_EQUAL( output_length, expected_output_length );
Gilles Peskine656896e2018-06-29 19:12:28 +02004098
Gilles Peskine68428122018-06-30 18:42:41 +02004099 /* If the label is empty, the test framework puts a non-null pointer
4100 * in label->x. Test that a null pointer works as well. */
4101 if( label->len == 0 )
4102 {
4103 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02004104 if( output_size != 0 )
4105 memset( output, 0, output_size );
Ronald Cron5425a212020-08-04 14:58:35 +02004106 actual_status = psa_asymmetric_encrypt( key, alg,
Gilles Peskine68428122018-06-30 18:42:41 +02004107 input_data->x, input_data->len,
4108 NULL, label->len,
4109 output, output_size,
4110 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004111 TEST_EQUAL( actual_status, expected_status );
4112 TEST_EQUAL( output_length, expected_output_length );
Gilles Peskine68428122018-06-30 18:42:41 +02004113 }
4114
Gilles Peskine656896e2018-06-29 19:12:28 +02004115exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004116 /*
4117 * Key attributes may have been returned by psa_get_key_attributes()
4118 * thus reset them as required.
4119 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004120 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004121
Ronald Cron5425a212020-08-04 14:58:35 +02004122 psa_destroy_key( key );
Gilles Peskine656896e2018-06-29 19:12:28 +02004123 mbedtls_free( output );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004124 PSA_DONE( );
Gilles Peskine656896e2018-06-29 19:12:28 +02004125}
4126/* END_CASE */
4127
4128/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +02004129void asymmetric_encrypt_decrypt( int key_type_arg,
4130 data_t *key_data,
4131 int alg_arg,
4132 data_t *input_data,
4133 data_t *label )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004134{
Ronald Cron5425a212020-08-04 14:58:35 +02004135 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004136 psa_key_type_t key_type = key_type_arg;
4137 psa_algorithm_t alg = alg_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004138 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004139 unsigned char *output = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004140 size_t output_size;
4141 size_t output_length = ~0;
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +03004142 unsigned char *output2 = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004143 size_t output2_size;
4144 size_t output2_length = ~0;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004145 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004146
Gilles Peskine8817f612018-12-18 00:18:46 +01004147 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004148
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004149 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
4150 psa_set_key_algorithm( &attributes, alg );
4151 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03004152
Gilles Peskine049c7532019-05-15 20:22:09 +02004153 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004154 &key ) );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004155
4156 /* Determine the maximum ciphertext length */
Ronald Cron5425a212020-08-04 14:58:35 +02004157 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004158 key_bits = psa_get_key_bits( &attributes );
gabor-mezei-armceface22021-01-21 12:26:17 +01004159
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004160 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
gabor-mezei-armceface22021-01-21 12:26:17 +01004161 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004162 ASSERT_ALLOC( output, output_size );
gabor-mezei-armceface22021-01-21 12:26:17 +01004163
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004164 output2_size = input_data->len;
gabor-mezei-armceface22021-01-21 12:26:17 +01004165 TEST_ASSERT( output2_size <=
4166 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) );
4167 TEST_ASSERT( output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004168 ASSERT_ALLOC( output2, output2_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004169
Gilles Peskineeebd7382018-06-08 18:11:54 +02004170 /* We test encryption by checking that encrypt-then-decrypt gives back
4171 * the original plaintext because of the non-optional random
4172 * part of encryption process which prevents using fixed vectors. */
Ronald Cron5425a212020-08-04 14:58:35 +02004173 PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01004174 input_data->x, input_data->len,
4175 label->x, label->len,
4176 output, output_size,
4177 &output_length ) );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004178 /* We don't know what ciphertext length to expect, but check that
4179 * it looks sensible. */
4180 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +03004181
Ronald Cron5425a212020-08-04 14:58:35 +02004182 PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01004183 output, output_length,
4184 label->x, label->len,
4185 output2, output2_size,
4186 &output2_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02004187 ASSERT_COMPARE( input_data->x, input_data->len,
4188 output2, output2_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004189
4190exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004191 /*
4192 * Key attributes may have been returned by psa_get_key_attributes()
4193 * thus reset them as required.
4194 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004195 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004196
Ronald Cron5425a212020-08-04 14:58:35 +02004197 psa_destroy_key( key );
itayzafrir3e02b3b2018-06-12 17:06:52 +03004198 mbedtls_free( output );
4199 mbedtls_free( output2 );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004200 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004201}
4202/* END_CASE */
4203
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004204/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +02004205void asymmetric_decrypt( int key_type_arg,
4206 data_t *key_data,
4207 int alg_arg,
4208 data_t *input_data,
4209 data_t *label,
Gilles Peskine66763a02018-06-29 21:54:10 +02004210 data_t *expected_data )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004211{
Ronald Cron5425a212020-08-04 14:58:35 +02004212 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004213 psa_key_type_t key_type = key_type_arg;
4214 psa_algorithm_t alg = alg_arg;
gabor-mezei-armceface22021-01-21 12:26:17 +01004215 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004216 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +03004217 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004218 size_t output_length = ~0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004219 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004220
Gilles Peskine8817f612018-12-18 00:18:46 +01004221 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004222
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004223 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
4224 psa_set_key_algorithm( &attributes, alg );
4225 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03004226
Gilles Peskine049c7532019-05-15 20:22:09 +02004227 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004228 &key ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004229
gabor-mezei-armceface22021-01-21 12:26:17 +01004230 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
4231 key_bits = psa_get_key_bits( &attributes );
4232
4233 /* Determine the maximum ciphertext length */
4234 output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
4235 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
4236 ASSERT_ALLOC( output, output_size );
4237
Ronald Cron5425a212020-08-04 14:58:35 +02004238 PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01004239 input_data->x, input_data->len,
4240 label->x, label->len,
4241 output,
4242 output_size,
4243 &output_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02004244 ASSERT_COMPARE( expected_data->x, expected_data->len,
4245 output, output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004246
Gilles Peskine68428122018-06-30 18:42:41 +02004247 /* If the label is empty, the test framework puts a non-null pointer
4248 * in label->x. Test that a null pointer works as well. */
4249 if( label->len == 0 )
4250 {
4251 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02004252 if( output_size != 0 )
4253 memset( output, 0, output_size );
Ronald Cron5425a212020-08-04 14:58:35 +02004254 PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01004255 input_data->x, input_data->len,
4256 NULL, label->len,
4257 output,
4258 output_size,
4259 &output_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02004260 ASSERT_COMPARE( expected_data->x, expected_data->len,
4261 output, output_length );
Gilles Peskine68428122018-06-30 18:42:41 +02004262 }
4263
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004264exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004265 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02004266 psa_destroy_key( key );
itayzafrir3e02b3b2018-06-12 17:06:52 +03004267 mbedtls_free( output );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004268 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004269}
4270/* END_CASE */
4271
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004272/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +02004273void asymmetric_decrypt_fail( int key_type_arg,
4274 data_t *key_data,
4275 int alg_arg,
4276 data_t *input_data,
4277 data_t *label,
Jaeden Amerof8daab72019-02-06 12:57:46 +00004278 int output_size_arg,
Gilles Peskine2d277862018-06-18 15:41:12 +02004279 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004280{
Ronald Cron5425a212020-08-04 14:58:35 +02004281 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004282 psa_key_type_t key_type = key_type_arg;
4283 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004284 unsigned char *output = NULL;
Jaeden Amerof8daab72019-02-06 12:57:46 +00004285 size_t output_size = output_size_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004286 size_t output_length = ~0;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004287 psa_status_t actual_status;
4288 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004289 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004290
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004291 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +02004292
Gilles Peskine8817f612018-12-18 00:18:46 +01004293 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004294
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004295 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
4296 psa_set_key_algorithm( &attributes, alg );
4297 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03004298
Gilles Peskine049c7532019-05-15 20:22:09 +02004299 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004300 &key ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004301
Ronald Cron5425a212020-08-04 14:58:35 +02004302 actual_status = psa_asymmetric_decrypt( key, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +02004303 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +02004304 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +02004305 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +02004306 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004307 TEST_EQUAL( actual_status, expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004308 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004309
Gilles Peskine68428122018-06-30 18:42:41 +02004310 /* If the label is empty, the test framework puts a non-null pointer
4311 * in label->x. Test that a null pointer works as well. */
4312 if( label->len == 0 )
4313 {
4314 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02004315 if( output_size != 0 )
4316 memset( output, 0, output_size );
Ronald Cron5425a212020-08-04 14:58:35 +02004317 actual_status = psa_asymmetric_decrypt( key, alg,
Gilles Peskine68428122018-06-30 18:42:41 +02004318 input_data->x, input_data->len,
4319 NULL, label->len,
4320 output, output_size,
4321 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004322 TEST_EQUAL( actual_status, expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004323 TEST_ASSERT( output_length <= output_size );
Gilles Peskine68428122018-06-30 18:42:41 +02004324 }
4325
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004326exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004327 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02004328 psa_destroy_key( key );
Gilles Peskine2d277862018-06-18 15:41:12 +02004329 mbedtls_free( output );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004330 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004331}
Gilles Peskine5b051bc2018-05-31 13:25:48 +02004332/* END_CASE */
Gilles Peskine05d69892018-06-19 22:00:52 +02004333
4334/* BEGIN_CASE */
Gilles Peskinecbe66502019-05-16 16:59:18 +02004335void key_derivation_init( )
Jaeden Amerod94d6712019-01-04 14:11:48 +00004336{
4337 /* Test each valid way of initializing the object, except for `= {0}`, as
4338 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
4339 * though it's OK by the C standard. We could test for this, but we'd need
4340 * to supress the Clang warning for the test. */
Jaeden Amero5229bbb2019-02-07 16:33:37 +00004341 size_t capacity;
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004342 psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
4343 psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
4344 psa_key_derivation_operation_t zero;
Jaeden Amerod94d6712019-01-04 14:11:48 +00004345
4346 memset( &zero, 0, sizeof( zero ) );
4347
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004348 /* A default operation should not be able to report its capacity. */
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004349 TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ),
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004350 PSA_ERROR_BAD_STATE );
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004351 TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ),
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004352 PSA_ERROR_BAD_STATE );
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004353 TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ),
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004354 PSA_ERROR_BAD_STATE );
Jaeden Amero5229bbb2019-02-07 16:33:37 +00004355
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004356 /* A default operation should be abortable without error. */
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004357 PSA_ASSERT( psa_key_derivation_abort(&func) );
4358 PSA_ASSERT( psa_key_derivation_abort(&init) );
4359 PSA_ASSERT( psa_key_derivation_abort(&zero) );
Jaeden Amerod94d6712019-01-04 14:11:48 +00004360}
4361/* END_CASE */
4362
Janos Follath16de4a42019-06-13 16:32:24 +01004363/* BEGIN_CASE */
4364void derive_setup( int alg_arg, int expected_status_arg )
Gilles Peskineea0fb492018-07-12 17:17:20 +02004365{
Gilles Peskineea0fb492018-07-12 17:17:20 +02004366 psa_algorithm_t alg = alg_arg;
Gilles Peskineea0fb492018-07-12 17:17:20 +02004367 psa_status_t expected_status = expected_status_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004368 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineea0fb492018-07-12 17:17:20 +02004369
Gilles Peskine8817f612018-12-18 00:18:46 +01004370 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskineea0fb492018-07-12 17:17:20 +02004371
Janos Follath16de4a42019-06-13 16:32:24 +01004372 TEST_EQUAL( psa_key_derivation_setup( &operation, alg ),
Gilles Peskinef812dcf2018-12-18 00:33:25 +01004373 expected_status );
Gilles Peskineea0fb492018-07-12 17:17:20 +02004374
4375exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004376 psa_key_derivation_abort( &operation );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004377 PSA_DONE( );
Gilles Peskineea0fb492018-07-12 17:17:20 +02004378}
4379/* END_CASE */
4380
Janos Follathaf3c2a02019-06-12 12:34:34 +01004381/* BEGIN_CASE */
Janos Follatha27c9272019-06-14 09:59:36 +01004382void derive_set_capacity( int alg_arg, int capacity_arg,
4383 int expected_status_arg )
4384{
4385 psa_algorithm_t alg = alg_arg;
4386 size_t capacity = capacity_arg;
4387 psa_status_t expected_status = expected_status_arg;
4388 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
4389
4390 PSA_ASSERT( psa_crypto_init( ) );
4391
4392 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
4393
4394 TEST_EQUAL( psa_key_derivation_set_capacity( &operation, capacity ),
4395 expected_status );
4396
4397exit:
4398 psa_key_derivation_abort( &operation );
4399 PSA_DONE( );
4400}
4401/* END_CASE */
4402
4403/* BEGIN_CASE */
Janos Follathaf3c2a02019-06-12 12:34:34 +01004404void derive_input( int alg_arg,
Gilles Peskine6842ba42019-09-23 13:49:33 +02004405 int step_arg1, int key_type_arg1, data_t *input1,
Janos Follathaf3c2a02019-06-12 12:34:34 +01004406 int expected_status_arg1,
Gilles Peskine2058c072019-09-24 17:19:33 +02004407 int step_arg2, int key_type_arg2, data_t *input2,
Janos Follathaf3c2a02019-06-12 12:34:34 +01004408 int expected_status_arg2,
Gilles Peskine2058c072019-09-24 17:19:33 +02004409 int step_arg3, int key_type_arg3, data_t *input3,
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004410 int expected_status_arg3,
4411 int output_key_type_arg, int expected_output_status_arg )
Janos Follathaf3c2a02019-06-12 12:34:34 +01004412{
4413 psa_algorithm_t alg = alg_arg;
Gilles Peskine6842ba42019-09-23 13:49:33 +02004414 psa_key_derivation_step_t steps[] = {step_arg1, step_arg2, step_arg3};
4415 psa_key_type_t key_types[] = {key_type_arg1, key_type_arg2, key_type_arg3};
Janos Follathaf3c2a02019-06-12 12:34:34 +01004416 psa_status_t expected_statuses[] = {expected_status_arg1,
4417 expected_status_arg2,
4418 expected_status_arg3};
4419 data_t *inputs[] = {input1, input2, input3};
Ronald Cron5425a212020-08-04 14:58:35 +02004420 mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
4421 MBEDTLS_SVC_KEY_ID_INIT,
4422 MBEDTLS_SVC_KEY_ID_INIT };
Janos Follathaf3c2a02019-06-12 12:34:34 +01004423 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
4424 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
4425 size_t i;
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004426 psa_key_type_t output_key_type = output_key_type_arg;
Ronald Cron5425a212020-08-04 14:58:35 +02004427 mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004428 psa_status_t expected_output_status = expected_output_status_arg;
4429 psa_status_t actual_output_status;
Janos Follathaf3c2a02019-06-12 12:34:34 +01004430
4431 PSA_ASSERT( psa_crypto_init( ) );
4432
4433 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4434 psa_set_key_algorithm( &attributes, alg );
Janos Follathaf3c2a02019-06-12 12:34:34 +01004435
4436 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
4437
4438 for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
4439 {
Gilles Peskinef6279312021-05-27 13:21:20 +02004440 mbedtls_test_set_step( i );
4441 if( steps[i] == 0 )
4442 {
4443 /* Skip this step */
4444 }
4445 else if( key_types[i] != PSA_KEY_TYPE_NONE )
Janos Follathaf3c2a02019-06-12 12:34:34 +01004446 {
Gilles Peskine6842ba42019-09-23 13:49:33 +02004447 psa_set_key_type( &attributes, key_types[i] );
4448 PSA_ASSERT( psa_import_key( &attributes,
4449 inputs[i]->x, inputs[i]->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004450 &keys[i] ) );
Steven Cooreman0ee0d522020-10-05 16:03:42 +02004451 if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) &&
4452 steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET )
4453 {
4454 // When taking a private key as secret input, use key agreement
4455 // to add the shared secret to the derivation
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004456 TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self(
4457 &operation, keys[i] ),
Steven Cooreman0ee0d522020-10-05 16:03:42 +02004458 expected_statuses[i] );
4459 }
4460 else
4461 {
4462 TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
Ronald Cron5425a212020-08-04 14:58:35 +02004463 keys[i] ),
Steven Cooreman0ee0d522020-10-05 16:03:42 +02004464 expected_statuses[i] );
4465 }
Gilles Peskine6842ba42019-09-23 13:49:33 +02004466 }
4467 else
4468 {
4469 TEST_EQUAL( psa_key_derivation_input_bytes(
4470 &operation, steps[i],
4471 inputs[i]->x, inputs[i]->len ),
4472 expected_statuses[i] );
Janos Follathaf3c2a02019-06-12 12:34:34 +01004473 }
4474 }
4475
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004476 if( output_key_type != PSA_KEY_TYPE_NONE )
4477 {
4478 psa_reset_key_attributes( &attributes );
Dave Rodgmandc4e4b72021-11-16 12:12:49 +00004479 psa_set_key_type( &attributes, output_key_type );
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004480 psa_set_key_bits( &attributes, 8 );
4481 actual_output_status =
4482 psa_key_derivation_output_key( &attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004483 &output_key );
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004484 }
4485 else
4486 {
4487 uint8_t buffer[1];
4488 actual_output_status =
4489 psa_key_derivation_output_bytes( &operation,
4490 buffer, sizeof( buffer ) );
4491 }
4492 TEST_EQUAL( actual_output_status, expected_output_status );
4493
Janos Follathaf3c2a02019-06-12 12:34:34 +01004494exit:
4495 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004496 for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
4497 psa_destroy_key( keys[i] );
4498 psa_destroy_key( output_key );
Janos Follathaf3c2a02019-06-12 12:34:34 +01004499 PSA_DONE( );
4500}
4501/* END_CASE */
4502
Janos Follathd958bb72019-07-03 15:02:16 +01004503/* BEGIN_CASE */
Gilles Peskine0faba4e2021-05-27 11:55:02 +02004504void derive_over_capacity( int alg_arg )
Nir Sonnenscheine5204c92018-10-22 17:24:55 +03004505{
Janos Follathd958bb72019-07-03 15:02:16 +01004506 psa_algorithm_t alg = alg_arg;
Ronald Cron5425a212020-08-04 14:58:35 +02004507 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein4eda37b2018-10-31 12:15:58 +02004508 size_t key_type = PSA_KEY_TYPE_DERIVE;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004509 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Janos Follathd958bb72019-07-03 15:02:16 +01004510 unsigned char input1[] = "Input 1";
4511 size_t input1_length = sizeof( input1 );
4512 unsigned char input2[] = "Input 2";
4513 size_t input2_length = sizeof( input2 );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004514 uint8_t buffer[42];
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +02004515 size_t capacity = sizeof( buffer );
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +02004516 const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4517 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4518 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004519 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenscheine5204c92018-10-22 17:24:55 +03004520
Gilles Peskine8817f612018-12-18 00:18:46 +01004521 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004522
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004523 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4524 psa_set_key_algorithm( &attributes, alg );
4525 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004526
Gilles Peskine73676cb2019-05-15 20:15:10 +02004527 PSA_ASSERT( psa_import_key( &attributes,
4528 key_data, sizeof( key_data ),
Ronald Cron5425a212020-08-04 14:58:35 +02004529 &key ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004530
4531 /* valid key derivation */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004532 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
4533 input1, input1_length,
4534 input2, input2_length,
4535 capacity ) )
Janos Follathd958bb72019-07-03 15:02:16 +01004536 goto exit;
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004537
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004538 /* state of operation shouldn't allow additional generation */
Janos Follathd958bb72019-07-03 15:02:16 +01004539 TEST_EQUAL( psa_key_derivation_setup( &operation, alg ),
Gilles Peskinef812dcf2018-12-18 00:33:25 +01004540 PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004541
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004542 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004543
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004544 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ),
David Saadab4ecc272019-02-14 13:48:10 +02004545 PSA_ERROR_INSUFFICIENT_DATA );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004546
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004547exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004548 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004549 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004550 PSA_DONE( );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004551}
4552/* END_CASE */
4553
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004554/* BEGIN_CASE */
Gilles Peskine0faba4e2021-05-27 11:55:02 +02004555void derive_actions_without_setup( )
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004556{
4557 uint8_t output_buffer[16];
4558 size_t buffer_size = 16;
4559 size_t capacity = 0;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004560 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004561
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004562 TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
4563 output_buffer, buffer_size )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004564 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004565
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004566 TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004567 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004568
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004569 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004570
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004571 TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
4572 output_buffer, buffer_size )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004573 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004574
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004575 TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004576 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004577
4578exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004579 psa_key_derivation_abort( &operation );
Nir Sonnenscheine5204c92018-10-22 17:24:55 +03004580}
4581/* END_CASE */
4582
4583/* BEGIN_CASE */
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004584void derive_output( int alg_arg,
Gilles Peskine1468da72019-05-29 17:35:49 +02004585 int step1_arg, data_t *input1,
4586 int step2_arg, data_t *input2,
4587 int step3_arg, data_t *input3,
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004588 int requested_capacity_arg,
4589 data_t *expected_output1,
4590 data_t *expected_output2 )
4591{
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004592 psa_algorithm_t alg = alg_arg;
Gilles Peskine1468da72019-05-29 17:35:49 +02004593 psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg};
4594 data_t *inputs[] = {input1, input2, input3};
Ronald Cron5425a212020-08-04 14:58:35 +02004595 mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
4596 MBEDTLS_SVC_KEY_ID_INIT,
4597 MBEDTLS_SVC_KEY_ID_INIT };
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004598 size_t requested_capacity = requested_capacity_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004599 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004600 uint8_t *expected_outputs[2] =
4601 {expected_output1->x, expected_output2->x};
4602 size_t output_sizes[2] =
4603 {expected_output1->len, expected_output2->len};
4604 size_t output_buffer_size = 0;
4605 uint8_t *output_buffer = NULL;
4606 size_t expected_capacity;
4607 size_t current_capacity;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004608 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004609 psa_status_t status;
Gilles Peskine1468da72019-05-29 17:35:49 +02004610 size_t i;
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004611
4612 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
4613 {
4614 if( output_sizes[i] > output_buffer_size )
4615 output_buffer_size = output_sizes[i];
4616 if( output_sizes[i] == 0 )
4617 expected_outputs[i] = NULL;
4618 }
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004619 ASSERT_ALLOC( output_buffer, output_buffer_size );
Gilles Peskine8817f612018-12-18 00:18:46 +01004620 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004621
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004622 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4623 psa_set_key_algorithm( &attributes, alg );
4624 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004625
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004626 /* Extraction phase. */
Gilles Peskine1468da72019-05-29 17:35:49 +02004627 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
4628 PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
4629 requested_capacity ) );
4630 for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
Gilles Peskineb70a0fd2019-01-07 22:59:38 +01004631 {
Gilles Peskine1468da72019-05-29 17:35:49 +02004632 switch( steps[i] )
4633 {
4634 case 0:
4635 break;
4636 case PSA_KEY_DERIVATION_INPUT_SECRET:
4637 PSA_ASSERT( psa_import_key( &attributes,
4638 inputs[i]->x, inputs[i]->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004639 &keys[i] ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01004640
4641 if ( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
4642 {
4643 PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes ) );
4644 TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes ) ) <=
4645 PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE );
4646 }
4647
Gilles Peskine1468da72019-05-29 17:35:49 +02004648 PSA_ASSERT( psa_key_derivation_input_key(
Ronald Cron5425a212020-08-04 14:58:35 +02004649 &operation, steps[i], keys[i] ) );
Gilles Peskine1468da72019-05-29 17:35:49 +02004650 break;
4651 default:
4652 PSA_ASSERT( psa_key_derivation_input_bytes(
4653 &operation, steps[i],
4654 inputs[i]->x, inputs[i]->len ) );
4655 break;
4656 }
Gilles Peskineb70a0fd2019-01-07 22:59:38 +01004657 }
Gilles Peskine1468da72019-05-29 17:35:49 +02004658
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004659 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004660 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004661 TEST_EQUAL( current_capacity, requested_capacity );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004662 expected_capacity = requested_capacity;
4663
4664 /* Expansion phase. */
4665 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
4666 {
4667 /* Read some bytes. */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004668 status = psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004669 output_buffer, output_sizes[i] );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004670 if( expected_capacity == 0 && output_sizes[i] == 0 )
4671 {
4672 /* Reading 0 bytes when 0 bytes are available can go either way. */
4673 TEST_ASSERT( status == PSA_SUCCESS ||
David Saadab4ecc272019-02-14 13:48:10 +02004674 status == PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004675 continue;
4676 }
4677 else if( expected_capacity == 0 ||
4678 output_sizes[i] > expected_capacity )
4679 {
4680 /* Capacity exceeded. */
David Saadab4ecc272019-02-14 13:48:10 +02004681 TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004682 expected_capacity = 0;
4683 continue;
4684 }
4685 /* Success. Check the read data. */
Gilles Peskine8817f612018-12-18 00:18:46 +01004686 PSA_ASSERT( status );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004687 if( output_sizes[i] != 0 )
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01004688 ASSERT_COMPARE( output_buffer, output_sizes[i],
4689 expected_outputs[i], output_sizes[i] );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004690 /* Check the operation status. */
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004691 expected_capacity -= output_sizes[i];
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004692 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004693 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004694 TEST_EQUAL( expected_capacity, current_capacity );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004695 }
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004696 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004697
4698exit:
4699 mbedtls_free( output_buffer );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004700 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004701 for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
4702 psa_destroy_key( keys[i] );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004703 PSA_DONE( );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004704}
4705/* END_CASE */
4706
4707/* BEGIN_CASE */
Gilles Peskined54931c2018-07-17 21:06:59 +02004708void derive_full( int alg_arg,
4709 data_t *key_data,
Janos Follath47f27ed2019-06-25 13:24:52 +01004710 data_t *input1,
4711 data_t *input2,
Gilles Peskined54931c2018-07-17 21:06:59 +02004712 int requested_capacity_arg )
4713{
Ronald Cron5425a212020-08-04 14:58:35 +02004714 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskined54931c2018-07-17 21:06:59 +02004715 psa_algorithm_t alg = alg_arg;
4716 size_t requested_capacity = requested_capacity_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004717 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskined54931c2018-07-17 21:06:59 +02004718 unsigned char output_buffer[16];
4719 size_t expected_capacity = requested_capacity;
4720 size_t current_capacity;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004721 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskined54931c2018-07-17 21:06:59 +02004722
Gilles Peskine8817f612018-12-18 00:18:46 +01004723 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004724
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004725 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4726 psa_set_key_algorithm( &attributes, alg );
4727 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskined54931c2018-07-17 21:06:59 +02004728
Gilles Peskine049c7532019-05-15 20:22:09 +02004729 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004730 &key ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004731
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004732 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
4733 input1->x, input1->len,
4734 input2->x, input2->len,
4735 requested_capacity ) )
Janos Follathf2815ea2019-07-03 12:41:36 +01004736 goto exit;
Janos Follath47f27ed2019-06-25 13:24:52 +01004737
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004738 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004739 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004740 TEST_EQUAL( current_capacity, expected_capacity );
Gilles Peskined54931c2018-07-17 21:06:59 +02004741
4742 /* Expansion phase. */
4743 while( current_capacity > 0 )
4744 {
4745 size_t read_size = sizeof( output_buffer );
4746 if( read_size > current_capacity )
4747 read_size = current_capacity;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004748 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004749 output_buffer,
4750 read_size ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004751 expected_capacity -= read_size;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004752 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004753 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004754 TEST_EQUAL( current_capacity, expected_capacity );
Gilles Peskined54931c2018-07-17 21:06:59 +02004755 }
4756
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004757 /* Check that the operation refuses to go over capacity. */
4758 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ),
David Saadab4ecc272019-02-14 13:48:10 +02004759 PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskined54931c2018-07-17 21:06:59 +02004760
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004761 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004762
4763exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004764 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004765 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004766 PSA_DONE( );
Gilles Peskined54931c2018-07-17 21:06:59 +02004767}
4768/* END_CASE */
4769
Janos Follathe60c9052019-07-03 13:51:30 +01004770/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +02004771void derive_key_exercise( int alg_arg,
4772 data_t *key_data,
Janos Follathe60c9052019-07-03 13:51:30 +01004773 data_t *input1,
4774 data_t *input2,
Gilles Peskine0386fba2018-07-12 17:29:22 +02004775 int derived_type_arg,
4776 int derived_bits_arg,
4777 int derived_usage_arg,
4778 int derived_alg_arg )
4779{
Ronald Cron5425a212020-08-04 14:58:35 +02004780 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
4781 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004782 psa_algorithm_t alg = alg_arg;
4783 psa_key_type_t derived_type = derived_type_arg;
4784 size_t derived_bits = derived_bits_arg;
4785 psa_key_usage_t derived_usage = derived_usage_arg;
4786 psa_algorithm_t derived_alg = derived_alg_arg;
4787 size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004788 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004789 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004790 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004791
Gilles Peskine8817f612018-12-18 00:18:46 +01004792 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004793
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004794 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4795 psa_set_key_algorithm( &attributes, alg );
4796 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine049c7532019-05-15 20:22:09 +02004797 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004798 &base_key ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004799
4800 /* Derive a key. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004801 if ( mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4802 input1->x, input1->len,
4803 input2->x, input2->len,
4804 capacity ) )
Janos Follathe60c9052019-07-03 13:51:30 +01004805 goto exit;
4806
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004807 psa_set_key_usage_flags( &attributes, derived_usage );
4808 psa_set_key_algorithm( &attributes, derived_alg );
4809 psa_set_key_type( &attributes, derived_type );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02004810 psa_set_key_bits( &attributes, derived_bits );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004811 PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004812 &derived_key ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004813
4814 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +02004815 PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004816 TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type );
4817 TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004818
4819 /* Exercise the derived key. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004820 if( ! mbedtls_test_psa_exercise_key( derived_key, derived_usage, derived_alg ) )
Gilles Peskine0386fba2018-07-12 17:29:22 +02004821 goto exit;
4822
4823exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004824 /*
4825 * Key attributes may have been returned by psa_get_key_attributes()
4826 * thus reset them as required.
4827 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004828 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004829
4830 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004831 psa_destroy_key( base_key );
4832 psa_destroy_key( derived_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004833 PSA_DONE( );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004834}
4835/* END_CASE */
4836
Janos Follath42fd8882019-07-03 14:17:09 +01004837/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +02004838void derive_key_export( int alg_arg,
4839 data_t *key_data,
Janos Follath42fd8882019-07-03 14:17:09 +01004840 data_t *input1,
4841 data_t *input2,
Gilles Peskine0386fba2018-07-12 17:29:22 +02004842 int bytes1_arg,
4843 int bytes2_arg )
4844{
Ronald Cron5425a212020-08-04 14:58:35 +02004845 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
4846 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004847 psa_algorithm_t alg = alg_arg;
4848 size_t bytes1 = bytes1_arg;
4849 size_t bytes2 = bytes2_arg;
4850 size_t capacity = bytes1 + bytes2;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004851 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004852 uint8_t *output_buffer = NULL;
4853 uint8_t *export_buffer = NULL;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004854 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
4855 psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004856 size_t length;
4857
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004858 ASSERT_ALLOC( output_buffer, capacity );
4859 ASSERT_ALLOC( export_buffer, capacity );
Gilles Peskine8817f612018-12-18 00:18:46 +01004860 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004861
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004862 psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
4863 psa_set_key_algorithm( &base_attributes, alg );
4864 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine049c7532019-05-15 20:22:09 +02004865 PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004866 &base_key ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004867
4868 /* Derive some material and output it. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004869 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4870 input1->x, input1->len,
4871 input2->x, input2->len,
4872 capacity ) )
Janos Follath42fd8882019-07-03 14:17:09 +01004873 goto exit;
4874
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004875 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004876 output_buffer,
4877 capacity ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004878 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004879
4880 /* Derive the same output again, but this time store it in key objects. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004881 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4882 input1->x, input1->len,
4883 input2->x, input2->len,
4884 capacity ) )
Janos Follath42fd8882019-07-03 14:17:09 +01004885 goto exit;
4886
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004887 psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
4888 psa_set_key_algorithm( &derived_attributes, 0 );
4889 psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02004890 psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004891 PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004892 &derived_key ) );
4893 PSA_ASSERT( psa_export_key( derived_key,
Gilles Peskine8817f612018-12-18 00:18:46 +01004894 export_buffer, bytes1,
4895 &length ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004896 TEST_EQUAL( length, bytes1 );
Ronald Cron5425a212020-08-04 14:58:35 +02004897 PSA_ASSERT( psa_destroy_key( derived_key ) );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02004898 psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004899 PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004900 &derived_key ) );
4901 PSA_ASSERT( psa_export_key( derived_key,
Gilles Peskine8817f612018-12-18 00:18:46 +01004902 export_buffer + bytes1, bytes2,
4903 &length ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004904 TEST_EQUAL( length, bytes2 );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004905
4906 /* Compare the outputs from the two runs. */
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01004907 ASSERT_COMPARE( output_buffer, bytes1 + bytes2,
4908 export_buffer, capacity );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004909
4910exit:
4911 mbedtls_free( output_buffer );
4912 mbedtls_free( export_buffer );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004913 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004914 psa_destroy_key( base_key );
4915 psa_destroy_key( derived_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004916 PSA_DONE( );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004917}
4918/* END_CASE */
4919
4920/* BEGIN_CASE */
Gilles Peskine7c227ae2019-07-31 15:14:44 +02004921void derive_key( int alg_arg,
4922 data_t *key_data, data_t *input1, data_t *input2,
4923 int type_arg, int bits_arg,
Steven Cooreman83fdb702021-01-21 14:24:39 +01004924 int expected_status_arg,
4925 int is_large_output )
Gilles Peskinec744d992019-07-30 17:26:54 +02004926{
Ronald Cron5425a212020-08-04 14:58:35 +02004927 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
4928 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinec744d992019-07-30 17:26:54 +02004929 psa_algorithm_t alg = alg_arg;
Gilles Peskine7c227ae2019-07-31 15:14:44 +02004930 psa_key_type_t type = type_arg;
Gilles Peskinec744d992019-07-30 17:26:54 +02004931 size_t bits = bits_arg;
4932 psa_status_t expected_status = expected_status_arg;
4933 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
4934 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
4935 psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
4936
4937 PSA_ASSERT( psa_crypto_init( ) );
4938
4939 psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
4940 psa_set_key_algorithm( &base_attributes, alg );
4941 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
4942 PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004943 &base_key ) );
Gilles Peskinec744d992019-07-30 17:26:54 +02004944
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004945 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4946 input1->x, input1->len,
4947 input2->x, input2->len,
4948 SIZE_MAX ) )
Gilles Peskinec744d992019-07-30 17:26:54 +02004949 goto exit;
4950
4951 psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
4952 psa_set_key_algorithm( &derived_attributes, 0 );
Gilles Peskine7c227ae2019-07-31 15:14:44 +02004953 psa_set_key_type( &derived_attributes, type );
Gilles Peskinec744d992019-07-30 17:26:54 +02004954 psa_set_key_bits( &derived_attributes, bits );
Steven Cooreman83fdb702021-01-21 14:24:39 +01004955
4956 psa_status_t status =
4957 psa_key_derivation_output_key( &derived_attributes,
4958 &operation,
4959 &derived_key );
4960 if( is_large_output > 0 )
4961 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
4962 TEST_EQUAL( status, expected_status );
Gilles Peskinec744d992019-07-30 17:26:54 +02004963
4964exit:
4965 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004966 psa_destroy_key( base_key );
4967 psa_destroy_key( derived_key );
Gilles Peskinec744d992019-07-30 17:26:54 +02004968 PSA_DONE( );
4969}
4970/* END_CASE */
4971
4972/* BEGIN_CASE */
Gilles Peskine01d718c2018-09-18 12:01:02 +02004973void key_agreement_setup( int alg_arg,
Steven Cooremance48e852020-10-05 16:02:45 +02004974 int our_key_type_arg, int our_key_alg_arg,
4975 data_t *our_key_data, data_t *peer_key_data,
Gilles Peskine01d718c2018-09-18 12:01:02 +02004976 int expected_status_arg )
4977{
Ronald Cron5425a212020-08-04 14:58:35 +02004978 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +02004979 psa_algorithm_t alg = alg_arg;
Steven Cooremanfa5e6312020-10-15 17:07:12 +02004980 psa_algorithm_t our_key_alg = our_key_alg_arg;
Gilles Peskine01d718c2018-09-18 12:01:02 +02004981 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004982 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004983 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine77f40d82019-04-11 21:27:06 +02004984 psa_status_t expected_status = expected_status_arg;
4985 psa_status_t status;
Gilles Peskine01d718c2018-09-18 12:01:02 +02004986
Gilles Peskine8817f612018-12-18 00:18:46 +01004987 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02004988
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004989 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
Steven Cooremanfa5e6312020-10-15 17:07:12 +02004990 psa_set_key_algorithm( &attributes, our_key_alg );
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004991 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02004992 PSA_ASSERT( psa_import_key( &attributes,
4993 our_key_data->x, our_key_data->len,
4994 &our_key ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02004995
Gilles Peskine77f40d82019-04-11 21:27:06 +02004996 /* The tests currently include inputs that should fail at either step.
4997 * Test cases that fail at the setup step should be changed to call
4998 * key_derivation_setup instead, and this function should be renamed
4999 * to key_agreement_fail. */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005000 status = psa_key_derivation_setup( &operation, alg );
Gilles Peskine77f40d82019-04-11 21:27:06 +02005001 if( status == PSA_SUCCESS )
5002 {
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005003 TEST_EQUAL( psa_key_derivation_key_agreement(
5004 &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
5005 our_key,
5006 peer_key_data->x, peer_key_data->len ),
Gilles Peskine77f40d82019-04-11 21:27:06 +02005007 expected_status );
5008 }
5009 else
5010 {
5011 TEST_ASSERT( status == expected_status );
5012 }
Gilles Peskine01d718c2018-09-18 12:01:02 +02005013
5014exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005015 psa_key_derivation_abort( &operation );
Gilles Peskine01d718c2018-09-18 12:01:02 +02005016 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005017 PSA_DONE( );
Gilles Peskine01d718c2018-09-18 12:01:02 +02005018}
5019/* END_CASE */
5020
5021/* BEGIN_CASE */
Gilles Peskinef0cba732019-04-11 22:12:38 +02005022void raw_key_agreement( int alg_arg,
5023 int our_key_type_arg, data_t *our_key_data,
5024 data_t *peer_key_data,
5025 data_t *expected_output )
5026{
Ronald Cron5425a212020-08-04 14:58:35 +02005027 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinef0cba732019-04-11 22:12:38 +02005028 psa_algorithm_t alg = alg_arg;
5029 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005030 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinef0cba732019-04-11 22:12:38 +02005031 unsigned char *output = NULL;
5032 size_t output_length = ~0;
gabor-mezei-armceface22021-01-21 12:26:17 +01005033 size_t key_bits;
Gilles Peskinef0cba732019-04-11 22:12:38 +02005034
5035 ASSERT_ALLOC( output, expected_output->len );
5036 PSA_ASSERT( psa_crypto_init( ) );
5037
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005038 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
5039 psa_set_key_algorithm( &attributes, alg );
5040 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02005041 PSA_ASSERT( psa_import_key( &attributes,
5042 our_key_data->x, our_key_data->len,
5043 &our_key ) );
Gilles Peskinef0cba732019-04-11 22:12:38 +02005044
gabor-mezei-armceface22021-01-21 12:26:17 +01005045 PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) );
5046 key_bits = psa_get_key_bits( &attributes );
5047
Gilles Peskinebe697d82019-05-16 18:00:41 +02005048 PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
5049 peer_key_data->x, peer_key_data->len,
5050 output, expected_output->len,
5051 &output_length ) );
Gilles Peskinef0cba732019-04-11 22:12:38 +02005052 ASSERT_COMPARE( output, output_length,
5053 expected_output->x, expected_output->len );
gabor-mezei-armceface22021-01-21 12:26:17 +01005054 TEST_ASSERT( output_length <=
5055 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) );
5056 TEST_ASSERT( output_length <=
5057 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
Gilles Peskinef0cba732019-04-11 22:12:38 +02005058
5059exit:
5060 mbedtls_free( output );
5061 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005062 PSA_DONE( );
Gilles Peskinef0cba732019-04-11 22:12:38 +02005063}
5064/* END_CASE */
5065
5066/* BEGIN_CASE */
Gilles Peskine59685592018-09-18 12:11:34 +02005067void key_agreement_capacity( int alg_arg,
5068 int our_key_type_arg, data_t *our_key_data,
5069 data_t *peer_key_data,
5070 int expected_capacity_arg )
5071{
Ronald Cron5425a212020-08-04 14:58:35 +02005072 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine59685592018-09-18 12:11:34 +02005073 psa_algorithm_t alg = alg_arg;
5074 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005075 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005076 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine59685592018-09-18 12:11:34 +02005077 size_t actual_capacity;
Gilles Peskinebf491972018-10-25 22:36:12 +02005078 unsigned char output[16];
Gilles Peskine59685592018-09-18 12:11:34 +02005079
Gilles Peskine8817f612018-12-18 00:18:46 +01005080 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine59685592018-09-18 12:11:34 +02005081
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005082 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
5083 psa_set_key_algorithm( &attributes, alg );
5084 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02005085 PSA_ASSERT( psa_import_key( &attributes,
5086 our_key_data->x, our_key_data->len,
5087 &our_key ) );
Gilles Peskine59685592018-09-18 12:11:34 +02005088
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005089 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005090 PSA_ASSERT( psa_key_derivation_key_agreement(
5091 &operation,
5092 PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
5093 peer_key_data->x, peer_key_data->len ) );
Gilles Peskinef8a9d942019-04-11 22:13:20 +02005094 if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
5095 {
5096 /* The test data is for info="" */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005097 PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
Gilles Peskine03410b52019-05-16 16:05:19 +02005098 PSA_KEY_DERIVATION_INPUT_INFO,
Gilles Peskinef8a9d942019-04-11 22:13:20 +02005099 NULL, 0 ) );
5100 }
Gilles Peskine59685592018-09-18 12:11:34 +02005101
Gilles Peskinebf491972018-10-25 22:36:12 +02005102 /* Test the advertized capacity. */
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02005103 PSA_ASSERT( psa_key_derivation_get_capacity(
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005104 &operation, &actual_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01005105 TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
Gilles Peskine59685592018-09-18 12:11:34 +02005106
Gilles Peskinebf491972018-10-25 22:36:12 +02005107 /* Test the actual capacity by reading the output. */
5108 while( actual_capacity > sizeof( output ) )
5109 {
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005110 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005111 output, sizeof( output ) ) );
Gilles Peskinebf491972018-10-25 22:36:12 +02005112 actual_capacity -= sizeof( output );
5113 }
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005114 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005115 output, actual_capacity ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005116 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ),
David Saadab4ecc272019-02-14 13:48:10 +02005117 PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskinebf491972018-10-25 22:36:12 +02005118
Gilles Peskine59685592018-09-18 12:11:34 +02005119exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005120 psa_key_derivation_abort( &operation );
Gilles Peskine59685592018-09-18 12:11:34 +02005121 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005122 PSA_DONE( );
Gilles Peskine59685592018-09-18 12:11:34 +02005123}
5124/* END_CASE */
5125
5126/* BEGIN_CASE */
5127void key_agreement_output( int alg_arg,
5128 int our_key_type_arg, data_t *our_key_data,
5129 data_t *peer_key_data,
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02005130 data_t *expected_output1, data_t *expected_output2 )
Gilles Peskine59685592018-09-18 12:11:34 +02005131{
Ronald Cron5425a212020-08-04 14:58:35 +02005132 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine59685592018-09-18 12:11:34 +02005133 psa_algorithm_t alg = alg_arg;
5134 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005135 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005136 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02005137 uint8_t *actual_output = NULL;
Gilles Peskine59685592018-09-18 12:11:34 +02005138
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02005139 ASSERT_ALLOC( actual_output, MAX( expected_output1->len,
5140 expected_output2->len ) );
Gilles Peskine59685592018-09-18 12:11:34 +02005141
Gilles Peskine8817f612018-12-18 00:18:46 +01005142 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine59685592018-09-18 12:11:34 +02005143
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005144 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
5145 psa_set_key_algorithm( &attributes, alg );
5146 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02005147 PSA_ASSERT( psa_import_key( &attributes,
5148 our_key_data->x, our_key_data->len,
5149 &our_key ) );
Gilles Peskine59685592018-09-18 12:11:34 +02005150
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005151 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005152 PSA_ASSERT( psa_key_derivation_key_agreement(
5153 &operation,
5154 PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
5155 peer_key_data->x, peer_key_data->len ) );
Gilles Peskinef8a9d942019-04-11 22:13:20 +02005156 if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
5157 {
5158 /* The test data is for info="" */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005159 PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
Gilles Peskine03410b52019-05-16 16:05:19 +02005160 PSA_KEY_DERIVATION_INPUT_INFO,
Gilles Peskinef8a9d942019-04-11 22:13:20 +02005161 NULL, 0 ) );
5162 }
Gilles Peskine59685592018-09-18 12:11:34 +02005163
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005164 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005165 actual_output,
5166 expected_output1->len ) );
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01005167 ASSERT_COMPARE( actual_output, expected_output1->len,
5168 expected_output1->x, expected_output1->len );
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02005169 if( expected_output2->len != 0 )
5170 {
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005171 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005172 actual_output,
5173 expected_output2->len ) );
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01005174 ASSERT_COMPARE( actual_output, expected_output2->len,
5175 expected_output2->x, expected_output2->len );
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02005176 }
Gilles Peskine59685592018-09-18 12:11:34 +02005177
5178exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005179 psa_key_derivation_abort( &operation );
Gilles Peskine59685592018-09-18 12:11:34 +02005180 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005181 PSA_DONE( );
Gilles Peskine59685592018-09-18 12:11:34 +02005182 mbedtls_free( actual_output );
5183}
5184/* END_CASE */
5185
5186/* BEGIN_CASE */
Gilles Peskinea50d7392018-06-21 10:22:13 +02005187void generate_random( int bytes_arg )
Gilles Peskine05d69892018-06-19 22:00:52 +02005188{
Gilles Peskinea50d7392018-06-21 10:22:13 +02005189 size_t bytes = bytes_arg;
Gilles Peskine8cebbba2018-09-27 13:54:18 +02005190 unsigned char *output = NULL;
5191 unsigned char *changed = NULL;
Gilles Peskinea50d7392018-06-21 10:22:13 +02005192 size_t i;
5193 unsigned run;
Gilles Peskine05d69892018-06-19 22:00:52 +02005194
Simon Butcher49f8e312020-03-03 15:51:50 +00005195 TEST_ASSERT( bytes_arg >= 0 );
5196
Gilles Peskine91892022021-02-08 19:50:26 +01005197 ASSERT_ALLOC( output, bytes );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02005198 ASSERT_ALLOC( changed, bytes );
Gilles Peskine05d69892018-06-19 22:00:52 +02005199
Gilles Peskine8817f612018-12-18 00:18:46 +01005200 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine05d69892018-06-19 22:00:52 +02005201
Gilles Peskinea50d7392018-06-21 10:22:13 +02005202 /* Run several times, to ensure that every output byte will be
5203 * nonzero at least once with overwhelming probability
5204 * (2^(-8*number_of_runs)). */
5205 for( run = 0; run < 10; run++ )
Gilles Peskine05d69892018-06-19 22:00:52 +02005206 {
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02005207 if( bytes != 0 )
5208 memset( output, 0, bytes );
Gilles Peskine8817f612018-12-18 00:18:46 +01005209 PSA_ASSERT( psa_generate_random( output, bytes ) );
Gilles Peskinea50d7392018-06-21 10:22:13 +02005210
Gilles Peskinea50d7392018-06-21 10:22:13 +02005211 for( i = 0; i < bytes; i++ )
5212 {
5213 if( output[i] != 0 )
5214 ++changed[i];
5215 }
Gilles Peskine05d69892018-06-19 22:00:52 +02005216 }
Gilles Peskinea50d7392018-06-21 10:22:13 +02005217
5218 /* Check that every byte was changed to nonzero at least once. This
5219 * validates that psa_generate_random is overwriting every byte of
5220 * the output buffer. */
5221 for( i = 0; i < bytes; i++ )
5222 {
5223 TEST_ASSERT( changed[i] != 0 );
5224 }
Gilles Peskine05d69892018-06-19 22:00:52 +02005225
5226exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005227 PSA_DONE( );
Gilles Peskinea50d7392018-06-21 10:22:13 +02005228 mbedtls_free( output );
5229 mbedtls_free( changed );
Gilles Peskine05d69892018-06-19 22:00:52 +02005230}
5231/* END_CASE */
Gilles Peskine12313cd2018-06-20 00:20:32 +02005232
5233/* BEGIN_CASE */
5234void generate_key( int type_arg,
5235 int bits_arg,
5236 int usage_arg,
5237 int alg_arg,
Steven Cooreman83fdb702021-01-21 14:24:39 +01005238 int expected_status_arg,
5239 int is_large_key )
Gilles Peskine12313cd2018-06-20 00:20:32 +02005240{
Ronald Cron5425a212020-08-04 14:58:35 +02005241 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine12313cd2018-06-20 00:20:32 +02005242 psa_key_type_t type = type_arg;
5243 psa_key_usage_t usage = usage_arg;
5244 size_t bits = bits_arg;
5245 psa_algorithm_t alg = alg_arg;
5246 psa_status_t expected_status = expected_status_arg;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005247 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02005248 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine12313cd2018-06-20 00:20:32 +02005249
Gilles Peskine8817f612018-12-18 00:18:46 +01005250 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine12313cd2018-06-20 00:20:32 +02005251
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005252 psa_set_key_usage_flags( &attributes, usage );
5253 psa_set_key_algorithm( &attributes, alg );
5254 psa_set_key_type( &attributes, type );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02005255 psa_set_key_bits( &attributes, bits );
Gilles Peskine12313cd2018-06-20 00:20:32 +02005256
5257 /* Generate a key */
Steven Cooreman83fdb702021-01-21 14:24:39 +01005258 psa_status_t status = psa_generate_key( &attributes, &key );
5259
5260 if( is_large_key > 0 )
5261 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
5262 TEST_EQUAL( status , expected_status );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005263 if( expected_status != PSA_SUCCESS )
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005264 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +02005265
5266 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +02005267 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02005268 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
5269 TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
Gilles Peskine12313cd2018-06-20 00:20:32 +02005270
Gilles Peskine818ca122018-06-20 18:16:48 +02005271 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01005272 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskine02b75072018-07-01 22:31:34 +02005273 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +02005274
5275exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005276 /*
5277 * Key attributes may have been returned by psa_get_key_attributes()
5278 * thus reset them as required.
5279 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02005280 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005281
Ronald Cron5425a212020-08-04 14:58:35 +02005282 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005283 PSA_DONE( );
Gilles Peskine12313cd2018-06-20 00:20:32 +02005284}
5285/* END_CASE */
itayzafrir0adf0fc2018-09-06 16:24:41 +03005286
Ronald Cronee414c72021-03-18 18:50:08 +01005287/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_GENPRIME */
Gilles Peskinee56e8782019-04-26 17:34:02 +02005288void generate_key_rsa( int bits_arg,
5289 data_t *e_arg,
5290 int expected_status_arg )
5291{
Ronald Cron5425a212020-08-04 14:58:35 +02005292 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinec93b80c2019-05-16 19:39:54 +02005293 psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
Gilles Peskinee56e8782019-04-26 17:34:02 +02005294 size_t bits = bits_arg;
5295 psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
5296 psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
5297 psa_status_t expected_status = expected_status_arg;
5298 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
5299 uint8_t *exported = NULL;
5300 size_t exported_size =
gabor-mezei-armcbcec212020-12-18 14:23:51 +01005301 PSA_EXPORT_KEY_OUTPUT_SIZE( PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005302 size_t exported_length = SIZE_MAX;
5303 uint8_t *e_read_buffer = NULL;
5304 int is_default_public_exponent = 0;
Gilles Peskineaa02c172019-04-28 11:44:17 +02005305 size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE( type, bits );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005306 size_t e_read_length = SIZE_MAX;
5307
5308 if( e_arg->len == 0 ||
5309 ( e_arg->len == 3 &&
5310 e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1 ) )
5311 {
5312 is_default_public_exponent = 1;
5313 e_read_size = 0;
5314 }
5315 ASSERT_ALLOC( e_read_buffer, e_read_size );
5316 ASSERT_ALLOC( exported, exported_size );
5317
5318 PSA_ASSERT( psa_crypto_init( ) );
5319
5320 psa_set_key_usage_flags( &attributes, usage );
5321 psa_set_key_algorithm( &attributes, alg );
5322 PSA_ASSERT( psa_set_key_domain_parameters( &attributes, type,
5323 e_arg->x, e_arg->len ) );
5324 psa_set_key_bits( &attributes, bits );
5325
5326 /* Generate a key */
Ronald Cron5425a212020-08-04 14:58:35 +02005327 TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005328 if( expected_status != PSA_SUCCESS )
5329 goto exit;
5330
5331 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +02005332 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005333 TEST_EQUAL( psa_get_key_type( &attributes ), type );
5334 TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
5335 PSA_ASSERT( psa_get_key_domain_parameters( &attributes,
5336 e_read_buffer, e_read_size,
5337 &e_read_length ) );
5338 if( is_default_public_exponent )
5339 TEST_EQUAL( e_read_length, 0 );
5340 else
5341 ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len );
5342
5343 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01005344 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskinee56e8782019-04-26 17:34:02 +02005345 goto exit;
5346
5347 /* Export the key and check the public exponent. */
Ronald Cron5425a212020-08-04 14:58:35 +02005348 PSA_ASSERT( psa_export_public_key( key,
Gilles Peskinee56e8782019-04-26 17:34:02 +02005349 exported, exported_size,
5350 &exported_length ) );
5351 {
5352 uint8_t *p = exported;
5353 uint8_t *end = exported + exported_length;
5354 size_t len;
5355 /* RSAPublicKey ::= SEQUENCE {
5356 * modulus INTEGER, -- n
5357 * publicExponent INTEGER } -- e
5358 */
5359 TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005360 MBEDTLS_ASN1_SEQUENCE |
5361 MBEDTLS_ASN1_CONSTRUCTED ) );
Gilles Peskine8e94efe2021-02-13 00:25:53 +01005362 TEST_ASSERT( mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005363 TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
5364 MBEDTLS_ASN1_INTEGER ) );
5365 if( len >= 1 && p[0] == 0 )
5366 {
5367 ++p;
5368 --len;
5369 }
5370 if( e_arg->len == 0 )
5371 {
5372 TEST_EQUAL( len, 3 );
5373 TEST_EQUAL( p[0], 1 );
5374 TEST_EQUAL( p[1], 0 );
5375 TEST_EQUAL( p[2], 1 );
5376 }
5377 else
5378 ASSERT_COMPARE( p, len, e_arg->x, e_arg->len );
5379 }
5380
5381exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005382 /*
5383 * Key attributes may have been returned by psa_get_key_attributes() or
5384 * set by psa_set_key_domain_parameters() thus reset them as required.
5385 */
Gilles Peskinee56e8782019-04-26 17:34:02 +02005386 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005387
Ronald Cron5425a212020-08-04 14:58:35 +02005388 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005389 PSA_DONE( );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005390 mbedtls_free( e_read_buffer );
5391 mbedtls_free( exported );
5392}
5393/* END_CASE */
5394
Darryl Greend49a4992018-06-18 17:27:26 +01005395/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005396void persistent_key_load_key_from_storage( data_t *data,
5397 int type_arg, int bits_arg,
5398 int usage_flags_arg, int alg_arg,
5399 int generation_method )
Darryl Greend49a4992018-06-18 17:27:26 +01005400{
Ronald Cron71016a92020-08-28 19:01:50 +02005401 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005402 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +02005403 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
5404 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005405 psa_key_type_t type = type_arg;
5406 size_t bits = bits_arg;
5407 psa_key_usage_t usage_flags = usage_flags_arg;
5408 psa_algorithm_t alg = alg_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005409 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Darryl Greend49a4992018-06-18 17:27:26 +01005410 unsigned char *first_export = NULL;
5411 unsigned char *second_export = NULL;
gabor-mezei-armcbcec212020-12-18 14:23:51 +01005412 size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits );
Darryl Greend49a4992018-06-18 17:27:26 +01005413 size_t first_exported_length;
5414 size_t second_exported_length;
5415
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005416 if( usage_flags & PSA_KEY_USAGE_EXPORT )
5417 {
5418 ASSERT_ALLOC( first_export, export_size );
5419 ASSERT_ALLOC( second_export, export_size );
5420 }
Darryl Greend49a4992018-06-18 17:27:26 +01005421
Gilles Peskine8817f612018-12-18 00:18:46 +01005422 PSA_ASSERT( psa_crypto_init() );
Darryl Greend49a4992018-06-18 17:27:26 +01005423
Gilles Peskinec87af662019-05-15 16:12:22 +02005424 psa_set_key_id( &attributes, key_id );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005425 psa_set_key_usage_flags( &attributes, usage_flags );
5426 psa_set_key_algorithm( &attributes, alg );
5427 psa_set_key_type( &attributes, type );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02005428 psa_set_key_bits( &attributes, bits );
Darryl Greend49a4992018-06-18 17:27:26 +01005429
Darryl Green0c6575a2018-11-07 16:05:30 +00005430 switch( generation_method )
5431 {
5432 case IMPORT_KEY:
5433 /* Import the key */
Gilles Peskine049c7532019-05-15 20:22:09 +02005434 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02005435 &key ) );
Darryl Green0c6575a2018-11-07 16:05:30 +00005436 break;
Darryl Greend49a4992018-06-18 17:27:26 +01005437
Darryl Green0c6575a2018-11-07 16:05:30 +00005438 case GENERATE_KEY:
5439 /* Generate a key */
Ronald Cron5425a212020-08-04 14:58:35 +02005440 PSA_ASSERT( psa_generate_key( &attributes, &key ) );
Darryl Green0c6575a2018-11-07 16:05:30 +00005441 break;
5442
5443 case DERIVE_KEY:
Steven Cooreman70f654a2021-02-15 10:51:43 +01005444#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005445 {
5446 /* Create base key */
5447 psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
5448 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
5449 psa_set_key_usage_flags( &base_attributes,
5450 PSA_KEY_USAGE_DERIVE );
5451 psa_set_key_algorithm( &base_attributes, derive_alg );
5452 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine049c7532019-05-15 20:22:09 +02005453 PSA_ASSERT( psa_import_key( &base_attributes,
5454 data->x, data->len,
5455 &base_key ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005456 /* Derive a key. */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005457 PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005458 PSA_ASSERT( psa_key_derivation_input_key(
5459 &operation,
5460 PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005461 PSA_ASSERT( psa_key_derivation_input_bytes(
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005462 &operation, PSA_KEY_DERIVATION_INPUT_INFO,
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005463 NULL, 0 ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005464 PSA_ASSERT( psa_key_derivation_output_key( &attributes,
5465 &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02005466 &key ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005467 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005468 PSA_ASSERT( psa_destroy_key( base_key ) );
Ronald Cron5425a212020-08-04 14:58:35 +02005469 base_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005470 }
Gilles Peskine6fea21d2021-01-12 00:02:15 +01005471#else
5472 TEST_ASSUME( ! "KDF not supported in this configuration" );
5473#endif
5474 break;
5475
5476 default:
5477 TEST_ASSERT( ! "generation_method not implemented in test" );
5478 break;
Darryl Green0c6575a2018-11-07 16:05:30 +00005479 }
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005480 psa_reset_key_attributes( &attributes );
Darryl Greend49a4992018-06-18 17:27:26 +01005481
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005482 /* Export the key if permitted by the key policy. */
5483 if( usage_flags & PSA_KEY_USAGE_EXPORT )
5484 {
Ronald Cron5425a212020-08-04 14:58:35 +02005485 PSA_ASSERT( psa_export_key( key,
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005486 first_export, export_size,
5487 &first_exported_length ) );
5488 if( generation_method == IMPORT_KEY )
5489 ASSERT_COMPARE( data->x, data->len,
5490 first_export, first_exported_length );
5491 }
Darryl Greend49a4992018-06-18 17:27:26 +01005492
5493 /* Shutdown and restart */
Ronald Cron5425a212020-08-04 14:58:35 +02005494 PSA_ASSERT( psa_purge_key( key ) );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005495 PSA_DONE();
Gilles Peskine8817f612018-12-18 00:18:46 +01005496 PSA_ASSERT( psa_crypto_init() );
Darryl Greend49a4992018-06-18 17:27:26 +01005497
Darryl Greend49a4992018-06-18 17:27:26 +01005498 /* Check key slot still contains key data */
Ronald Cron5425a212020-08-04 14:58:35 +02005499 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Ronald Cronecfb2372020-07-23 17:13:42 +02005500 TEST_ASSERT( mbedtls_svc_key_id_equal(
5501 psa_get_key_id( &attributes ), key_id ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005502 TEST_EQUAL( psa_get_key_lifetime( &attributes ),
5503 PSA_KEY_LIFETIME_PERSISTENT );
5504 TEST_EQUAL( psa_get_key_type( &attributes ), type );
5505 TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
gabor-mezei-arm4d9009e2021-05-13 12:05:01 +02005506 TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
gabor-mezei-armff03fd62021-06-28 14:05:00 +02005507 mbedtls_test_update_key_usage_flags( usage_flags ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005508 TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
Darryl Greend49a4992018-06-18 17:27:26 +01005509
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005510 /* Export the key again if permitted by the key policy. */
5511 if( usage_flags & PSA_KEY_USAGE_EXPORT )
Darryl Green0c6575a2018-11-07 16:05:30 +00005512 {
Ronald Cron5425a212020-08-04 14:58:35 +02005513 PSA_ASSERT( psa_export_key( key,
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005514 second_export, export_size,
5515 &second_exported_length ) );
Darryl Green0c6575a2018-11-07 16:05:30 +00005516 ASSERT_COMPARE( first_export, first_exported_length,
5517 second_export, second_exported_length );
Darryl Green0c6575a2018-11-07 16:05:30 +00005518 }
5519
5520 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01005521 if( ! mbedtls_test_psa_exercise_key( key, usage_flags, alg ) )
Darryl Green0c6575a2018-11-07 16:05:30 +00005522 goto exit;
Darryl Greend49a4992018-06-18 17:27:26 +01005523
5524exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005525 /*
5526 * Key attributes may have been returned by psa_get_key_attributes()
5527 * thus reset them as required.
5528 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02005529 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005530
Darryl Greend49a4992018-06-18 17:27:26 +01005531 mbedtls_free( first_export );
5532 mbedtls_free( second_export );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005533 psa_key_derivation_abort( &operation );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005534 psa_destroy_key( base_key );
Ronald Cron5425a212020-08-04 14:58:35 +02005535 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005536 PSA_DONE();
Darryl Greend49a4992018-06-18 17:27:26 +01005537}
5538/* END_CASE */