PSA crypto and attestation specification alignment
-Updating Crypto to PSA Crypto 1.0-Beta3
-Updating Attestation to PSA Attestation v1.0.0 Release
Signed-off-by: Gowtham Siddarth <gowtham.siddarth@arm.com>
diff --git a/api-tests/dev_apis/crypto/test_c001/test_c001.h b/api-tests/dev_apis/crypto/test_c001/test_c001.h
index 02a8c6b..de25766 100644
--- a/api-tests/dev_apis/crypto/test_c001/test_c001.h
+++ b/api-tests/dev_apis/crypto/test_c001/test_c001.h
@@ -18,9 +18,9 @@
#define _TEST_C001_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c001)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c001)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
#define GENERATE_SIZE 32
diff --git a/api-tests/dev_apis/crypto/test_c001/test_entry_c001.c b/api-tests/dev_apis/crypto/test_c001/test_entry_c001.c
index e1ba064..5ae3163 100644
--- a/api-tests/dev_apis/crypto/test_c001/test_entry_c001.c
+++ b/api-tests/dev_apis/crypto/test_c001/test_entry_c001.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 1)
#define TEST_DESC "Testing psa_crypto_init API: Basic\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c002/test_c002.c b/api-tests/dev_apis/crypto/test_c002/test_c002.c
index e5c15a5..63944c9 100644
--- a/api-tests/dev_apis/crypto/test_c002/test_c002.c
+++ b/api-tests/dev_apis/crypto/test_c002/test_c002.c
@@ -24,7 +24,6 @@
client_test_t test_c002_crypto_list[] = {
NULL,
psa_import_key_test,
- psa_import_key_negative_test,
NULL,
};
@@ -32,14 +31,20 @@
int32_t psa_import_key_test(security_t caller)
{
- uint32_t length, i;
- uint8_t data[BUFFER_SIZE];
- const uint8_t *key_data;
- psa_key_policy_t policy;
- psa_key_type_t key_type;
- size_t bits;
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t status;
+ int32_t i, status;
+ uint8_t data[BUFFER_SIZE];
+ size_t length;
+ const uint8_t *key_data;
+ psa_key_type_t get_key_type;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t get_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -55,14 +60,9 @@
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -83,7 +83,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -91,130 +91,66 @@
else
key_data = check1[i].key_data;
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &attributes, check1[i].attr_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3));
+ /* If failure is expected, continue with the next data set */
if (check1[i].expected_status != PSA_SUCCESS)
continue;
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
- &key_type, &bits);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ /* Get the attributes of the imported key and check if it matches the given value */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_ATTRIBUTES, check1[i].key_handle,
+ &get_attributes);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
- TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
+ val->crypto_function(VAL_CRYPTO_GET_KEY_TYPE, &attributes, &get_key_type);
+ TEST_ASSERT_EQUAL(get_key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(5));
- TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
+ if (check1[i].attr_bits != 0)
+ TEST_ASSERT_EQUAL(get_attributes.bits, check1[i].attr_bits, TEST_CHECKPOINT_NUM(6));
+ else
+ TEST_ASSERT_EQUAL(get_attributes.bits, check1[i].expected_bit_length,
+ TEST_CHECKPOINT_NUM(7));
/* Export a key in binary format */
status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle, data,
BUFFER_SIZE, &length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
- TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(10));
+ /* Check the attributes of the exported key */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(8));
if (PSA_KEY_TYPE_IS_UNSTRUCTURED(check1[i].key_type))
{
- TEST_ASSERT_MEMCMP(data, check1[i].key_data, length, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_MEMCMP(data, check1[i].key_data, length, TEST_CHECKPOINT_NUM(9));
}
else if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type) || PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- TEST_ASSERT_MEMCMP(key_data, data, length, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_MEMCMP(key_data, data, length, TEST_CHECKPOINT_NUM(10));
}
else
{
return VAL_STATUS_INVALID;
}
- /* Destroy the key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
- }
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
- return VAL_STATUS_SUCCESS;
-}
+ val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
-int32_t psa_import_key_negative_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- int32_t i, status;
- psa_key_policy_t policy;
- psa_key_handle_t invalid_key_handle;
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT, TEST_CHECKPOINT_NUM(12));
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- val->print(PRINT_TEST, "[Check %d] Test psa_import_key with already occupied key slot\n",
- g_test_count++);
-
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
- memset(&invalid_key_handle, 0xDEADDEAD, sizeof(invalid_key_handle));
- /* Set the usage policy on a key slot */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
- check2[i].key_type, check2[i].key_data, check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
-
- /* Import the key data into the occupied key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
- check2[i].key_type, check2[i].key_data, check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_ALREADY_EXISTS, TEST_CHECKPOINT_NUM(5));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_import_key with zero as key handle\n",
- g_test_count++);
- /* Import the key data with zero as key handle */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, 0, check2[i].key_type,
- check2[i].key_data, check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_import_key with destroyed handle\n",
- g_test_count++);
- /* Destroy the handle */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
-
- /* Import the key data with destroyed handle */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
- check2[i].key_type, check2[i].key_data, check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(8));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_import_key with unallocated key handle\n",
- g_test_count++);
- /* Import the key data with unallocated key handle */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, invalid_key_handle, check2[i].key_type,
- check2[i].key_data, check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(check1[i].key_handle, 0, TEST_CHECKPOINT_NUM(13));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c002/test_c002.h b/api-tests/dev_apis/crypto/test_c002/test_c002.h
index 4081d29..d12fb7d 100644
--- a/api-tests/dev_apis/crypto/test_c002/test_c002.h
+++ b/api-tests/dev_apis/crypto/test_c002/test_c002.h
@@ -18,14 +18,13 @@
#define _TEST_C002_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c002)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c002)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c002_crypto_list[];
int32_t psa_import_key_test(security_t caller);
-int32_t psa_import_key_negative_test(security_t caller);
#endif /* _TEST_C002_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c002/test_data.h b/api-tests/dev_apis/crypto/test_c002/test_data.h
index 0b2faea..38db0a5 100644
--- a/api-tests/dev_apis/crypto/test_c002/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c002/test_data.h
@@ -23,6 +23,7 @@
psa_key_type_t key_type;
uint8_t key_data[34];
uint32_t key_length;
+ size_t attr_bits;
psa_key_usage_t usage;
psa_algorithm_t key_alg;
uint32_t expected_bit_length;
@@ -167,7 +168,7 @@
{"Test psa_import_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9, 0x77},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -176,7 +177,7 @@
{"Test psa_import_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05},
- AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ AES_24B_KEY_SIZE, BYTES_TO_BITS(AES_24B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -186,23 +187,22 @@
{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ AES_32B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
},
#endif
-#endif
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
#ifdef ARCH_TEST_RSA_2048
{"Test psa_import_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
{0},
- 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 270, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
2048, 270, PSA_SUCCESS
},
-{"Test psa_import_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_import_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0},
- 1193, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 1193, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
2048, 1193, PSA_SUCCESS
},
#endif
@@ -212,7 +212,7 @@
#ifdef ARCH_TEST_DES_1KEY
{"Test psa_import_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ DES_8B_KEY_SIZE, BYTES_TO_BITS(DES_8B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -221,7 +221,7 @@
{"Test psa_import_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ DES3_2KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -231,7 +231,7 @@
{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ DES3_3KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -242,16 +242,16 @@
{"Test psa_import_key with EC Public key\n", 9,
PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
{0},
- 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 65, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
256, 65, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
{"Test psa_import_key with EC keypair\n", 10,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1),
{0},
- 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 28, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
224, 28, PSA_SUCCESS
},
#endif
@@ -263,14 +263,14 @@
{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05, 0xC9, 0xED,
0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_34B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ AES_34B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
BYTES_TO_BITS(AES_34B_KEY_SIZE), AES_34B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_import_key with incorrect key data size\n", 12, PSA_KEY_TYPE_AES,
{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
0x40, 0xAC, 0xA3, 0x90, 0x77},
-AES_18B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+AES_18B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
BYTES_TO_BITS(AES_18B_KEY_SIZE), AES_18B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
#endif
@@ -278,22 +278,9 @@
{"Test psa_import_key with incorrect key type\n", 13, PSA_KEY_TYPE_VENDOR_FLAG,
{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05},
-AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+AES_24B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_ERROR_NOT_SUPPORTED,
},
#endif
-};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_import_key negative cases\n", 1, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0x77},
-AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
-BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_ALREADY_EXISTS
-},
#endif
-#endif
-
};
diff --git a/api-tests/dev_apis/crypto/test_c002/test_entry_c002.c b/api-tests/dev_apis/crypto/test_c002/test_entry_c002.c
index 6f31df0..1ea3d4f 100644
--- a/api-tests/dev_apis/crypto/test_c002/test_entry_c002.c
+++ b/api-tests/dev_apis/crypto/test_c002/test_entry_c002.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 2)
#define TEST_DESC "Testing crypto key management APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c003/test_c003.c b/api-tests/dev_apis/crypto/test_c003/test_c003.c
index 1968cb1..814513d 100644
--- a/api-tests/dev_apis/crypto/test_c003/test_c003.c
+++ b/api-tests/dev_apis/crypto/test_c003/test_c003.c
@@ -23,7 +23,6 @@
client_test_t test_c003_crypto_list[] = {
NULL,
psa_export_key_test,
- psa_export_key_negative_test,
NULL,
};
@@ -32,13 +31,17 @@
int32_t psa_export_key_test(security_t caller)
{
- uint32_t length, i;
- const uint8_t *key_data;
- psa_key_policy_t policy;
- psa_key_type_t key_type;
- size_t bits;
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t status;
+ int32_t i, status;
+ size_t length;
+ const uint8_t *key_data;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -50,10 +53,7 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ memset(data, 0, BUFFER_SIZE);
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
@@ -61,7 +61,7 @@
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -82,7 +82,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -90,131 +90,48 @@
else
key_data = check1[i].key_data;
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &attributes, check1[i].attr_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
- &key_type, &bits);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Make sure the metada matches with the given data */
- TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
- TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Export a key in binary format */
status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle, data,
check1[i].buffer_size, &length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+ /* If failure is expected, continue with the next data set */
if (check1[i].expected_status != PSA_SUCCESS)
continue;
- /* Check if the key length matches with the given length */
- TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(10));
+ /* Check the attributes of the exported key */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(5));
- /* Check if original key data matches with the exported data */
if (PSA_KEY_TYPE_IS_UNSTRUCTURED(check1[i].key_type))
{
- TEST_ASSERT_MEMCMP(check1[i].key_data, data, length, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_MEMCMP(data, check1[i].key_data, length, TEST_CHECKPOINT_NUM(6));
}
else if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type) || PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- TEST_ASSERT_MEMCMP(key_data, data, length, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_MEMCMP(key_data, data, length, TEST_CHECKPOINT_NUM(7));
}
else
{
return VAL_STATUS_INVALID;
}
- }
- return VAL_STATUS_SUCCESS;
-}
-
-int32_t psa_export_key_negative_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- uint32_t i, length;
- int32_t status;
- psa_key_policy_t policy;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_export_key with unallocated key handle\n",
- g_test_count++);
- /* Export a key in binary format */
- status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check2[i].key_handle, data,
- check2[i].key_length, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_export_key with empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
-
- /* Export a key in binary format */
- status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check2[i].key_handle, data,
- check2[i].key_length, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(5));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_export_key with zero as key handle\n",
- g_test_count++);
- /* Export a key in binary format */
- status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, 0, data,
- check2[i].key_length, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_export_key with destroyed key handle\n",
- g_test_count++);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
-
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
- check2[i].key_type, check2[i].key_data, check2[i].key_length);
+ /* Destroy the key handle and check if export key fails */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
- /* Destroy the key handle */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
-
- /* Export a key in binary format */
- status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check2[i].key_handle, data,
- check2[i].key_length, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(10));
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle, data,
+ check1[i].buffer_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(9));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c003/test_c003.h b/api-tests/dev_apis/crypto/test_c003/test_c003.h
index 4d8a4d6..96ed12b 100644
--- a/api-tests/dev_apis/crypto/test_c003/test_c003.h
+++ b/api-tests/dev_apis/crypto/test_c003/test_c003.h
@@ -18,9 +18,9 @@
#define _TEST_C003_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c003)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c003)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c003/test_data.h b/api-tests/dev_apis/crypto/test_c003/test_data.h
index dfe0a0b..625cc17 100644
--- a/api-tests/dev_apis/crypto/test_c003/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c003/test_data.h
@@ -23,6 +23,7 @@
psa_key_type_t key_type;
uint8_t key_data[34];
uint32_t key_length;
+ size_t attr_bits;
psa_key_usage_t usage;
psa_algorithm_t key_alg;
size_t buffer_size;
@@ -166,7 +167,7 @@
{"Test psa_export_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9, 0x77},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -175,7 +176,7 @@
{"Test psa_export_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05},
- AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ AES_24B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -185,7 +186,7 @@
{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ AES_32B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -195,13 +196,13 @@
#ifdef ARCH_TEST_RSA_2048
{"Test psa_export_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
{0},
- 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
+ 270, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
2048, 270, PSA_SUCCESS
},
-{"Test psa_export_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_export_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0},
- 1193, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
+ 1193, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
2048, 1193, PSA_SUCCESS
},
#endif
@@ -211,7 +212,7 @@
#ifdef ARCH_TEST_DES_1KEY
{"Test psa_export_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ DES_8B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -220,7 +221,7 @@
{"Test psa_export_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ DES3_2KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -230,7 +231,7 @@
{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ DES3_3KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -241,16 +242,16 @@
{"Test psa_export_key with EC Public key\n", 9,
PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
{0},
- 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
+ 65, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
256, 65, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
{"Test psa_export_key with EC keypair\n", 10,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1),
{0},
- 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
+ 28, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
224, 28, PSA_SUCCESS
},
#endif
@@ -261,29 +262,16 @@
{"Test psa_export_key with key policy verify\n", 11, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9, 0x05},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_CTR, BUFFER_SIZE,
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_VERIFY, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_NOT_PERMITTED
},
{"Test psa_export_key with less buffer size\n", 12, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9, 0x05},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, 14,
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, 14,
BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_BUFFER_TOO_SMALL
},
#endif
#endif
};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_export_key negative case\n", 13, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0x05},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-#endif
-};
diff --git a/api-tests/dev_apis/crypto/test_c003/test_entry_c003.c b/api-tests/dev_apis/crypto/test_c003/test_entry_c003.c
index 8b50159..59efbf1 100644
--- a/api-tests/dev_apis/crypto/test_c003/test_entry_c003.c
+++ b/api-tests/dev_apis/crypto/test_c003/test_entry_c003.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 3)
#define TEST_DESC "Testing crypto key management APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c004/test_c004.c b/api-tests/dev_apis/crypto/test_c004/test_c004.c
index d99c483..2eed9a4 100644
--- a/api-tests/dev_apis/crypto/test_c004/test_c004.c
+++ b/api-tests/dev_apis/crypto/test_c004/test_c004.c
@@ -23,7 +23,6 @@
client_test_t test_c004_crypto_list[] = {
NULL,
test_psa_export_public_key,
- test_psa_export_public_key_handle,
NULL,
};
@@ -32,13 +31,17 @@
int32_t test_psa_export_public_key(security_t caller)
{
- uint32_t length, i;
- const uint8_t *key_data;
- psa_key_policy_t policy;
- psa_key_type_t key_type;
- size_t bits;
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t status;
+ int32_t i, status;
+ size_t length;
+ const uint8_t *key_data;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -50,10 +53,7 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ memset(data, 0, BUFFER_SIZE);
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
@@ -61,7 +61,7 @@
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -82,7 +82,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -90,168 +90,54 @@
else
key_data = check1[i].key_data;
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &attributes, check1[i].attr_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
- &key_type, &bits);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
-
- TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Export a key in binary format */
status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, check1[i].key_handle, data,
check1[i].buffer_size, &length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+ /* If failure is expected, continue with the next data set */
if (check1[i].expected_status != PSA_SUCCESS)
continue;
- TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(5));
/* Check if original key data matches with the exported data */
if (PSA_KEY_TYPE_IS_UNSTRUCTURED(check1[i].key_type))
{
- TEST_ASSERT_MEMCMP(check1[i].key_data, data, length, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_MEMCMP(check1[i].key_data, data, length, TEST_CHECKPOINT_NUM(6));
}
else if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type) || PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
key_data = expected_rsa_256_pubprv;
- else if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = expected_ec_pubprv;
- TEST_ASSERT_MEMCMP(key_data, data, length, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_MEMCMP(key_data, data, length, TEST_CHECKPOINT_NUM(7));
}
else
{
return VAL_STATUS_INVALID;
}
- }
- return VAL_STATUS_SUCCESS;
-
-}
-
-int32_t test_psa_export_public_key_handle(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- uint32_t i, length;
- int32_t status;
- const uint8_t *key_data;
- psa_key_policy_t policy;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- val->print(PRINT_TEST, "[Check %d] Test psa_export_key with unallocated key handle\n",
- g_test_count++);
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- /* Export a key in binary format */
- status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, check2[i].key_handle, data,
- check2[i].key_length, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_export_key with empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
-
- /* Export a key in binary format */
- status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, check2[i].key_handle, data,
- check2[i].key_length, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(5));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_export_key with zero as key handle\n",
- g_test_count++);
- status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, 0, data,
- check2[i].key_length, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_export_key with destroyed key handle\n",
- g_test_count++);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
-
- if (PSA_KEY_TYPE_IS_RSA(check2[i].key_type))
- {
- if (check2[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
- {
- if (check2[i].expected_bit_length == BYTES_TO_BITS(384))
- key_data = rsa_384_keypair;
- else if (check2[i].expected_bit_length == BYTES_TO_BITS(256))
- key_data = rsa_256_keypair;
- else
- return VAL_STATUS_INVALID;
- }
- else
- {
- if (check2[i].expected_bit_length == BYTES_TO_BITS(384))
- key_data = rsa_384_keydata;
- else if (check2[i].expected_bit_length == BYTES_TO_BITS(256))
- key_data = rsa_256_keydata;
- else
- return VAL_STATUS_INVALID;
- }
- }
- else if (PSA_KEY_TYPE_IS_ECC(check2[i].key_type))
- {
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check2[i].key_type))
- key_data = ec_keypair;
- else
- key_data = ec_keydata;
- }
- else
- key_data = check2[i].key_data;
-
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
- check2[i].key_type, key_data, check2[i].key_length);
+ /* Destroy the key handle and check if export key fails */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
- /* Destroy the key handle */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
-
- /* Export a key in binary format */
- status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, check2[i].key_handle, data,
- check2[i].key_length, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(10));
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, check1[i].key_handle, data,
+ check1[i].buffer_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(9));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c004/test_c004.h b/api-tests/dev_apis/crypto/test_c004/test_c004.h
index c24ec82..518013f 100644
--- a/api-tests/dev_apis/crypto/test_c004/test_c004.h
+++ b/api-tests/dev_apis/crypto/test_c004/test_c004.h
@@ -18,14 +18,13 @@
#define _TEST_C004_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c004)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c004)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c004_crypto_list[];
int32_t test_psa_export_public_key(security_t caller);
-int32_t test_psa_export_public_key_handle(security_t caller);
#endif /* _TEST_C004_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c004/test_data.h b/api-tests/dev_apis/crypto/test_c004/test_data.h
index 66dae2a..f389a0f 100644
--- a/api-tests/dev_apis/crypto/test_c004/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c004/test_data.h
@@ -23,6 +23,7 @@
psa_key_type_t key_type;
uint8_t key_data[34];
uint32_t key_length;
+ size_t attr_bits;
psa_key_usage_t usage;
psa_algorithm_t key_alg;
size_t buffer_size;
@@ -198,7 +199,7 @@
{"Test psa_export_public_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
#endif
@@ -207,7 +208,7 @@
{"Test psa_export_public_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
- AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ AES_24B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
#endif
@@ -217,7 +218,7 @@
{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ AES_32B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
#endif
@@ -227,13 +228,13 @@
#ifdef ARCH_TEST_RSA_2048
{"Test psa_export_public_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
{0},
- 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
+ 270, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
2048, 270, PSA_SUCCESS
},
-{"Test psa_export_public_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_export_public_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0},
- 1193, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
+ 1193, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
2048, 270, PSA_SUCCESS
},
#endif
@@ -243,7 +244,7 @@
#ifdef ARCH_TEST_DES_1KEY
{"Test psa_export_public_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ DES_8B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
#endif
@@ -252,7 +253,7 @@
{"Test psa_export_public_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ DES3_2KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
#endif
@@ -262,7 +263,7 @@
{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ DES3_3KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
#endif
@@ -273,16 +274,16 @@
{"Test psa_export_public_key with EC Public key\n", 9,
PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
{0},
- 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
+ 65, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
256, 65, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
{"Test psa_export_public_key with EC keypair\n", 10,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1),
{0},
- 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
+ 28, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
224, 57, PSA_SUCCESS
},
#endif
@@ -292,21 +293,9 @@
#ifdef ARCH_TEST_RSA
{"Test psa_export_public_key with less buffer size\n", 12, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
{0},
-270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, 200,
+270, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, 200,
2048, 270, PSA_ERROR_BUFFER_TOO_SMALL
},
#endif
#endif
};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-#ifdef ARCH_TEST_RSA
-{"Test psa_export_public_key negative case\n", 13, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
- {0},
- 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
- 2048, 270, PSA_SUCCESS
-},
-#endif
-#endif
-};
diff --git a/api-tests/dev_apis/crypto/test_c004/test_entry_c004.c b/api-tests/dev_apis/crypto/test_c004/test_entry_c004.c
index 7b8fdc9..e552b55 100644
--- a/api-tests/dev_apis/crypto/test_c004/test_entry_c004.c
+++ b/api-tests/dev_apis/crypto/test_c004/test_entry_c004.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 4)
#define TEST_DESC "Testing crypto key management APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c005/test_c005.c b/api-tests/dev_apis/crypto/test_c005/test_c005.c
index 1af6b36..e14e117 100644
--- a/api-tests/dev_apis/crypto/test_c005/test_c005.c
+++ b/api-tests/dev_apis/crypto/test_c005/test_c005.c
@@ -23,7 +23,6 @@
client_test_t test_c005_crypto_list[] = {
NULL,
psa_destroy_key_test,
- psa_destroy_invalid_key_test,
NULL,
};
@@ -31,13 +30,23 @@
int32_t psa_destroy_key_test(security_t caller)
{
- uint32_t i;
- const uint8_t *key_data;
- psa_key_policy_t policy;
- psa_key_type_t key_type;
- size_t bits;
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t status;
+ int32_t i, status;
+ const uint8_t *key_data;
+ psa_key_type_t get_key_type;
+ psa_key_id_t get_key_id;
+ psa_key_lifetime_t get_key_lifetime;
+ psa_key_usage_t get_key_usage_flags;
+ psa_algorithm_t get_key_algorithm;
+ size_t get_key_bits;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t set_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -49,21 +58,13 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- key_type = 0;
- bits = 0;
-
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -84,7 +85,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -92,90 +93,51 @@
else
key_data = check1[i].key_data;
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &set_attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &set_attributes, check1[i].attr_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &set_attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ID, &set_attributes, check1[i].key_id);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_LIFETIME, &set_attributes, check1[i].key_lifetime);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &set_attributes, check1[i].key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &set_attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
- /* Get basic metadata about a key */
- TEST_ASSERT_EQUAL(val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
- &key_type, &bits),
- PSA_SUCCESS,
- TEST_CHECKPOINT_NUM(6));
-
- /* Check that metadata matches with given data */
- TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
- TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
-
- /* Destroy a key and restore the slot to its default state */
+ /* Destroy the key handle */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
- &key_type, &bits);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(10));
+ /* Getting the attributes of the destroyed key should return error */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_ATTRIBUTES, check1[i].key_handle,
+ &attributes);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(5));
- /* Check that if the key metadata are destroyed */
- TEST_ASSERT_NOT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(11));
- TEST_ASSERT_NOT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(12));
- }
+ /* Check if all the attributes are erased */
+ val->crypto_function(VAL_CRYPTO_GET_KEY_TYPE, &attributes, &get_key_type);
+ TEST_ASSERT_EQUAL(get_key_type, 0, TEST_CHECKPOINT_NUM(6));
- return VAL_STATUS_SUCCESS;
-}
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ID, &attributes, &get_key_id);
+ TEST_ASSERT_EQUAL(get_key_id, 0, TEST_CHECKPOINT_NUM(7));
-int32_t psa_destroy_invalid_key_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- int32_t i, status;
+ val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, &attributes, &get_key_lifetime);
+ TEST_ASSERT_EQUAL(get_key_lifetime, 0, TEST_CHECKPOINT_NUM(8));
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+ val->crypto_function(VAL_CRYPTO_GET_KEY_USAGE_FLAGS, &attributes, &get_key_usage_flags);
+ TEST_ASSERT_EQUAL(get_key_usage_flags, 0, TEST_CHECKPOINT_NUM(9));
- for (i = 0; i < num_checks; i++)
- {
- val->print(PRINT_TEST, "[Check %d] Test psa_destroy_key with unallocated key handle\n",
- g_test_count++);
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ALGORITHM, &attributes, &get_key_algorithm);
+ TEST_ASSERT_EQUAL(get_key_algorithm, 0, TEST_CHECKPOINT_NUM(10));
- /* Destroy a key and restore the slot to its default state */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+ val->crypto_function(VAL_CRYPTO_GET_KEY_BITS, &attributes, &get_key_bits);
+ TEST_ASSERT_EQUAL(get_key_bits, 0, TEST_CHECKPOINT_NUM(11));
- val->print(PRINT_TEST, "[Check %d] Test psa_destroy_key with zero as key handle\n",
- g_test_count++);
- /* Destroy a key and restore the slot to its default state */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, 0);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+ /* Destroying an empty key handle should return error */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(12));
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_destroy_key with empty key handle\n",
- g_test_count++);
- /* Destroy a key and restore the slot to its default state */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Destroy a key and restore the slot to its default state */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c005/test_c005.h b/api-tests/dev_apis/crypto/test_c005/test_c005.h
index d191aed..50cad3d 100644
--- a/api-tests/dev_apis/crypto/test_c005/test_c005.h
+++ b/api-tests/dev_apis/crypto/test_c005/test_c005.h
@@ -18,14 +18,13 @@
#define _TEST_C005_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c005)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c005)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c005_crypto_list[];
int32_t psa_destroy_key_test(security_t caller);
-int32_t psa_destroy_invalid_key_test(security_t caller);
#endif /* _TEST_C005_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c005/test_data.h b/api-tests/dev_apis/crypto/test_c005/test_data.h
index bab27f2..3b70b18 100644
--- a/api-tests/dev_apis/crypto/test_c005/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c005/test_data.h
@@ -23,10 +23,12 @@
psa_key_type_t key_type;
uint8_t key_data[34];
uint32_t key_length;
+ size_t attr_bits;
psa_key_usage_t usage;
psa_algorithm_t key_alg;
+ psa_key_id_t key_id;
+ psa_key_lifetime_t key_lifetime;
uint32_t expected_bit_length;
- uint32_t expected_key_length;
psa_status_t expected_status;
} test_data;
@@ -166,8 +168,9 @@
{"Test psa_destroy_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0x12, PSA_KEY_LIFETIME_VOLATILE,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), PSA_SUCCESS
},
#endif
@@ -175,8 +178,9 @@
{"Test psa_destroy_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
- AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+ AES_24B_KEY_SIZE, BYTES_TO_BITS(AES_24B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0x34, PSA_KEY_LIFETIME_VOLATILE,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), PSA_SUCCESS
},
#endif
@@ -185,8 +189,9 @@
{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+ AES_32B_KEY_SIZE, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0x56, PSA_KEY_LIFETIME_VOLATILE,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_SUCCESS
},
#endif
#endif
@@ -195,14 +200,16 @@
#ifdef ARCH_TEST_RSA_2048
{"Test psa_destroy_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
{0},
- 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- 2048, 270, PSA_SUCCESS
+ 270, 2048, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 0x78, PSA_KEY_LIFETIME_VOLATILE,
+ 2048, PSA_SUCCESS
},
-{"Test psa_destroy_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_destroy_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0},
- 1193, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- 2048, 1193, PSA_SUCCESS
+ 1193, 2048, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 0x89, PSA_KEY_LIFETIME_VOLATILE,
+ 2048, PSA_SUCCESS
},
#endif
#endif
@@ -211,8 +218,9 @@
#ifdef ARCH_TEST_DES_1KEY
{"Test psa_destroy_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+ DES_8B_KEY_SIZE, BYTES_TO_BITS(DES_8B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0xAB, PSA_KEY_LIFETIME_VOLATILE,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), PSA_SUCCESS
},
#endif
@@ -220,8 +228,9 @@
{"Test psa_destroy_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+ DES3_2KEY_SIZE, BYTES_TO_BITS(DES3_2KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0xBC, PSA_KEY_LIFETIME_VOLATILE,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), PSA_SUCCESS
},
#endif
@@ -230,8 +239,9 @@
{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
+ DES3_3KEY_SIZE, BYTES_TO_BITS(DES3_3KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0xCD, PSA_KEY_LIFETIME_VOLATILE,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), PSA_SUCCESS
},
#endif
#endif
@@ -241,8 +251,9 @@
{"Test psa_destroy_key with EC Public key\n", 9,
PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
{0},
- 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
- 256, 65, PSA_SUCCESS
+ 65, 256, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 0xEF, PSA_KEY_LIFETIME_VOLATILE,
+ 256, PSA_SUCCESS
},
#endif
#endif
@@ -250,24 +261,11 @@
#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
{"Test psa_destroy_key with EC keypair\n", 10,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1),
{0},
- 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
- 224, 28, PSA_SUCCESS
-},
-#endif
-#endif
-};
-
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_destroy_key negative case\n", 11, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+ 28, 224, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
+ 0x123, PSA_KEY_LIFETIME_VOLATILE,
+ 224, PSA_SUCCESS
},
#endif
#endif
diff --git a/api-tests/dev_apis/crypto/test_c005/test_entry_c005.c b/api-tests/dev_apis/crypto/test_c005/test_entry_c005.c
index 9559f13..0a8b46d 100644
--- a/api-tests/dev_apis/crypto/test_c005/test_entry_c005.c
+++ b/api-tests/dev_apis/crypto/test_c005/test_entry_c005.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 5)
#define TEST_DESC "Testing crypto key management APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c006/test_c006.c b/api-tests/dev_apis/crypto/test_c006/test_c006.c
index a18aaa7..61fecdc 100644
--- a/api-tests/dev_apis/crypto/test_c006/test_c006.c
+++ b/api-tests/dev_apis/crypto/test_c006/test_c006.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,159 +19,62 @@
#include "val_target.h"
#include "test_c006.h"
#include "test_data.h"
+#include "val_crypto.h"
client_test_t test_c006_crypto_list[] = {
NULL,
- psa_get_key_information_test,
- psa_get_key_information_invalid_test,
+ psa_hash_compute_test,
NULL,
};
static int g_test_count = 1;
-int32_t psa_get_key_information_test(security_t caller)
+int32_t psa_hash_compute_test(security_t caller)
{
- int32_t i, status;
- const uint8_t *key_data;
- psa_key_policy_t policy;
- psa_key_type_t key_type;
- size_t bits;
- int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ const char *expected_hash;
+ char hash[HASH_64B];
+ size_t hash_length, hash_size = sizeof(hash);
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
- /* Set the key data buffer to the input base on algorithm */
for (i = 0; i < num_checks; i++)
{
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
- {
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
- {
- if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
- key_data = rsa_384_keypair;
- else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
- key_data = rsa_256_keypair;
- else
- return VAL_STATUS_INVALID;
- }
- else
- {
- if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
- key_data = rsa_384_keydata;
- else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
- key_data = rsa_256_keydata;
- else
- return VAL_STATUS_INVALID;
- }
- }
- else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
- {
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
- key_data = ec_keypair;
- else
- key_data = ec_keydata;
- }
+ if (check1[i].alg == PSA_ALG_SHA_384)
+ expected_hash = sha384_hash;
+ else if (check1[i].alg == PSA_ALG_SHA_512)
+ expected_hash = sha512_hash;
else
- key_data = check1[i].key_data;
+ expected_hash = check1[i].hash;
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
-
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
- &key_type, &bits);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+ /* Calculate the hash (digest) of a message */
+ status = val->crypto_function(VAL_CRYPTO_HASH_COMPUTE, check1[i].alg, &check1[i].input,
+ check1[i].input_length, hash, hash_size, &hash_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
if (check1[i].expected_status != PSA_SUCCESS)
+ {
continue;
+ }
- /* Check that it matches with given data */
- TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
- TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
- }
-
- return VAL_STATUS_SUCCESS;
-}
-
-int32_t psa_get_key_information_invalid_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- int32_t i, status;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- val->print(PRINT_TEST, "[Check %d] Test psa_get_key_information with unallocated"
- " key handle\n", g_test_count++);
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check2[i].key_handle,
- &check2[i].key_type, &check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_get_key_information with zero as"
- " key handle\n", g_test_count++);
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, 0,
- &check2[i].key_type, &check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_get_key_information with empty key handle\n",
- g_test_count++);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check2[i].key_handle,
- &check2[i].key_type, &check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(6));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_get_key_information with destroyed"
- " key handle\n", g_test_count++);
- /* Destroy a key and restore the slot to its default state */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
-
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check2[i].key_handle,
- &check2[i].key_type, &check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(8));
-
+ TEST_ASSERT_EQUAL(hash_length, PSA_HASH_SIZE(check1[i].alg), TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_MEMCMP(hash, expected_hash, hash_length, TEST_CHECKPOINT_NUM(8));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c006/test_c006.h b/api-tests/dev_apis/crypto/test_c006/test_c006.h
index f8d834b..c46a0b3 100644
--- a/api-tests/dev_apis/crypto/test_c006/test_c006.h
+++ b/api-tests/dev_apis/crypto/test_c006/test_c006.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,14 +18,13 @@
#define _TEST_C006_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c006)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c006)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c006_crypto_list[];
-int32_t psa_get_key_information_test(security_t caller);
-int32_t psa_get_key_information_invalid_test(security_t caller);
+int32_t psa_hash_compute_test(security_t caller);
#endif /* _TEST_C006_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c006/test_data.h b/api-tests/dev_apis/crypto/test_c006/test_data.h
index ccc52e2..5aeee35 100644
--- a/api-tests/dev_apis/crypto/test_c006/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c006/test_data.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,255 +18,108 @@
#include "val_crypto.h"
typedef struct {
- char test_desc[75];
- psa_key_handle_t key_handle;
- psa_key_type_t key_type;
- uint8_t key_data[34];
- uint32_t key_length;
- psa_key_usage_t usage;
- psa_algorithm_t key_alg;
- uint32_t expected_bit_length;
- uint32_t expected_key_length;
+ char test_desc[50];
+ psa_algorithm_t alg;
+ char input;
+ size_t input_length;
+ char hash[32];
+ size_t hash_length;
psa_status_t expected_status;
} test_data;
-static const uint8_t rsa_384_keypair[1];
-static const uint8_t rsa_384_keydata[1];
+static const char sha384_hash[] = {
+0x43, 0x72, 0xe3, 0x8a, 0x92, 0xa2, 0x8b, 0x5d, 0x2c, 0x39, 0x1e, 0x62,
+0x45, 0x2a, 0x86, 0xd5, 0x0e, 0x02, 0x67, 0x22, 0x8b, 0xe1, 0x76, 0xc7, 0x7d, 0x24, 0x02, 0xef,
+0xfe, 0x9f, 0xa5, 0x0d, 0xe4, 0x07, 0xbb, 0xb8, 0x51, 0xb3, 0x7d, 0x59, 0x04, 0xab, 0xa2, 0xde,
+0xde, 0x74, 0xda, 0x2a};
-static const uint8_t rsa_256_keypair[] = {
- 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
- 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
- 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
- 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
- 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
- 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
- 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
- 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
- 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
- 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
- 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
- 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
- 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
- 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
- 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
- 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
- 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
- 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
- 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
- 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
- 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
- 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
- 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
- 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
- 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
- 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
- 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
- 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
- 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
- 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
- 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
- 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
- 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
- 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
- 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
- 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
- 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
- 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
- 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
- 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
- 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
- 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
- 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
- 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
- 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
- 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
- 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
- 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
- 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
- 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
- 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
- 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
- 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
- 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
- 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
- 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
- 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
- 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
- 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
- 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
- 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
- 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
- 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
- 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
- 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
- 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
- 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
- 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
- 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
- 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
- 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
- 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
- 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
- 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
- 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
- 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
- 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
- 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
- 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
- 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
- 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
- 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
- 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
- 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
- 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
- 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
- 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
- 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
- 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
- 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
- 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
- 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
-
-static const uint8_t rsa_256_keydata[] = {
- 0x30, 0x82, 0x01, 0x0A,
- 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
- 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
- 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
- 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
- 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
- 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
- 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
- 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
- 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
- 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
- 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
- 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
- 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
- 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
- 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
- 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
- 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
- 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
- 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
-
-static const uint8_t ec_keydata[] = {
- 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
- 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
- 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
- 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
- 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
-
-static const uint8_t ec_keypair[] = {
- 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
- 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+static const char sha512_hash[] = {
+0x29, 0x6e, 0x22, 0x67, 0xd7, 0x4c, 0x27, 0x8d, 0xaa, 0xaa, 0x94, 0x0d,
+0x17, 0xb0, 0xcf, 0xb7, 0x4a, 0x50, 0x83, 0xf8, 0xe0, 0x69, 0x72, 0x6d, 0x8c, 0x84, 0x1c, 0xbe,
+0x59, 0x6e, 0x04, 0x31, 0xcb, 0x77, 0x41, 0xa5, 0xb5, 0x0f, 0x71, 0x66, 0x6c, 0xfd, 0x54, 0xba,
+0xcb, 0x7b, 0x00, 0xae, 0xa8, 0x91, 0x49, 0x9c, 0xf4, 0xef, 0x6a, 0x03, 0xc8, 0xa8, 0x3f, 0xe3,
+0x7c, 0x3f, 0x7b, 0xaf};
static test_data check1[] = {
-
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_get_key_information 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+#ifdef ARCH_TEST_MD2
+{"Test psa_hash_compute with MD2 algorithm\n",
+ PSA_ALG_MD2, 0xbd, 1,
+ {0x8c, 0x9c, 0x17, 0x66, 0x5d, 0x25, 0xb3, 0x5f, 0xc4, 0x13, 0xc4, 0x18, 0x05, 0xc6, 0x79, 0xcf},
+ 16, PSA_SUCCESS,
},
#endif
-#ifdef ARCH_TEST_AES_192
-{"Test psa_get_key_information 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
-{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
- 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
- AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+#ifdef ARCH_TEST_MD4
+{"Test psa_hash_compute with MD4 algorithm\n",
+ PSA_ALG_MD4, 0xbd, 1,
+ {0x18, 0xc3, 0x3f, 0x97, 0x29, 0x7e, 0xfe, 0x5f, 0x8a, 0x73, 0x22, 0x58, 0x28, 0x9f, 0xda, 0x25},
+ 16, PSA_SUCCESS,
},
#endif
-#ifdef ARCH_TEST_AES_256
-{"Test psa_get_key_information 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
-{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
- 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+#ifdef ARCH_TEST_MD5
+{"Test psa_hash_compute with MD5 algorithm\n",
+ PSA_ALG_MD5, 0xbd, 1,
+ {0xab, 0xae, 0x57, 0xcb, 0x56, 0x2e, 0xcf, 0x29, 0x5b, 0x4a, 0x37, 0xa7, 0x6e, 0xfe, 0x61, 0xfb},
+ 16, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_RIPEMD160
+{"Test psa_hash_compute with RIPEMD160 algorithm\n",
+ PSA_ALG_RIPEMD160, 0xbd, 1,
+ {0x50, 0x89, 0x26, 0x5e, 0xe5, 0xd9, 0xaf, 0x75, 0xd1, 0x2d, 0xbf, 0x7e, 0xa2, 0xf2, 0x7d, 0xbd,
+ 0xee, 0x43, 0x5b, 0x37},
+ 20, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA1
+{"Test psa_hash_compute with SHA1 algorithm\n",
+ PSA_ALG_SHA_1, 0xbd, 1,
+ {0x90, 0x34, 0xaa, 0xf4, 0x51, 0x43, 0x99, 0x6a, 0x2b, 0x14, 0x46, 0x5c, 0x35, 0x2a, 0xb0, 0xc6,
+ 0xfa, 0x26, 0xb2, 0x21},
+ 20, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_hash_compute with SHA224 algorithm\n",
+ PSA_ALG_SHA_224, 0xbd, 1,
+ {0xb1, 0xe4, 0x6b, 0xb9, 0xef, 0xe4, 0x5a, 0xf5, 0x54, 0x36, 0x34, 0x49, 0xc6, 0x94, 0x5a, 0x0d,
+ 0x61, 0x69, 0xfc, 0x3a, 0x5a, 0x39, 0x6a, 0x56, 0xcb, 0x97, 0xcb, 0x57},
+ 28, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_hash_compute with SHA256 algorithm\n",
+ PSA_ALG_SHA_256, 0xbd, 1,
+ {0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70,
+ 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa, 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b},
+ 32, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA384
+{"Test psa_hash_compute with SHA384 algorithm\n",
+ PSA_ALG_SHA_384, 0xbd, 1, {0}, 48, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_hash_compute with SHA512 algorithm\n",
+ PSA_ALG_SHA_512, 0xbd, 1, {0}, 64, PSA_SUCCESS,
+},
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_hash_compute with small buffer size\n",
+ PSA_ALG_SHA_512, 0xbd, 1, {0}, 60, PSA_ERROR_BUFFER_TOO_SMALL,
},
#endif
#endif
-#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-#ifdef ARCH_TEST_RSA_2048
-{"Test psa_get_key_information 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
- {0},
- 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- 2048, 270, PSA_SUCCESS
+{"Test psa_hash_compute with invalid algorithm\n",
+ PSA_HASH_ALG_INVALID, 0xbd, 1, {0}, 64, PSA_ERROR_NOT_SUPPORTED,
},
-
-{"Test psa_get_key_information with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
- {0},
- 1193, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- 2048, 1193, PSA_SUCCESS
-},
-#endif
-#endif
-
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_DES_1KEY
-{"Test psa_get_key_information with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
- {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_DES_2KEY
-{"Test psa_get_key_information with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
-{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_DES_3KEY
-{"Test psa_get_key_information with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
-{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
-},
-#endif
-#endif
-
-#ifdef ARCH_TEST_ECDSA
-#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
-{"Test psa_get_key_information with EC Public key\n", 9,
- PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
- {0},
- 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
- 256, 65, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
-{"Test psa_get_key_information with EC keypair\n", 10,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
- {0},
- 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
- 224, 28, PSA_SUCCESS
-},
-#endif
-#endif
-};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_get_key_information negative cases\n", 11, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c006/test_entry_c006.c b/api-tests/dev_apis/crypto/test_c006/test_entry_c006.c
index 983ee81..d1536d2 100644
--- a/api-tests/dev_apis/crypto/test_c006/test_entry_c006.c
+++ b/api-tests/dev_apis/crypto/test_c006/test_entry_c006.c
@@ -19,8 +19,9 @@
#include "val_target.h"
#include "test_c006.h"
-#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 6)
-#define TEST_DESC "Testing crypto key management APIs\n"
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 06)
+#define TEST_DESC "Testing crypto hash functions APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c007/test_c007.c b/api-tests/dev_apis/crypto/test_c007/test_c007.c
index 9b3371f..1c86caa 100644
--- a/api-tests/dev_apis/crypto/test_c007/test_c007.c
+++ b/api-tests/dev_apis/crypto/test_c007/test_c007.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,165 +23,48 @@
client_test_t test_c007_crypto_list[] = {
NULL,
- psa_set_key_policy_test,
- psa_set_key_policy_negative_test,
+ psa_hash_compare_test,
NULL,
};
static int g_test_count = 1;
-int32_t psa_set_key_policy_test(security_t caller)
+int32_t psa_hash_compare_test(security_t caller)
{
- const uint8_t *key_data;
- psa_key_policy_t policy, expected_policy;
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ const char *hash;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
- /* Set the key data buffer to the input base on algorithm */
for (i = 0; i < num_checks; i++)
{
-
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
- {
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
- {
- if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
- key_data = rsa_384_keypair;
- else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
- key_data = rsa_256_keypair;
- else
- return VAL_STATUS_INVALID;
- }
- else
- {
- if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
- key_data = rsa_384_keydata;
- else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
- key_data = rsa_256_keydata;
- else
- return VAL_STATUS_INVALID;
- }
- }
- else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
- {
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
- key_data = ec_keypair;
- else
- key_data = ec_keydata;
- }
+ if (check1[i].alg == PSA_ALG_SHA_384)
+ hash = sha384_hash;
+ else if (check1[i].alg == PSA_ALG_SHA_512)
+ hash = sha512_hash;
else
- key_data = check1[i].key_data;
+ hash = check1[i].hash;
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
-
- if (check1[i].expected_status != PSA_SUCCESS)
- continue;
-
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Get the usage policy for a key slot */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, check1[i].key_handle,
- &expected_policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Check if the usage is same as programmed */
- TEST_ASSERT_EQUAL(expected_policy.usage, check1[i].usage, TEST_CHECKPOINT_NUM(7));
-
- /* Check if the algorithm is same as programmed */
- TEST_ASSERT_EQUAL(expected_policy.alg, check1[i].key_alg, TEST_CHECKPOINT_NUM(8));
- }
-
- return VAL_STATUS_SUCCESS;
-}
-
-int32_t psa_set_key_policy_negative_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- int32_t i, status;
- psa_key_policy_t policy;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- for (i = 0; i < num_checks; i++)
- {
- val->print(PRINT_TEST, "[Check %d] Test psa_set_key_policy with unallocated key handle\n",
- g_test_count++);
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- /* Set the usage policy on a key slot */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_set_key_policy with zero as key handle\n",
- g_test_count++);
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, 0, &policy);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Set the usage policy on a key slot */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
- val->print(PRINT_TEST, "[Check %d] Test psa_set_key_policy with already occupied handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
- check2[i].key_type, check2[i].key_data, check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_ALREADY_EXISTS, TEST_CHECKPOINT_NUM(8));
+ /* Calculate the hash (digest) of a message and compare it with a reference value */
+ status = val->crypto_function(VAL_CRYPTO_HASH_COMPARE, check1[i].alg, &check1[i].input,
+ check1[i].input_length, hash, check1[i].hash_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c007/test_c007.h b/api-tests/dev_apis/crypto/test_c007/test_c007.h
index ee5635f..55918d9 100644
--- a/api-tests/dev_apis/crypto/test_c007/test_c007.h
+++ b/api-tests/dev_apis/crypto/test_c007/test_c007.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,15 +18,13 @@
#define _TEST_C007_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c007)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c007)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c007_crypto_list[];
-int32_t psa_set_key_policy_test(security_t caller);
-int32_t psa_set_key_policy_negative_test(security_t caller);
+int32_t psa_hash_compare_test(security_t caller);
#endif /* _TEST_C007_CLIENT_TESTS_H_ */
-
diff --git a/api-tests/dev_apis/crypto/test_c007/test_data.h b/api-tests/dev_apis/crypto/test_c007/test_data.h
index 7572696..5d6dc86 100644
--- a/api-tests/dev_apis/crypto/test_c007/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c007/test_data.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,268 +18,114 @@
#include "val_crypto.h"
typedef struct {
- char test_desc[75];
- psa_key_handle_t key_handle;
- psa_key_type_t key_type;
- uint8_t key_data[34];
- uint32_t key_length;
- psa_key_usage_t usage;
- psa_algorithm_t key_alg;
- uint32_t expected_bit_length;
- uint32_t expected_key_length;
+ char test_desc[50];
+ psa_algorithm_t alg;
+ char input;
+ size_t input_length;
+ char hash[32];
+ size_t hash_length;
psa_status_t expected_status;
} test_data;
-static const uint8_t rsa_384_keypair[1];
-static const uint8_t rsa_384_keydata[1];
+static const char sha384_hash[] = {
+0x43, 0x72, 0xe3, 0x8a, 0x92, 0xa2, 0x8b, 0x5d, 0x2c, 0x39, 0x1e, 0x62,
+0x45, 0x2a, 0x86, 0xd5, 0x0e, 0x02, 0x67, 0x22, 0x8b, 0xe1, 0x76, 0xc7, 0x7d, 0x24, 0x02, 0xef,
+0xfe, 0x9f, 0xa5, 0x0d, 0xe4, 0x07, 0xbb, 0xb8, 0x51, 0xb3, 0x7d, 0x59, 0x04, 0xab, 0xa2, 0xde,
+0xde, 0x74, 0xda, 0x2a};
-static const uint8_t rsa_256_keypair[] = {
- 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
- 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
- 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
- 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
- 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
- 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
- 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
- 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
- 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
- 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
- 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
- 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
- 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
- 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
- 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
- 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
- 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
- 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
- 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
- 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
- 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
- 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
- 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
- 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
- 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
- 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
- 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
- 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
- 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
- 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
- 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
- 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
- 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
- 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
- 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
- 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
- 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
- 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
- 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
- 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
- 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
- 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
- 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
- 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
- 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
- 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
- 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
- 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
- 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
- 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
- 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
- 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
- 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
- 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
- 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
- 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
- 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
- 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
- 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
- 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
- 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
- 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
- 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
- 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
- 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
- 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
- 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
- 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
- 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
- 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
- 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
- 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
- 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
- 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
- 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
- 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
- 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
- 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
- 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
- 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
- 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
- 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
- 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
- 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
- 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
- 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
- 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
- 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
- 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
- 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
- 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
- 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
-
-static const uint8_t rsa_256_keydata[] = {
- 0x30, 0x82, 0x01, 0x0A,
- 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
- 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
- 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
- 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
- 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
- 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
- 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
- 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
- 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
- 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
- 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
- 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
- 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
- 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
- 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
- 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
- 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
- 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
- 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
-
-static const uint8_t ec_keydata[] = {
- 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
- 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
- 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
- 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
- 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
-
-static const uint8_t ec_keypair[] = {
- 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
- 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+static const char sha512_hash[] = {
+0x29, 0x6e, 0x22, 0x67, 0xd7, 0x4c, 0x27, 0x8d, 0xaa, 0xaa, 0x94, 0x0d,
+0x17, 0xb0, 0xcf, 0xb7, 0x4a, 0x50, 0x83, 0xf8, 0xe0, 0x69, 0x72, 0x6d, 0x8c, 0x84, 0x1c, 0xbe,
+0x59, 0x6e, 0x04, 0x31, 0xcb, 0x77, 0x41, 0xa5, 0xb5, 0x0f, 0x71, 0x66, 0x6c, 0xfd, 0x54, 0xba,
+0xcb, 0x7b, 0x00, 0xae, 0xa8, 0x91, 0x49, 0x9c, 0xf4, 0xef, 0x6a, 0x03, 0xc8, 0xa8, 0x3f, 0xe3,
+0x7c, 0x3f, 0x7b, 0xaf};
static test_data check1[] = {
-
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_set_key_policy 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+#ifdef ARCH_TEST_MD2
+{"Test psa_hash_compare with MD2 algorithm\n",
+ PSA_ALG_MD2, 0xbd, 1,
+ {0x8c, 0x9c, 0x17, 0x66, 0x5d, 0x25, 0xb3, 0x5f, 0xc4, 0x13, 0xc4, 0x18, 0x05, 0xc6, 0x79, 0xcf},
+ 16, PSA_SUCCESS,
},
#endif
-#ifdef ARCH_TEST_AES_192
-{"Test psa_set_key_policy 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
-{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
- 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
- AES_24B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+#ifdef ARCH_TEST_MD4
+{"Test psa_hash_compare with MD4 algorithm\n",
+ PSA_ALG_MD4, 0xbd, 1,
+ {0x18, 0xc3, 0x3f, 0x97, 0x29, 0x7e, 0xfe, 0x5f, 0x8a, 0x73, 0x22, 0x58, 0x28, 0x9f, 0xda, 0x25},
+ 16, PSA_SUCCESS,
},
#endif
-#ifdef ARCH_TEST_AES_256
-{"Test psa_set_key_policy 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
-{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
- 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-#endif
-
-#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-#ifdef ARCH_TEST_RSA_2048
-{"Test psa_set_key_policy 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
- {0},
- 270, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- 2048, 270, PSA_SUCCESS
-},
-
-{"Test psa_set_key_policy with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
- {0},
- 1193, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- 2048, 1193, PSA_SUCCESS
-},
-#endif
-#endif
-
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_DES_1KEY
-{"Test psa_set_key_policy with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
- {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+#ifdef ARCH_TEST_MD5
+{"Test psa_hash_compare with MD5 algorithm\n",
+ PSA_ALG_MD5, 0xbd, 1,
+ {0xab, 0xae, 0x57, 0xcb, 0x56, 0x2e, 0xcf, 0x29, 0x5b, 0x4a, 0x37, 0xa7, 0x6e, 0xfe, 0x61, 0xfb},
+ 16, PSA_SUCCESS,
},
#endif
-#ifdef ARCH_TEST_DES_2KEY
-{"Test psa_set_key_policy with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
-{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+#ifdef ARCH_TEST_RIPEMD160
+{"Test psa_hash_compare with RIPEMD160 algorithm\n",
+ PSA_ALG_RIPEMD160, 0xbd, 1,
+ {0x50, 0x89, 0x26, 0x5e, 0xe5, 0xd9, 0xaf, 0x75, 0xd1, 0x2d, 0xbf, 0x7e, 0xa2, 0xf2, 0x7d, 0xbd,
+ 0xee, 0x43, 0x5b, 0x37},
+ 20, PSA_SUCCESS,
},
#endif
-#ifdef ARCH_TEST_DES_3KEY
-{"Test psa_set_key_policy with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
-{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
-},
-#endif
-#endif
-
-#ifdef ARCH_TEST_ECDSA
-#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
-{"Test psa_set_key_policy with EC Public key\n", 9,
- PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
- {0},
- 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
- 256, 65, PSA_SUCCESS
+#ifdef ARCH_TEST_SHA1
+{"Test psa_hash_compare with SHA1 algorithm\n",
+ PSA_ALG_SHA_1, 0xbd, 1,
+ {0x90, 0x34, 0xaa, 0xf4, 0x51, 0x43, 0x99, 0x6a, 0x2b, 0x14, 0x46, 0x5c, 0x35, 0x2a, 0xb0, 0xc6,
+ 0xfa, 0x26, 0xb2, 0x21},
+ 20, PSA_SUCCESS,
},
#endif
-#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
-{"Test psa_set_key_policy with EC keypair\n", 10,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
- {0},
- 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
- 224, 28, PSA_SUCCESS
+#ifdef ARCH_TEST_SHA224
+{"Test psa_hash_compare with SHA224 algorithm\n",
+ PSA_ALG_SHA_224, 0xbd, 1,
+ {0xb1, 0xe4, 0x6b, 0xb9, 0xef, 0xe4, 0x5a, 0xf5, 0x54, 0x36, 0x34, 0x49, 0xc6, 0x94, 0x5a, 0x0d,
+ 0x61, 0x69, 0xfc, 0x3a, 0x5a, 0x39, 0x6a, 0x56, 0xcb, 0x97, 0xcb, 0x57},
+ 28, PSA_SUCCESS,
},
#endif
-#endif
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_set_key_policy with invalid usage\n", 13, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
-AES_16B_KEY_SIZE, PSA_KEY_USAGE_INVALID, PSA_ALG_CTR,
-BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+#ifdef ARCH_TEST_SHA256
+{"Test psa_hash_compare with SHA256 algorithm\n",
+ PSA_ALG_SHA_256, 0xbd, 1,
+ {0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70,
+ 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa, 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b},
+ 32, PSA_SUCCESS,
},
#endif
-#endif
-};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_set_key_policy negative case\n", 11, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
-AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
-BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_ALREADY_EXISTS
+#ifdef ARCH_TEST_SHA384
+{"Test psa_hash_compare with SHA384 algorithm\n",
+ PSA_ALG_SHA_384, 0xbd, 1, {0}, 48, PSA_SUCCESS,
},
#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_hash_compare with SHA512 algorithm\n",
+ PSA_ALG_SHA_512, 0xbd, 1, {0}, 64, PSA_SUCCESS,
+},
#endif
+#ifdef ARCH_TEST_SHA256
+{"Test psa_hash_compare with incorrect hash\n",
+ PSA_ALG_SHA_256, 0xbd, 1,
+ {0x68, 0x32, 0x57, 0x20, 0xab, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70,
+ 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa, 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x78},
+ 32, PSA_ERROR_INVALID_SIGNATURE,
+},
+
+{"Test psa_hash_compare with incorrect hash length\n",
+ PSA_ALG_SHA_256, 0xbd, 1,
+ {0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70,
+ 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa, 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b},
+ 31, PSA_ERROR_INVALID_SIGNATURE,
+},
+#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c007/test_entry_c007.c b/api-tests/dev_apis/crypto/test_c007/test_entry_c007.c
index c1fbe53..2825b02 100644
--- a/api-tests/dev_apis/crypto/test_c007/test_entry_c007.c
+++ b/api-tests/dev_apis/crypto/test_c007/test_entry_c007.c
@@ -19,8 +19,9 @@
#include "val_target.h"
#include "test_c007.h"
-#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 7)
-#define TEST_DESC "Testing crypto key management APIs\n"
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 07)
+#define TEST_DESC "Testing crypto hash functions APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c008/test_c008.c b/api-tests/dev_apis/crypto/test_c008/test_c008.c
index 363d5c7..afd7742 100644
--- a/api-tests/dev_apis/crypto/test_c008/test_c008.c
+++ b/api-tests/dev_apis/crypto/test_c008/test_c008.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,21 +23,23 @@
client_test_t test_c008_crypto_list[] = {
NULL,
- psa_get_key_policy_test,
- psa_get_key_policy_negative_test,
+ psa_key_derivation_setup_test,
NULL,
};
static int g_test_count = 1;
-int32_t psa_get_key_policy_test(security_t caller)
+int32_t psa_key_derivation_setup_test(security_t caller)
{
- const uint8_t *key_data;
- psa_key_policy_t policy, expected_policy;
- psa_key_usage_t expected_usage;
- psa_algorithm_t expected_alg;
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t i, status;
+ int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -49,135 +51,19 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
- memset(&expected_usage, 0, sizeof(psa_key_usage_t));
- memset(&expected_alg, 0, sizeof(psa_algorithm_t));
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
- {
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
- {
- if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
- key_data = rsa_384_keypair;
- else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
- key_data = rsa_256_keypair;
- else
- return VAL_STATUS_INVALID;
- }
- else
- {
- if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
- key_data = rsa_384_keydata;
- else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
- key_data = rsa_256_keydata;
- else
- return VAL_STATUS_INVALID;
- }
- }
- else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
- {
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
- key_data = ec_keypair;
- else
- key_data = ec_keydata;
- }
- else
- key_data = check1[i].key_data;
+ /* Set up a key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SETUP, &operation, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ /* Abort the key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Get the usage policy for a key slot */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, check1[i].key_handle,
- &expected_policy);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
-
- if (check1[i].expected_status != PSA_SUCCESS)
- continue;
-
- TEST_ASSERT_EQUAL(expected_policy.usage, check1[i].usage, TEST_CHECKPOINT_NUM(7));
- TEST_ASSERT_EQUAL(expected_policy.alg, check1[i].key_alg, TEST_CHECKPOINT_NUM(8));
-
- /* Retrieve the usage field of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_GET_USAGE, &policy, &expected_usage);
-
- /* Retrieve the algorithm field of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_GET_ALGORITHM, &policy, &expected_alg);
-
- TEST_ASSERT_EQUAL(expected_usage, check1[i].usage, TEST_CHECKPOINT_NUM(9));
- TEST_ASSERT_EQUAL(expected_alg, check1[i].key_alg, TEST_CHECKPOINT_NUM(10));
}
return VAL_STATUS_SUCCESS;
}
-
-int32_t psa_get_key_policy_negative_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- int32_t i, status;
- psa_key_policy_t policy;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- for (i = 0; i < num_checks; i++)
- {
- val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
- val->print(PRINT_TEST, check2[i].test_desc, 0);
-
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_get_key_policy with unallocated key handle\n",
- g_test_count++);
- /* Get the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, check2[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_get_key_policy with zero as key handle\n",
- g_test_count++);
- /* Get the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, 0, &policy);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_get_key_policy with empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Get the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, check2[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
- }
-
- return VAL_STATUS_SUCCESS;
-}
diff --git a/api-tests/dev_apis/crypto/test_c008/test_c008.h b/api-tests/dev_apis/crypto/test_c008/test_c008.h
index a67628d..7fd8270 100644
--- a/api-tests/dev_apis/crypto/test_c008/test_c008.h
+++ b/api-tests/dev_apis/crypto/test_c008/test_c008.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,14 +18,13 @@
#define _TEST_C008_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c008)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c008)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c008_crypto_list[];
-int32_t psa_get_key_policy_test(security_t caller);
-int32_t psa_get_key_policy_negative_test(security_t caller);
+int32_t psa_key_derivation_setup_test(security_t caller);
#endif /* _TEST_C008_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c008/test_data.h b/api-tests/dev_apis/crypto/test_c008/test_data.h
index 90a9d91..a350c16 100644
--- a/api-tests/dev_apis/crypto/test_c008/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c008/test_data.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,254 +19,28 @@
typedef struct {
char test_desc[75];
- psa_key_handle_t key_handle;
- psa_key_type_t key_type;
- uint8_t key_data[34];
- uint32_t key_length;
- psa_key_usage_t usage;
- psa_algorithm_t key_alg;
- uint32_t expected_bit_length;
- uint32_t expected_key_length;
+ psa_algorithm_t alg;
psa_status_t expected_status;
} test_data;
-static const uint8_t rsa_384_keypair[1];
-static const uint8_t rsa_384_keydata[1];
-
-static const uint8_t rsa_256_keypair[] = {
- 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
- 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
- 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
- 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
- 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
- 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
- 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
- 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
- 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
- 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
- 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
- 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
- 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
- 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
- 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
- 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
- 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
- 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
- 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
- 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
- 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
- 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
- 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
- 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
- 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
- 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
- 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
- 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
- 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
- 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
- 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
- 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
- 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
- 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
- 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
- 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
- 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
- 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
- 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
- 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
- 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
- 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
- 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
- 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
- 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
- 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
- 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
- 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
- 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
- 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
- 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
- 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
- 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
- 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
- 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
- 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
- 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
- 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
- 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
- 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
- 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
- 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
- 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
- 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
- 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
- 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
- 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
- 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
- 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
- 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
- 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
- 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
- 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
- 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
- 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
- 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
- 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
- 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
- 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
- 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
- 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
- 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
- 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
- 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
- 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
- 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
- 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
- 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
- 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
- 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
- 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
- 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
-
-static const uint8_t rsa_256_keydata[] = {
- 0x30, 0x82, 0x01, 0x0A,
- 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
- 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
- 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
- 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
- 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
- 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
- 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
- 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
- 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
- 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
- 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
- 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
- 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
- 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
- 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
- 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
- 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
- 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
- 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
-
-static const uint8_t ec_keydata[] = {
- 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
- 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
- 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
- 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
- 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
-
-static const uint8_t ec_keypair[] = {
- 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
- 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
-
static test_data check1[] = {
-
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_get_key_policy 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_AES_192
-{"Test psa_get_key_policy 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
-{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
- 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
- AES_24B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_AES_256
-{"Test psa_get_key_policy 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
-{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
- 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-#endif
-
-#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-#ifdef ARCH_TEST_RSA_2048
-{"Test psa_get_key_policy 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
- {0},
- 270, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- 2048, 270, PSA_SUCCESS
+{"Test psa_key_derivation_setup - ECDH + HKDF-SHA-256\n",
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_SUCCESS
},
-{"Test psa_get_key_policy with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
- {0},
- 1193, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- 2048, 1193, PSA_SUCCESS
+{"Test psa_key_derivation_setup - ECDH, unknown KDF\n",
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)),
+ PSA_ERROR_NOT_SUPPORTED
},
-#endif
-#endif
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_DES_1KEY
-{"Test psa_get_key_policy with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
- {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+{"Test psa_key_derivation_setup - bad key derivation algorithm\n",
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_HASH_ALG_INVALID),
+ PSA_ERROR_INVALID_ARGUMENT
},
-#endif
-#ifdef ARCH_TEST_DES_2KEY
-{"Test psa_get_key_policy with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
-{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+{"Test psa_key_derivation_setup - Invalid Algorithm\n",
+ PSA_ALG_INVALID,
+ PSA_ERROR_INVALID_ARGUMENT,
},
-#endif
-
-#ifdef ARCH_TEST_DES_3KEY
-{"Test psa_get_key_policy with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
-{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
-},
-#endif
-#endif
-
-#ifdef ARCH_TEST_ECDSA
-#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
-{"Test psa_get_key_policy with EC Public key\n", 9,
- PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
- {0},
- 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
- 256, 65, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
-{"Test psa_get_key_policy with EC keypair\n", 10,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
- {0},
- 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
- 224, 28, PSA_SUCCESS
-},
-#endif
-#endif
-};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_get_key_policy negative cases\n", 11, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c008/test_entry_c008.c b/api-tests/dev_apis/crypto/test_c008/test_entry_c008.c
index 59f3a24..e31f9d8 100644
--- a/api-tests/dev_apis/crypto/test_c008/test_entry_c008.c
+++ b/api-tests/dev_apis/crypto/test_c008/test_entry_c008.c
@@ -20,7 +20,8 @@
#include "test_c008.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 8)
-#define TEST_DESC "Testing crypto key management APIs\n"
+#define TEST_DESC "Testing crypto key derivation APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c009/test_c009.c b/api-tests/dev_apis/crypto/test_c009/test_c009.c
index 9b252b8..5410ec4 100644
--- a/api-tests/dev_apis/crypto/test_c009/test_c009.c
+++ b/api-tests/dev_apis/crypto/test_c009/test_c009.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,21 +21,25 @@
#include "test_data.h"
#include "val_crypto.h"
-#define MAX_KEYS 100
-
client_test_t test_c009_crypto_list[] = {
NULL,
- psa_allocate_key_test,
- psa_allocate_key_negative_test,
+ psa_key_derivation_input_bytes_test,
NULL,
};
static int g_test_count = 1;
-int32_t psa_allocate_key_test(security_t caller)
+int32_t psa_key_derivation_input_bytes_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t i, status;
+ int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -51,45 +55,27 @@
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3));
-
- /* Destroy a key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
- }
-
- return VAL_STATUS_SUCCESS;
-}
-
-int32_t psa_allocate_key_negative_test(security_t caller)
-{
- int32_t i, j, status;
- psa_key_handle_t key_handle[MAX_KEYS];
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- val->print(PRINT_TEST, "[Check %d] Testing the insufficient memory\n", g_test_count++);
-
- for (i = 0; i < MAX_KEYS; i++)
- {
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &key_handle[i]);
- if (status != PSA_SUCCESS)
- {
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_MEMORY, TEST_CHECKPOINT_NUM(2));
- break;
- }
- }
-
- for (j = 0; j < i; j++)
- {
- /* Destroy a key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, key_handle[j]);
+ /* Set up a key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SETUP, &operation, check1[i].alg);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Provide an input for key derivation or key agreement */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES, &operation,
+ check1[i].step, check1[i].data, check1[i].data_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ /* Abort the key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Key derivation on an aborted operation should fail */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES, &operation,
+ check1[i].step, check1[i].data, check1[i].data_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(6));
+
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c009/test_c009.h b/api-tests/dev_apis/crypto/test_c009/test_c009.h
index f5e758b..c96f1f6 100644
--- a/api-tests/dev_apis/crypto/test_c009/test_c009.h
+++ b/api-tests/dev_apis/crypto/test_c009/test_c009.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,14 +18,13 @@
#define _TEST_C009_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c009)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c009)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c009_crypto_list[];
-int32_t psa_allocate_key_test(security_t caller);
-int32_t psa_allocate_key_negative_test(security_t caller);
+int32_t psa_key_derivation_input_bytes_test(security_t caller);
#endif /* _TEST_C009_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c009/test_data.h b/api-tests/dev_apis/crypto/test_c009/test_data.h
index fd4be3c..647537b 100644
--- a/api-tests/dev_apis/crypto/test_c009/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c009/test_data.h
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,55 +18,54 @@
#include "val_crypto.h"
typedef struct {
- char test_desc[75];
- psa_key_handle_t key_handle;
- psa_status_t expected_status;
+ char test_desc[75];
+ psa_algorithm_t alg;
+ uint8_t data[32];
+ size_t data_length;
+ psa_key_derivation_step_t step;
+ psa_status_t expected_status;
} test_data;
static test_data check1[] = {
-#ifdef ARCH_TEST_AES_128
-{"Test psa_allocate_key 16 Byte AES\n", 1, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_AES_192
-{"Test psa_allocate_key 24 Byte AES\n", 2, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_AES_256
-{"Test psa_allocate_key 32 Byte AES\n", 3, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_RSA_2048
-{"Test psa_allocate_key 2048 RSA public key\n", 4, PSA_SUCCESS
+{"Test psa_key_derivation_input_bytes - Step as Info\n",
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ "abcdefghijklmnop", 16,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ PSA_SUCCESS,
},
-{"Test psa_allocate_key with RSA 2048 keypair\n", 5, PSA_SUCCESS,
-},
-#endif
-
-#ifdef ARCH_TEST_DES_1KEY
-{"Test psa_allocate_key with DES 64 bit key\n", 6, PSA_SUCCESS,
-},
-#endif
-
-#ifdef ARCH_TEST_DES_2KEY
-{"Test psa_allocate_key with Triple DES 2-Key\n", 7, PSA_SUCCESS,
-},
-#endif
-
-#ifdef ARCH_TEST_DES_3KEY
-{"Test psa_allocate_key with Triple DES 3-Key\n", 8, PSA_SUCCESS,
-},
-#endif
-
-#ifdef ARCH_TEST_ECC_CURVE_SECP192R1
-{"Test psa_allocate_key with EC Public key\n", 9, PSA_SUCCESS,
+{"Test psa_key_derivation_input_bytes - Step as secret\n",
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ "abcdefghijklmnop", 16,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ PSA_ERROR_INVALID_ARGUMENT,
},
-{"Test psa_allocate_key with EC keypair\n", 10, PSA_SUCCESS
+{"Test psa_key_derivation_input_bytes - Step as salt\n",
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ "abcdefghijklmnop", 16,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ PSA_SUCCESS,
},
-#endif
+
+{"Test psa_key_derivation_input_bytes - Step as label\n",
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ "abcdefghijklmnop", 16,
+ PSA_KEY_DERIVATION_INPUT_LABEL,
+ PSA_SUCCESS,
+},
+
+{"Test psa_key_derivation_input_bytes - Step as seed\n",
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ "abcdefghijklmnop", 16,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ PSA_SUCCESS,
+},
+
+{"Test psa_key_derivation_input_bytes - Invalid step\n",
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ "abcdefghijklmnop", 16,
+ PSA_KEY_DERIVATION_STEP_INVALID,
+ PSA_ERROR_INVALID_ARGUMENT,
+},
};
diff --git a/api-tests/dev_apis/crypto/test_c009/test_entry_c009.c b/api-tests/dev_apis/crypto/test_c009/test_entry_c009.c
index 93a0abe..5dce994 100644
--- a/api-tests/dev_apis/crypto/test_c009/test_entry_c009.c
+++ b/api-tests/dev_apis/crypto/test_c009/test_entry_c009.c
@@ -20,7 +20,8 @@
#include "test_c009.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 9)
-#define TEST_DESC "Testing crypto key management APIs\n"
+#define TEST_DESC "Testing crypto key derivation APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c010/test_c010.c b/api-tests/dev_apis/crypto/test_c010/test_c010.c
index 24e335e..041d26b 100644
--- a/api-tests/dev_apis/crypto/test_c010/test_c010.c
+++ b/api-tests/dev_apis/crypto/test_c010/test_c010.c
@@ -23,20 +23,29 @@
client_test_t test_c010_crypto_list[] = {
NULL,
- psa_get_key_lifetime_test,
- psa_get_key_lifetime_negative_test,
+ psa_key_attributes_set_get_test,
NULL,
};
static int g_test_count = 1;
-int32_t psa_get_key_lifetime_test(security_t caller)
+int32_t psa_key_attributes_set_get_test(security_t caller)
{
- const uint8_t *key_data;
- psa_key_policy_t policy;
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t i, status;
- psa_key_lifetime_t lifetime;
+ int32_t i, status;
+ psa_key_type_t get_key_type;
+ psa_key_id_t get_key_id;
+ psa_key_lifetime_t get_key_lifetime;
+ psa_key_usage_t get_key_usage_flags;
+ psa_algorithm_t get_key_algorithm;
+ size_t get_key_bits;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -48,121 +57,78 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
- {
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
- {
- if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
- key_data = rsa_384_keypair;
- else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
- key_data = rsa_256_keypair;
- else
- return VAL_STATUS_INVALID;
- }
- else
- {
- if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
- key_data = rsa_384_keydata;
- else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
- key_data = rsa_256_keydata;
- else
- return VAL_STATUS_INVALID;
- }
- }
- else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
- {
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
- key_data = ec_keypair;
- else
- key_data = ec_keydata;
- }
- else
- key_data = check1[i].key_data;
+ /* Check if all the attributes are initialized to zero */
+ val->crypto_function(VAL_CRYPTO_GET_KEY_TYPE, &attributes, &get_key_type);
+ TEST_ASSERT_EQUAL(get_key_type, 0, TEST_CHECKPOINT_NUM(3));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ID, &attributes, &get_key_id);
+ TEST_ASSERT_EQUAL(get_key_id, 0, TEST_CHECKPOINT_NUM(4));
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3));
+ val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, &attributes, &get_key_lifetime);
+ TEST_ASSERT_EQUAL(get_key_lifetime, 0, TEST_CHECKPOINT_NUM(5));
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ val->crypto_function(VAL_CRYPTO_GET_KEY_USAGE_FLAGS, &attributes, &get_key_usage_flags);
+ TEST_ASSERT_EQUAL(get_key_usage_flags, 0, TEST_CHECKPOINT_NUM(6));
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ALGORITHM, &attributes, &get_key_algorithm);
+ TEST_ASSERT_EQUAL(get_key_algorithm, 0, TEST_CHECKPOINT_NUM(7));
- /* Get the lifetime of a key slot */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, check1[i].key_handle, &lifetime);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ val->crypto_function(VAL_CRYPTO_GET_KEY_BITS, &attributes, &get_key_bits);
+ TEST_ASSERT_EQUAL(get_key_bits, 0, TEST_CHECKPOINT_NUM(8));
- TEST_ASSERT_EQUAL(lifetime, check1[i].lifetime, TEST_CHECKPOINT_NUM(7));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &attributes, check1[i].attr_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ID, &attributes, check1[i].key_id);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_LIFETIME, &attributes, check1[i].key_lifetime);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Check if all the attributes are as per the input */
+ val->crypto_function(VAL_CRYPTO_GET_KEY_TYPE, &attributes, &get_key_type);
+ TEST_ASSERT_EQUAL(get_key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(9));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ID, &attributes, &get_key_id);
+ TEST_ASSERT_EQUAL(get_key_id, check1[i].key_id, TEST_CHECKPOINT_NUM(10));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, &attributes, &get_key_lifetime);
+ TEST_ASSERT_EQUAL(get_key_lifetime, check1[i].key_lifetime, TEST_CHECKPOINT_NUM(11));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_USAGE_FLAGS, &attributes, &get_key_usage_flags);
+ TEST_ASSERT_EQUAL(get_key_usage_flags, check1[i].usage, TEST_CHECKPOINT_NUM(12));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ALGORITHM, &attributes, &get_key_algorithm);
+ TEST_ASSERT_EQUAL(get_key_algorithm, check1[i].key_alg, TEST_CHECKPOINT_NUM(13));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_BITS, &attributes, &get_key_bits);
+ TEST_ASSERT_EQUAL(get_key_bits, check1[i].attr_bits, TEST_CHECKPOINT_NUM(14));
+
+ /* Reset the attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Check if all the attributes are erased */
+ val->crypto_function(VAL_CRYPTO_GET_KEY_TYPE, &attributes, &get_key_type);
+ TEST_ASSERT_EQUAL(get_key_type, 0, TEST_CHECKPOINT_NUM(15));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ID, &attributes, &get_key_id);
+ TEST_ASSERT_EQUAL(get_key_id, 0, TEST_CHECKPOINT_NUM(16));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, &attributes, &get_key_lifetime);
+ TEST_ASSERT_EQUAL(get_key_lifetime, 0, TEST_CHECKPOINT_NUM(17));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_USAGE_FLAGS, &attributes, &get_key_usage_flags);
+ TEST_ASSERT_EQUAL(get_key_usage_flags, 0, TEST_CHECKPOINT_NUM(18));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ALGORITHM, &attributes, &get_key_algorithm);
+ TEST_ASSERT_EQUAL(get_key_algorithm, 0, TEST_CHECKPOINT_NUM(19));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_BITS, &attributes, &get_key_bits);
+ TEST_ASSERT_EQUAL(get_key_bits, 0, TEST_CHECKPOINT_NUM(20));
}
return VAL_STATUS_SUCCESS;
}
-
-int32_t psa_get_key_lifetime_negative_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- int32_t i, status;
- psa_key_lifetime_t lifetime;
- psa_key_policy_t policy;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_get_key_lifetime with invalid key handle\n",
- g_test_count++);
- /* Get the lifetime of a key slot */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, check2[i].key_handle, &lifetime);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_get_key_lifetime with zero as key handle\n",
- g_test_count++);
- /* Get the lifetime of a key slot */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, 0, &lifetime);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_get_key_lifetime with empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Get the lifetime of a key slot */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, check2[i].key_handle, &lifetime);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
- }
-
- return VAL_STATUS_SUCCESS;
-}
diff --git a/api-tests/dev_apis/crypto/test_c010/test_c010.h b/api-tests/dev_apis/crypto/test_c010/test_c010.h
index 03308e8..eb5bdf7 100644
--- a/api-tests/dev_apis/crypto/test_c010/test_c010.h
+++ b/api-tests/dev_apis/crypto/test_c010/test_c010.h
@@ -18,14 +18,13 @@
#define _TEST_C010_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c010)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c010)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c010_crypto_list[];
-int32_t psa_get_key_lifetime_test(security_t caller);
-int32_t psa_get_key_lifetime_negative_test(security_t caller);
+int32_t psa_key_attributes_set_get_test(security_t caller);
#endif /* _TEST_C010_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c010/test_data.h b/api-tests/dev_apis/crypto/test_c010/test_data.h
index e8c7b2d..d6dc65d 100644
--- a/api-tests/dev_apis/crypto/test_c010/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c010/test_data.h
@@ -19,257 +19,18 @@
typedef struct {
char test_desc[75];
- psa_key_handle_t key_handle;
psa_key_type_t key_type;
- uint8_t key_data[34];
- uint32_t key_length;
+ size_t attr_bits;
psa_key_usage_t usage;
psa_algorithm_t key_alg;
+ psa_key_id_t key_id;
+ psa_key_lifetime_t key_lifetime;
psa_key_lifetime_t lifetime;
- uint32_t expected_bit_length;
- uint32_t expected_key_length;
- psa_status_t expected_status;
} test_data;
-static const uint8_t rsa_384_keypair[1];
-static const uint8_t rsa_384_keydata[1];
-
-static const uint8_t rsa_256_keypair[] = {
- 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
- 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
- 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
- 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
- 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
- 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
- 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
- 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
- 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
- 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
- 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
- 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
- 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
- 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
- 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
- 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
- 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
- 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
- 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
- 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
- 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
- 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
- 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
- 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
- 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
- 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
- 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
- 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
- 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
- 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
- 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
- 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
- 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
- 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
- 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
- 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
- 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
- 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
- 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
- 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
- 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
- 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
- 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
- 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
- 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
- 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
- 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
- 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
- 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
- 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
- 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
- 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
- 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
- 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
- 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
- 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
- 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
- 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
- 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
- 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
- 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
- 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
- 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
- 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
- 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
- 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
- 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
- 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
- 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
- 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
- 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
- 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
- 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
- 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
- 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
- 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
- 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
- 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
- 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
- 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
- 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
- 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
- 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
- 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
- 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
- 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
- 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
- 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
- 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
- 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
- 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
- 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
-
-static const uint8_t rsa_256_keydata[] = {
- 0x30, 0x82, 0x01, 0x0A,
- 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
- 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
- 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
- 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
- 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
- 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
- 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
- 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
- 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
- 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
- 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
- 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
- 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
- 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
- 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
- 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
- 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
- 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
- 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
-
-static const uint8_t ec_keydata[] = {
- 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
- 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
- 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
- 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
- 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
-
-static const uint8_t ec_keypair[] = {
- 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
- 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
-
static test_data check1[] = {
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_get_key_lifetime 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- PSA_KEY_LIFETIME_VOLATILE, BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+{"Test set/get key attributes\n", PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM, 0x1234,
+ PSA_KEY_LIFETIME_PERSISTENT
},
-#endif
-#endif
-
-#ifdef NO_SUPPORT
-/* PSA crypto doesn't support these test scenarios */
-{"Test psa_get_key_lifetime 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
-{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
- 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
- AES_24B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
- PSA_KEY_LIFETIME_PERSISTENT, BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
-},
-
-{"Test psa_get_key_lifetime 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
-{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
- 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
- PSA_KEY_LIFETIME_WRITE_ONCE, BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-#ifdef ARCH_TEST_RSA_2048
-{"Test psa_get_key_lifetime 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
- {0},
- 270, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- PSA_KEY_LIFETIME_VOLATILE, 2048, 270, PSA_SUCCESS
-},
-#endif
-#endif
-
-#ifdef NO_SUPPORT
-/* PSA crypto doesn't support these test scenarios */
-{"Test psa_get_key_lifetime with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
- {0},
- 1193, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- PSA_KEY_LIFETIME_PERSISTENT, 2048, 1193, PSA_SUCCESS
-},
-
-{"Test psa_get_key_lifetime with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
- {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- PSA_KEY_LIFETIME_WRITE_ONCE, BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_DES_2KEY
-{"Test psa_get_key_lifetime with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
-{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- PSA_KEY_LIFETIME_VOLATILE, BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
-},
-#endif
-#endif
-
-#ifdef NO_SUPPORT
-/* PSA crypto doesn't support these test scenarios */
-{"Test psa_get_key_lifetime with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
-{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- PSA_KEY_LIFETIME_PERSISTENT, BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
-#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
-{"Test psa_get_key_lifetime with EC Public key\n", 9,
- PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
- {0},
- 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
- PSA_KEY_LIFETIME_VOLATILE, 256, 65, PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
-{"Test psa_get_key_lifetime with EC keypair\n", 10,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
- {0},
- 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
- PSA_KEY_LIFETIME_VOLATILE, 224, 28, PSA_SUCCESS
-},
-#endif
-#endif
-
-};
-
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_get_key_lifetime with negative cases\n", 11, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_KEY_LIFETIME_VOLATILE,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
-},
-#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c010/test_entry_c010.c b/api-tests/dev_apis/crypto/test_c010/test_entry_c010.c
index 23012e9..c8e32c7 100644
--- a/api-tests/dev_apis/crypto/test_c010/test_entry_c010.c
+++ b/api-tests/dev_apis/crypto/test_c010/test_entry_c010.c
@@ -20,7 +20,8 @@
#include "test_c010.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 10)
-#define TEST_DESC "Testing crypto key management APIs\n"
+#define TEST_DESC "Testing crypto key attributes APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c011/test_c011.c b/api-tests/dev_apis/crypto/test_c011/test_c011.c
index 13176a2..4dbc8da 100644
--- a/api-tests/dev_apis/crypto/test_c011/test_c011.c
+++ b/api-tests/dev_apis/crypto/test_c011/test_c011.c
@@ -35,6 +35,12 @@
int32_t i, status;
psa_hash_operation_t operation;
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
diff --git a/api-tests/dev_apis/crypto/test_c011/test_c011.h b/api-tests/dev_apis/crypto/test_c011/test_c011.h
index 3b33444..4c49ee9 100644
--- a/api-tests/dev_apis/crypto/test_c011/test_c011.h
+++ b/api-tests/dev_apis/crypto/test_c011/test_c011.h
@@ -18,9 +18,9 @@
#define _TEST_C011_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c011)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c011)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c011/test_entry_c011.c b/api-tests/dev_apis/crypto/test_c011/test_entry_c011.c
index 33d5730..0913ede 100644
--- a/api-tests/dev_apis/crypto/test_c011/test_entry_c011.c
+++ b/api-tests/dev_apis/crypto/test_c011/test_entry_c011.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 11)
#define TEST_DESC "Testing crypto hash functions APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c012/test_c012.c b/api-tests/dev_apis/crypto/test_c012/test_c012.c
index a02f8ad..1bce2b3 100644
--- a/api-tests/dev_apis/crypto/test_c012/test_c012.c
+++ b/api-tests/dev_apis/crypto/test_c012/test_c012.c
@@ -37,6 +37,12 @@
int32_t i, status;
psa_hash_operation_t operation;
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
diff --git a/api-tests/dev_apis/crypto/test_c012/test_c012.h b/api-tests/dev_apis/crypto/test_c012/test_c012.h
index ca36220..6c82797 100644
--- a/api-tests/dev_apis/crypto/test_c012/test_c012.h
+++ b/api-tests/dev_apis/crypto/test_c012/test_c012.h
@@ -18,9 +18,9 @@
#define _TEST_C012_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c012)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c012)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c012/test_entry_c012.c b/api-tests/dev_apis/crypto/test_c012/test_entry_c012.c
index cae0904..d749054 100644
--- a/api-tests/dev_apis/crypto/test_c012/test_entry_c012.c
+++ b/api-tests/dev_apis/crypto/test_c012/test_entry_c012.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 12)
#define TEST_DESC "Testing crypto hash functions APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c013/test_c013.c b/api-tests/dev_apis/crypto/test_c013/test_c013.c
index ccec9ca..3072d14 100644
--- a/api-tests/dev_apis/crypto/test_c013/test_c013.c
+++ b/api-tests/dev_apis/crypto/test_c013/test_c013.c
@@ -37,6 +37,12 @@
psa_hash_operation_t operation;
const char *hash;
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
diff --git a/api-tests/dev_apis/crypto/test_c013/test_c013.h b/api-tests/dev_apis/crypto/test_c013/test_c013.h
index 5135dda..02e91e6 100644
--- a/api-tests/dev_apis/crypto/test_c013/test_c013.h
+++ b/api-tests/dev_apis/crypto/test_c013/test_c013.h
@@ -18,9 +18,9 @@
#define _TEST_C013_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c013)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c013)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c013/test_entry_c013.c b/api-tests/dev_apis/crypto/test_c013/test_entry_c013.c
index 99ca4d2..b343e65 100644
--- a/api-tests/dev_apis/crypto/test_c013/test_entry_c013.c
+++ b/api-tests/dev_apis/crypto/test_c013/test_entry_c013.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 13)
#define TEST_DESC "Testing crypto hash functions APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c014/test_c014.c b/api-tests/dev_apis/crypto/test_c014/test_c014.c
index 272e0e0..5a5863e 100644
--- a/api-tests/dev_apis/crypto/test_c014/test_c014.c
+++ b/api-tests/dev_apis/crypto/test_c014/test_c014.c
@@ -40,6 +40,12 @@
char hash[HASH_64B];
size_t hash_length, hash_size = sizeof(hash);
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
diff --git a/api-tests/dev_apis/crypto/test_c014/test_c014.h b/api-tests/dev_apis/crypto/test_c014/test_c014.h
index 348e07c..35dc791 100644
--- a/api-tests/dev_apis/crypto/test_c014/test_c014.h
+++ b/api-tests/dev_apis/crypto/test_c014/test_c014.h
@@ -18,9 +18,9 @@
#define _TEST_C014_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c014)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c014)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c014/test_entry_c014.c b/api-tests/dev_apis/crypto/test_c014/test_entry_c014.c
index 3934edc..0a95c7a 100644
--- a/api-tests/dev_apis/crypto/test_c014/test_entry_c014.c
+++ b/api-tests/dev_apis/crypto/test_c014/test_entry_c014.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 14)
#define TEST_DESC "Testing crypto hash functions APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c015/test_c015.c b/api-tests/dev_apis/crypto/test_c015/test_c015.c
index 8f725f3..3e989e7 100644
--- a/api-tests/dev_apis/crypto/test_c015/test_c015.c
+++ b/api-tests/dev_apis/crypto/test_c015/test_c015.c
@@ -36,6 +36,12 @@
int32_t i, status;
psa_hash_operation_t operation;
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
diff --git a/api-tests/dev_apis/crypto/test_c015/test_c015.h b/api-tests/dev_apis/crypto/test_c015/test_c015.h
index bf435c2..34490be 100644
--- a/api-tests/dev_apis/crypto/test_c015/test_c015.h
+++ b/api-tests/dev_apis/crypto/test_c015/test_c015.h
@@ -18,9 +18,9 @@
#define _TEST_C015_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c015)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c015)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c015/test_entry_c015.c b/api-tests/dev_apis/crypto/test_c015/test_entry_c015.c
index b403a95..5afd52c 100644
--- a/api-tests/dev_apis/crypto/test_c015/test_entry_c015.c
+++ b/api-tests/dev_apis/crypto/test_c015/test_entry_c015.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 15)
#define TEST_DESC "Testing crypto hash functions APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c016/test_c016.c b/api-tests/dev_apis/crypto/test_c016/test_c016.c
index 9781827..63fa51c 100644
--- a/api-tests/dev_apis/crypto/test_c016/test_c016.c
+++ b/api-tests/dev_apis/crypto/test_c016/test_c016.c
@@ -24,7 +24,6 @@
client_test_t test_c016_crypto_list[] = {
NULL,
psa_generate_key_test,
- psa_generate_key_negative_test,
NULL,
};
@@ -33,17 +32,26 @@
int32_t psa_generate_key_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- uint32_t i, length;
- psa_key_policy_t policy;
- psa_key_type_t key_type;
- size_t bits;
- int32_t status;
+ int32_t i, status;
+ size_t length;
+ psa_key_type_t get_key_type;
+ psa_key_usage_t get_key_usage;
+ psa_algorithm_t get_key_alg;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t get_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+ /* Set the key data buffer to the input base on algorithm */
for (i = 0; i < num_checks; i++)
{
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
@@ -53,53 +61,51 @@
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &attributes, check1[i].attr_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
-
- /* Generate a key or key pair */
- status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].bits, check1[i].extra, check1[i].extra_size);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+ /* Generate the key */
+ status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, &attributes, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3));
if (check1[i].expected_status != PSA_SUCCESS)
- {
- /* Destroy the key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
continue;
- }
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
- &key_type, &bits);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ /* Get the attributes of the imported key and check if it matches the given value */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_ATTRIBUTES, check1[i].key_handle,
+ &get_attributes);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
- TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(8));
+ val->crypto_function(VAL_CRYPTO_GET_KEY_TYPE, &get_attributes, &get_key_type);
+ TEST_ASSERT_EQUAL(get_key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(5));
- TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(9));
+ if (check1[i].attr_bits != 0)
+ TEST_ASSERT_EQUAL(get_attributes.bits, check1[i].attr_bits, TEST_CHECKPOINT_NUM(6));
+ else
+ TEST_ASSERT_EQUAL(get_attributes.bits, check1[i].expected_bit_length,
+ TEST_CHECKPOINT_NUM(7));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_USAGE_FLAGS, &get_attributes, &get_key_usage);
+ TEST_ASSERT_EQUAL(get_key_usage, check1[i].usage, TEST_CHECKPOINT_NUM(8));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ALGORITHM, &get_attributes, &get_key_alg);
+ TEST_ASSERT_EQUAL(get_key_alg, check1[i].key_alg, TEST_CHECKPOINT_NUM(9));
/* Export a key in binary format */
status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle, data,
BUFFER_SIZE, &length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ /* Check the attributes of the exported key */
TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(11));
+ /* Reset the attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &get_attributes);
+
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
@@ -107,78 +113,3 @@
return VAL_STATUS_SUCCESS;
}
-
-int32_t psa_generate_key_negative_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- uint32_t i;
- psa_key_policy_t policy;
- int32_t status;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_generate_key with unallocated key handle\n",
- g_test_count++);
- /* Generate a key or key pair */
- status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check2[i].key_handle,
- check2[i].key_type, check2[i].bits, check2[i].extra, check2[i].extra_size);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_generate_key with zero as key handle\n",
- g_test_count++);
- /* Generate a key or key pair */
- status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, 0, check2[i].key_type,
- check2[i].bits, check2[i].extra, check2[i].extra_size);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_generate_key with pre-occupied key handle\n",
- g_test_count++);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Generate a key or key pair */
- status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check2[i].key_handle,
- check2[i].key_type, check2[i].bits, check2[i].extra, check2[i].extra_size);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
-
- /* Generate a key or key pair */
- status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check2[i].key_handle,
- check2[i].key_type, check2[i].bits, check2[i].extra, check2[i].extra_size);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_ALREADY_EXISTS, TEST_CHECKPOINT_NUM(8));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_generate_key with destroyed key handle\n",
- g_test_count++);
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
-
- /* Generate a key or key pair */
- status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check2[i].key_handle,
- check2[i].key_type, check2[i].bits, check2[i].extra, check2[i].extra_size);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(10));
- }
-
- return VAL_STATUS_SUCCESS;
-}
-
diff --git a/api-tests/dev_apis/crypto/test_c016/test_c016.h b/api-tests/dev_apis/crypto/test_c016/test_c016.h
index 7697b91..3302aa8 100644
--- a/api-tests/dev_apis/crypto/test_c016/test_c016.h
+++ b/api-tests/dev_apis/crypto/test_c016/test_c016.h
@@ -18,14 +18,13 @@
#define _TEST_C016_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c016)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c016)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c016_crypto_list[];
int32_t psa_generate_key_test(security_t caller);
-int32_t psa_generate_key_negative_test(security_t caller);
#endif /* _TEST_C016_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c016/test_data.h b/api-tests/dev_apis/crypto/test_c016/test_data.h
index 8bcd087..c184c90 100644
--- a/api-tests/dev_apis/crypto/test_c016/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c016/test_data.h
@@ -23,123 +23,89 @@
psa_key_type_t key_type;
psa_key_usage_t usage;
psa_algorithm_t key_alg;
- size_t bits;
- void *extra;
- size_t extra_size;
+ size_t attr_bits;
uint32_t expected_bit_length;
uint32_t expected_key_length;
psa_status_t expected_status;
} test_data;
-#ifdef FUTURE_SUPPORT
-static uint32_t rsa_extra = 3;
-#endif
-
static test_data check1[] = {
#ifdef ARCH_TEST_CIPER_MODE_CTR
#ifdef ARCH_TEST_AES_128
{"Test psa_generate_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
- PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), NULL, 0,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_AES_192
{"Test psa_generate_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
- PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_24B_KEY_SIZE), NULL, 0,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(AES_24B_KEY_SIZE),
BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_AES_256
{"Test psa_generate_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
- PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_32B_KEY_SIZE), NULL, 0,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(AES_32B_KEY_SIZE),
BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_DES_1KEY
{"Test psa_generate_key with DES 64 bit key\n", 4, PSA_KEY_TYPE_DES,
- PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES_8B_KEY_SIZE), NULL, 0,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(DES_8B_KEY_SIZE),
BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_DES_2KEY
{"Test psa_generate_key with Triple DES 2-Key\n", 5, PSA_KEY_TYPE_DES,
- PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES3_2KEY_SIZE), NULL, 0,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(DES3_2KEY_SIZE),
BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_DES_3KEY
{"Test psa_generate_key with Triple DES 3-Key\n", 6, PSA_KEY_TYPE_DES,
- PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(DES3_3KEY_SIZE), NULL, 0,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(DES3_3KEY_SIZE),
BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
},
#endif
-#ifdef ARCH_TEST_AES_256
-{"Test psa_generate_key with Null extra and Non-Zero extra size\n", 7, PSA_KEY_TYPE_AES,
- PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_32B_KEY_SIZE), NULL, sizeof(uint32_t),
- 0, 0, PSA_ERROR_INVALID_ARGUMENT
-},
-#endif
#endif
-#ifdef FUTURE_SUPPORT
-{"Test psa_generate_key with RSA 2048 Keypair\n", 8, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_generate_key with RSA 2048 Keypair\n", 7, PSA_KEY_TYPE_RSA_KEY_PAIR,
PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- 2048, NULL, 0,
- 2048, 1193, PSA_SUCCESS
+ 2048, 2048, 1192, PSA_SUCCESS
},
-#endif
#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
-{"Test psa_generate_key with ECC KeyPair\n", 9,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
- PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
- 224, NULL, 0,
+{"Test psa_generate_key with ECC KeyPair\n", 8,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1),
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, 224,
224, 28, PSA_SUCCESS
},
#endif
#endif
-#ifdef FUTURE_SUPPORT
-{"Test psa_generate_key with Non-Null extra for 32 Byte AES key\n", 10, PSA_KEY_TYPE_AES,
- PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_32B_KEY_SIZE), &rsa_extra, sizeof(uint32_t),
- 0, 0, PSA_ERROR_INVALID_ARGUMENT
-},
-#endif
-
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
#ifdef ARCH_TEST_RSA_2048
-{"Test psa_generate_key with RSA 2048 Public key\n", 11, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{"Test psa_generate_key with RSA 2048 Public key\n", 9, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- 2048, NULL, 0,
- 2048, 1193, PSA_ERROR_NOT_SUPPORTED
+ 2048, 2048, 1192, PSA_ERROR_NOT_SUPPORTED
},
#endif
#endif
-};
-static test_data check2[] = {
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_generate_key negative cases\n", 12, PSA_KEY_TYPE_AES,
- PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), NULL, 0,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+{"Test psa_generate_key with invalid key type\n", 10, 0,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_NOT_SUPPORTED
},
-#endif
-#endif
+
+{"Test psa_generate_key with invalid usage flags\n", 11, PSA_KEY_TYPE_AES,
+ PSA_KEY_USAGE_INVALID, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
};
diff --git a/api-tests/dev_apis/crypto/test_c016/test_entry_c016.c b/api-tests/dev_apis/crypto/test_c016/test_entry_c016.c
index 3957dd6..c88aa16 100644
--- a/api-tests/dev_apis/crypto/test_c016/test_entry_c016.c
+++ b/api-tests/dev_apis/crypto/test_c016/test_entry_c016.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 16)
#define TEST_DESC "Testing crypto generator functions APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c017/test_c017.c b/api-tests/dev_apis/crypto/test_c017/test_c017.c
index 8aeab9c..4536f35 100644
--- a/api-tests/dev_apis/crypto/test_c017/test_c017.c
+++ b/api-tests/dev_apis/crypto/test_c017/test_c017.c
@@ -27,7 +27,7 @@
NULL,
};
-static int g_test_count = 1;
+static int g_test_count = 1;
static uint8_t data[BUFFER_SIZE], changed[BUFFER_SIZE];
int32_t psa_generate_random_test(security_t caller)
@@ -37,6 +37,12 @@
uint8_t trail[] = "don't overwrite me";
int32_t status;
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
diff --git a/api-tests/dev_apis/crypto/test_c017/test_c017.h b/api-tests/dev_apis/crypto/test_c017/test_c017.h
index ee8c4ef..dedf975 100644
--- a/api-tests/dev_apis/crypto/test_c017/test_c017.h
+++ b/api-tests/dev_apis/crypto/test_c017/test_c017.h
@@ -18,9 +18,9 @@
#define _TEST_C017_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c017)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c017)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c017/test_entry_c017.c b/api-tests/dev_apis/crypto/test_c017/test_entry_c017.c
index 500d2ec..d39eb09 100644
--- a/api-tests/dev_apis/crypto/test_c017/test_entry_c017.c
+++ b/api-tests/dev_apis/crypto/test_c017/test_entry_c017.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -20,7 +20,8 @@
#include "test_c017.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 17)
-#define TEST_DESC "Testing crypto generator functions APIs\n"
+#define TEST_DESC "Testing crypto generation APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c018/test_c018.c b/api-tests/dev_apis/crypto/test_c018/test_c018.c
index 0bdf91a..e85842d 100644
--- a/api-tests/dev_apis/crypto/test_c018/test_c018.c
+++ b/api-tests/dev_apis/crypto/test_c018/test_c018.c
@@ -23,157 +23,174 @@
client_test_t test_c018_crypto_list[] = {
NULL,
- psa_generator_read_test,
- psa_generator_read_negative_test,
+ psa_key_derivation_input_key_test,
+ psa_key_derivation_input_key_negative_test,
NULL,
};
-static int g_test_count = 1;
-static uint8_t data[BUFFER_SIZE_HIGH];
+static int g_test_count = 1;
-int32_t psa_generator_read_test(security_t caller)
+int32_t psa_key_derivation_input_key_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- uint32_t i, j, data_sum, remaining_size;
- psa_key_policy_t policy;
- psa_crypto_generator_t generator, invalid_generator;
- int32_t status;
+ int32_t i, status;
+ const uint8_t *key_data;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+ /* Set the key data buffer to the input base on algorithm */
for (i = 0; i < num_checks; i++)
{
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- memset(&generator, 0, sizeof(generator));
- memset(&invalid_generator, 0xDEADEAD, sizeof(invalid_generator));
- memset(data, 0, sizeof(data));
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &attributes, check1[i].attr_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ if (check1[i].expected_status == PSA_SUCCESS)
+ {
+ /* Provide an input for key derivation or key agreement without setup should be
+ * failure.
+ */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_KEY, &operation,
+ check1[i].step, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(4));
+ }
+
+ /* Set up a key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SETUP, &operation,
+ check1[i].alg);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
- /* Set up a key derivation operation. Using this function to initialize the generate as
- * XOR or PRNG generator initialization is not implemented.
- */
- status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator, check1[i].key_handle,
- check1[i].key_alg, &check1[i].salt, check1[i].salt_length, &check1[i].label,
- check1[i].label_length, check1[i].capacity);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Read some data from a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, data,
- check1[i].size);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+ /* Provide an input for key derivation or key agreement */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_KEY, &operation,
+ check1[i].step, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
if (check1[i].expected_status != PSA_SUCCESS)
{
- /* Abort a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
-
- /* Destroy the key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ /* Abort the key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
continue;
}
- data_sum = 0;
- /* Check that if generated data are zero */
- for (j = 0; j < check1[i].size; j++)
- {
- data_sum += data[j];
- }
-
- memset(data, 0, sizeof(data));
- TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(10));
-
- remaining_size = check1[i].capacity - check1[i].size;
- if (remaining_size > 0)
- {
- /* Read some data from a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator,
- data, remaining_size);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
-
- data_sum = 0;
- /* Check that if generated data are zero */
- for (j = 0; j < remaining_size; j++)
- {
- data_sum += data[j];
- }
-
- memset(data, 0, sizeof(data));
- TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(12));
-
- /* Read some data from a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator,
- data, check1[i].size);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_DATA, TEST_CHECKPOINT_NUM(13));
- }
-
- /* Abort a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
-
- /* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Provide an input for key derivation or key agreement */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_KEY, &operation,
+ check1[i].step, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(9));
+
+ /* Abort the key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
}
-int32_t psa_generator_read_negative_test(security_t caller)
+int32_t psa_key_derivation_input_key_negative_test(security_t caller)
{
- uint32_t i;
- psa_crypto_generator_t generator[] = {psa_crypto_generator_init(),
- PSA_CRYPTO_GENERATOR_INIT, {0} };
- uint32_t generator_count = sizeof(generator)/sizeof(generator[0]);
- int32_t status;
-
- val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
- val->print(PRINT_TEST, "Test psa_generator_read without setup\n", 0);
+ int32_t i, status;
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
- memset(data, 0, sizeof(data));
-
- for (i = 0; i < generator_count; i++)
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
{
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator[i], data, 1);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(2));
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check2[i].test_desc, 0);
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator[i]);
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set up a key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SETUP, &operation,
+ check2[i].alg);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Provide an input for key derivation or key agreement */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_KEY, &operation,
+ check2[i].step, check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ /* Abort the key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Set up a key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SETUP, &operation,
+ check2[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Provide an input for key derivation or key agreement */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_KEY, &operation,
+ check2[i].step, 0);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c018/test_c018.h b/api-tests/dev_apis/crypto/test_c018/test_c018.h
index bd19651..3d18506 100644
--- a/api-tests/dev_apis/crypto/test_c018/test_c018.h
+++ b/api-tests/dev_apis/crypto/test_c018/test_c018.h
@@ -18,14 +18,14 @@
#define _TEST_C018_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c018)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c018)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c018_crypto_list[];
-int32_t psa_generator_read_test(security_t caller);
-int32_t psa_generator_read_negative_test(security_t caller);
+int32_t psa_key_derivation_input_key_test(security_t caller);
+int32_t psa_key_derivation_input_key_negative_test(security_t caller);
#endif /* _TEST_C018_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c018/test_data.h b/api-tests/dev_apis/crypto/test_c018/test_data.h
index f2c136e..56d26fc 100644
--- a/api-tests/dev_apis/crypto/test_c018/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c018/test_data.h
@@ -18,80 +18,254 @@
#include "val_crypto.h"
typedef struct {
- char test_desc[75];
- psa_key_handle_t key_handle;
- psa_key_type_t key_type;
- uint8_t key_data[32];
- uint32_t key_length;
- psa_key_usage_t usage;
- psa_algorithm_t key_alg;
- uint8_t salt[16];
- size_t salt_length;
- uint8_t label[16];
- size_t label_length;
- size_t capacity;
- size_t size;
- psa_status_t expected_status;
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ size_t attr_bits;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_key_derivation_step_t step;
+ psa_algorithm_t alg;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
} test_data;
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
static test_data check1[] = {
-/* Covers the following cases
- * - 16 Byte key
- * - SHA 256
- * - Output size less than generator capacity
- */
-#ifdef ARCH_TEST_HKDF
-#ifdef ARCH_TEST_SHA256
-{"Test psa_generator_read to get 16 Byte data with SHA-256\n", 1, PSA_KEY_TYPE_DERIVE,
+
+{"Test psa_key_derivation_input_key 16 Byte Key\n", 1, PSA_KEY_TYPE_DERIVE,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
- {0}, 0, {0}, 0, 32,
- 16, PSA_SUCCESS
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ PSA_KEY_DERIVATION_INPUT_SECRET, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+
+{"Test psa_key_derivation_input_key with invalid usage\n", 2, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ PSA_KEY_DERIVATION_INPUT_SECRET, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_NOT_PERMITTED
+},
+
+{"Test psa_key_derivation_input_key with step as label\n", 3, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ PSA_KEY_DERIVATION_INPUT_LABEL, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_key_derivation_input_key with step as info\n", 4, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ PSA_KEY_DERIVATION_INPUT_INFO, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_key_derivation_input_key with step as seed\n", 5, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ PSA_KEY_DERIVATION_INPUT_SEED, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_key_derivation_input_key with step as salt\n", 6, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ PSA_KEY_DERIVATION_INPUT_SALT, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_key_derivation_input_key with key type as AES(not derive)\n", 7, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05},
+ AES_24B_KEY_SIZE, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ PSA_KEY_DERIVATION_INPUT_SECRET, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT,
},
#endif
-/* Covers the following cases
- * - 32 Byte key
- * - SHA 512
- * - Output size equal to generator capacity
- */
-#ifdef ARCH_TEST_SHA512
-{"Test psa_generator_read to get 32 Byte data with SHA-512\n", 2, PSA_KEY_TYPE_DERIVE,
+
+{"Test psa_key_derivation_input_key incorrect key algorithm\n", 8, PSA_KEY_TYPE_DERIVE,
{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_512),
- {0}, 0, {0}, 0, 64,
- 64, PSA_SUCCESS
-},
-#endif
-
-/* Covers the following cases
- * - 8 Byte Key
- * - SHA 1
- * - Output size greater than the generator capacity
- */
-#ifdef ARCH_TEST_SHA1
-{"Test psa_generator_read to get 8 Byte data with SHA-1\n", 3, PSA_KEY_TYPE_DERIVE,
-{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_1),
- {0}, 0, {0}, 0, 64,
- 70, PSA_ERROR_INSUFFICIENT_DATA
+ AES_32B_KEY_SIZE, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_CTR, PSA_KEY_DERIVATION_INPUT_SECRET,
+ PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_ERROR_NOT_PERMITTED
},
-{"Test psa_generator_read to request maximum capacity\n", 4, PSA_KEY_TYPE_DERIVE,
-{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_1),
- {0}, 0, {0}, 0, (255 * 20),
- (255 * 20), PSA_SUCCESS
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_key_derivation_input_key 2048 RSA public key\n", 9, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_KEY_DERIVATION_INPUT_SECRET,
+ PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ 2048, 270, PSA_ERROR_INVALID_ARGUMENT,
},
-{"Test psa_generator_read to request maximum capacity +1\n", 5, PSA_KEY_TYPE_DERIVE,
-{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_1),
- {0}, 0, {0}, 0, (255 * 20),
- ((255 * 20) + 1), PSA_ERROR_INSUFFICIENT_DATA
+{"Test psa_key_derivation_input_key with RSA 2048 keypair\n", 10, PSA_KEY_TYPE_RSA_KEY_PAIR,
+ {0},
+ 1193, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_KEY_DERIVATION_INPUT_SECRET,
+ PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ 2048, 1193, PSA_ERROR_INVALID_ARGUMENT,
},
#endif
#endif
+
+{"Test psa_key_derivation_input_key with zero as step\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ 0, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+};
+
+static test_data check2[] = {
+
+{"Test psa_key_derivation_input_key invalid handle\n", 11, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ PSA_KEY_DERIVATION_INPUT_SECRET, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_HANDLE
+},
};
diff --git a/api-tests/dev_apis/crypto/test_c018/test_entry_c018.c b/api-tests/dev_apis/crypto/test_c018/test_entry_c018.c
index 4ae7f2d..13ee596 100644
--- a/api-tests/dev_apis/crypto/test_c018/test_entry_c018.c
+++ b/api-tests/dev_apis/crypto/test_c018/test_entry_c018.c
@@ -1,5 +1,5 @@
/** @file
- * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -20,14 +20,15 @@
#include "test_c018.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 18)
-#define TEST_DESC "Testing crypto generator functions APIs\n"
+#define TEST_DESC "Testing crypto key derivation APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
void test_entry(val_api_t *val_api, psa_api_t *psa_api)
{
- int32_t status = VAL_STATUS_SUCCESS;
+ int32_t status = VAL_STATUS_SUCCESS;
val = val_api;
psa = psa_api;
diff --git a/api-tests/dev_apis/crypto/test_c019/test_c019.c b/api-tests/dev_apis/crypto/test_c019/test_c019.c
index 3f0a670..2cd2f48 100644
--- a/api-tests/dev_apis/crypto/test_c019/test_c019.c
+++ b/api-tests/dev_apis/crypto/test_c019/test_c019.c
@@ -19,26 +19,28 @@
#include "val_target.h"
#include "test_c019.h"
#include "test_data.h"
-#include "val_crypto.h"
client_test_t test_c019_crypto_list[] = {
NULL,
- psa_get_generator_capacity_test,
- psa_get_generator_capacity_negative_test,
+ psa_key_derivation_key_agreement_test,
+ psa_key_derivation_key_agreement_negative_test,
NULL,
};
-static int g_test_count = 1;
-static uint8_t data[BUFFER_SIZE];
+static int g_test_count = 1;
-int32_t psa_get_generator_capacity_test(security_t caller)
+int32_t psa_key_derivation_key_agreement_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- uint32_t i, remaining_size;
- size_t capacity;
- psa_key_policy_t policy;
- psa_crypto_generator_t generator;
- int32_t status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -49,112 +51,85 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- memset(&generator, 0, sizeof(generator));
- memset(data, 0, sizeof(data));
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
- /* Set up a key derivation operation. Using this function to initialize the generate as
- * XOR or PRNG generator initialization is not implemented.
- */
- status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator, check1[i].key_handle,
- check1[i].key_alg, check1[i].salt, check1[i].salt_length, check1[i].label,
- check1[i].label_length, check1[i].capacity);
+ /* Set up a key agreement operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SETUP, &operation,
+ check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Perform a key agreement */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT, &operation,
+ check1[i].step, check1[i].key_handle, check1[i].peer_key,
+ check1[i].peer_key_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+
+ /* Abort the key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
- /* Retrieve the current capacity of a generator */
- status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
if (check1[i].expected_status != PSA_SUCCESS)
- {
- /* Abort a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
-
- /* Destroy the key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
-
continue;
- }
- TEST_ASSERT_EQUAL(capacity, check1[i].capacity, TEST_CHECKPOINT_NUM(10));
-
- /* Generate random bytes */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, data,
- check1[i].size);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
-
- remaining_size = check1[i].capacity - check1[i].size;
-
- /* Retrieve the current capacity of a generator */
- status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
-
- TEST_ASSERT_EQUAL(capacity, remaining_size, TEST_CHECKPOINT_NUM(13));
-
- /* Abort a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
-
- /* Destroy the key */
+ /* Destroy a key and restore the slot to its default state */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
}
-int32_t psa_get_generator_capacity_negative_test(security_t caller)
+int32_t psa_key_derivation_key_agreement_negative_test(security_t caller)
{
- uint32_t i;
- size_t capacity;
- psa_crypto_generator_t generator[] = {psa_crypto_generator_init(),
- PSA_CRYPTO_GENERATOR_INIT, {0} };
- uint32_t generator_count = sizeof(generator)/sizeof(generator[0]);
- int32_t status;
+ int32_t i, status;
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
- val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
- val->print(PRINT_TEST, "Test psa_get_generator_capacity without setup\n", 0);
-
- for (i = 0; i < generator_count; i++)
+ for (i = 0; i < num_checks; i++)
{
- /* Retrieve the current capacity of a generator */
- status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator[i], &capacity);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(2));
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Abort a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator[i]);
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SETUP, &operation,
+ check2[i].key_alg);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation_key_agreement "
+ "- Invalid handle\n", g_test_count++);
+
+ /* Set up a key agreement operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT, &operation,
+ check2[i].step, check2[i].key_handle, check2[i].peer_key,
+ check2[i].peer_key_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation_key_agreement"
+ " - Zero as handle\n", g_test_count++);
+
+ /* Set up a key agreement operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT, &operation,
+ check2[i].step, 0, check2[i].peer_key, check2[i].peer_key_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(5));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c019/test_c019.h b/api-tests/dev_apis/crypto/test_c019/test_c019.h
index d8924d3..a91daed 100644
--- a/api-tests/dev_apis/crypto/test_c019/test_c019.h
+++ b/api-tests/dev_apis/crypto/test_c019/test_c019.h
@@ -18,14 +18,14 @@
#define _TEST_C019_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c019)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c019)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c019_crypto_list[];
-int32_t psa_get_generator_capacity_test(security_t caller);
-int32_t psa_get_generator_capacity_negative_test(security_t caller);
+int32_t psa_key_derivation_key_agreement_test(security_t caller);
+int32_t psa_key_derivation_key_agreement_negative_test(security_t caller);
#endif /* _TEST_C019_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c019/test_data.h b/api-tests/dev_apis/crypto/test_c019/test_data.h
index 592d03e..4ce7bd7 100644
--- a/api-tests/dev_apis/crypto/test_c019/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c019/test_data.h
@@ -18,52 +18,174 @@
#include "val_crypto.h"
typedef struct {
- char test_desc[75];
- psa_key_handle_t key_handle;
- psa_key_type_t key_type;
- uint8_t key_data[32];
- uint32_t key_length;
- psa_key_usage_t usage;
- psa_algorithm_t key_alg;
- uint8_t salt[16];
- size_t salt_length;
- uint8_t label[16];
- size_t label_length;
- size_t capacity;
- size_t size;
- psa_status_t expected_status;
+ char test_desc[85];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[91];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_key_derivation_step_t step;
+ uint8_t peer_key[120];
+ size_t peer_key_length;
+ psa_status_t expected_status;
} test_data;
+
static test_data check1[] = {
-/* Covers the following cases
- * - 16 Byte key
- * - SHA 256
- * - Output size less than generator capacity
- */
-#ifdef ARCH_TEST_HKDF
-#ifdef ARCH_TEST_SHA256
-{"Test psa_generator_get_capacity to get 16 Byte data with SHA-256\n", 1, PSA_KEY_TYPE_DERIVE,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
- {0}, 0, {0}, 0, 32,
- 16, PSA_SUCCESS
+#ifdef ARCH_TEST_ECDH
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_key_derivation_key_agreement - ECDH SECP256R1\n", 1,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65, PSA_SUCCESS
+},
+
+{"Test psa_key_derivation_key_agreement - Invalid step\n", 2,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_LABEL,
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65, PSA_ERROR_INVALID_ARGUMENT
+},
+
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP384R1
+{"Test psa_key_derivation_key_agreement - ECDH SECP384R1\n", 3,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1),
+{0x09, 0x9f, 0x3c, 0x70, 0x34, 0xd4, 0xa2, 0xc6, 0x99, 0x88, 0x4d, 0x73, 0xa3,
+ 0x75, 0xa6, 0x7f, 0x76, 0x24, 0xef, 0x7c, 0x6b, 0x3c, 0x0f, 0x16, 0x06, 0x47,
+ 0xb6, 0x74, 0x14, 0xdc, 0xe6, 0x55, 0xe3, 0x5b, 0x53, 0x80, 0x41, 0xe6, 0x49,
+ 0xee, 0x3f, 0xae, 0xf8, 0x96, 0x78, 0x3a, 0xb1, 0x94}, 48, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+{0x04, 0xe5, 0x58,
+ 0xdb, 0xef, 0x53, 0xee, 0xcd, 0xe3, 0xd3, 0xfc, 0xcf, 0xc1, 0xae, 0xa0, 0x8a,
+ 0x89, 0xa9, 0x87, 0x47, 0x5d, 0x12, 0xfd, 0x95, 0x0d, 0x83, 0xcf, 0xa4, 0x17,
+ 0x32, 0xbc, 0x50, 0x9d, 0x0d, 0x1a, 0xc4, 0x3a, 0x03, 0x36, 0xde, 0xf9, 0x6f,
+ 0xda, 0x41, 0xd0, 0x77, 0x4a, 0x35, 0x71, 0xdc, 0xfb, 0xec, 0x7a, 0xac, 0xf3,
+ 0x19, 0x64, 0x72, 0x16, 0x9e, 0x83, 0x84, 0x30, 0x36, 0x7f, 0x66, 0xee, 0xbe,
+ 0x3c, 0x6e, 0x70, 0xc4, 0x16, 0xdd, 0x5f, 0x0c, 0x68, 0x75, 0x9d, 0xd1, 0xff,
+ 0xf8, 0x3f, 0xa4, 0x01, 0x42, 0x20, 0x9d, 0xff, 0x5e, 0xaa, 0xd9, 0x6d, 0xb9,
+ 0xe6, 0x38, 0x6c}, 97,
+ PSA_SUCCESS
},
#endif
-/* Covers the following cases
- * - 32 Byte key
- * - SHA 512
- * - Output size equal to generator capacity
- */
-#ifdef ARCH_TEST_SHA512
-{"Test psa_generator_get_capacity to get 32 Byte data with SHA-512\n", 2, PSA_KEY_TYPE_DERIVE,
-{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
- 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_512),
- {0}, 0, {0}, 0, 64,
- 64, PSA_SUCCESS
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_key_derivation_key_agreement - Invalid usage\n", 4,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_ENCRYPT,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65,
+ PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+#ifdef ARCH_TEST_SHA256
+#ifdef ARCH_TEST_HKDF
+{"Test psa_key_derivation_key_agreement - KDF instead of a key agreement algorithm\n", 5,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECDH
+{"Test psa_key_derivation_key_agreement - Public key on different curve\n", 6,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+{0x04, 0xe5, 0x58,
+ 0xdb, 0xef, 0x53, 0xee, 0xcd, 0xe3, 0xd3, 0xfc, 0xcf, 0xc1, 0xae, 0xa0, 0x8a,
+ 0x89, 0xa9, 0x87, 0x47, 0x5d, 0x12, 0xfd, 0x95, 0x0d, 0x83, 0xcf, 0xa4, 0x17,
+ 0x32, 0xbc, 0x50, 0x9d, 0x0d, 0x1a, 0xc4, 0x3a, 0x03, 0x36, 0xde, 0xf9, 0x6f,
+ 0xda, 0x41, 0xd0, 0x77, 0x4a, 0x35, 0x71, 0xdc, 0xfb, 0xec, 0x7a, 0xac, 0xf3,
+ 0x19, 0x64, 0x72, 0x16, 0x9e, 0x83, 0x84, 0x30, 0x36, 0x7f, 0x66, 0xee, 0xbe,
+ 0x3c, 0x6e, 0x70, 0xc4, 0x16, 0xdd, 0x5f, 0x0c, 0x68, 0x75, 0x9d, 0xd1, 0xff,
+ 0xf8, 0x3f, 0xa4, 0x01, 0x42, 0x20, 0x9d, 0xff, 0x5e, 0xaa, 0xd9, 0x6d, 0xb9,
+ 0xe6, 0x38, 0x6c}, 97,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_key_derivation_key_agreement - Public key instead of private key\n", 7,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_ECDH
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_key_derivation_key_agreement - Negative case\n", 8,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65,
+ PSA_ERROR_INVALID_HANDLE
},
#endif
#endif
diff --git a/api-tests/dev_apis/crypto/test_c019/test_entry_c019.c b/api-tests/dev_apis/crypto/test_c019/test_entry_c019.c
index b1c5b15..8d58d19 100644
--- a/api-tests/dev_apis/crypto/test_c019/test_entry_c019.c
+++ b/api-tests/dev_apis/crypto/test_c019/test_entry_c019.c
@@ -20,14 +20,15 @@
#include "test_c019.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 19)
-#define TEST_DESC "Testing crypto generator functions APIs\n"
+#define TEST_DESC "Testing crypto key derivation APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
void test_entry(val_api_t *val_api, psa_api_t *psa_api)
{
- int32_t status = VAL_STATUS_SUCCESS;
+ int32_t status = VAL_STATUS_SUCCESS;
val = val_api;
psa = psa_api;
diff --git a/api-tests/dev_apis/crypto/test_c020/test_c020.c b/api-tests/dev_apis/crypto/test_c020/test_c020.c
index 0363d03..7fc0e3f 100644
--- a/api-tests/dev_apis/crypto/test_c020/test_c020.c
+++ b/api-tests/dev_apis/crypto/test_c020/test_c020.c
@@ -21,30 +21,27 @@
#include "test_data.h"
#include "val_crypto.h"
-#define SLOT_1 0
-#define SLOT_2 1
-#define SLOT_3 2
-#define SLOT_4 3
-
client_test_t test_c020_crypto_list[] = {
NULL,
- psa_generator_import_key_test,
- psa_generator_import_key_negative_test,
+ psa_key_derivation_output_bytes_test,
NULL,
};
-static int g_test_count = 1;
-static uint8_t data[BUFFER_SIZE];
-static psa_crypto_generator_t generator;
+static int g_test_count = 1;
+static uint8_t output[BUFFER_SIZE];
-int32_t psa_generator_import_key_test(security_t caller)
+int32_t psa_key_derivation_output_bytes_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- uint32_t i, j, data_sum, remaining_size, length = 0;
- uint32_t salt = 0, label = 0;
- size_t salt_length = 0, label_length = 0;
- psa_key_policy_t policy;
- int32_t status;
+ uint32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -55,274 +52,84 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- memset(&generator, 0, sizeof(generator));
- memset(data, 0, sizeof(data));
+ /* Import the key if the derivation input is key */
+ if (check1[i].step == PSA_KEY_DERIVATION_INPUT_SECRET)
+ {
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage[SLOT_1],
- check1[i].key_alg[SLOT_1]);
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+ }
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_1]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_1],
- &policy);
+ /* Start the key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SETUP, &operation,
+ check1[i].key_alg);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle[SLOT_1],
- check1[i].key_type[SLOT_1], check1[i].key_data, check1[i].key_length);
+ /* Set the capacity for the generator */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY, &operation,
+ check1[i].capacity);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
- /* Set up a key derivation operation. Using this function to initialize the generate as
- * XOR or PRNG generator initialization is not implemented.
- */
- status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
- check1[i].key_handle[SLOT_1], check1[i].key_alg[SLOT_1], &salt, salt_length,
- &label, label_length, check1[i].capacity);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ /* Provide input as key or data depending on the step */
+ if (check1[i].step == PSA_KEY_DERIVATION_INPUT_SECRET)
+ {
+ /* Provide an input for key derivation or key agreement */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_KEY, &operation,
+ check1[i].step, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ }
+ else
+ {
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES, &operation,
+ check1[i].step, check1[i].data, check1[i].data_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ /* Read some data from a key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES, &operation, output,
+ check1[i].output_size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage[SLOT_2],
- check1[i].key_alg[SLOT_2]);
+ if (check1[i].step == PSA_KEY_DERIVATION_INPUT_SECRET)
+ {
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_2]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_2],
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
-
- /* Create a symmetric key from data read from a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, check1[i].key_handle[SLOT_2],
- check1[i].key_type[SLOT_2], BYTES_TO_BITS(check1[i].size), &generator);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+ }
if (check1[i].expected_status != PSA_SUCCESS)
{
- /* Abort a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
- /* Destroy the key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_1]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
-
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_2]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
-
continue;
}
- /* Export a key in binary format */
- status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle[SLOT_2], data,
- BUFFER_SIZE, &length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+ /* Read some data from a key derivation operation with no data in the operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES, &operation, output,
+ check1[i].output_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_DATA, TEST_CHECKPOINT_NUM(11));
- TEST_ASSERT_EQUAL(length, check1[i].size, TEST_CHECKPOINT_NUM(14));
+ /* Abort the derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
- data_sum = 0;
- /* Check that if generated data are zero */
- for (j = 0; j < check1[i].size; j++)
- {
- data_sum += data[j];
- }
-
- memset(data, 0, sizeof(data));
- TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(15));
-
- remaining_size = check1[i].capacity - check1[i].size;
- if (remaining_size > 0)
- {
- length = 0;
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage[SLOT_2],
- check1[i].key_alg[SLOT_2]);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_3]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_3],
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(17));
-
- /* Create a symmetric key from data read from a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY,
- check1[i].key_handle[SLOT_3], check1[i].key_type[SLOT_2],
- BYTES_TO_BITS(check1[i].size), &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(18));
-
- /* Export a key in binary format */
- status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle[SLOT_3], data,
- BUFFER_SIZE, &length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(19));
-
- TEST_ASSERT_EQUAL(length, remaining_size, TEST_CHECKPOINT_NUM(20));
-
- data_sum = 0;
- /* Check that if generated data are zero */
- for (j = 0; j < remaining_size; j++)
- {
- data_sum += data[j];
- }
-
- memset(data, 0, sizeof(data));
- TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(21));
-
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage[SLOT_2],
- check1[i].key_alg[SLOT_2]);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_4]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(22));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_4],
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(23));
-
- /* Create a symmetric key from data read from a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY,
- check1[i].key_handle[SLOT_4], check1[i].key_type[SLOT_2],
- BYTES_TO_BITS(check1[i].size), &generator);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_DATA, TEST_CHECKPOINT_NUM(24));
-
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_3]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(25));
-
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_4]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(26));
-
- }
-
- /* Abort a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(27));
-
- /* Destroy the key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_1]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(28));
-
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle[SLOT_2]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(29));
- }
-
- return VAL_STATUS_SUCCESS;
-}
-
-int32_t psa_generator_import_key_negative_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- int32_t i, status;
- uint32_t salt = 0, label = 0;
- size_t salt_length = 0, label_length = 0;
- uint8_t data[BUFFER_SIZE];
- psa_key_policy_t policy;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- memset(&generator, 0, sizeof(generator));
- memset(data, 0, sizeof(data));
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage[SLOT_1],
- check2[i].key_alg[SLOT_1]);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle[SLOT_1]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle[SLOT_1],
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
-
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle[SLOT_1],
- check2[i].key_type[SLOT_1], check2[i].key_data, check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set up a key derivation operation. Using this function to initialize the generate as
- * XOR or PRNG generator initialization is not implemented.
- */
- status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
- check2[i].key_handle[SLOT_1], check2[i].key_alg[SLOT_1], &salt, salt_length,
- &label, label_length, check2[i].capacity);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_generator_import_key with invalid handle\n",
- g_test_count++);
- /* Create a symmetric key from data read from a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, check2[i].key_handle[SLOT_2],
- check2[i].key_type[SLOT_2], check2[i].size, &generator);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_generator_import_key with zero handle\n",
- g_test_count++);
- /* Create a symmetric key from data read from a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, ZERO_KEY_SLOT,
- check2[i].key_type[SLOT_2], check2[i].size, &generator);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_generator_import_key with"
- " pre-occupied key slot\n", g_test_count++);
- /* Create a symmetric key from data read from a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, check2[i].key_handle[SLOT_1],
- check2[i].key_type[SLOT_2], check2[i].size, &generator);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_ALREADY_EXISTS, TEST_CHECKPOINT_NUM(9));
-
- /* Abort a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
-
- /* Destroy the key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle[SLOT_1]);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
-
+ /* Expect bad state when derivation is called on an aborted operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES, &operation,
+ output, 0);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(13));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c020/test_c020.h b/api-tests/dev_apis/crypto/test_c020/test_c020.h
index 9584bef..331108e 100644
--- a/api-tests/dev_apis/crypto/test_c020/test_c020.h
+++ b/api-tests/dev_apis/crypto/test_c020/test_c020.h
@@ -18,14 +18,13 @@
#define _TEST_C020_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c020)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c020)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c020_crypto_list[];
-int32_t psa_generator_import_key_test(security_t caller);
-int32_t psa_generator_import_key_negative_test(security_t caller);
+int32_t psa_key_derivation_output_bytes_test(security_t caller);
#endif /* _TEST_C020_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c020/test_data.h b/api-tests/dev_apis/crypto/test_c020/test_data.h
index 512625d..e1c6bbf 100644
--- a/api-tests/dev_apis/crypto/test_c020/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c020/test_data.h
@@ -18,105 +18,61 @@
#include "val_crypto.h"
typedef struct {
- char test_desc[75];
- psa_key_handle_t key_handle[4];
- psa_key_type_t key_type[2];
- uint8_t key_data[32];
- uint32_t key_length;
- psa_key_usage_t usage[2];
- psa_algorithm_t key_alg[2];
- size_t capacity;
- size_t size;
- psa_status_t expected_status;
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ size_t output_size;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_key_derivation_step_t step;
+ size_t capacity;
+ uint8_t data[16];
+ size_t data_length;
+ psa_status_t expected_status;
} test_data;
static test_data check1[] = {
-#ifdef ARCH_TEST_HKDF
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-#ifdef ARCH_TEST_SHA256
-{"Test psa_generator_import_key for 16 Byte AES Key\n", {1, 2, 3, 4},
-{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_AES},
+{"Test psa_key_derivation_output_bytes - Key\n", 1, PSA_KEY_TYPE_DERIVE,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
- {PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_ALG_CTR},
- 32, 16, PSA_SUCCESS
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, 42, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET, 42, {0}, 0,
+ PSA_SUCCESS
},
-#endif
-#endif
-#ifdef ARCH_TEST_SHA512
-#ifdef ARCH_TEST_DES_3KEY
-{"Test psa_generator_import_key for Triple DES 3-Key\n", {5, 6, 7, 8},
-{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_DES},
-{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
- 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
-{PSA_ALG_HKDF(PSA_ALG_SHA_512), PSA_ALG_CTR},
- DES3_3KEY_SIZE, DES3_3KEY_SIZE, PSA_SUCCESS
+{"Test psa_key_derivation_output_bytes - Info\n", 2, PSA_KEY_TYPE_DERIVE,
+{0}, 0, 42, 0, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_INFO, 42, "This is the info", 16,
+ PSA_SUCCESS
},
-#endif
-#endif
-#ifdef ARCH_TEST_SHA1
-#ifdef ARCH_TEST_AES
-{"Test psa_generator_import_key output greater than capacity\n", {9, 10, 11, 12},
-{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_AES},
-{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
-{PSA_ALG_HKDF(PSA_ALG_SHA_1), PSA_ALG_CTR},
- 64, 80, PSA_ERROR_INSUFFICIENT_DATA
+{"Test psa_key_derivation_output_bytes - Salt\n", 3, PSA_KEY_TYPE_DERIVE,
+{0}, 0, 42, 0, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SALT, 42, "This is the info", 16,
+ PSA_ERROR_BAD_STATE
},
-#endif
-#endif
-#ifdef ARCH_TEST_SHA256
-#ifdef ARCH_TEST_RSA
-{"Test psa_generator_import_key for RSA Public Key - Invalid type\n", {13, 14, 15, 16},
-{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_RSA_PUBLIC_KEY},
+{"Test psa_key_derivation_output_bytes - Label\n", 4, PSA_KEY_TYPE_DERIVE,
+{0}, 0, 42, 0, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_LABEL, 42, "This is the info", 16,
+ PSA_ERROR_BAD_STATE
+},
+
+{"Test psa_key_derivation_output_bytes - Seed\n", 5, PSA_KEY_TYPE_DERIVE,
+{0}, 0, 42, 0, PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SEED, 42, "This is the info", 16,
+ PSA_ERROR_BAD_STATE
+},
+
+{"Test psa_key_derivation_output_bytes - Greater Capacity than available\n", 6, PSA_KEY_TYPE_DERIVE,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
-{PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_ALG_CTR},
- 32, 16, PSA_ERROR_INVALID_ARGUMENT
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, BUFFER_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET, 42, {0}, 0,
+ PSA_ERROR_INSUFFICIENT_DATA,
},
-#endif
-#endif
-
-#ifdef ARCH_TEST_SHA256
-#ifdef ARCH_TEST_AES_128
-{"Test psa_generator_import_key for invalid byte for generation\n", {20, 21, 22, 23},
-{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_AES},
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
-{PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_ALG_CTR},
- 32, 10, PSA_ERROR_INVALID_ARGUMENT
-},
-#endif
-#endif
-#endif
-#endif
-};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_HKDF
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-#ifdef ARCH_TEST_SHA256
-{"Test psa_generator_import_key negative cases\n",
-{17, 18, 18, 18},
-{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_AES},
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
-{PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_ALG_CTR},
- 32, BYTES_TO_BITS(8), PSA_ERROR_INVALID_HANDLE
-},
-#endif
-#endif
-#endif
-#endif
};
diff --git a/api-tests/dev_apis/crypto/test_c020/test_entry_c020.c b/api-tests/dev_apis/crypto/test_c020/test_entry_c020.c
index c109392..283df1c 100644
--- a/api-tests/dev_apis/crypto/test_c020/test_entry_c020.c
+++ b/api-tests/dev_apis/crypto/test_c020/test_entry_c020.c
@@ -20,7 +20,8 @@
#include "test_c020.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 20)
-#define TEST_DESC "Testing crypto generator functions APIs\n"
+#define TEST_DESC "Testing crypto key derivation APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c021/test_c021.c b/api-tests/dev_apis/crypto/test_c021/test_c021.c
index 7a3c39c..947ed2e 100644
--- a/api-tests/dev_apis/crypto/test_c021/test_c021.c
+++ b/api-tests/dev_apis/crypto/test_c021/test_c021.c
@@ -21,21 +21,31 @@
#include "test_data.h"
#include "val_crypto.h"
+#define SLOT_1 1
+#define SLOT_2 2
+
client_test_t test_c021_crypto_list[] = {
NULL,
- psa_generator_abort_test,
+ psa_key_derivation_output_key_test,
NULL,
};
-static int g_test_count = 1;
-static uint8_t data[BUFFER_SIZE];
+static int g_test_count = 1;
-int32_t psa_generator_abort_test(security_t caller)
+int32_t psa_key_derivation_output_key_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t i, status;
- psa_key_policy_t policy;
- psa_crypto_generator_t generator;
+ uint32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_handle_t key_handle[2];
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t derv_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -43,72 +53,93 @@
for (i = 0; i < num_checks; i++)
{
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- memset(&generator, 0, sizeof(generator));
- memset(data, 0, sizeof(data));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
- val->print(PRINT_TEST, "[Check %d] Test psa_generator_abort on empty generator\n",
- g_test_count++);
- /* Abort an empty generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+ /* Import the key if the derivation input is key */
+ if (check1[i].step == PSA_KEY_DERIVATION_INPUT_SECRET)
+ {
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+ }
- val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
- val->print(PRINT_TEST, check1[i].test_desc, 0);
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ /* Start the key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SETUP, &operation,
+ check1[i].key_alg);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ /* Set the capacity for the generator */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY, &operation,
+ check1[i].capacity);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
- /* Set up a key derivation operation. Using this function to initialize the generate as
- * XOR or PRNG generator initialization is not implemented.
- */
- status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator, check1[i].key_handle,
- check1[i].key_alg, check1[i].salt, check1[i].salt_length, check1[i].label,
- check1[i].label_length, check1[i].capacity);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ /* Provide input as key or data depending on the step */
+ if (check1[i].step == PSA_KEY_DERIVATION_INPUT_SECRET)
+ {
+ /* Provide an input for key derivation or key agreement */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_KEY, &operation,
+ check1[i].step, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ }
+ else
+ {
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES, &operation,
+ check1[i].step, check1[i].data, check1[i].data_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
- /* Abort the generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &derv_attributes, check1[i].derive_key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &derv_attributes, check1[i].derive_key_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &derv_attributes,
+ check1[i].derive_key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &derv_attributes,
+ check1[i].derive_usage);
- /* Generate random bytes */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, data, check1[i].size);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(8));
+ /* Derive a key from an ongoing key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY, &derv_attributes,
+ &operation, &key_handle[SLOT_1]);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
- val->print(PRINT_TEST, "[Check %d] Multiple psa_generator_abort test\n", g_test_count++);
- /* Abort the generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ if (check1[i].step == PSA_KEY_DERIVATION_INPUT_SECRET)
+ {
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
- /* Abort the generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ }
- /* Destroy the key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ continue;
+ }
+
+ /* Read some key from a key derivation operation with no data in the operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY, &derv_attributes,
+ &operation, &key_handle[SLOT_2]);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_DATA, TEST_CHECKPOINT_NUM(11));
+
+ /* Abort the derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+
+ /* Expect bad state when derivation is called on an aborted operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY, &derv_attributes,
+ &operation, &key_handle[SLOT_2]);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(13));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c021/test_c021.h b/api-tests/dev_apis/crypto/test_c021/test_c021.h
index 77b0783..7c6ea1d 100644
--- a/api-tests/dev_apis/crypto/test_c021/test_c021.h
+++ b/api-tests/dev_apis/crypto/test_c021/test_c021.h
@@ -18,13 +18,13 @@
#define _TEST_C021_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c021)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c021)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c021_crypto_list[];
-int32_t psa_generator_abort_test(security_t caller);
+int32_t psa_key_derivation_output_key_test(security_t caller);
#endif /* _TEST_C021_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c021/test_data.h b/api-tests/dev_apis/crypto/test_c021/test_data.h
index 6f42e9e..6a31c78 100644
--- a/api-tests/dev_apis/crypto/test_c021/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c021/test_data.h
@@ -18,34 +18,153 @@
#include "val_crypto.h"
typedef struct {
- char test_desc[75];
- psa_key_handle_t key_handle;
- psa_key_type_t key_type;
- uint8_t key_data[32];
- uint32_t key_length;
- psa_key_usage_t usage;
- psa_algorithm_t key_alg;
- uint8_t salt[16];
- size_t salt_length;
- uint8_t label[16];
- size_t label_length;
- size_t capacity;
- size_t size;
- psa_status_t expected_status;
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_key_derivation_step_t step;
+ size_t capacity;
+ uint8_t data[16];
+ size_t data_length;
+ psa_key_type_t derive_key_type;
+ size_t derive_key_bits;
+ psa_key_usage_t derive_usage;
+ psa_algorithm_t derive_key_alg;
+ psa_status_t expected_status;
} test_data;
static test_data check1[] = {
-#ifdef ARCH_TEST_HKDF
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_SHA256
-{"Test psa_generator_abort\n", 1, PSA_KEY_TYPE_DERIVE,
+{"Test psa_key_derivation_output_key - Key\n", 1, PSA_KEY_TYPE_DERIVE,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
- {0}, 0, {0}, 0, 32,
- 16, PSA_SUCCESS
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET, 32, {0}, 0,
+ PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR,
+ PSA_SUCCESS
},
-#endif
-#endif
-#endif
+
+{"Test psa_key_derivation_output_key - Info\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_INFO, 32, "This is the info", 16,
+ PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR,
+ PSA_SUCCESS
+},
+
+{"Test psa_key_derivation_output_key - Label\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_LABEL, 32, "This is the info", 16,
+ PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR,
+ PSA_SUCCESS
+},
+
+{"Test psa_key_derivation_output_key - Seed\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SEED, 32, "This is the info", 16,
+ PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR,
+ PSA_SUCCESS
+},
+
+{"Test psa_key_derivation_output_key - Salt\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SALT, 32, "This is the info", 16,
+ PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR,
+ PSA_SUCCESS
+},
+
+{"Test psa_key_derivation_output_key - DES key export\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET, 32, {0}, 0,
+ PSA_KEY_TYPE_DES, BYTES_TO_BITS(DES3_3KEY_SIZE), PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR,
+ PSA_SUCCESS
+},
+
+{"Test psa_key_derivation_output_key - Greater Capacity than available\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET, 16, {0}, 0,
+ PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR,
+ PSA_ERROR_INSUFFICIENT_DATA
+},
+
+{"Test psa_key_derivation_output_key - ECC Public key\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET, 256, {0}, 0,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1), 256, PSA_KEY_USAGE_EXPORT,
+ PSA_ERROR_NOT_SUPPORTED,
+},
+
+{"Test psa_key_derivation_output_key - ECC keypair\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET, 224, {0}, 0,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1), 224, PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
+ PSA_SUCCESS
+},
+
+{"Test psa_key_derivation_output_key - RSA Public Key", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET, 256, {0}, 0,
+ PSA_KEY_TYPE_RSA_PUBLIC_KEY, 2048, PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ PSA_ERROR_NOT_SUPPORTED,
+},
+
+{"Test psa_key_derivation_output_key - RSA keypair\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET, 256, {0}, 0,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1), 2046, PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ PSA_SUCCESS
+},
+
+{"Test psa_key_derivation_output_key - Invalid key size\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)),
+ PSA_KEY_DERIVATION_INPUT_SECRET, 32, {0}, 0,
+ PSA_KEY_TYPE_AES, BYTES_TO_BITS(AES_18B_KEY_SIZE), PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR,
+ PSA_ERROR_NOT_SUPPORTED
+},
};
diff --git a/api-tests/dev_apis/crypto/test_c021/test_entry_c021.c b/api-tests/dev_apis/crypto/test_c021/test_entry_c021.c
index 621cd97..18883dc 100644
--- a/api-tests/dev_apis/crypto/test_c021/test_entry_c021.c
+++ b/api-tests/dev_apis/crypto/test_c021/test_entry_c021.c
@@ -20,7 +20,8 @@
#include "test_c021.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 21)
-#define TEST_DESC "Testing crypto generator functions APIs\n"
+#define TEST_DESC "Testing crypto key derivation APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c022/test_c022.c b/api-tests/dev_apis/crypto/test_c022/test_c022.c
index 049e8d1..a71e98e 100644
--- a/api-tests/dev_apis/crypto/test_c022/test_c022.c
+++ b/api-tests/dev_apis/crypto/test_c022/test_c022.c
@@ -24,174 +24,46 @@
client_test_t test_c022_crypto_list[] = {
NULL,
- psa_key_derivation_test,
- psa_key_derivation_negative_test,
+ psa_key_derivation_abort_test,
NULL,
};
static int g_test_count = 1;
-static uint8_t data[BUFFER_SIZE];
+static uint8_t output[BUFFER_SIZE];
-int32_t psa_key_derivation_test(security_t caller)
+int32_t psa_key_derivation_abort_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t i, status;
- size_t capacity;
- psa_key_policy_t policy;
- psa_crypto_generator_t generator;
+ int32_t status;
+ psa_key_derivation_operation_t func = psa_key_derivation_operation_init();
+ psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t zero;
+
+ memset(&zero, 0, sizeof(zero));
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
- for (i = 0; i < num_checks; i++)
- {
- val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
- val->print(PRINT_TEST, check1[i].test_desc, 0);
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "Test psa_key_derivation_abort\n", 0);
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &func);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(2));
- memset(&generator, 0, sizeof(generator));
- memset(data, 0, sizeof(data));
- capacity = 0;
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &init);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &zero);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
-
- /* Set up a key derivation operation. Using this function to initialize the generate as
- * XOR or PRNG generator initialization is not implemented.
- */
- status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
- check1[i].key_handle, check1[i].key_alg, check1[i].salt,
- check1[i].salt_length, check1[i].label, check1[i].label_length,
- check1[i].capacity);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
-
- if (check1[i].expected_status != PSA_SUCCESS)
- {
- /* Abort the generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Destroy the key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
-
- continue;
- }
-
- /* Retrieve the current capacity of a generator */
- status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
-
- TEST_ASSERT_EQUAL(capacity, check1[i].capacity, TEST_CHECKPOINT_NUM(9));
-
- /* Abort the generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
-
- /* Destroy the key */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
- }
-
- return VAL_STATUS_SUCCESS;
-}
-
-int32_t psa_key_derivation_negative_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- int32_t i, status;
- psa_key_policy_t policy;
- psa_key_handle_t empty_key_handle;
- psa_crypto_generator_t generator;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- memset(&generator, 0, sizeof(generator));
- memset(data, 0, sizeof(data));
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
- val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with Invalid key handle\n",
- g_test_count++);
- /* Set up a key derivation operation. Using this function to initialize the generate as
- * XOR or PRNG generator initialization is not implemented.
- */
- status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
- check2[i].key_handle, check2[i].key_alg, check2[i].salt,
- check2[i].salt_length, check2[i].label, check2[i].label_length,
- check2[i].capacity);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with Zero as key handle\n",
- g_test_count++);
- /* Set up a key derivation operation. Using this function to initialize the generate as
- * XOR or PRNG generator initialization is not implemented.
- */
- status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
- 0, check2[i].key_alg, check2[i].salt,
- check2[i].salt_length, check2[i].label, check2[i].label_length,
- check2[i].capacity);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with Empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &empty_key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, empty_key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
-
- /* Set up a key derivation operation. Using this function to initialize the generate as
- * XOR or PRNG generator initialization is not implemented.
- */
- status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
- empty_key_handle, check2[i].key_alg, check2[i].salt,
- check2[i].salt_length, check2[i].label, check2[i].label_length,
- check2[i].capacity);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(10));
- }
+ /* Read some data from a key derivation operation with no data in the operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES, &func, output,
+ BUFFER_SIZE);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(5));
return VAL_STATUS_SUCCESS;
}
diff --git a/api-tests/dev_apis/crypto/test_c022/test_c022.h b/api-tests/dev_apis/crypto/test_c022/test_c022.h
index 1339ec7..57b7b0c 100644
--- a/api-tests/dev_apis/crypto/test_c022/test_c022.h
+++ b/api-tests/dev_apis/crypto/test_c022/test_c022.h
@@ -18,14 +18,13 @@
#define _TEST_C022_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c022)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c022)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c022_crypto_list[];
-int32_t psa_key_derivation_test(security_t caller);
-int32_t psa_key_derivation_negative_test(security_t caller);
+int32_t psa_key_derivation_abort_test(security_t caller);
#endif /* _TEST_C022_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c022/test_data.h b/api-tests/dev_apis/crypto/test_c022/test_data.h
index 7dcc94f..dc0c03e 100644
--- a/api-tests/dev_apis/crypto/test_c022/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c022/test_data.h
@@ -17,126 +17,4 @@
#include "val_crypto.h"
-typedef struct {
- char test_desc[75];
- psa_key_handle_t key_handle;
- psa_key_type_t key_type;
- uint8_t key_data[32];
- uint32_t key_length;
- psa_key_usage_t usage;
- psa_algorithm_t key_alg;
- const uint8_t salt[16];
- size_t salt_length;
- const uint8_t label[16];
- size_t label_length;
- size_t capacity;
- psa_status_t expected_status;
-} test_data;
-
-static test_data check1[] = {
-#ifdef ARCH_TEST_HKDF
-#ifdef ARCH_TEST_SHA256
-{"Test psa_key_derivation to get 16 Byte data with SHA-256\n", 1, PSA_KEY_TYPE_DERIVE,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
- {0}, 0, {0}, 0, 32,
- PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_SHA512
-{"Test psa_key_derivation to get 32 Byte data with SHA-512\n", 2, PSA_KEY_TYPE_DERIVE,
-{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
- 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_512),
- {0}, 0, {0}, 0, 64,
- PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_MD5
-{"Test psa_key_derivation to get 32 Byte data with MD-5\n", 3, PSA_KEY_TYPE_DERIVE,
-{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
- 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_MD5),
- {0}, 0, {0}, 0, 64,
- PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_SHA256
-{"Test psa_key_derivation to get 16 Byte data with salt and label\n", 4, PSA_KEY_TYPE_DERIVE,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
- "abcdefghijklmnop", 16, "This is a label", 15, 32,
- PSA_SUCCESS
-},
-#endif
-
-#ifdef ARCH_TEST_SHA1
-{"Test psa_key_derivation with too large capacity for alg and key\n", 6, PSA_KEY_TYPE_DERIVE,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_1),
- {0}, 0, {0}, 0, 5200,
- PSA_ERROR_INVALID_ARGUMENT
-},
-#endif
-
-#ifdef ARCH_TEST_SHA256
-{"Test psa_key_derivation with unsupported key type\n", 11, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
- {0}, 0, {0}, 0, 32,
- PSA_ERROR_INVALID_ARGUMENT
-},
-
-{"Test psa_key_derivation with incorrect usage\n", 12, PSA_KEY_TYPE_DERIVE,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_HKDF(PSA_ALG_SHA_256),
- {0}, 0, {0}, 0, 32,
- PSA_ERROR_NOT_PERMITTED
-},
-#endif
-
-{"Test psa_key_derivation with unsupported key derivation algorithm\n", 14, PSA_KEY_TYPE_DERIVE,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_CATEGORY_HASH),
- {0}, 0, {0}, 0, 32,
- PSA_ERROR_NOT_SUPPORTED
-},
-#endif
-
-#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
-{"Test psa_key_derivation with invalid algorithm\n", 5, PSA_KEY_TYPE_DERIVE,
-{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
- 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_RSA_PKCS1V15_CRYPT,
- {0}, 0, {0}, 0, 64,
- PSA_ERROR_INVALID_ARGUMENT
-},
-#endif
-};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_HKDF
-#ifdef ARCH_TEST_SHA512
-{"Test psa_key_derivation to get 32 Byte data with SHA-512\n", 13, PSA_KEY_TYPE_DERIVE,
-{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
- 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
- AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_512),
- {0}, 0, {0}, 0, 64,
- PSA_SUCCESS
-},
-#endif
-#endif
-};
+/* Keeping this file empty incase if future support is needed */
diff --git a/api-tests/dev_apis/crypto/test_c022/test_entry_c022.c b/api-tests/dev_apis/crypto/test_c022/test_entry_c022.c
index 2d7e798..04b4afc 100644
--- a/api-tests/dev_apis/crypto/test_c022/test_entry_c022.c
+++ b/api-tests/dev_apis/crypto/test_c022/test_entry_c022.c
@@ -20,7 +20,8 @@
#include "test_c022.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 22)
-#define TEST_DESC "Testing crypto generator functions APIs\n"
+#define TEST_DESC "Testing crypto key derivation APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c023/test_c023.c b/api-tests/dev_apis/crypto/test_c023/test_c023.c
index 9c786dc..6d91e2a 100644
--- a/api-tests/dev_apis/crypto/test_c023/test_c023.c
+++ b/api-tests/dev_apis/crypto/test_c023/test_c023.c
@@ -23,18 +23,24 @@
client_test_t test_c023_crypto_list[] = {
NULL,
- psa_key_policy_get_usage_test,
+ psa_key_derivation_set_get_capacity_test,
NULL,
};
static int g_test_count = 1;
-int32_t psa_key_policy_get_usage_test(security_t caller)
+int32_t psa_key_derivation_set_get_capacity_test(security_t caller)
{
int num_checks = sizeof(check1)/sizeof(check1[0]);
int32_t i, status;
- psa_key_policy_t policy;
- psa_key_usage_t usage;
+ size_t capacity = 0;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -45,23 +51,49 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
+ /* Start the key derivation operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SETUP, &operation,
+ check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
- /* Retrieve the usage field of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_GET_USAGE, &policy, &usage);
+ /* Set the capacity for the generator */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY, &operation,
+ check1[i].capacity);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
- TEST_ASSERT_EQUAL(usage, check1[i].usage, TEST_CHECKPOINT_NUM(3));
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ continue;
+ }
+
+ /* Get the capacity for the generator */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY, &operation,
+ &capacity);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Check if the capacity as per the expected value */
+ TEST_ASSERT_EQUAL(capacity, check1[i].capacity, TEST_CHECKPOINT_NUM(7));
+
+ /* Abort the operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Setting the capacity on an aborted operation should be an error */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY, &operation,
+ check1[i].capacity);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9));
+
+ /* Getting the capacity on an aborted operation should be an error */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY, &operation,
+ &capacity);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(10));
+
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c023/test_c023.h b/api-tests/dev_apis/crypto/test_c023/test_c023.h
index 43c40e4..2e0af10 100644
--- a/api-tests/dev_apis/crypto/test_c023/test_c023.h
+++ b/api-tests/dev_apis/crypto/test_c023/test_c023.h
@@ -18,13 +18,13 @@
#define _TEST_C023_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c023)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c023)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c023_crypto_list[];
-int32_t psa_key_policy_get_usage_test(security_t caller);
+int32_t psa_key_derivation_set_get_capacity_test(security_t caller);
#endif /* _TEST_C023_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c023/test_data.h b/api-tests/dev_apis/crypto/test_c023/test_data.h
index 2ef937c..1bc6455 100644
--- a/api-tests/dev_apis/crypto/test_c023/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c023/test_data.h
@@ -19,37 +19,21 @@
typedef struct {
char test_desc[75];
- psa_key_usage_t usage;
psa_algorithm_t key_alg;
+ size_t capacity;
+ psa_status_t expected_status;
} test_data;
static test_data check1[] = {
-#ifdef ARCH_TEST_HKDF
-#ifdef ARCH_TEST_SHA256
-{"Test psa_key_policy_get_usage with usage as encrypt\n",
- PSA_KEY_USAGE_ENCRYPT, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+{"Test psa_key_derivation_set_get_capacity - Less than operation's capacity\n",
+ PSA_ALG_HKDF(PSA_ALG_SHA_256), 42, PSA_SUCCESS
},
-{"Test psa_key_policy_get_usage with usage as decrypt\n",
- PSA_KEY_USAGE_DECRYPT, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+{"Test psa_key_derivation_set_get_capacity - Equal to operation's capacity\n",
+ PSA_ALG_HKDF(PSA_ALG_SHA_256), 8160, PSA_SUCCESS
},
-{"Test psa_key_policy_get_usage with usage as derive\n",
- PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+{"Test psa_key_derivation_set_get_capacity - More than operation's capacity\n",
+ PSA_ALG_HKDF(PSA_ALG_SHA_256), 10000, PSA_ERROR_INVALID_ARGUMENT
},
-
-{"Test psa_key_policy_get_usage with usage as export\n",
- PSA_KEY_USAGE_EXPORT, PSA_ALG_HKDF(PSA_ALG_SHA_256),
-},
-
-{"Test psa_key_policy_get_usage with usage as sign\n",
- PSA_KEY_USAGE_SIGN, PSA_ALG_HKDF(PSA_ALG_SHA_256),
-},
-
-{"Test psa_key_policy_get_usage with usage as verify\n",
- PSA_KEY_USAGE_VERIFY, PSA_ALG_HKDF(PSA_ALG_SHA_256),
-},
-#endif
-#endif
-
};
diff --git a/api-tests/dev_apis/crypto/test_c023/test_entry_c023.c b/api-tests/dev_apis/crypto/test_c023/test_entry_c023.c
index d177a9d..db4d0bb 100644
--- a/api-tests/dev_apis/crypto/test_c023/test_entry_c023.c
+++ b/api-tests/dev_apis/crypto/test_c023/test_entry_c023.c
@@ -20,7 +20,8 @@
#include "test_c023.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 23)
-#define TEST_DESC "Testing crypto key management APIs\n"
+#define TEST_DESC "Testing crypto key derivation APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c024/test_c024.c b/api-tests/dev_apis/crypto/test_c024/test_c024.c
index 16b52e6..2354ba1 100644
--- a/api-tests/dev_apis/crypto/test_c024/test_c024.c
+++ b/api-tests/dev_apis/crypto/test_c024/test_c024.c
@@ -23,7 +23,6 @@
client_test_t test_c024_crypto_list[] = {
NULL,
psa_aead_encrypt_test,
- psa_aead_encrypt_negative_test,
NULL,
};
@@ -44,12 +43,18 @@
int32_t psa_aead_encrypt_test(security_t caller)
{
- int32_t i, status;
- uint8_t ciphertext[BUFFER_SIZE];
- psa_key_policy_t policy;
- size_t ciphertext_length;
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- uint8_t *nonce, *additional_data;
+ int32_t i, status;
+ uint8_t ciphertext[BUFFER_SIZE];
+ size_t ciphertext_length;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ uint8_t *nonce, *additional_data;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -60,34 +65,19 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- memset(ciphertext, 0, sizeof(ciphertext));
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
if (is_buffer_empty(check1[i].nonce, check1[i].nonce_length) == TRUE)
{
@@ -111,115 +101,40 @@
check1[i].additional_data_length, check1[i].plaintext,
check1[i].plaintext_length, ciphertext, check1[i].ciphertext_size,
&ciphertext_length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
if (check1[i].expected_status != PSA_SUCCESS)
{
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
- }
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
continue;
+ }
/* Check if the length matches */
TEST_ASSERT_EQUAL(ciphertext_length,
check1[i].expected_ciphertext_length,
- TEST_CHECKPOINT_NUM(8));
+ TEST_CHECKPOINT_NUM(6));
/* Check if the data matches */
TEST_ASSERT_MEMCMP(ciphertext, check1[i].expected_ciphertext, ciphertext_length,
- TEST_CHECKPOINT_NUM(9));
+ TEST_CHECKPOINT_NUM(7));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
- }
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
- return VAL_STATUS_SUCCESS;
-}
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
-int32_t psa_aead_encrypt_negative_test(security_t caller)
-{
- int32_t i, status;
- uint8_t ciphertext[BUFFER_SIZE];
- psa_key_policy_t policy;
- size_t ciphertext_length;
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- uint8_t *nonce, *additional_data;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
- if (is_buffer_empty(check2[i].nonce, check2[i].nonce_length) == TRUE)
- {
- nonce = NULL;
- check2[i].nonce_length = 0;
- }
- else
- nonce = check2[i].nonce;
-
- if (is_buffer_empty(check2[i].additional_data, check2[i].additional_data_length) == TRUE)
- {
- additional_data = NULL;
- check2[i].additional_data_length = 0;
- }
- else
- additional_data = check2[i].additional_data;
-
- val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - Invalid key handle\n",
- g_test_count++);
- /* Process an authenticated encryption operation */
- status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT, check2[i].key_handle,
- check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
- check2[i].additional_data_length, check2[i].plaintext,
- check2[i].plaintext_length, ciphertext, check2[i].ciphertext_size,
+ /* Process an authenticated encryption operation on a destroyed key*/
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT, check1[i].key_handle,
+ check1[i].key_alg, nonce, check1[i].nonce_length, additional_data,
+ check1[i].additional_data_length, check1[i].plaintext,
+ check1[i].plaintext_length, ciphertext, check1[i].ciphertext_size,
&ciphertext_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - Zero as key handle\n",
- g_test_count++);
- /* Process an authenticated encryption operation */
- status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT, 0,
- check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
- check2[i].additional_data_length, check2[i].plaintext,
- check2[i].plaintext_length, ciphertext, check2[i].ciphertext_size,
- &ciphertext_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - Empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Process an authenticated encryption operation */
- status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT, check2[i].key_handle,
- check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
- check2[i].additional_data_length, check2[i].plaintext,
- check2[i].plaintext_length, ciphertext, check2[i].ciphertext_size,
- &ciphertext_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(9));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c024/test_c024.h b/api-tests/dev_apis/crypto/test_c024/test_c024.h
index 5060e3e..1e76863 100644
--- a/api-tests/dev_apis/crypto/test_c024/test_c024.h
+++ b/api-tests/dev_apis/crypto/test_c024/test_c024.h
@@ -18,15 +18,14 @@
#define _TEST_C024_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c024)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c024)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c024_crypto_list[];
int32_t psa_aead_encrypt_test(security_t caller);
-int32_t psa_aead_encrypt_negative_test(security_t caller);
#endif /* _TEST_C024_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c024/test_data.h b/api-tests/dev_apis/crypto/test_c024/test_data.h
index f280002..dfe2f1f 100644
--- a/api-tests/dev_apis/crypto/test_c024/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c024/test_data.h
@@ -17,8 +17,6 @@
#include "val_crypto.h"
-#define EMPTY_KEY_SLOT 31
-
typedef struct {
char test_desc[75];
psa_key_handle_t key_handle;
@@ -162,19 +160,3 @@
#endif
#endif
};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_GCM
-#ifdef ARCH_TEST_AES_128
-{"Test psa_aead_encrypt - Negative case\n", 9, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM,
-{0}, 13, {0}, 0, "hello world", 11,
-{0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7,
- 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB,
- 0x4E},
- BUFFER_SIZE, 27, PSA_ERROR_DOES_NOT_EXIST
-},
-#endif
-#endif
-};
diff --git a/api-tests/dev_apis/crypto/test_c024/test_entry_c024.c b/api-tests/dev_apis/crypto/test_c024/test_entry_c024.c
index caf7415..91af959 100644
--- a/api-tests/dev_apis/crypto/test_c024/test_entry_c024.c
+++ b/api-tests/dev_apis/crypto/test_c024/test_entry_c024.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 24)
#define TEST_DESC "Testing crypto AEAD APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c025/test_c025.c b/api-tests/dev_apis/crypto/test_c025/test_c025.c
index f9dc3fd..c8a6df4 100644
--- a/api-tests/dev_apis/crypto/test_c025/test_c025.c
+++ b/api-tests/dev_apis/crypto/test_c025/test_c025.c
@@ -23,7 +23,6 @@
client_test_t test_c025_crypto_list[] = {
NULL,
psa_aead_decrypt_test,
- psa_aead_decrypt_negative_test,
NULL,
};
@@ -46,10 +45,16 @@
{
int32_t i, status;
uint8_t plaintext[BUFFER_SIZE];
- psa_key_policy_t policy;
size_t plaintext_length;
int num_checks = sizeof(check1)/sizeof(check1[0]);
uint8_t *nonce, *additional_data;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -60,33 +65,19 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- memset(plaintext, 0, sizeof(plaintext));
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
if (is_buffer_empty(check1[i].nonce, check1[i].nonce_length) == TRUE)
{
@@ -131,91 +122,17 @@
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Process an authenticated decryption operation on a destroyed key handle */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT, check1[i].key_handle,
+ check1[i].key_alg, nonce, check1[i].nonce_length, additional_data,
+ check1[i].additional_data_length, check1[i].ciphertext, check1[i].ciphertext_size,
+ plaintext, check1[i].plaintext_size, &plaintext_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(11));
}
return VAL_STATUS_SUCCESS;
}
-
-int32_t psa_aead_decrypt_negative_test(security_t caller)
-{
- int32_t i, status;
- uint8_t plaintext[BUFFER_SIZE];
- psa_key_policy_t policy;
- size_t plaintext_length;
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- uint8_t *nonce, *additional_data;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
- if (is_buffer_empty(check2[i].nonce, check2[i].nonce_length) == TRUE)
- {
- nonce = NULL;
- check2[i].nonce_length = 0;
- }
- else
- nonce = check2[i].nonce;
-
- if (is_buffer_empty(check2[i].additional_data, check2[i].additional_data_length) == TRUE)
- {
- additional_data = NULL;
- check2[i].additional_data_length = 0;
- }
- else
- additional_data = check2[i].additional_data;
-
- val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - Invalid key handle\n",
- g_test_count++);
- /* Process an authenticated decryption operation */
- status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT, check2[i].key_handle,
- check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
- check2[i].additional_data_length, check2[i].ciphertext, check2[i].ciphertext_size,
- plaintext, check2[i].plaintext_size, &plaintext_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - Zero as key handle\n",
- g_test_count++);
- /* Process an authenticated decryption operation */
- status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT, 0,
- check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
- check2[i].additional_data_length, check2[i].ciphertext, check2[i].ciphertext_size,
- plaintext, check2[i].plaintext_size, &plaintext_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - Empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Process an authenticated decryption operation */
- status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT, check2[i].key_handle,
- check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
- check2[i].additional_data_length, check2[i].ciphertext, check2[i].ciphertext_size,
- plaintext, check2[i].plaintext_size, &plaintext_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7));
- }
-
- return VAL_STATUS_SUCCESS;
-}
diff --git a/api-tests/dev_apis/crypto/test_c025/test_c025.h b/api-tests/dev_apis/crypto/test_c025/test_c025.h
index 5b0667b..27674cd 100644
--- a/api-tests/dev_apis/crypto/test_c025/test_c025.h
+++ b/api-tests/dev_apis/crypto/test_c025/test_c025.h
@@ -18,9 +18,9 @@
#define _TEST_C025_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c025)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c025)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c025/test_data.h b/api-tests/dev_apis/crypto/test_c025/test_data.h
index 44ce513..82977ed 100644
--- a/api-tests/dev_apis/crypto/test_c025/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c025/test_data.h
@@ -17,8 +17,6 @@
#include "val_crypto.h"
-#define EMPTY_KEY_SLOT 31
-
typedef struct {
char test_desc[75];
psa_key_handle_t key_handle;
@@ -57,7 +55,7 @@
39, 23, PSA_SUCCESS
},
-{"Test psa_aead_encrypt - AES-CCM\n", 2, PSA_KEY_TYPE_AES,
+{"Test psa_aead_decrypt - AES-CCM\n", 2, PSA_KEY_TYPE_AES,
{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM,
{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
@@ -73,7 +71,7 @@
0xe9}, 40, 24, PSA_SUCCESS
},
-{"Test psa_aead_encrypt - AES-CCM 24 bytes Tag length = 4\n", 3, PSA_KEY_TYPE_AES,
+{"Test psa_aead_decrypt - AES-CCM 24 bytes Tag length = 4\n", 3, PSA_KEY_TYPE_AES,
{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT,
PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
@@ -208,19 +206,3 @@
#endif
#endif
};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_GCM
-#ifdef ARCH_TEST_AES_128
-{"Test psa_aead_decrypt - Negative cases\n", 11, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_GCM,
-{0}, 13, {0}, 0, "hello world", BUFFER_SIZE,
-{0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7,
- 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB,
- 0x4E},
- 11, 27, PSA_ERROR_INVALID_ARGUMENT
-},
-#endif
-#endif
-};
diff --git a/api-tests/dev_apis/crypto/test_c025/test_entry_c025.c b/api-tests/dev_apis/crypto/test_c025/test_entry_c025.c
index f71ac41..45822f3 100644
--- a/api-tests/dev_apis/crypto/test_c025/test_entry_c025.c
+++ b/api-tests/dev_apis/crypto/test_c025/test_entry_c025.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 25)
#define TEST_DESC "Testing crypto AEAD APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c026/test_c026.c b/api-tests/dev_apis/crypto/test_c026/test_c026.c
index 03d9def..94fa65f 100644
--- a/api-tests/dev_apis/crypto/test_c026/test_c026.c
+++ b/api-tests/dev_apis/crypto/test_c026/test_c026.c
@@ -33,9 +33,15 @@
int32_t psa_mac_sign_setup_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- psa_key_policy_t policy;
- int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -47,32 +53,15 @@
val->print(PRINT_TEST, check1[i].test_desc, 0);
memset(&operation, 0, sizeof(operation));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Start a multipart MAC calculation operation */
status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
@@ -98,6 +87,9 @@
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
@@ -106,7 +98,6 @@
int32_t psa_mac_sign_setup_negative_test(security_t caller)
{
int num_checks = sizeof(check2)/sizeof(check2[0]);
- psa_key_policy_t policy;
int32_t i, status;
/* Initialize the PSA crypto library*/
@@ -115,51 +106,24 @@
for (i = 0; i < num_checks; i++)
{
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
- memset(&operation, 0, sizeof(operation));
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
- val->print(PRINT_TEST, "[Check %d] Test psa_mac_sign_setup with invalid key handle\n",
+ val->print(PRINT_TEST, "[Check %d] Test psa_mac_sign_setup invalid key handle\n",
g_test_count++);
- /* Start a multipart MAC calculation operation */
+ /* Start a multipart MAC verification operation */
status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
check2[i].key_handle, check2[i].key_alg);
TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
- val->print(PRINT_TEST, "[Check %d] Test psa_mac_sign_setup with zero key handle\n",
+ val->print(PRINT_TEST, "[Check %d] Test psa_mac_sign_setup zero as key handle\n",
g_test_count++);
- /* Start a multipart MAC calculation operation */
+ /* Start a multipart MAC verification operation */
status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
0, check2[i].key_alg);
TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_mac_sign_setup with empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Start a multipart MAC calculation operation */
- status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
- check2[i].key_handle, check2[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
}
-
diff --git a/api-tests/dev_apis/crypto/test_c026/test_c026.h b/api-tests/dev_apis/crypto/test_c026/test_c026.h
index 8d3e052..f90449c 100644
--- a/api-tests/dev_apis/crypto/test_c026/test_c026.h
+++ b/api-tests/dev_apis/crypto/test_c026/test_c026.h
@@ -18,9 +18,9 @@
#define _TEST_C026_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c026)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c026)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c026/test_data.h b/api-tests/dev_apis/crypto/test_c026/test_data.h
index df4d3a5..02fc148 100644
--- a/api-tests/dev_apis/crypto/test_c026/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c026/test_data.h
@@ -17,8 +17,6 @@
#include "val_crypto.h"
-#define EMPTY_KEY_SLOT 31
-
typedef struct {
char test_desc[75];
psa_key_handle_t key_handle;
@@ -142,14 +140,18 @@
};
static test_data check2[] = {
-#ifdef ARCH_TEST_AES_128
-#ifdef ARCH_TEST_CMAC
-{"Test psa_mac_sign_setup - Negative case\n", 12, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0x00},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
- PSA_ERROR_INVALID_ARGUMENT
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_sign_setup 64 negative case\n", 11, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
+ 64, PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_SUCCESS
},
#endif
#endif
};
+;
diff --git a/api-tests/dev_apis/crypto/test_c026/test_entry_c026.c b/api-tests/dev_apis/crypto/test_c026/test_entry_c026.c
index 89b3126..57aa1b3 100644
--- a/api-tests/dev_apis/crypto/test_c026/test_entry_c026.c
+++ b/api-tests/dev_apis/crypto/test_c026/test_entry_c026.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 26)
#define TEST_DESC "Testing crypto MAC APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c027/test_c027.c b/api-tests/dev_apis/crypto/test_c027/test_c027.c
index b6e3288..c4de02b 100644
--- a/api-tests/dev_apis/crypto/test_c027/test_c027.c
+++ b/api-tests/dev_apis/crypto/test_c027/test_c027.c
@@ -33,11 +33,17 @@
int32_t psa_mac_update_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t i, status;
- size_t length;
- psa_key_policy_t policy;
- psa_mac_operation_t operation;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t length;
+ psa_mac_operation_t operation;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -50,50 +56,39 @@
memset(&operation, 0, sizeof(operation));
memset(data, 0, sizeof(data));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Start a multipart MAC calculation operation */
status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
/* Add a message fragment to a multipart MAC operation */
status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, check1[i].data,
check1[i].data_size);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
if (check1[i].expected_status != PSA_SUCCESS)
{
/* Abort a MAC operation */
status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
continue;
}
@@ -101,20 +96,20 @@
/* Finish the calculation of the MAC of a message */
status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_FINISH, &operation, data,
sizeof(data), &length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
/* Add a message fragment to the same multipart MAC operation*/
status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, check1[i].data,
check1[i].data_size);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9));
/* Abort a MAC operation */
status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c027/test_c027.h b/api-tests/dev_apis/crypto/test_c027/test_c027.h
index ea4c22f..4af68c6 100644
--- a/api-tests/dev_apis/crypto/test_c027/test_c027.h
+++ b/api-tests/dev_apis/crypto/test_c027/test_c027.h
@@ -18,9 +18,9 @@
#define _TEST_C027_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c027)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c027)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c027/test_entry_c027.c b/api-tests/dev_apis/crypto/test_c027/test_entry_c027.c
index fedebfc..8e40ce1 100644
--- a/api-tests/dev_apis/crypto/test_c027/test_entry_c027.c
+++ b/api-tests/dev_apis/crypto/test_c027/test_entry_c027.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 27)
#define TEST_DESC "Testing crypto MAC APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c028/test_c028.c b/api-tests/dev_apis/crypto/test_c028/test_c028.c
index 475feb7..9599fb4 100644
--- a/api-tests/dev_apis/crypto/test_c028/test_c028.c
+++ b/api-tests/dev_apis/crypto/test_c028/test_c028.c
@@ -32,12 +32,17 @@
int32_t psa_mac_sign_finish_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t i, status;
- size_t length;
- psa_key_policy_t policy;
- psa_mac_operation_t operation;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t length;
+ psa_mac_operation_t operation;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -50,65 +55,53 @@
memset(&operation, 0, sizeof(operation));
memset(data, 0, sizeof(data));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Start a multipart MAC calculation operation */
status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
/* Add a message fragment to a multipart MAC operation */
status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, check1[i].data,
check1[i].data_size);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
/* Finish the calculation of the MAC of a message */
status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_FINISH, &operation, data,
check1[i].mac_size, &length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
if (check1[i].expected_status != PSA_SUCCESS)
{
/* Abort a MAC operation */
status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
continue;
}
/* Check if the MAC length matches with the expected length */
- TEST_ASSERT_EQUAL(length, check1[i].expected_length, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_EQUAL(length, check1[i].expected_length, TEST_CHECKPOINT_NUM(9));
/* Check if the MAC data matches with the expected data */
- TEST_ASSERT_MEMCMP(check1[i].expected_data, data, length, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_MEMCMP(check1[i].expected_data, data, length, TEST_CHECKPOINT_NUM(10));
memset(data, 0, sizeof(data));
@@ -118,15 +111,15 @@
*/
status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_FINISH, &operation, data,
check1[i].mac_size, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(13));
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(11));
/* Abort a MAC operation */
status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c028/test_c028.h b/api-tests/dev_apis/crypto/test_c028/test_c028.h
index a8b1b0f..bebadba 100644
--- a/api-tests/dev_apis/crypto/test_c028/test_c028.h
+++ b/api-tests/dev_apis/crypto/test_c028/test_c028.h
@@ -18,9 +18,9 @@
#define _TEST_C028_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c028)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c028)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c028/test_entry_c028.c b/api-tests/dev_apis/crypto/test_c028/test_entry_c028.c
index 86dda65..7646fd5 100644
--- a/api-tests/dev_apis/crypto/test_c028/test_entry_c028.c
+++ b/api-tests/dev_apis/crypto/test_c028/test_entry_c028.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 28)
#define TEST_DESC "Testing crypto MAC APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c029/test_c029.c b/api-tests/dev_apis/crypto/test_c029/test_c029.c
index 53be0db..816aa10 100644
--- a/api-tests/dev_apis/crypto/test_c029/test_c029.c
+++ b/api-tests/dev_apis/crypto/test_c029/test_c029.c
@@ -33,9 +33,15 @@
int32_t psa_mac_verify_setup_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- psa_key_policy_t policy;
- int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -47,43 +53,30 @@
val->print(PRINT_TEST, check1[i].test_desc, 0);
memset(&operation, 0, sizeof(operation));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Start a multipart MAC verification operation */
status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
/* Whether setup succeeded or failed, abort must succeed.
* Abort a MAC operation
*/
status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
/* If setup failed, reproduce the failure, so that the caller can
* test the resulting state of the operation object.
@@ -92,12 +85,12 @@
{
status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
}
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
@@ -106,7 +99,6 @@
int32_t psa_mac_verify_setup_negative_test(security_t caller)
{
int num_checks = sizeof(check2)/sizeof(check2[0]);
- psa_key_policy_t policy;
int32_t i, status;
/* Initialize the PSA crypto library*/
@@ -115,20 +107,10 @@
for (i = 0; i < num_checks; i++)
{
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
- memset(&operation, 0, sizeof(operation));
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
val->print(PRINT_TEST, "[Check %d] Test psa_mac_verify_setup invalid key handle\n",
g_test_count++);
/* Start a multipart MAC verification operation */
@@ -142,17 +124,6 @@
status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation,
0, check2[i].key_alg);
TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_mac_verify_setup empty key handle\n",
- g_test_count++);
- /* Start a multipart MAC verification operation */
- status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation,
- check2[i].key_handle, check2[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(6));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c029/test_c029.h b/api-tests/dev_apis/crypto/test_c029/test_c029.h
index b549fed..e12700a 100644
--- a/api-tests/dev_apis/crypto/test_c029/test_c029.h
+++ b/api-tests/dev_apis/crypto/test_c029/test_c029.h
@@ -18,9 +18,9 @@
#define _TEST_C029_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c029)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c029)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c029/test_data.h b/api-tests/dev_apis/crypto/test_c029/test_data.h
index 4adad3a..1a55b00 100644
--- a/api-tests/dev_apis/crypto/test_c029/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c029/test_data.h
@@ -17,8 +17,6 @@
#include "val_crypto.h"
-#define EMPTY_KEY_SLOT 31
-
typedef struct {
char test_desc[75];
psa_key_handle_t key_handle;
diff --git a/api-tests/dev_apis/crypto/test_c029/test_entry_c029.c b/api-tests/dev_apis/crypto/test_c029/test_entry_c029.c
index 78c323f..0ca3e50 100644
--- a/api-tests/dev_apis/crypto/test_c029/test_entry_c029.c
+++ b/api-tests/dev_apis/crypto/test_c029/test_entry_c029.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 29)
#define TEST_DESC "Testing crypto MAC APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c030/test_c030.c b/api-tests/dev_apis/crypto/test_c030/test_c030.c
index 177b0f0..323ee8b 100644
--- a/api-tests/dev_apis/crypto/test_c030/test_c030.c
+++ b/api-tests/dev_apis/crypto/test_c030/test_c030.c
@@ -31,10 +31,16 @@
int32_t psa_mac_verify_finish_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t i, status;
- psa_key_policy_t policy;
- psa_mac_operation_t operation;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_mac_operation_t operation;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -46,58 +52,46 @@
val->print(PRINT_TEST, check1[i].test_desc, 0);
memset(&operation, 0, sizeof(operation));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Start a multipart MAC calculation operation */
status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
/* Add a message fragment to a multipart MAC operation */
status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, check1[i].data,
check1[i].data_size);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
/* Finish the calculation of the MAC of a message and compare it with
* an expected value
*/
status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_FINISH, &operation,
check1[i].expected_mac, check1[i].mac_size);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
if (check1[i].expected_status != PSA_SUCCESS)
{
/* Abort a MAC operation */
status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
continue;
}
@@ -107,15 +101,15 @@
*/
status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_FINISH, &operation,
check1[i].expected_mac, check1[i].mac_size);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9));
/* Abort a MAC operation */
status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c030/test_c030.h b/api-tests/dev_apis/crypto/test_c030/test_c030.h
index 46c2720..eacecd8 100644
--- a/api-tests/dev_apis/crypto/test_c030/test_c030.h
+++ b/api-tests/dev_apis/crypto/test_c030/test_c030.h
@@ -18,9 +18,9 @@
#define _TEST_C030_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c030)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c030)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c030/test_entry_c030.c b/api-tests/dev_apis/crypto/test_c030/test_entry_c030.c
index 0188a08..6fd4896 100644
--- a/api-tests/dev_apis/crypto/test_c030/test_entry_c030.c
+++ b/api-tests/dev_apis/crypto/test_c030/test_entry_c030.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 30)
#define TEST_DESC "Testing crypto MAC APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c031/test_c031.c b/api-tests/dev_apis/crypto/test_c031/test_c031.c
index 040e8a8..eaef9bd 100644
--- a/api-tests/dev_apis/crypto/test_c031/test_c031.c
+++ b/api-tests/dev_apis/crypto/test_c031/test_c031.c
@@ -33,10 +33,16 @@
int32_t psa_mac_abort_test(security_t caller)
{
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t i, status;
- psa_key_policy_t policy;
- psa_mac_operation_t operation;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_mac_operation_t operation;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -48,31 +54,19 @@
val->print(PRINT_TEST, check1[i].test_desc, 0);
memset(&operation, 0, sizeof(operation));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Start a multipart MAC calculation operation */
status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
@@ -97,19 +91,19 @@
int32_t psa_mac_abort_before_finish_test(security_t caller)
{
- size_t length;
- psa_key_policy_t policy;
- psa_algorithm_t key_alg = PSA_ALG_CMAC;
- psa_key_usage_t usage = PSA_KEY_USAGE_SIGN;
- psa_key_handle_t key_handle = 10;
- psa_key_type_t key_type = PSA_KEY_TYPE_AES;
- psa_mac_operation_t operation;
- uint8_t key_data[] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7,
+ size_t length;
+ psa_algorithm_t key_alg = PSA_ALG_CMAC;
+ psa_key_usage_t usage = PSA_KEY_USAGE_SIGN;
+ psa_key_handle_t key_handle = 10;
+ psa_key_type_t key_type = PSA_KEY_TYPE_AES;
+ psa_mac_operation_t operation;
+ uint8_t key_data[] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7,
0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c};
- uint8_t input_data[] = {0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65};
- size_t key_length = sizeof(key_data);
- size_t inputdata_size = sizeof(input_data);
- int32_t status;
+ uint8_t input_data[] = {0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65};
+ size_t key_length = sizeof(key_data);
+ size_t inputdata_size = sizeof(input_data);
+ int32_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
memset(data, 0, sizeof(data));
memset(&operation, 0, sizeof(operation));
@@ -125,26 +119,15 @@
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, usage, key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, key_alg);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, key_handle, key_type, key_data,
- key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ key_length, &key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Start a multipart MAC calculation operation */
status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation, key_handle, key_alg);
diff --git a/api-tests/dev_apis/crypto/test_c031/test_c031.h b/api-tests/dev_apis/crypto/test_c031/test_c031.h
index 0aee628..7582a59 100644
--- a/api-tests/dev_apis/crypto/test_c031/test_c031.h
+++ b/api-tests/dev_apis/crypto/test_c031/test_c031.h
@@ -18,9 +18,9 @@
#define _TEST_C031_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c031)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c031)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c031/test_entry_c031.c b/api-tests/dev_apis/crypto/test_c031/test_entry_c031.c
index bd97a0d..f7b9d7a 100644
--- a/api-tests/dev_apis/crypto/test_c031/test_entry_c031.c
+++ b/api-tests/dev_apis/crypto/test_c031/test_entry_c031.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 31)
#define TEST_DESC "Testing crypto MAC APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c032/test_c032.c b/api-tests/dev_apis/crypto/test_c032/test_c032.c
index 44e4682..0b10ef3 100644
--- a/api-tests/dev_apis/crypto/test_c032/test_c032.c
+++ b/api-tests/dev_apis/crypto/test_c032/test_c032.c
@@ -35,35 +35,32 @@
{
int num_checks = sizeof(check1)/sizeof(check1[0]);
int32_t i, status;
- const uint8_t *key_data;
- psa_key_policy_t policy;
+ const uint8_t *key_data;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+ /* Set the key data buffer to the input base on algorithm */
for (i = 0; i < num_checks; i++)
{
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- memset(&operation, 0, sizeof(operation));
-
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -84,7 +81,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -92,41 +89,41 @@
else
key_data = check1[i].key_data;
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &attributes, check1[i].attr_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Set the key for a multipart symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
/* Whether setup succeeded or failed, abort must succeed.
* Abort a cipher operation
*/
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
if (check1[i].expected_status != PSA_SUCCESS)
{
status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
}
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
@@ -136,7 +133,6 @@
{
int num_checks = sizeof(check2)/sizeof(check2[0]);
int32_t i, status;
- psa_key_policy_t policy;
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -144,20 +140,10 @@
for (i = 0; i < num_checks; i++)
{
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
- memset(&operation, 0, sizeof(operation));
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
val->print(PRINT_TEST, "[Check %d] Test psa_cipher_encrypt_setup - Invalid key handle\n",
g_test_count++);
/* Set the key for a multipart symmetric encryption operation */
@@ -171,22 +157,6 @@
status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
0, check2[i].key_alg);
TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_cipher_encrypt_setup - Empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Set the key for a multipart symmetric encryption operation */
- status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
- check2[i].key_handle, check2[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c032/test_c032.h b/api-tests/dev_apis/crypto/test_c032/test_c032.h
index 02a902c..f229c1a 100644
--- a/api-tests/dev_apis/crypto/test_c032/test_c032.h
+++ b/api-tests/dev_apis/crypto/test_c032/test_c032.h
@@ -18,9 +18,9 @@
#define _TEST_C032_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c032)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c032)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c032/test_data.h b/api-tests/dev_apis/crypto/test_c032/test_data.h
index f7be679..763afde 100644
--- a/api-tests/dev_apis/crypto/test_c032/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c032/test_data.h
@@ -23,6 +23,7 @@
psa_key_type_t key_type;
uint8_t key_data[64];
uint32_t key_length;
+ size_t attr_bits;
psa_key_usage_t usage;
psa_algorithm_t key_alg;
size_t expected_bit_length;
@@ -164,7 +165,7 @@
#ifdef ARCH_TEST_AES_128
{"Test psa_cipher_encrypt_setup 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE, BYTES_TO_BITS(AES_16B_KEY_SIZE),
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
PSA_SUCCESS
},
@@ -173,7 +174,7 @@
#ifdef ARCH_TEST_AES_192
{"Test psa_cipher_encrypt_setup 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
- 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9}, AES_24B_KEY_SIZE,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9}, AES_24B_KEY_SIZE, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_24B_KEY_SIZE),
PSA_SUCCESS
},
@@ -183,7 +184,7 @@
{"Test psa_cipher_encrypt_setup 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
- 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE}, AES_32B_KEY_SIZE,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE}, AES_32B_KEY_SIZE, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_32B_KEY_SIZE),
PSA_SUCCESS
},
@@ -194,7 +195,7 @@
#ifdef ARCH_TEST_DES_1KEY
{"Test psa_cipher_encrypt_setup DES 64 bit key\n", 4, PSA_KEY_TYPE_DES,
{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
- DES_8B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES_8B_KEY_SIZE),
+ DES_8B_KEY_SIZE, 0, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES_8B_KEY_SIZE),
PSA_SUCCESS
},
#endif
@@ -203,7 +204,7 @@
{"Test psa_cipher_encrypt_setup Triple DES 2-Key\n", 5, PSA_KEY_TYPE_DES,
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- DES3_2KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES3_2KEY_SIZE),
+ DES3_2KEY_SIZE, 0, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES3_2KEY_SIZE),
PSA_SUCCESS
},
#endif
@@ -213,7 +214,7 @@
{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- DES3_3KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES3_3KEY_SIZE),
+ DES3_3KEY_SIZE, 0, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES3_3KEY_SIZE),
PSA_SUCCESS
},
#endif
@@ -222,7 +223,7 @@
#ifdef ARCH_TEST_CIPER_MODE_CTR
{"Test psa_cipher_encrypt_setup 16 Byte raw data\n", 7, PSA_KEY_TYPE_RAW_DATA,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
PSA_ERROR_NOT_SUPPORTED
},
@@ -232,7 +233,7 @@
#ifdef ARCH_TEST_CMAC
{"Test psa_cipher_encrypt_setup - not a cipher algorithm\n", 8, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CMAC, BYTES_TO_BITS(AES_16B_KEY_SIZE),
PSA_ERROR_INVALID_ARGUMENT
},
@@ -241,7 +242,7 @@
#ifdef ARCH_TEST_CIPER
{"Test psa_cipher_encrypt_setup - unknown cipher algorithm\n", 9, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CATEGORY_CIPHER, BYTES_TO_BITS(AES_16B_KEY_SIZE),
PSA_ERROR_NOT_SUPPORTED
},
@@ -251,7 +252,7 @@
#ifdef ARCH_TEST_ARC4
{"Test psa_cipher_encrypt_setup - incompatible key ARC4\n", 10, PSA_KEY_TYPE_ARC4,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
PSA_ERROR_NOT_SUPPORTED
},
@@ -259,7 +260,7 @@
{"Test psa_cipher_encrypt_setup - incorrect usage\n", 11, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE, 0,
PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
PSA_ERROR_NOT_PERMITTED
},
@@ -269,13 +270,13 @@
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
#ifdef ARCH_TEST_RSA_2048
{"Test psa_cipher_encrypt_setup - RSA public key\n", 12, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
-{0}, 270,
+{0}, 270, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, 2048,
PSA_ERROR_INVALID_ARGUMENT
},
-{"Test psa_cipher_encrypt_setup - RSA keypair\n", 13, PSA_KEY_TYPE_RSA_KEYPAIR,
-{0}, 1193,
+{"Test psa_cipher_encrypt_setup - RSA keypair\n", 13, PSA_KEY_TYPE_RSA_KEY_PAIR,
+{0}, 1193, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, 2048,
PSA_ERROR_INVALID_ARGUMENT
},
@@ -285,7 +286,7 @@
#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
{"Test psa_cipher_encrypt_setup - EC Public key\n", 14,
- PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1), {0}, 65,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1), {0}, 65, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, 256,
PSA_ERROR_INVALID_ARGUMENT
},
@@ -293,7 +294,7 @@
#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
{"Test psa_cipher_encrypt_setup - EC keypair\n", 15,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1), {0}, 28,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1), {0}, 28, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, 224,
PSA_ERROR_INVALID_ARGUMENT
},
@@ -306,7 +307,7 @@
#ifdef ARCH_TEST_AES_128
{"Test psa_cipher_encrypt_setup negative cases\n", 16, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE, 0,
PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
PSA_SUCCESS
},
diff --git a/api-tests/dev_apis/crypto/test_c032/test_entry_c032.c b/api-tests/dev_apis/crypto/test_c032/test_entry_c032.c
index 1ff8b8e..e05c81d 100644
--- a/api-tests/dev_apis/crypto/test_c032/test_entry_c032.c
+++ b/api-tests/dev_apis/crypto/test_c032/test_entry_c032.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 32)
#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c033/test_c033.c b/api-tests/dev_apis/crypto/test_c033/test_c033.c
index c3b6009..f1dc46d 100644
--- a/api-tests/dev_apis/crypto/test_c033/test_c033.c
+++ b/api-tests/dev_apis/crypto/test_c033/test_c033.c
@@ -35,35 +35,32 @@
{
int num_checks = sizeof(check1)/sizeof(check1[0]);
int32_t i, status;
- const uint8_t *key_data;
- psa_key_policy_t policy;
+ const uint8_t *key_data;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+ /* Set the key data buffer to the input base on algorithm */
for (i = 0; i < num_checks; i++)
{
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- memset(&operation, 0, sizeof(operation));
-
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -84,7 +81,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -92,42 +89,40 @@
else
key_data = check1[i].key_data;
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Set the key for a multipart symmetric decryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
/* Whether setup succeeded or failed, abort must succeed.
* Abort a cipher operation
*/
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
if (check1[i].expected_status != PSA_SUCCESS)
{
status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
}
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
@@ -137,7 +132,6 @@
{
int num_checks = sizeof(check2)/sizeof(check2[0]);
int32_t i, status;
- psa_key_policy_t policy;
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -145,20 +139,10 @@
for (i = 0; i < num_checks; i++)
{
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
- memset(&operation, 0, sizeof(operation));
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
val->print(PRINT_TEST, "[Check %d] Test psa_cipher_decrypt_setup - Invalid key handle\n",
g_test_count++);
/* Set the key for a multipart symmetric decryption operation */
@@ -173,21 +157,6 @@
0, check2[i].key_alg);
TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
- val->print(PRINT_TEST, "[Check %d] Test psa_cipher_decrypt_setup - Empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Set the key for a multipart symmetric decryption operation */
- status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
- check2[i].key_handle, check2[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c033/test_c033.h b/api-tests/dev_apis/crypto/test_c033/test_c033.h
index 7a0befb..5e2aa85 100644
--- a/api-tests/dev_apis/crypto/test_c033/test_c033.h
+++ b/api-tests/dev_apis/crypto/test_c033/test_c033.h
@@ -18,9 +18,9 @@
#define _TEST_C033_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c033)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c033)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c033/test_data.h b/api-tests/dev_apis/crypto/test_c033/test_data.h
index 82cc109..c44e8ed 100644
--- a/api-tests/dev_apis/crypto/test_c033/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c033/test_data.h
@@ -17,8 +17,6 @@
#include "val_crypto.h"
-#define EMPTY_KEY_SLOT 31
-
typedef struct {
char test_desc[75];
psa_key_handle_t key_handle;
@@ -276,7 +274,7 @@
PSA_ERROR_INVALID_ARGUMENT
},
-{"Test psa_cipher_decrypt_setup - RSA keypair\n", 13, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_cipher_decrypt_setup - RSA keypair\n", 13, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 1193,
PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, 2048,
PSA_ERROR_INVALID_ARGUMENT
@@ -295,7 +293,7 @@
#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
{"Test psa_cipher_decrypt_setup - EC keypair\n", 15,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1), {0}, 28,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1), {0}, 28,
PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT, 224,
PSA_ERROR_INVALID_ARGUMENT
},
diff --git a/api-tests/dev_apis/crypto/test_c033/test_entry_c033.c b/api-tests/dev_apis/crypto/test_c033/test_entry_c033.c
index a979d30..7a97fb3 100644
--- a/api-tests/dev_apis/crypto/test_c033/test_entry_c033.c
+++ b/api-tests/dev_apis/crypto/test_c033/test_entry_c033.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 33)
#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c034/test_c034.c b/api-tests/dev_apis/crypto/test_c034/test_c034.c
index 97c5bee..eb0f7d8 100644
--- a/api-tests/dev_apis/crypto/test_c034/test_c034.c
+++ b/api-tests/dev_apis/crypto/test_c034/test_c034.c
@@ -36,9 +36,15 @@
uint32_t i, j, iv_sum;
uint8_t iv[32];
size_t iv_length;
- psa_key_policy_t policy;
psa_cipher_operation_t operation;
int32_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -50,58 +56,45 @@
val->print(PRINT_TEST, check1[i].test_desc, 0);
memset(&operation, 0, sizeof(operation));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Set the key for a multipart symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
/* Generate an IV for a symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_GENERATE_IV, &operation, iv,
check1[i].iv_size, &iv_length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
if (check1[i].expected_status != PSA_SUCCESS)
{
/* Abort a cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
continue;
}
/* Check that if generated iv length match the expected length */
- TEST_ASSERT_EQUAL(iv_length, check1[i].expected_iv_length, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(iv_length, check1[i].expected_iv_length, TEST_CHECKPOINT_NUM(8));
iv_sum = 0;
for (j = 0; j < iv_length; j++)
@@ -109,23 +102,26 @@
iv_sum += iv[j];
}
- /* Check that if generated iv are zero */
- TEST_ASSERT_NOT_EQUAL(iv_sum, 0, TEST_CHECKPOINT_NUM(11));
+ /* Check that if generated iv are not zero */
+ TEST_ASSERT_NOT_EQUAL(iv_sum, 0, TEST_CHECKPOINT_NUM(9));
/* Generating an IV for a symmetric encryption operation using the same operator
* should fail
*/
status = val->crypto_function(VAL_CRYPTO_CIPHER_GENERATE_IV, &operation, iv,
check1[i].iv_size, &iv_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(10));
/* Abort a cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c034/test_c034.h b/api-tests/dev_apis/crypto/test_c034/test_c034.h
index 3d1211a..7e94b95 100644
--- a/api-tests/dev_apis/crypto/test_c034/test_c034.h
+++ b/api-tests/dev_apis/crypto/test_c034/test_c034.h
@@ -18,9 +18,9 @@
#define _TEST_C034_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c034)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c034)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c034/test_entry_c034.c b/api-tests/dev_apis/crypto/test_c034/test_entry_c034.c
index c86a67d..b568daf 100644
--- a/api-tests/dev_apis/crypto/test_c034/test_entry_c034.c
+++ b/api-tests/dev_apis/crypto/test_c034/test_entry_c034.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 34)
#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c035/test_c035.c b/api-tests/dev_apis/crypto/test_c035/test_c035.c
index 010b275..5d6e5c5 100644
--- a/api-tests/dev_apis/crypto/test_c035/test_c035.c
+++ b/api-tests/dev_apis/crypto/test_c035/test_c035.c
@@ -34,8 +34,14 @@
{
int num_checks = sizeof(check1)/sizeof(check1[0]);
int32_t i, status;
- psa_key_policy_t policy;
psa_cipher_operation_t operation;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -47,57 +53,47 @@
val->print(PRINT_TEST, check1[i].test_desc, 0);
memset(&operation, 0, sizeof(operation));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Set the key for a multipart symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
/* Set an IV for a symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, check1[i].iv,
check1[i].iv_size);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
/* Setting an IV for a symmetric encryption operation using the same operator
* should fail for both previous success and failure cases
*/
status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, check1[i].iv,
check1[i].iv_size);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(6));
/* Abort a cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c035/test_c035.h b/api-tests/dev_apis/crypto/test_c035/test_c035.h
index d4cf6f8..aeda8b9 100644
--- a/api-tests/dev_apis/crypto/test_c035/test_c035.h
+++ b/api-tests/dev_apis/crypto/test_c035/test_c035.h
@@ -18,9 +18,9 @@
#define _TEST_C035_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c035)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c035)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c035/test_entry_c035.c b/api-tests/dev_apis/crypto/test_c035/test_entry_c035.c
index a37200f..1c628eb 100644
--- a/api-tests/dev_apis/crypto/test_c035/test_entry_c035.c
+++ b/api-tests/dev_apis/crypto/test_c035/test_entry_c035.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 35)
#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c036/test_c036.c b/api-tests/dev_apis/crypto/test_c036/test_c036.c
index bf5969a..ac236f9 100644
--- a/api-tests/dev_apis/crypto/test_c036/test_c036.c
+++ b/api-tests/dev_apis/crypto/test_c036/test_c036.c
@@ -32,15 +32,20 @@
static int g_test_count = 1;
static uint8_t input[SIZE_32B];
static uint8_t output[SIZE_32B];
-static psa_cipher_operation_t operation;
int32_t psa_cipher_update_test(security_t caller)
{
int num_checks = sizeof(check1)/sizeof(check1[0]);
int32_t i, status;
size_t length;
- psa_key_policy_t policy;
- psa_cipher_operation_t invalid_operation;
+ psa_cipher_operation_t operation;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -50,91 +55,74 @@
{
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
-
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
memset(&operation, 0, sizeof(operation));
- memset(&invalid_operation, 0, sizeof(invalid_operation));
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
if (check1[i].usage == PSA_KEY_USAGE_ENCRYPT)
{
/* Set the key for a multipart symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
}
else if (check1[i].usage == PSA_KEY_USAGE_DECRYPT)
{
status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
}
/* Set an IV for a symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, check1[i].iv,
check1[i].iv_size);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
/* Encrypt or decrypt a message fragment in an active cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_UPDATE, &operation, check1[i].input,
check1[i].input_length, output, check1[i].output_size, &length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
if (check1[i].expected_status != PSA_SUCCESS)
{
/* Abort a cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
continue;
}
/* Check if the output length matches the expected length */
- TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(10));
/* Check if the output data matches the expected data */
- TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(13));
-
- /* Encrypt or decrypt a message fragment in an invalid cipher operation should fail */
- status = val->crypto_function(VAL_CRYPTO_CIPHER_UPDATE, &invalid_operation,
- check1[i].input, check1[i].input_length, output, check1[i].output_size,
- &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(14));
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(11));
/* Abort a cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c036/test_c036.h b/api-tests/dev_apis/crypto/test_c036/test_c036.h
index 61fe7e5..583c97d 100644
--- a/api-tests/dev_apis/crypto/test_c036/test_c036.h
+++ b/api-tests/dev_apis/crypto/test_c036/test_c036.h
@@ -18,9 +18,9 @@
#define _TEST_C036_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c036)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c036)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c036/test_entry_c036.c b/api-tests/dev_apis/crypto/test_c036/test_entry_c036.c
index f46a6b3..d7b09df 100644
--- a/api-tests/dev_apis/crypto/test_c036/test_entry_c036.c
+++ b/api-tests/dev_apis/crypto/test_c036/test_entry_c036.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 36)
#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c037/test_c037.c b/api-tests/dev_apis/crypto/test_c037/test_c037.c
index 8a7fdc8..01b0b34 100644
--- a/api-tests/dev_apis/crypto/test_c037/test_c037.c
+++ b/api-tests/dev_apis/crypto/test_c037/test_c037.c
@@ -38,8 +38,14 @@
int num_checks = sizeof(check1)/sizeof(check1[0]);
int32_t i, status;
size_t update_length, finish_length;
- psa_key_policy_t policy;
psa_cipher_operation_t operation, invalid_operation;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -49,102 +55,91 @@
{
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
-
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
memset(&operation, 0, sizeof(operation));
- memset(&invalid_operation, 0, sizeof(invalid_operation));
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
if (check1[i].usage == PSA_KEY_USAGE_ENCRYPT)
{
/* Set the key for a multipart symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
}
else if (check1[i].usage == PSA_KEY_USAGE_DECRYPT)
{
/* Set the key for a multipart symmetric decryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
check1[i].key_handle, check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
}
/* Set an IV for a symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, check1[i].iv,
check1[i].iv_size);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
/* Encrypt or decrypt a message fragment in an active cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_UPDATE, &operation, check1[i].input,
check1[i].input_length, output, check1[i].output_size[SLOT_1], &update_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
/* Finish encrypting or decrypting a message in a cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_FINISH, &operation,
output + update_length, check1[i].output_size[SLOT_2], &finish_length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
if (check1[i].expected_status != PSA_SUCCESS)
{
/* Abort a cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
continue;
}
/* Check if the output length matches the expected length */
- TEST_ASSERT_EQUAL(finish_length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(13));
+ TEST_ASSERT_EQUAL(finish_length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(11));
/* Check if the output data matches the expected data */
TEST_ASSERT_MEMCMP(output, check1[i].expected_output,
(update_length + finish_length),
- TEST_CHECKPOINT_NUM(14));
+ TEST_CHECKPOINT_NUM(12));
/* Finish encrypting or decrypting a message using an invalid operation should fail */
status = val->crypto_function(VAL_CRYPTO_CIPHER_FINISH, &invalid_operation, output,
check1[i].output_size[SLOT_2], &finish_length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(15));
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(13));
/* Abort a cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
/* Abort a cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &invalid_operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(17));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(18));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c037/test_c037.h b/api-tests/dev_apis/crypto/test_c037/test_c037.h
index e7e1bda..e74afef 100644
--- a/api-tests/dev_apis/crypto/test_c037/test_c037.h
+++ b/api-tests/dev_apis/crypto/test_c037/test_c037.h
@@ -18,9 +18,9 @@
#define _TEST_C037_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c037)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c037)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c037/test_entry_c037.c b/api-tests/dev_apis/crypto/test_c037/test_entry_c037.c
index 7732adb..7cbcab2 100644
--- a/api-tests/dev_apis/crypto/test_c037/test_entry_c037.c
+++ b/api-tests/dev_apis/crypto/test_c037/test_entry_c037.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 37)
#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c038/test_c038.c b/api-tests/dev_apis/crypto/test_c038/test_c038.c
index 54b4b7d..c4d6bd9 100644
--- a/api-tests/dev_apis/crypto/test_c038/test_c038.c
+++ b/api-tests/dev_apis/crypto/test_c038/test_c038.c
@@ -35,8 +35,14 @@
{
int num_checks = sizeof(check1)/sizeof(check1[0]);
int32_t i, status;
- psa_key_policy_t policy;
psa_cipher_operation_t operation;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -48,32 +54,19 @@
val->print(PRINT_TEST, check1[i].test_desc, 0);
memset(&operation, 0, sizeof(operation));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
if (check1[i].usage == PSA_KEY_USAGE_ENCRYPT)
{
@@ -101,6 +94,9 @@
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
@@ -109,7 +105,6 @@
int32_t psa_cipher_abort_before_update_test(security_t caller)
{
size_t length;
- psa_key_policy_t policy;
psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING;
psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT;
psa_key_handle_t key_handle = 13;
@@ -125,6 +120,7 @@
size_t input_length = sizeof(input);
size_t iv_size = sizeof(iv);
int32_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -134,52 +130,44 @@
val->print(PRINT_TEST, "Test psa_cipher_update after psa_cipher_abort should fail\n", 0);
memset(&operation, 0, sizeof(operation));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, usage, key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, key_handle,
- key_type, key_data, key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ key_length, &key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Set the key for a multipart symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
key_handle, key_alg);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
/* Set an IV for a symmetric encryption operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, iv, iv_size);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
/* Abort a cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
/* Encrypt or decrypt a message fragment in an active cipher operation */
status = val->crypto_function(VAL_CRYPTO_CIPHER_UPDATE, &operation, input,
input_length, output, SIZE_32B, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(7));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
return VAL_STATUS_SUCCESS;
}
diff --git a/api-tests/dev_apis/crypto/test_c038/test_c038.h b/api-tests/dev_apis/crypto/test_c038/test_c038.h
index 6d6e5f0..0bbabd9 100644
--- a/api-tests/dev_apis/crypto/test_c038/test_c038.h
+++ b/api-tests/dev_apis/crypto/test_c038/test_c038.h
@@ -18,9 +18,9 @@
#define _TEST_C038_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c038)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c038)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c038/test_entry_c038.c b/api-tests/dev_apis/crypto/test_c038/test_entry_c038.c
index d027ada..fdbbce1 100644
--- a/api-tests/dev_apis/crypto/test_c038/test_entry_c038.c
+++ b/api-tests/dev_apis/crypto/test_c038/test_entry_c038.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 38)
#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c039/test_c039.c b/api-tests/dev_apis/crypto/test_c039/test_c039.c
index 30a833e..d93b33c 100644
--- a/api-tests/dev_apis/crypto/test_c039/test_c039.c
+++ b/api-tests/dev_apis/crypto/test_c039/test_c039.c
@@ -48,10 +48,16 @@
{
int num_checks = sizeof(check1)/sizeof(check1[0]);
int32_t i, status;
- const uint8_t *key_data;
- uint8_t *salt;
+ const uint8_t *key_data;
+ uint8_t *salt;
size_t length;
- psa_key_policy_t policy;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -62,25 +68,16 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
memset(output, 0, sizeof(output));
/* Set the key data based on key type */
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -105,7 +102,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -113,19 +110,15 @@
else
key_data = check1[i].key_data;
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE)
{
@@ -139,19 +132,19 @@
status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_ENCRYPT, check1[i].key_handle,
check1[i].key_alg, check1[i].input, check1[i].input_length, salt,
check1[i].salt_length, output, check1[i].output_size, &length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
if (check1[i].expected_status != PSA_SUCCESS)
{
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
continue;
}
/* Check if the output length matches with the expected output length */
- TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(6));
/* We test encryption by checking that encrypt-then-decrypt gives back
* the original plaintext because of the non-optional random
@@ -161,18 +154,21 @@
status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_DECRYPT,
check1[i].key_handle, check1[i].key_alg, output, length, salt,
check1[i].salt_length, output, check1[i].output_size, &length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
/* Check if the output length matches with the input length */
- TEST_ASSERT_EQUAL(length, check1[i].input_length, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(length, check1[i].input_length, TEST_CHECKPOINT_NUM(8));
/* Check if the output matches with the given input data */
- TEST_ASSERT_MEMCMP(output, check1[i].input, length, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_MEMCMP(output, check1[i].input, length, TEST_CHECKPOINT_NUM(9));
}
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
@@ -182,9 +178,8 @@
{
int num_checks = sizeof(check2)/sizeof(check2[0]);
int32_t i, status;
- uint8_t *salt;
+ uint8_t *salt = NULL;
size_t length;
- psa_key_policy_t policy;
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -192,18 +187,17 @@
for (i = 0; i < num_checks; i++)
{
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
+ if (is_buffer_empty(check2[i].salt, check2[i].salt_length) == TRUE)
+ {
+ salt = NULL;
+ check2[i].salt_length = 0;
+ }
+ else
+ salt = check2[i].salt;
val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_encrypt - Invalid key handle\n",
g_test_count++);
@@ -220,31 +214,6 @@
check2[i].key_alg, check2[i].input, check2[i].input_length, salt,
check2[i].salt_length, output, check2[i].output_size, &length);
TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_encrypt - Empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE)
- {
- salt = NULL;
- check1[i].salt_length = 0;
- }
- else
- salt = check1[i].salt;
-
- /* Encrypt a short message with a public key */
- status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_ENCRYPT, check2[i].key_handle,
- check2[i].key_alg, check2[i].input, check2[i].input_length, salt,
- check2[i].salt_length, output, check2[i].output_size, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c039/test_c039.h b/api-tests/dev_apis/crypto/test_c039/test_c039.h
index 27d7497..065918d 100644
--- a/api-tests/dev_apis/crypto/test_c039/test_c039.h
+++ b/api-tests/dev_apis/crypto/test_c039/test_c039.h
@@ -18,9 +18,9 @@
#define _TEST_C039_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c039)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c039)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c039/test_data.h b/api-tests/dev_apis/crypto/test_c039/test_data.h
index 5bb5109..79dd42a 100644
--- a/api-tests/dev_apis/crypto/test_c039/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c039/test_data.h
@@ -158,7 +158,7 @@
#endif
#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
-{"Test psa_asymmetric_encrypt - RSA KEYPAIR PKCS1V15\n", 4, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_encrypt - RSA KEY_PAIR PKCS1V15\n", 4, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
{0}, 0,
{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
@@ -167,7 +167,7 @@
128, 1024, PSA_SUCCESS
},
-{"Test psa_asymmetric_encrypt - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_encrypt - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
{0}, 0,
{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
@@ -227,7 +227,7 @@
}
{"Test psa_asymmetric_encrypt - ECC keypair\n", 10,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
{0}, 97, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
{0}, 0,
{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
diff --git a/api-tests/dev_apis/crypto/test_c039/test_entry_c039.c b/api-tests/dev_apis/crypto/test_c039/test_entry_c039.c
index 323f173..6f638de 100644
--- a/api-tests/dev_apis/crypto/test_c039/test_entry_c039.c
+++ b/api-tests/dev_apis/crypto/test_c039/test_entry_c039.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 39)
#define TEST_DESC "Testing crypto asymmetric APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c040/test_c040.c b/api-tests/dev_apis/crypto/test_c040/test_c040.c
index 760ab19..8dba0df 100644
--- a/api-tests/dev_apis/crypto/test_c040/test_c040.c
+++ b/api-tests/dev_apis/crypto/test_c040/test_c040.c
@@ -51,7 +51,13 @@
const uint8_t *key_data;
uint8_t *salt;
size_t length;
- psa_key_policy_t policy;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -62,25 +68,16 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
- /* Setting up the watchdog timer for each check */
+ /* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
memset(output, 0, sizeof(output));
/* Set the key data based on key type */
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -105,7 +102,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -113,19 +110,15 @@
else
key_data = check1[i].key_data;
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE)
{
@@ -159,6 +152,9 @@
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
}
return VAL_STATUS_SUCCESS;
@@ -170,7 +166,6 @@
int32_t i, status;
uint8_t *salt;
size_t length;
- psa_key_policy_t policy;
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -178,18 +173,18 @@
for (i = 0; i < num_checks; i++)
{
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
+ if (is_buffer_empty(check2[i].salt, check2[i].salt_length) == TRUE)
+ {
+ salt = NULL;
+ check2[i].salt_length = 0;
+ }
+ else
+ salt = check1[i].salt;
val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_decrypt - Invalid key handle\n",
g_test_count++);
@@ -206,31 +201,6 @@
check2[i].key_alg, check2[i].input, check2[i].input_length, salt,
check2[i].salt_length, output, check2[i].output_size, &length);
TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_decrypt - Empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE)
- {
- salt = NULL;
- check1[i].salt_length = 0;
- }
- else
- salt = check1[i].salt;
-
- /* Encrypt a short message with a public key */
- status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_DECRYPT, check2[i].key_handle,
- check2[i].key_alg, check2[i].input, check2[i].input_length, salt,
- check2[i].salt_length, output, check2[i].output_size, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c040/test_c040.h b/api-tests/dev_apis/crypto/test_c040/test_c040.h
index ebb8f5b..4aa592a 100644
--- a/api-tests/dev_apis/crypto/test_c040/test_c040.h
+++ b/api-tests/dev_apis/crypto/test_c040/test_c040.h
@@ -18,9 +18,9 @@
#define _TEST_C040_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c040)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c040)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c040/test_data.h b/api-tests/dev_apis/crypto/test_c040/test_data.h
index c6bc248..371d230 100644
--- a/api-tests/dev_apis/crypto/test_c040/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c040/test_data.h
@@ -125,7 +125,7 @@
static test_data check1[] = {
#ifdef ARCH_TEST_RSA_1024
#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
-{"Test psa_asymmetric_decrypt - RSA KEYPAIR PKCS1V15\n", 1, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_decrypt - RSA KEY_PAIR PKCS1V15\n", 1, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
{0}, 0,
{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
@@ -148,7 +148,7 @@
#ifdef ARCH_TEST_SHA256
#ifdef ARCH_TEST_RSA_OAEP
-{"Test psa_asymmetric_decrypt - RSA KEYPAIR OAEP SHA256\n", 2, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_decrypt - RSA KEY_PAIR OAEP SHA256\n", 2, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),
{0}, 0,
{0x3d, 0x31, 0x46, 0xb1, 0xc9, 0x82, 0x00, 0x42, 0x73, 0xa9, 0xeb, 0xb9, 0xb0,
@@ -166,8 +166,8 @@
0, 1024, PSA_SUCCESS
},
-{"Test psa_asymmetric_decrypt - RSA KEYPAIR OAEP SHA256 with label\n", 3,
- PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_decrypt - RSA KEY_PAIR OAEP SHA256 with label\n", 3,
+ PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),
{0x74, 0x68, 0x69, 0x73, 0x00, 0x69, 0x73, 0x00, 0x61, 0x00, 0x6c, 0x61, 0x62,
0x65, 0x6c, 0x00}, 16,
@@ -210,7 +210,7 @@
0, 1024, PSA_ERROR_INVALID_ARGUMENT
},
-{"Test psa_asymmetric_decrypt - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_decrypt - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
{0}, 0,
{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
@@ -232,7 +232,7 @@
#endif
#ifdef ARCH_TEST_SHA256
-{"Test psa_asymmetric_decrypt - Invalid algorithm\n", 6, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_decrypt - Invalid algorithm\n", 6, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_SHA_256,
{0}, 0,
{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
@@ -279,7 +279,7 @@
#endif
#ifdef ARCH_TEST_RSA_1024
-{"Test psa_asymmetric_decrypt - Invalid usage\n", 8, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_decrypt - Invalid usage\n", 8, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
{0}, 0,
{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
@@ -305,7 +305,7 @@
static test_data check2[] = {
#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
#ifdef ARCH_TEST_RSA_1024
-{"Test psa_asymmetric_decrypt - Negative case\n", 1, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_decrypt - Negative case\n", 1, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
{0}, 0,
{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
diff --git a/api-tests/dev_apis/crypto/test_c040/test_entry_c040.c b/api-tests/dev_apis/crypto/test_c040/test_entry_c040.c
index 7b36aed..8744aca 100644
--- a/api-tests/dev_apis/crypto/test_c040/test_entry_c040.c
+++ b/api-tests/dev_apis/crypto/test_c040/test_entry_c040.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 40)
#define TEST_DESC "Testing crypto asymmetric APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c041/test_c041.c b/api-tests/dev_apis/crypto/test_c041/test_c041.c
index 101e16a..ea343f3 100644
--- a/api-tests/dev_apis/crypto/test_c041/test_c041.c
+++ b/api-tests/dev_apis/crypto/test_c041/test_c041.c
@@ -37,7 +37,13 @@
int32_t i, status;
const uint8_t *key_data;
size_t length;
- psa_key_policy_t policy;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -48,25 +54,15 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
memset(signature, 0, sizeof(signature));
/* Set the key data based on key type */
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -91,7 +87,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -99,25 +95,21 @@
else
key_data = check1[i].key_data;
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Sign a hash or short message with a private key */
status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_SIGN, check1[i].key_handle,
check1[i].key_alg, check1[i].input, check1[i].input_length,
signature, check1[i].signature_size, &length);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
if (check1[i].expected_status != PSA_SUCCESS)
{
@@ -129,14 +121,14 @@
}
/* Check if the output length matches with the expected length */
- TEST_ASSERT_EQUAL(length, check1[i].expected_signature_length, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(length, check1[i].expected_signature_length, TEST_CHECKPOINT_NUM(5));
/* Check if the output matches with the expected data */
- TEST_ASSERT_MEMCMP(signature, check1[i].expected_signature, length, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_MEMCMP(signature, check1[i].expected_signature, length, TEST_CHECKPOINT_NUM(6));
/* Destroy the key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
@@ -147,7 +139,6 @@
int num_checks = sizeof(check2)/sizeof(check2[0]);
int32_t i, status;
size_t length;
- psa_key_policy_t policy;
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -155,19 +146,10 @@
for (i = 0; i < num_checks; i++)
{
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_sign - Invalid key handle\n",
g_test_count++);
/* Sign a hash or short message with a private key */
@@ -183,23 +165,6 @@
check2[i].key_alg, check2[i].input, check2[i].input_length,
signature, check2[i].signature_size, &length);
TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_sign - Empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Sign a hash or short message with a private key */
- status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_SIGN, check2[i].key_handle,
- check2[i].key_alg, check2[i].input, check2[i].input_length,
- signature, check2[i].signature_size, &length);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c041/test_c041.h b/api-tests/dev_apis/crypto/test_c041/test_c041.h
index 11f8074..326bed6 100644
--- a/api-tests/dev_apis/crypto/test_c041/test_c041.h
+++ b/api-tests/dev_apis/crypto/test_c041/test_c041.h
@@ -18,9 +18,9 @@
#define _TEST_C041_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c041)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c041)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c041/test_data.h b/api-tests/dev_apis/crypto/test_c041/test_data.h
index cecccb6..8c596e1 100644
--- a/api-tests/dev_apis/crypto/test_c041/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c041/test_data.h
@@ -112,7 +112,7 @@
static test_data check1[] = {
#ifdef ARCH_TEST_RSA_1024
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-{"Test psa_asymmetric_sign - RSA KEYPAIR PKCS1V15 RAW\n", 1, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_sign - RSA KEY_PAIR PKCS1V15 RAW\n", 1, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
{0x61, 0x62, 0x63}, 3, 128,
{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
@@ -131,7 +131,7 @@
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
#ifdef ARCH_TEST_SHA256
-{"Test psa_asymmetric_sign - RSA KEYPAIR PKCS1V15 SHA-256\n", 2, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_sign - RSA KEY_PAIR PKCS1V15 SHA-256\n", 2, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
@@ -156,7 +156,7 @@
#ifdef ARCH_TEST_DETERMINISTIC_ECDSA
#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
{"Test psa_asymmetric_sign - ECDSA SECP256R1 SHA-256\n", 3,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1), {0}, 32,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1), {0}, 32,
PSA_KEY_USAGE_SIGN, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
{0x9a, 0xc4, 0x33, 0x5b, 0x46, 0x9b, 0xbd, 0x79, 0x14, 0x39, 0x24, 0x85, 0x04,
0xdd, 0x0d, 0x49, 0xc7, 0x13, 0x49, 0xa2, 0x95, 0xfe, 0xe5, 0xa1, 0xc6, 0x85,
@@ -192,7 +192,7 @@
128, 1024, PSA_ERROR_INVALID_ARGUMENT
},
-{"Test psa_asymmetric_sign - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_sign - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
@@ -211,7 +211,7 @@
},
#endif
-{"Test psa_asymmetric_sign - Invalid algorithm\n", 6, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_sign - Invalid algorithm\n", 6, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_SHA_256,
{0x61, 0x62, 0x63}, 3, 128,
{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
@@ -253,7 +253,7 @@
#ifdef ARCH_TEST_RSA_1024
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-{"Test psa_asymmetric_sign - Invalid usage\n", 8, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_sign - Invalid usage\n", 8, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
{0x61, 0x62, 0x63}, 3, 128,
{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
@@ -272,7 +272,7 @@
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
#ifdef ARCH_TEST_SHA256
-{"Test psa_asymmetric_sign - Wrong hash size\n", 9, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_sign - Wrong hash size\n", 9, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
@@ -297,7 +297,7 @@
static test_data check2[] = {
#ifdef ARCH_TEST_RSA_1024
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-{"Test psa_asymmetric_sign - Negative case\n", 10, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_sign - Negative case\n", 10, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
{0x61, 0x62, 0x63}, 3, 128,
{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
diff --git a/api-tests/dev_apis/crypto/test_c041/test_entry_c041.c b/api-tests/dev_apis/crypto/test_c041/test_entry_c041.c
index dd70f13..9edd9f6 100644
--- a/api-tests/dev_apis/crypto/test_c041/test_entry_c041.c
+++ b/api-tests/dev_apis/crypto/test_c041/test_entry_c041.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 41)
#define TEST_DESC "Testing crypto asymmetric APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c042/test_c042.c b/api-tests/dev_apis/crypto/test_c042/test_c042.c
index 43ed5ec..d511f2a 100644
--- a/api-tests/dev_apis/crypto/test_c042/test_c042.c
+++ b/api-tests/dev_apis/crypto/test_c042/test_c042.c
@@ -35,7 +35,13 @@
int num_checks = sizeof(check1)/sizeof(check1[0]);
int32_t i, status;
const uint8_t *key_data;
- psa_key_policy_t policy;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -46,23 +52,14 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
/* Set the key data based on key type */
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -87,7 +84,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -95,29 +92,25 @@
else
key_data = check1[i].key_data;
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Verify the signature a hash or short message using a public key */
status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_VERIFY, check1[i].key_handle,
check1[i].key_alg, check1[i].input, check1[i].input_length,
check1[i].signature, check1[i].signature_size);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
/* Destroy a key and restore the slot to its default state */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
}
return VAL_STATUS_SUCCESS;
@@ -127,7 +120,6 @@
{
int num_checks = sizeof(check2)/sizeof(check2[0]);
int32_t i, status;
- psa_key_policy_t policy;
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -138,21 +130,10 @@
val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_verify - Invalid key handle\n",
g_test_count++);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
- val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_verify - Invalid key handle\n",
- g_test_count++);
/* Verify the signature a hash or short message using a public key */
status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_VERIFY, check2[i].key_handle,
check2[i].key_alg, check2[i].input, check2[i].input_length,
@@ -167,22 +148,6 @@
check2[i].signature, check2[i].signature_size);
TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
- val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_verify - Empty key handle\n",
- g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Verify the signature a hash or short message using a public key */
- status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_VERIFY, check2[i].key_handle,
- check2[i].key_alg, check2[i].input, check2[i].input_length,
- check2[i].signature, check2[i].signature_size);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c042/test_c042.h b/api-tests/dev_apis/crypto/test_c042/test_c042.h
index b6c2f61..fb9c83a 100644
--- a/api-tests/dev_apis/crypto/test_c042/test_c042.h
+++ b/api-tests/dev_apis/crypto/test_c042/test_c042.h
@@ -18,9 +18,9 @@
#define _TEST_C042_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c042)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c042)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
diff --git a/api-tests/dev_apis/crypto/test_c042/test_data.h b/api-tests/dev_apis/crypto/test_c042/test_data.h
index 53a4ea6..5f8592c 100644
--- a/api-tests/dev_apis/crypto/test_c042/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c042/test_data.h
@@ -117,7 +117,7 @@
static test_data check1[] = {
#ifdef ARCH_TEST_RSA_1024
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-{"Test psa_asymmetric_verify - RSA KEYPAIR PKCS1V15 RAW\n", 1, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_verify - RSA KEY_PAIR PKCS1V15 RAW\n", 1, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
{0x61, 0x62, 0x63}, 3,
{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
@@ -136,7 +136,7 @@
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
#ifdef ARCH_TEST_SHA256
-{"Test psa_asymmetric_verify - RSA KEYPAIR PKCS1V15 SHA-256\n", 2, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_verify - RSA KEY_PAIR PKCS1V15 SHA-256\n", 2, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
@@ -160,8 +160,8 @@
#ifdef ARCH_TEST_SHA256
#ifdef ARCH_TEST_DETERMINISTIC_ECDSA
#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
-{"Test psa_asymmetric_verify - ECDSA KEYPAIR SECP256R1 SHA-256\n", 3,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1), {0}, 32,
+{"Test psa_asymmetric_verify - ECDSA KEY_PAIR SECP256R1 SHA-256\n", 3,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1), {0}, 32,
PSA_KEY_USAGE_VERIFY, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
{0x9a, 0xc4, 0x33, 0x5b, 0x46, 0x9b, 0xbd, 0x79, 0x14, 0x39, 0x24, 0x85, 0x04,
0xdd, 0x0d, 0x49, 0xc7, 0x13, 0x49, 0xa2, 0x95, 0xfe, 0xe5, 0xa1, 0xc6, 0x85,
@@ -197,7 +197,7 @@
128, 1024, PSA_SUCCESS
},
-{"Test psa_asymmetric_verify - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_verify - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
@@ -216,7 +216,7 @@
},
#endif
-{"Test psa_asymmetric_verify - Invalid algorithm\n", 6, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_verify - Invalid algorithm\n", 6, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_SHA_256,
{0x61, 0x62, 0x63}, 3,
{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
@@ -258,7 +258,7 @@
#ifdef ARCH_TEST_RSA_1024
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-{"Test psa_asymmetric_verify - Invalid usage\n", 8, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_verify - Invalid usage\n", 8, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
{0x61, 0x62, 0x63}, 3,
{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
@@ -277,7 +277,7 @@
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
#ifdef ARCH_TEST_SHA256
-{"Test psa_asymmetric_verify - Wrong hash size\n", 9, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_verify - Wrong hash size\n", 9, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
@@ -353,7 +353,7 @@
static test_data check2[] = {
#ifdef ARCH_TEST_RSA_1024
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
-{"Test psa_asymmetric_verify - Negative case\n", 13, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_asymmetric_verify - Negative case\n", 13, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
{0x61, 0x62, 0x63}, 3,
{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
diff --git a/api-tests/dev_apis/crypto/test_c042/test_entry_c042.c b/api-tests/dev_apis/crypto/test_c042/test_entry_c042.c
index 7687142..176c937 100644
--- a/api-tests/dev_apis/crypto/test_c042/test_entry_c042.c
+++ b/api-tests/dev_apis/crypto/test_c042/test_entry_c042.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 42)
#define TEST_DESC "Testing crypto asymmetric APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c043/test_c043.c b/api-tests/dev_apis/crypto/test_c043/test_c043.c
index c61aad4..a9d16c8 100644
--- a/api-tests/dev_apis/crypto/test_c043/test_c043.c
+++ b/api-tests/dev_apis/crypto/test_c043/test_c043.c
@@ -1,4 +1,3 @@
-
/** @file
* Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
* SPDX-License-Identifier : Apache-2.0
@@ -23,21 +22,26 @@
client_test_t test_c043_crypto_list[] = {
NULL,
- psa_key_agreement_test,
- psa_key_agreement_negative_test,
+ psa_raw_key_agreement_test,
+ psa_raw_key_agreement_negative_test,
NULL,
};
static int g_test_count = 1;
static uint8_t output[SIZE_50B];
-int32_t psa_key_agreement_test(security_t caller)
+int32_t psa_raw_key_agreement_test(security_t caller)
{
int num_checks = sizeof(check1)/sizeof(check1[0]);
int32_t i, status;
- size_t capacity;
- psa_key_policy_t policy;
- psa_crypto_generator_t generator = {0};
+ size_t output_length;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -48,70 +52,37 @@
val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
val->print(PRINT_TEST, check1[i].test_desc, 0);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, check1[i].key_data, check1[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
/* Set up a key agreement operation */
- status = val->crypto_function(VAL_CRYPTO_KEY_AGREEMENT, &generator,
+ status = val->crypto_function(VAL_CRYPTO_RAW_KEY_AGREEMENT, check1[i].key_alg,
check1[i].key_handle, check1[i].peer_key, check1[i].peer_key_length,
- check1[i].key_alg);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+ output, check1[i].output_size, &output_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
if (check1[i].expected_status != PSA_SUCCESS)
{
- /* Abort a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
-
/* Destroy a key and restore the slot to its default state */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
continue;
}
- /* Retrieve the current capacity of a generator */
- status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
-
- /* Check if the generator capacity matches with the expected capacity */
- TEST_ASSERT_EQUAL(capacity, check1[i].expected_capacity, TEST_CHECKPOINT_NUM(10));
-
- /* Read some data from a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, output,
- check1[i].expected_output_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
-
- /* Check if the output matches with the expected data */
- TEST_ASSERT_MEMCMP(output, check1[i].expected_output, check1[i].expected_output_length,
- TEST_CHECKPOINT_NUM(12));
-
- /* Abort a generator */
- status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+ TEST_ASSERT_EQUAL(output_length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(6));
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, output_length,
+ TEST_CHECKPOINT_NUM(7));
/* Destroy a key and restore the slot to its default state */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
@@ -121,12 +92,11 @@
return VAL_STATUS_SUCCESS;
}
-int32_t psa_key_agreement_negative_test(security_t caller)
+int32_t psa_raw_key_agreement_negative_test(security_t caller)
{
int num_checks = sizeof(check2)/sizeof(check2[0]);
int32_t i, status;
- psa_key_policy_t policy;
- psa_crypto_generator_t generator = {0};
+ size_t output_length;
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -134,53 +104,27 @@
for (i = 0; i < num_checks; i++)
{
- val->print(PRINT_TEST, "[Check %d] Test psa_key_agreement - Invalid key handle\n",
- g_test_count++);
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
-
/* Setting up the watchdog timer for each check */
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
- val->print(PRINT_TEST, "[Check %d] Test psa_key_agreement - Invalid key handle\n",
+ val->print(PRINT_TEST, "[Check %d] Test psa_raw_key_agreement - Invalid key handle\n",
g_test_count++);
/* Set up a key agreement operation */
- status = val->crypto_function(VAL_CRYPTO_KEY_AGREEMENT, &generator,
+ status = val->crypto_function(VAL_CRYPTO_RAW_KEY_AGREEMENT, check2[i].key_alg,
check2[i].key_handle, check2[i].peer_key, check2[i].peer_key_length,
- check2[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_key_agreement - Zero as key handle\n",
- g_test_count++);
- /* Set up a key agreement operation */
- status = val->crypto_function(VAL_CRYPTO_KEY_AGREEMENT, &generator,
- 0, check2[i].peer_key, check2[i].peer_key_length,
- check2[i].key_alg);
+ output, check2[i].output_size, &output_length);
TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
- val->print(PRINT_TEST, "[Check %d] Test psa_key_agreement - Empty key handle\n",
+ val->print(PRINT_TEST, "[Check %d] Test psa_raw_key_agreement - Zero as key handle\n",
g_test_count++);
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
- &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
/* Set up a key agreement operation */
- status = val->crypto_function(VAL_CRYPTO_KEY_AGREEMENT, &generator,
- check2[i].key_handle, check2[i].peer_key, check2[i].peer_key_length,
- check2[i].key_alg);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(7));
+ status = val->crypto_function(VAL_CRYPTO_RAW_KEY_AGREEMENT, check2[i].key_alg,
+ 0, check2[i].peer_key, check2[i].peer_key_length,
+ output, check2[i].output_size, &output_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c043/test_c043.h b/api-tests/dev_apis/crypto/test_c043/test_c043.h
index 0192b6e..ec64a53 100644
--- a/api-tests/dev_apis/crypto/test_c043/test_c043.h
+++ b/api-tests/dev_apis/crypto/test_c043/test_c043.h
@@ -18,14 +18,14 @@
#define _TEST_C043_CLIENT_TESTS_H_
#include "val_crypto.h"
-#define test_entry CONCAT(test_entry_,c043)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, c043)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
extern val_api_t *val;
extern psa_api_t *psa;
extern client_test_t test_c043_crypto_list[];
-int32_t psa_key_agreement_test(security_t caller);
-int32_t psa_key_agreement_negative_test(security_t caller);
+int32_t psa_raw_key_agreement_test(security_t caller);
+int32_t psa_raw_key_agreement_negative_test(security_t caller);
#endif /* _TEST_C043_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c043/test_data.h b/api-tests/dev_apis/crypto/test_c043/test_data.h
index e2d100f..b319e22 100644
--- a/api-tests/dev_apis/crypto/test_c043/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c043/test_data.h
@@ -29,7 +29,7 @@
size_t peer_key_length;
uint8_t expected_output[48];
size_t expected_output_length;
- size_t expected_capacity;
+ size_t output_size;
psa_status_t expected_status;
} test_data;
@@ -37,11 +37,11 @@
static test_data check1[] = {
#ifdef ARCH_TEST_ECDH
#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
-{"Test psa_key_agreement - ECDH SECP256R1\n", 1,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{"Test psa_raw_key_agreement - ECDH SECP256R1\n", 1,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
- 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH,
{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
@@ -52,16 +52,33 @@
0x25, 0x65, 0x20, 0x2f, 0xef, 0x8e, 0x9e, 0xce, 0x7d, 0xce, 0x03, 0x81, 0x24,
0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 32, PSA_SUCCESS
},
+
+{"Test psa_raw_key_agreement - Small buffer size\n", 1,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH,
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65,
+{0xd6, 0x84, 0x0f, 0x6b, 0x42, 0xf6, 0xed, 0xaf, 0xd1, 0x31, 0x16, 0xe0, 0xe1,
+ 0x25, 0x65, 0x20, 0x2f, 0xef, 0x8e, 0x9e, 0xce, 0x7d, 0xce, 0x03, 0x81, 0x24,
+ 0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 10, PSA_ERROR_INVALID_ARGUMENT
+},
+
#endif
#ifdef ARCH_TEST_ECC_CURVE_SECP384R1
-{"Test psa_key_agreement - ECDH SECP384R1\n", 2,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1),
+{"Test psa_raw_key_agreement - ECDH SECP384R1\n", 2,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1),
{0x09, 0x9f, 0x3c, 0x70, 0x34, 0xd4, 0xa2, 0xc6, 0x99, 0x88, 0x4d, 0x73, 0xa3,
0x75, 0xa6, 0x7f, 0x76, 0x24, 0xef, 0x7c, 0x6b, 0x3c, 0x0f, 0x16, 0x06, 0x47,
0xb6, 0x74, 0x14, 0xdc, 0xe6, 0x55, 0xe3, 0x5b, 0x53, 0x80, 0x41, 0xe6, 0x49,
0xee, 0x3f, 0xae, 0xf8, 0x96, 0x78, 0x3a, 0xb1, 0x94}, 48, PSA_KEY_USAGE_DERIVE,
- PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+ PSA_ALG_ECDH,
{0x04, 0xe5, 0x58,
0xdb, 0xef, 0x53, 0xee, 0xcd, 0xe3, 0xd3, 0xfc, 0xcf, 0xc1, 0xae, 0xa0, 0x8a,
0x89, 0xa9, 0x87, 0x47, 0x5d, 0x12, 0xfd, 0x95, 0x0d, 0x83, 0xcf, 0xa4, 0x17,
@@ -79,11 +96,11 @@
#endif
#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
-{"Test psa_key_agreement - Invalid usage\n", 3,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{"Test psa_raw_key_agreement - Invalid usage\n", 3,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
- 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_ECDH,
{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
@@ -95,11 +112,12 @@
0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 32, PSA_ERROR_NOT_PERMITTED
},
-{"Test psa_key_agreement - Unknown KDF\n", 4,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{"Test psa_raw_key_agreement - Unknown KDF\n", 4,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
- 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH(0),
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_HASH_ALG_INVALID),
{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
@@ -108,7 +126,7 @@
65,
{0xd6, 0x84, 0x0f, 0x6b, 0x42, 0xf6, 0xed, 0xaf, 0xd1, 0x31, 0x16, 0xe0, 0xe1,
0x25, 0x65, 0x20, 0x2f, 0xef, 0x8e, 0x9e, 0xce, 0x7d, 0xce, 0x03, 0x81, 0x24,
- 0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 32, PSA_ERROR_NOT_SUPPORTED
+ 0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 32, PSA_ERROR_INVALID_ARGUMENT
},
#endif
#endif
@@ -116,8 +134,8 @@
#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
#ifdef ARCH_TEST_SHA256
#ifdef ARCH_TEST_HKDF
-{"Test psa_key_agreement - Not a key agreement alg\n", 5,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{"Test psa_raw_key_agreement - Not a key agreement alg\n", 5,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
@@ -135,11 +153,11 @@
#endif
#ifdef ARCH_TEST_ECDH
-{"Test psa_key_agreement - Public key on different curve\n", 6,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{"Test psa_raw_key_agreement - Public key on different curve\n", 6,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
- 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH,
{0x04, 0xe5, 0x58,
0xdb, 0xef, 0x53, 0xee, 0xcd, 0xe3, 0xd3, 0xfc, 0xcf, 0xc1, 0xae, 0xa0, 0x8a,
0x89, 0xa9, 0x87, 0x47, 0x5d, 0x12, 0xfd, 0x95, 0x0d, 0x83, 0xcf, 0xa4, 0x17,
@@ -152,14 +170,14 @@
{0}, 0, 0, PSA_ERROR_INVALID_ARGUMENT
},
-{"Test psa_key_agreement - Public key instead of private key\n", 7,
+{"Test psa_raw_key_agreement - Public key instead of private key\n", 7,
PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
- 65, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+ 65, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH,
{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
@@ -174,11 +192,11 @@
static test_data check2[] = {
#ifdef ARCH_TEST_ECDH
#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
-{"Test psa_key_agreement - Negative case\n", 8,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{"Test psa_raw_key_agreement - Negative case\n", 8,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
- 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH,
{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
diff --git a/api-tests/dev_apis/crypto/test_c043/test_entry_c043.c b/api-tests/dev_apis/crypto/test_c043/test_entry_c043.c
index b1ba5e3..05e493b 100644
--- a/api-tests/dev_apis/crypto/test_c043/test_entry_c043.c
+++ b/api-tests/dev_apis/crypto/test_c043/test_entry_c043.c
@@ -20,7 +20,8 @@
#include "test_c043.h"
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 43)
-#define TEST_DESC "Testing crypto generator APIs\n"
+#define TEST_DESC "Testing crypto key derivation APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c044/test_c044.c b/api-tests/dev_apis/crypto/test_c044/test_c044.c
index aa59789..e528d41 100644
--- a/api-tests/dev_apis/crypto/test_c044/test_c044.c
+++ b/api-tests/dev_apis/crypto/test_c044/test_c044.c
@@ -24,7 +24,6 @@
client_test_t test_c044_crypto_list[] = {
NULL,
psa_copy_key_test,
- psa_copy_key_negative_test,
NULL,
};
@@ -33,16 +32,23 @@
int32_t psa_copy_key_test(security_t caller)
{
- uint32_t length, i;
- const uint8_t *key_data;
- psa_key_policy_t policy, target_policy, constraint;
- psa_key_handle_t target_handle = 0;
- psa_key_type_t key_type, target_type;
- psa_algorithm_t expected_key_alg;
- psa_key_usage_t expected_usage;
- size_t bits, target_bits;
- int num_checks = sizeof(check1)/sizeof(check1[0]);
- int32_t status, export_status;
+ uint32_t length, i;
+ const uint8_t *key_data;
+ psa_key_handle_t target_handle = 0;
+ psa_key_usage_t get_key_usage_flags;
+ psa_algorithm_t get_key_algorithm;
+ size_t get_key_bits;
+ psa_key_type_t get_key_type;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t status, export_status;
+ psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
/* Initialize the PSA crypto library*/
status = val->crypto_function(VAL_CRYPTO_INIT);
@@ -58,14 +64,10 @@
status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
{
- if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
{
if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
key_data = rsa_384_keypair;
@@ -86,7 +88,7 @@
}
else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
{
- if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
key_data = ec_keypair;
else
key_data = ec_keydata;
@@ -94,208 +96,101 @@
else
key_data = check1[i].key_data;
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
- check1[i].key_alg);
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &source_attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &source_attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &source_attributes, check1[i].usage);
/* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
- check1[i].key_type, key_data, check1[i].key_length);
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &source_attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Setup the attributes for the target key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &target_attributes,
+ check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &target_attributes,
+ check1[i].target_key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &target_attributes,
+ check1[i].target_usage);
+
+ /* Make a copy of a key */
+ status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check1[i].key_handle,
+ &target_attributes, &target_handle);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ /* Destroy the source key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
- &key_type, &bits);
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &source_attributes);
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &target_attributes);
+
+ continue;
+ }
+
+ /* Check if the target key attributes is as expected */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_ATTRIBUTES, target_handle,
+ &target_attributes);
TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &target_policy);
+ val->crypto_function(VAL_CRYPTO_GET_KEY_TYPE, &target_attributes, &get_key_type);
+ TEST_ASSERT_EQUAL(get_key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &target_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ val->crypto_function(VAL_CRYPTO_GET_KEY_USAGE_FLAGS, &target_attributes,
+ &get_key_usage_flags);
+ TEST_ASSERT_EQUAL(get_key_usage_flags, check1[i].expected_usage, TEST_CHECKPOINT_NUM(8));
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &target_policy,
- check1[i].target_usage, check1[i].target_key_alg);
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ALGORITHM, &target_attributes, &get_key_algorithm);
+ TEST_ASSERT_EQUAL(get_key_algorithm, check1[i].expected_key_alg, TEST_CHECKPOINT_NUM(9));
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, target_handle, &target_policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
-
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &target_policy);
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &constraint);
-
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &constraint,
- check1[i].constraint_usage, check1[i].constraint_key_alg);
- /* Make a copy of a key */
- status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check1[i].key_handle, target_handle,
- &constraint);
- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
-
- if (check1[i].expected_status != PSA_SUCCESS)
- continue;
-
- /* Destroy the source to ensure that this doesn't affect the target */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
-
- /* Get basic metadata about a key */
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, target_handle,
- &target_type, &target_bits);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
-
- TEST_ASSERT_EQUAL(target_type, key_type, TEST_CHECKPOINT_NUM(12));
- TEST_ASSERT_EQUAL(target_bits, bits, TEST_CHECKPOINT_NUM(13));
-
- status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, target_handle, &target_policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
-
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_GET_USAGE, &target_policy, &expected_usage);
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_GET_ALGORITHM, &target_policy,
- &expected_key_alg);
-
- TEST_ASSERT_EQUAL(expected_usage, check1[i].expected_usage, TEST_CHECKPOINT_NUM(15));
- TEST_ASSERT_EQUAL(expected_key_alg, check1[i].expected_key_alg, TEST_CHECKPOINT_NUM(16));
-
- if (expected_usage & PSA_KEY_USAGE_EXPORT)
- export_status = PSA_SUCCESS;
- else
- export_status = PSA_ERROR_NOT_PERMITTED;
+ val->crypto_function(VAL_CRYPTO_GET_KEY_BITS, &target_attributes, &get_key_bits);
+ TEST_ASSERT_EQUAL(get_key_bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(10));
/* Export a key in binary format */
- status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, target_handle, data,
- BUFFER_SIZE, &length);
- TEST_ASSERT_EQUAL(status, export_status, TEST_CHECKPOINT_NUM(17));
+ export_status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, target_handle, data,
+ BUFFER_SIZE, &length);
- if (export_status != PSA_SUCCESS)
- continue;
-
- TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(18));
-
- if (PSA_KEY_TYPE_IS_UNSTRUCTURED(check1[i].key_type))
+ if (!(check1[i].expected_usage & PSA_KEY_USAGE_EXPORT))
{
- TEST_ASSERT_MEMCMP(data, check1[i].key_data, length, TEST_CHECKPOINT_NUM(19));
- }
- else if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type) || PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
- {
- TEST_ASSERT_MEMCMP(data, key_data, length, TEST_CHECKPOINT_NUM(20));
+ export_status = PSA_ERROR_NOT_PERMITTED;
}
else
{
- return VAL_STATUS_INVALID;
+ /* Check if the target key data is same as source data */
+ export_status = PSA_SUCCESS;
+ TEST_ASSERT_EQUAL(status, export_status, TEST_CHECKPOINT_NUM(11));
+
+ TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(12));
+
+ if (PSA_KEY_TYPE_IS_UNSTRUCTURED(check1[i].key_type))
+ {
+ TEST_ASSERT_MEMCMP(data, check1[i].key_data, length, TEST_CHECKPOINT_NUM(13));
+ }
+ else if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type)
+ || PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ TEST_ASSERT_MEMCMP(data, key_data, length, TEST_CHECKPOINT_NUM(14));
+ }
+ else
+ {
+ return VAL_STATUS_INVALID;
+ }
}
- /* Destroy the key */
+ /* Destroy the target key */
status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, target_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(21));
- }
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15));
- return VAL_STATUS_SUCCESS;
-}
+ /* Copy on a destroyed source should be an error */
+ status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check1[i].key_handle,
+ &target_attributes, &target_handle);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(16));
-int32_t psa_copy_key_negative_test(security_t caller)
-{
- int num_checks = sizeof(check2)/sizeof(check2[0]);
- int32_t i, status;
- psa_key_policy_t policy, target_policy, constraint;
- psa_key_handle_t target_handle;
-
- /* Initialize the PSA crypto library*/
- status = val->crypto_function(VAL_CRYPTO_INIT);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
-
- for (i = 0; i < num_checks; i++)
- {
- val->print(PRINT_TEST, "[Check %d] Test psa_copy_key with unallocated target key slot\n",
- g_test_count++);
-
- /* Setting up the watchdog timer for each check */
- status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
- TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
-
- /* Allocate a key slot for a transient key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
-
- /* Initialize a key policy structure to a default that forbids all
- * usage of the key
- */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
- memset(&target_handle, 0xDEADDEAD, sizeof(target_handle));
-
- /* Set the usage policy on a key slot */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
- check2[i].key_alg);
-
- /* Import the key data into the key slot */
- status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
- check2[i].key_type, check2[i].key_data, check2[i].key_length);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
-
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &constraint);
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &constraint,
- check2[i].constraint_usage, check2[i].constraint_key_alg);
-
- /* Make a copy of a key with unallocated target handle*/
- status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check2[i].key_handle, target_handle,
- &constraint);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(5));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_copy_key with target containing key material\n",
- g_test_count++);
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &target_policy);
-
- /* Allocate a key slot for a target key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &target_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
-
- /* Set the standard fields of a policy structure */
- val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &target_policy,
- check2[i].target_usage, check2[i].target_key_alg);
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, target_handle, &target_policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
-
- /* Make a copy of a key */
- status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check2[i].key_handle, target_handle,
- &constraint);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
-
- /* Make a copy of a key in the existing target slot*/
- status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check2[i].key_handle, target_handle,
- &constraint);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_ALREADY_EXISTS, TEST_CHECKPOINT_NUM(9));
-
- val->print(PRINT_TEST, "[Check %d] Test psa_copy_key with no source handle\n",
- g_test_count++);
- /* Destroy the contents of source and target slots */
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
-
- status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, target_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
-
- /* Allocate a key slot for a target key */
- status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &target_handle);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
-
- /* Set the usage policy on a key slot */
- status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, target_handle, &target_policy);
- TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
-
- /* Make a copy of a key with no source material*/
- status = val->crypto_function(VAL_CRYPTO_COPY_KEY, check2[i].key_handle, target_handle,
- &constraint);
- TEST_ASSERT_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST, TEST_CHECKPOINT_NUM(14));
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &source_attributes);
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &target_attributes);
}
return VAL_STATUS_SUCCESS;
diff --git a/api-tests/dev_apis/crypto/test_c044/test_c044.h b/api-tests/dev_apis/crypto/test_c044/test_c044.h
index f187d3b..ac4a474 100644
--- a/api-tests/dev_apis/crypto/test_c044/test_c044.h
+++ b/api-tests/dev_apis/crypto/test_c044/test_c044.h
@@ -27,5 +27,4 @@
extern client_test_t test_c044_crypto_list[];
int32_t psa_copy_key_test(security_t caller);
-int32_t psa_copy_key_negative_test(security_t caller);
#endif /* _TEST_C044_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c044/test_data.h b/api-tests/dev_apis/crypto/test_c044/test_data.h
index 47786db..e5dd430 100644
--- a/api-tests/dev_apis/crypto/test_c044/test_data.h
+++ b/api-tests/dev_apis/crypto/test_c044/test_data.h
@@ -25,11 +25,9 @@
uint32_t key_length;
psa_key_usage_t usage;
psa_key_usage_t target_usage;
- psa_key_usage_t constraint_usage;
psa_key_usage_t expected_usage;
psa_algorithm_t key_alg;
psa_algorithm_t target_key_alg;
- psa_algorithm_t constraint_key_alg;
psa_algorithm_t expected_key_alg;
uint32_t expected_bit_length;
uint32_t expected_key_length;
@@ -173,33 +171,46 @@
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9, 0x77},
AES_16B_KEY_SIZE,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
},
+
+{"Test psa_copy_key without copy usage\n", 2, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_NOT_PERMITTED
+},
#endif
#ifdef ARCH_TEST_AES_192
-{"Test psa_copy_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{"Test psa_copy_key 24 Byte AES\n", 3, PSA_KEY_TYPE_AES,
{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05},
AES_24B_KEY_SIZE,
- PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT,
- PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT,
- PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT,
+ PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_AES_256
-{"Test psa_copy_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{"Test psa_copy_key 32 Byte AES\n", 4, PSA_KEY_TYPE_AES,
{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
AES_32B_KEY_SIZE,
- PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -207,52 +218,56 @@
#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
#ifdef ARCH_TEST_RSA_2048
-{"Test psa_copy_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{"Test psa_copy_key 2048 RSA public key\n", 5, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
{0},
270,
- PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN, PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN,
- PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT, PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
2048, 270, PSA_SUCCESS
},
-{"Test psa_copy_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_copy_key with RSA 2048 keypair\n", 6, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0},
1193,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY, PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
2048, 1193, PSA_SUCCESS
},
{"Test psa_copy_key with Incompatible target policy(source and target)\n",
- 12, PSA_KEY_TYPE_RSA_KEYPAIR,
+ 7, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0},
1193,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH), PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH),
- -1, -1,
+ -1,
2048, 1193, PSA_ERROR_INVALID_ARGUMENT
},
-{"Test psa_copy_key with Incompatible constraint\n", 6, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_copy_key with Incompatible constraint\n", 8, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0},
1193,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH), PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH),
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH),
PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH), -1,
2048, 1193, PSA_ERROR_INVALID_ARGUMENT
},
-{"Test psa_copy_key with unexport source key usage\n", 7, PSA_KEY_TYPE_RSA_KEYPAIR,
+{"Test psa_copy_key with unexport source key usage\n", 9, PSA_KEY_TYPE_RSA_KEY_PAIR,
{0},
1193,
- PSA_KEY_USAGE_SIGN, PSA_KEY_USAGE_EXPORT,
- PSA_KEY_USAGE_EXPORT, 0,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN, PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY,
PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
2048, 1193, PSA_SUCCESS
},
@@ -261,34 +276,37 @@
#ifdef ARCH_TEST_CIPER_MODE_CTR
#ifdef ARCH_TEST_DES_1KEY
-{"Test psa_copy_key with DES 64 bit key\n", 8, PSA_KEY_TYPE_DES,
+{"Test psa_copy_key with DES 64 bit key\n", 10, PSA_KEY_TYPE_DES,
{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
DES_8B_KEY_SIZE,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_DES_2KEY
-{"Test psa_copy_key with Triple DES 2-Key\n", 9, PSA_KEY_TYPE_DES,
+{"Test psa_copy_key with Triple DES 2-Key\n", 11, PSA_KEY_TYPE_DES,
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
DES3_2KEY_SIZE,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_DES_3KEY
-{"Test psa_copy_key with Triple DES 3-Key\n", 10, PSA_KEY_TYPE_DES,
+{"Test psa_copy_key with Triple DES 3-Key\n", 12, PSA_KEY_TYPE_DES,
{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
DES3_3KEY_SIZE,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
},
#endif
@@ -296,23 +314,25 @@
#ifdef ARCH_TEST_ECDSA
#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
-{"Test psa_copy_key with EC Public key\n", 11,
+{"Test psa_copy_key with EC Public key\n", 13,
PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
{0},
65,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY,
256, 65, PSA_SUCCESS
},
#endif
#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
-{"Test psa_copy_key with EC keypair\n", 12,
- PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+{"Test psa_copy_key with EC keypair\n", 14,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1),
{0},
28,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY, PSA_ALG_ECDSA_ANY,
224, 28, PSA_SUCCESS
},
#endif
@@ -320,29 +340,15 @@
#ifdef ARCH_TEST_CIPER_MODE_CTR
#ifdef ARCH_TEST_AES
-{"Test psa_copy_key with Incompatible target policy\n", 13, PSA_KEY_TYPE_AES,
+{"Test psa_copy_key with Incompatible target policy\n", 15, PSA_KEY_TYPE_AES,
{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
0x5F, 0xC9, 0x77},
AES_16B_KEY_SIZE,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_CTR, PSA_ALG_CBC_NO_PADDING, PSA_ALG_CBC_NO_PADDING, PSA_ALG_CBC_NO_PADDING,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_CTR, PSA_ALG_CBC_NO_PADDING, PSA_ALG_CBC_NO_PADDING,
BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
#endif
#endif
};
-
-static test_data check2[] = {
-#ifdef ARCH_TEST_CIPER_MODE_CTR
-#ifdef ARCH_TEST_AES_128
-{"Test psa_copy_key negative cases\n", 14, PSA_KEY_TYPE_AES,
-{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
- 0x5F, 0xC9, 0x77},
- AES_16B_KEY_SIZE,
- PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_EXPORT,
- PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR, PSA_ALG_CTR,
- BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
-},
-#endif
-#endif
-};
diff --git a/api-tests/dev_apis/crypto/test_c044/test_entry_c044.c b/api-tests/dev_apis/crypto/test_c044/test_entry_c044.c
index 7eebc5c..64499fe 100644
--- a/api-tests/dev_apis/crypto/test_c044/test_entry_c044.c
+++ b/api-tests/dev_apis/crypto/test_c044/test_entry_c044.c
@@ -21,6 +21,7 @@
#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 44)
#define TEST_DESC "Testing crypto key management APIs\n"
+
TEST_PUBLISH(TEST_NUM, test_entry);
val_api_t *val = NULL;
psa_api_t *psa = NULL;
diff --git a/api-tests/dev_apis/crypto/test_c045/test.cmake b/api-tests/dev_apis/crypto/test_c045/test.cmake
new file mode 100644
index 0000000..d84ebb6
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c045/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c045.c
+ test_c045.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c045/test_c045.c b/api-tests/dev_apis/crypto/test_c045/test_c045.c
new file mode 100644
index 0000000..99b0423
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c045/test_c045.c
@@ -0,0 +1,112 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c045.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c045_crypto_list[] = {
+ NULL,
+ psa_hash_clone_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_hash_clone_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ const char *expected_hash;
+ char hash[HASH_64B];
+ size_t hash_length, hash_size = sizeof(hash);
+ psa_hash_operation_t source_operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t target_operation = PSA_HASH_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (check1[i].alg == PSA_ALG_SHA_384)
+ expected_hash = sha384_hash;
+ else if (check1[i].alg == PSA_ALG_SHA_512)
+ expected_hash = sha512_hash;
+ else
+ expected_hash = check1[i].hash;
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &source_operation, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Clone a hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_CLONE, &source_operation, &target_operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Add a message fragment to a multipart hash source_operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &target_operation,
+ &check1[i].input, check1[i].input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Cloning to an active hash operation should be an error*/
+ status = val->crypto_function(VAL_CRYPTO_HASH_CLONE, &source_operation, &target_operation);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(6));
+
+ /* Finish the calculation of the hash of a message */
+ status = val->crypto_function(VAL_CRYPTO_HASH_FINISH, &target_operation, hash, hash_size,
+ &hash_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ continue;
+ }
+
+ TEST_ASSERT_EQUAL(hash_length, PSA_HASH_SIZE(check1[i].alg), TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_MEMCMP(hash, expected_hash, hash_length, TEST_CHECKPOINT_NUM(9));
+
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &source_operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &target_operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+
+ /* Cloning on an aborted operator should be an error */
+ status = val->crypto_function(VAL_CRYPTO_HASH_CLONE, &source_operation, &target_operation);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(12));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c045/test_c045.h b/api-tests/dev_apis/crypto/test_c045/test_c045.h
new file mode 100644
index 0000000..75f63da
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c045/test_c045.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C045_CLIENT_TESTS_H_
+#define _TEST_C045_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c045)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c045_crypto_list[];
+
+int32_t psa_hash_clone_test(security_t caller);
+#endif /* _TEST_C045_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c045/test_data.h b/api-tests/dev_apis/crypto/test_c045/test_data.h
new file mode 100644
index 0000000..55eff9f
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c045/test_data.h
@@ -0,0 +1,115 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[50];
+ psa_algorithm_t alg;
+ char input;
+ size_t input_length;
+ char hash[32];
+ size_t hash_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const char sha384_hash[] = {
+0x43, 0x72, 0xe3, 0x8a, 0x92, 0xa2, 0x8b, 0x5d, 0x2c, 0x39, 0x1e, 0x62,
+0x45, 0x2a, 0x86, 0xd5, 0x0e, 0x02, 0x67, 0x22, 0x8b, 0xe1, 0x76, 0xc7, 0x7d, 0x24, 0x02, 0xef,
+0xfe, 0x9f, 0xa5, 0x0d, 0xe4, 0x07, 0xbb, 0xb8, 0x51, 0xb3, 0x7d, 0x59, 0x04, 0xab, 0xa2, 0xde,
+0xde, 0x74, 0xda, 0x2a};
+
+static const char sha512_hash[] = {
+0x29, 0x6e, 0x22, 0x67, 0xd7, 0x4c, 0x27, 0x8d, 0xaa, 0xaa, 0x94, 0x0d,
+0x17, 0xb0, 0xcf, 0xb7, 0x4a, 0x50, 0x83, 0xf8, 0xe0, 0x69, 0x72, 0x6d, 0x8c, 0x84, 0x1c, 0xbe,
+0x59, 0x6e, 0x04, 0x31, 0xcb, 0x77, 0x41, 0xa5, 0xb5, 0x0f, 0x71, 0x66, 0x6c, 0xfd, 0x54, 0xba,
+0xcb, 0x7b, 0x00, 0xae, 0xa8, 0x91, 0x49, 0x9c, 0xf4, 0xef, 0x6a, 0x03, 0xc8, 0xa8, 0x3f, 0xe3,
+0x7c, 0x3f, 0x7b, 0xaf};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_MD2
+{"Test psa_hash_clone with MD2 algorithm\n",
+ PSA_ALG_MD2, 0xbd, 1,
+ {0x8c, 0x9c, 0x17, 0x66, 0x5d, 0x25, 0xb3, 0x5f, 0xc4, 0x13, 0xc4, 0x18, 0x05, 0xc6, 0x79, 0xcf},
+ 16, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD4
+{"Test psa_hash_clone with MD4 algorithm\n",
+ PSA_ALG_MD4, 0xbd, 1,
+ {0x18, 0xc3, 0x3f, 0x97, 0x29, 0x7e, 0xfe, 0x5f, 0x8a, 0x73, 0x22, 0x58, 0x28, 0x9f, 0xda, 0x25},
+ 16, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD5
+{"Test psa_hash_clone with MD5 algorithm\n",
+ PSA_ALG_MD5, 0xbd, 1,
+ {0xab, 0xae, 0x57, 0xcb, 0x56, 0x2e, 0xcf, 0x29, 0x5b, 0x4a, 0x37, 0xa7, 0x6e, 0xfe, 0x61, 0xfb},
+ 16, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_RIPEMD160
+{"Test psa_hash_clone with RIPEMD160 algorithm\n",
+ PSA_ALG_RIPEMD160, 0xbd, 1,
+ {0x50, 0x89, 0x26, 0x5e, 0xe5, 0xd9, 0xaf, 0x75, 0xd1, 0x2d, 0xbf, 0x7e, 0xa2, 0xf2, 0x7d, 0xbd,
+ 0xee, 0x43, 0x5b, 0x37},
+ 20, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA1
+{"Test psa_hash_clone with SHA1 algorithm\n",
+ PSA_ALG_SHA_1, 0xbd, 1,
+ {0x90, 0x34, 0xaa, 0xf4, 0x51, 0x43, 0x99, 0x6a, 0x2b, 0x14, 0x46, 0x5c, 0x35, 0x2a, 0xb0, 0xc6,
+ 0xfa, 0x26, 0xb2, 0x21},
+ 20, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_hash_clone with SHA224 algorithm\n",
+ PSA_ALG_SHA_224, 0xbd, 1,
+ {0xb1, 0xe4, 0x6b, 0xb9, 0xef, 0xe4, 0x5a, 0xf5, 0x54, 0x36, 0x34, 0x49, 0xc6, 0x94, 0x5a, 0x0d,
+ 0x61, 0x69, 0xfc, 0x3a, 0x5a, 0x39, 0x6a, 0x56, 0xcb, 0x97, 0xcb, 0x57},
+ 28, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_hash_clone with SHA256 algorithm\n",
+ PSA_ALG_SHA_256, 0xbd, 1,
+ {0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70,
+ 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa, 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b},
+ 32, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA384
+{"Test psa_hash_clone with SHA384 algorithm\n",
+ PSA_ALG_SHA_384, 0xbd, 1, {0}, 48, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_hash_clone with SHA512 algorithm\n",
+ PSA_ALG_SHA_512, 0xbd, 1, {0}, 64, PSA_SUCCESS,
+},
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c045/test_entry_c045.c b/api-tests/dev_apis/crypto/test_c045/test_entry_c045.c
new file mode 100644
index 0000000..091008d
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c045/test_entry_c045.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c045.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 45)
+#define TEST_DESC "Testing crypto hash functions APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c045_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c046/test.cmake b/api-tests/dev_apis/crypto/test_c046/test.cmake
new file mode 100644
index 0000000..2673710
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c046/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c046.c
+ test_c046.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c046/test_c046.c b/api-tests/dev_apis/crypto/test_c046/test_c046.c
new file mode 100644
index 0000000..e7ba526
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c046/test_c046.c
@@ -0,0 +1,108 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c046.h"
+#include "test_data.h"
+
+client_test_t test_c046_crypto_list[] = {
+ NULL,
+ psa_mac_compute_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+
+int32_t psa_mac_compute_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t length;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(data, 0, sizeof(data));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Calculate the MAC (message authentication code) of a message */
+ status = val->crypto_function(VAL_CRYPTO_MAC_COMPUTE, check1[i].key_handle,
+ check1[i].key_alg, check1[i].data, check1[i].data_size, data,
+ check1[i].mac_size, &length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ continue;
+ }
+
+ /* Check if the MAC length matches with the expected length */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_length, TEST_CHECKPOINT_NUM(6));
+
+ /* Check if the MAC data matches with the expected data */
+ TEST_ASSERT_MEMCMP(check1[i].expected_data, data, length, TEST_CHECKPOINT_NUM(7));
+
+ memset(data, 0, sizeof(data));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ status = val->crypto_function(VAL_CRYPTO_MAC_COMPUTE, check1[i].key_handle,
+ check1[i].key_alg, check1[i].data, check1[i].data_size, data,
+ check1[i].mac_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(9));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c046/test_c046.h b/api-tests/dev_apis/crypto/test_c046/test_c046.h
new file mode 100644
index 0000000..3fbe054
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c046/test_c046.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C046_CLIENT_TESTS_H_
+#define _TEST_C046_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c046)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c046_crypto_list[];
+
+int32_t psa_mac_compute_test(security_t caller);
+#endif /* _TEST_C046_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c046/test_data.h b/api-tests/dev_apis/crypto/test_c046/test_data.h
new file mode 100644
index 0000000..5ab7070
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c046/test_data.h
@@ -0,0 +1,179 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[64];
+ uint32_t key_length;
+ uint8_t data[16];
+ size_t data_size;
+ uint8_t expected_data[64];
+ size_t mac_size;
+ size_t expected_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_compute HMAC SHA 224\n", 1, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 64, 28,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_224),
+ PSA_SUCCESS
+},
+
+{"Test psa_mac_compute - Incompactible HMAC for CMAC\n", 2, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 64, 28,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_ERROR_NOT_SUPPORTED
+},
+
+{"Test psa_mac_compute - Invalid usage\n", 3, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 64, 28,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_HMAC(PSA_ALG_SHA_224),
+ PSA_ERROR_NOT_SUPPORTED
+},
+
+{"Test psa_mac_compute - truncated MAC too small\n", 4, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 64, 28,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1),
+ PSA_ERROR_NOT_SUPPORTED
+},
+
+{"Test psa_mac_compute - truncated MAC too large\n", 5, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 64, 28,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33),
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_mac_compute - bad algorithm (unknown MAC algorithm)\n", 6, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 64, 28,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(0),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_compute HMAC SHA 256\n", 7, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 64, 32,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_mac_compute HMAC SHA 512\n", 8, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
+ 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
+ 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
+ 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
+ 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54}, 64, 64,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_512),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_compute HMAC SHA 224 (truncated to 8 Byte)\n", 9, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68}, 64, 8,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 8),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CMAC
+#ifdef ARCH_TEST_AES_128
+{"Test psa_mac_compute CMAC AES 128\n", 10, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, 16,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x9A, 0x8F, 0xFF, 0x8D, 0xA3, 0x5B, 0x97, 0xCB, 0x4C, 0x95, 0xF0, 0xFA, 0x6A,
+ 0xE7, 0xE0, 0x77}, 64, 16,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_SUCCESS
+},
+
+{"Test psa_mac_compute small size buffer\n", 11, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, 16,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x9A, 0x8F, 0xFF, 0x8D, 0xA3, 0x5B, 0x97, 0xCB, 0x4C, 0x95, 0xF0, 0xFA, 0x6A,
+ 0xE7, 0xE0, 0x77}, 8, 16,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+
+{"Test psa_mac_compute - Invalid key type\n", 12, PSA_KEY_TYPE_RAW_DATA,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, 16,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x9A, 0x8F, 0xFF, 0x8D, 0xA3, 0x5B, 0x97, 0xCB, 0x4C, 0x95, 0xF0, 0xFA, 0x6A,
+ 0xE7, 0xE0, 0x77}, 64, 16,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c046/test_entry_c046.c b/api-tests/dev_apis/crypto/test_c046/test_entry_c046.c
new file mode 100644
index 0000000..3116fd0
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c046/test_entry_c046.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c046.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 46)
+#define TEST_DESC "Testing crypto MAC APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c046_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c047/test.cmake b/api-tests/dev_apis/crypto/test_c047/test.cmake
new file mode 100644
index 0000000..aea8705
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c047/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c047.c
+ test_c047.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c047/test_c047.c b/api-tests/dev_apis/crypto/test_c047/test_c047.c
new file mode 100644
index 0000000..a28c9c6
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c047/test_c047.c
@@ -0,0 +1,90 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c047.h"
+#include "test_data.h"
+
+client_test_t test_c047_crypto_list[] = {
+ NULL,
+ psa_mac_verify_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_mac_verify_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Calculate the MAC of a message and compare it with a reference value */
+ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY, check1[i].key_handle,
+ check1[i].key_alg, check1[i].data, check1[i].data_size,
+ check1[i].expected_mac, check1[i].mac_size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Calculate the MAC of a message on a destroyed key handle should be an error */
+ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY, check1[i].key_handle,
+ check1[i].key_alg, check1[i].data, check1[i].data_size,
+ check1[i].expected_mac, check1[i].mac_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
+
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c047/test_c047.h b/api-tests/dev_apis/crypto/test_c047/test_c047.h
new file mode 100644
index 0000000..8c47a82
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c047/test_c047.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C047_CLIENT_TESTS_H_
+#define _TEST_C047_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c047)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c047_crypto_list[];
+
+int32_t psa_mac_verify_test(security_t caller);
+#endif /* _TEST_C047_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c047/test_data.h b/api-tests/dev_apis/crypto/test_c047/test_data.h
new file mode 100644
index 0000000..e94b27f
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c047/test_data.h
@@ -0,0 +1,197 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[64];
+ uint32_t key_length;
+ uint8_t data[16];
+ size_t data_size;
+ uint8_t expected_mac[64];
+ size_t mac_size;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_verify HMAC SHA 224\n", 1, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 28,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_224),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_verify HMAC SHA 256\n", 2, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 32,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_SUCCESS
+},
+
+{"Test psa_mac_verify - Incompactible HMAC for CMAC\n", 3, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 32,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_CMAC,
+ PSA_ERROR_NOT_SUPPORTED
+},
+
+{"Test psa_mac_verify - Invalid usage\n", 4, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 32,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_ERROR_NOT_SUPPORTED
+},
+
+{"Test psa_mac_verify - Truncated MAC too large\n", 5, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 32,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33),
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_mac_verify - Truncated MAC too small\n", 6, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 32,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1),
+ PSA_ERROR_NOT_SUPPORTED
+},
+
+{"Test psa_mac_verify - bad algorithm (unknown MAC algorithm)\n", 7, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 32,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(0),
+ PSA_ERROR_NOT_SUPPORTED
+},
+
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_mac_verify HMAC SHA 512\n", 8, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
+ 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
+ 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
+ 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
+ 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54}, 64,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_512),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_verify HMAC SHA 224 (truncated to 8 Byte)\n", 9, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68}, 8,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 8),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CMAC
+{"Test psa_mac_verify CMAC AES 128\n", 10, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, 16,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x9A, 0x8F, 0xFF, 0x8D, 0xA3, 0x5B, 0x97, 0xCB, 0x4C, 0x95, 0xF0, 0xFA, 0x6A,
+ 0xE7, 0xE0, 0x77}, 16,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_CMAC,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+{"Test psa_mac_verify - Invalid key type\n", 11, PSA_KEY_TYPE_RAW_DATA,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, 16,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x9A, 0x8F, 0xFF, 0x8D, 0xA3, 0x5B, 0x97, 0xCB, 0x4C, 0x95, 0xF0, 0xFA, 0x6A,
+ 0xE7, 0xE0, 0x77}, 16,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_CMAC,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_verify small size buffer\n", 12, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 30,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_ERROR_INVALID_SIGNATURE
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_verify incorrect expected MAC\n", 13, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x20}, 28,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_224),
+ PSA_ERROR_INVALID_SIGNATURE
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c047/test_entry_c047.c b/api-tests/dev_apis/crypto/test_c047/test_entry_c047.c
new file mode 100644
index 0000000..5ce7733
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c047/test_entry_c047.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c047.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 47)
+#define TEST_DESC "Testing crypto MAC APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c047_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c048/test.cmake b/api-tests/dev_apis/crypto/test_c048/test.cmake
new file mode 100644
index 0000000..8187923
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c048/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c048.c
+ test_c048.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c048/test_c048.c b/api-tests/dev_apis/crypto/test_c048/test_c048.c
new file mode 100644
index 0000000..8ae030b
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c048/test_c048.c
@@ -0,0 +1,100 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c048.h"
+#include "test_data.h"
+
+client_test_t test_c048_crypto_list[] = {
+ NULL,
+ psa_cipher_encrypt_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t output[SIZE_32B];
+
+int32_t psa_cipher_encrypt_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t output_length;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Encrypt a message using a symmetric cipher */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT, check1[i].key_handle,
+ check1[i].key_alg, check1[i].input, check1[i].input_length, output,
+ check1[i].output_size, &output_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Check if the output length matches the expected length */
+ TEST_ASSERT_EQUAL(output_length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(6));
+
+ /* Check if the output data matches the expected data */
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, output_length,
+ TEST_CHECKPOINT_NUM(7));
+
+ /* Encrypt a message using a symmetric cipher on an aborted key handle should be an error */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT, check1[i].key_handle,
+ check1[i].key_alg, check1[i].input, check1[i].input_length, output,
+ check1[i].output_size, &output_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(8));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c048/test_c048.h b/api-tests/dev_apis/crypto/test_c048/test_c048.h
new file mode 100644
index 0000000..dbd289e
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c048/test_c048.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C048_CLIENT_TESTS_H_
+#define _TEST_C048_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c048)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c048_crypto_list[];
+
+int32_t psa_cipher_encrypt_test(security_t caller);
+#endif /* _TEST_C048_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c048/test_data.h b/api-tests/dev_apis/crypto/test_c048/test_data.h
new file mode 100644
index 0000000..0f9abe3
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c048/test_data.h
@@ -0,0 +1,162 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t input[32];
+ size_t input_length;
+ size_t output_size;
+ uint8_t expected_output[32];
+ size_t expected_output_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_cipher_encrypt - Encrypt - AES CBC_NO_PADDING\n", 1, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, SIZE_32B,
+{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B}, 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_encrypt - Encrypt - AES CBC_NO_PADDING (Short input)\n", 2, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 5, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 0, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_CBC_PKCS7
+{"Test psa_cipher_encrypt - Encrypt - AES CBC_PKCS7\n", 3, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, SIZE_32B,
+{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
+ 0x20, 0x74, 0x3b, 0xca, 0x7e, 0x8a, 0x15, 0xdc, 0x3c, 0x77, 0x64, 0x36, 0x31,
+ 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 16, PSA_SUCCESS
+},
+
+{"Test psa_cipher_encrypt - Encrypt - AES CBC_PKCS7 (Short input)\n", 4, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17}, 15, SIZE_32B,
+{0x62, 0x79, 0xb4, 0x9d, 0x7f, 0x7a, 0x8d, 0xd8, 0x7b, 0x68, 0x51, 0x75, 0xd4,
+ 0x27, 0x6e, 0x24}, 16, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+{"Test psa_cipher_encrypt - Encrypt - AES CTR\n", 5, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, SIZE_32B,
+{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
+ 0xb2, 0xbd, 0x32}, 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_encrypt - Encrypt - AES CTR (short input)\n", 6, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17}, 15, SIZE_32B,
+{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
+ 0xb2, 0xbd}, 0, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_encrypt - Encrypt - DES CBC (nopad)\n", 7, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, SIZE_32B,
+{0x64, 0xf9, 0x17, 0xb0, 0x15, 0x2f, 0x8f, 0x05}, 0, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_encrypt - Encrypt - 2-key 3DE -CBC (nopad)\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce}, DES3_2KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, SIZE_32B,
+{0x5d, 0x06, 0x52, 0x42, 0x9c, 0x5b, 0x0a, 0xc7}, 0, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_encrypt - Encrypt - 3-key 3DE -CBC (nopad)\n", 9, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce, 0x31, 0x32, 0x34, 0x37, 0x38, 0x3b, 0x3d, 0x3e}, DES3_3KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, SIZE_32B,
+{0x81, 0x7c, 0xa7, 0xd6, 0x9b, 0x80, 0xd8, 0x6a}, 0, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_PKCS7
+{"Test psa_cipher_encrypt - small output buffer size\n", 10, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, 15,
+{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
+ 0x20, 0x74, 0x3b, 0xca, 0x7e, 0x8a, 0x15, 0xdc, 0x3c, 0x77, 0x64, 0x36, 0x31,
+ 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 16, PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_cipher_encrypt - Decrypt - AES CBC_NO_PADDING\n", 11, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B},
+ 16, SIZE_32B,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 0, PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c048/test_entry_c048.c b/api-tests/dev_apis/crypto/test_c048/test_entry_c048.c
new file mode 100644
index 0000000..2c04194
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c048/test_entry_c048.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c048.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 48)
+#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c048_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c049/test.cmake b/api-tests/dev_apis/crypto/test_c049/test.cmake
new file mode 100644
index 0000000..56f787a
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c049/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c049.c
+ test_c049.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c049/test_c049.c b/api-tests/dev_apis/crypto/test_c049/test_c049.c
new file mode 100644
index 0000000..024abd5
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c049/test_c049.c
@@ -0,0 +1,99 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c049.h"
+#include "test_data.h"
+
+client_test_t test_c049_crypto_list[] = {
+ NULL,
+ psa_cipher_decrypt_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t output[SIZE_32B];
+
+int32_t psa_cipher_decrypt_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t output_length;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Decrypt a message using a symmetric cipher */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT, check1[i].key_handle,
+ check1[i].key_alg, check1[i].input, check1[i].input_length, output,
+ check1[i].output_size, &output_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Check if the output length matches the expected length */
+ TEST_ASSERT_EQUAL(output_length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(6));
+
+ /* Check if the output data matches the expected data */
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, output_length,
+ TEST_CHECKPOINT_NUM(7));
+
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT, check1[i].key_handle,
+ check1[i].key_alg, check1[i].input, check1[i].input_length, output,
+ check1[i].output_size, &output_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(8));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c049/test_c049.h b/api-tests/dev_apis/crypto/test_c049/test_c049.h
new file mode 100644
index 0000000..93eb031
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c049/test_c049.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C049_CLIENT_TESTS_H_
+#define _TEST_C049_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c049)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c049_crypto_list[];
+
+int32_t psa_cipher_decrypt_test(security_t caller);
+#endif /* _TEST_C049_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c049/test_data.h b/api-tests/dev_apis/crypto/test_c049/test_data.h
new file mode 100644
index 0000000..2598395
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c049/test_data.h
@@ -0,0 +1,160 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t input[32];
+ size_t input_length;
+ size_t output_size;
+ uint8_t expected_output[32];
+ size_t expected_output_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_cipher_decrypt - Encrypt - AES CBC_NO_PADDING\n", 1, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, SIZE_32B,
+{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B}, 0, PSA_ERROR_NOT_PERMITTED
+},
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_cipher_decrypt - Decrypt - AES CBC_NO_PADDING\n", 11, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B},
+ 16, SIZE_32B,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_decrypt - Decrypt - AES CBC_NO_PADDING (Short input)\n", 12, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 5, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 0, PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_cipher_decrypt - Decrypt - AES CBC_NO_PADDING\n", 2, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B},
+ 16, 10,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 0, PSA_ERROR_BUFFER_TOO_SMALL
+},
+
+#endif
+
+#ifdef ARCH_TEST_CBC_PKCS7
+{"Test psa_cipher_decrypt - Decrypt - AES CBC_PKCS7\n", 13, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_PKCS7,
+{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
+ 0x20, 0x74, 0x3b, 0xca, 0x7e, 0x8a, 0x15, 0xdc, 0x3c, 0x77, 0x64, 0x36, 0x31,
+ 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 32, SIZE_32B,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_decrypt - Decrypt - AES CBC_PKCS7 (Short input)\n", 14, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_PKCS7,
+{0x62, 0x79, 0xb4, 0x9d, 0x7f, 0x7a, 0x8d, 0xd8, 0x7b, 0x68, 0x51, 0x75, 0xd4,
+ 0x27, 0x6e, 0x24}, 16, SIZE_32B,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17}, 15, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+{"Test psa_cipher_decrypt - Decrypt - AES CTR\n", 15, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
+{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
+ 0xb2, 0xbd, 0x32}, 16, SIZE_32B,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a},
+ 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_decrypt - Decrypt - AES CTR (short input)\n", 16, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
+{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
+ 0xb2, 0xbd}, 15, SIZE_32B,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17}, 0, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_decrypt - Decrypt - DES CBC (nopad)\n", 17, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x64, 0xf9, 0x17, 0xb0, 0x15, 0x2f, 0x8f, 0x05}, 8, SIZE_32B,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 0, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_decrypt - Decrypt - 2-key 3DE -CBC (nopad)\n", 18, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce}, DES3_2KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x5d, 0x06, 0x52, 0x42, 0x9c, 0x5b, 0x0a, 0xc7}, 8, SIZE_32B,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 0, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_decrypt - 3-key 3DE -CBC (nopad)\n", 19, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce, 0x31, 0x32, 0x34, 0x37, 0x38, 0x3b, 0x3d, 0x3e}, DES3_3KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x81, 0x7c, 0xa7, 0xd6, 0x9b, 0x80, 0xd8, 0x6a}, 8, SIZE_32B,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 0, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c049/test_entry_c049.c b/api-tests/dev_apis/crypto/test_c049/test_entry_c049.c
new file mode 100644
index 0000000..1b6073d
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c049/test_entry_c049.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c049.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 49)
+#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c049_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c050/test.cmake b/api-tests/dev_apis/crypto/test_c050/test.cmake
new file mode 100644
index 0000000..a606ed2
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c050/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c050.c
+ test_c050.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c050/test_c050.c b/api-tests/dev_apis/crypto/test_c050/test_c050.c
new file mode 100644
index 0000000..894670a
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c050/test_c050.c
@@ -0,0 +1,241 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c050.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c050_crypto_list[] = {
+ NULL,
+ psa_open_key_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_open_key_test(security_t caller)
+{
+ int32_t status, i = 0;
+ uint8_t data[BUFFER_SIZE];
+ size_t length;
+ const uint8_t *key_data;
+ psa_key_type_t get_key_type;
+ psa_key_usage_t get_key_usage_flags;
+ psa_algorithm_t get_key_algorithm;
+ psa_key_id_t key_id;
+ psa_key_handle_t key_handle;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t get_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ boot_t boot;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Get the current boot state */
+ status = val->get_boot_flag(&boot.state);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* If the boot is due to controlled reset get the Check ID */
+ if (boot.state == BOOT_EXPECTED_CONT_TEST_EXEC)
+ {
+ status = val->nvmem_read(VAL_NVMEM_OFFSET(NV_TEST_DATA1), &i, sizeof(int32_t));
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(3));
+ }
+
+ while (i < num_checks)
+ {
+ g_test_count = i + 1;
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Set the key data buffer to the input base on algorithm */
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Get the cuurent boot state */
+ status = val->get_boot_flag(&boot.state);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ if (boot.state == BOOT_NOT_EXPECTED)
+ {
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &attributes, check1[i].attr_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+
+ if (check1[i].key_lifetime == PSA_KEY_LIFETIME_PERSISTENT)
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ID, &attributes, check1[i].key_id);
+
+ val->crypto_function(VAL_CRYPTO_SET_KEY_LIFETIME, &attributes, check1[i].key_lifetime);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Save the details of current check, key id and key handle value in NV memory */
+ status = val->nvmem_write(VAL_NVMEM_OFFSET(NV_TEST_DATA1), &i, sizeof(int32_t));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ status = val->nvmem_write(VAL_NVMEM_OFFSET(NV_TEST_DATA2), &check1[i].key_id,
+ sizeof(psa_key_id_t));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ status = val->nvmem_write(VAL_NVMEM_OFFSET(NV_TEST_DATA3), &check1[i].key_handle,
+ sizeof(psa_key_handle_t));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Set the boot flag indicating controlled reset */
+ status = val->set_boot_flag(BOOT_EXPECTED_CONT_TEST_EXEC);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Wait for system to reset */
+ val->crypto_function(VAL_CRYPTO_RESET);
+ while (1);
+ }
+ else if (boot.state == BOOT_EXPECTED_CONT_TEST_EXEC)
+ {
+ /* Get the values of check, key id and key handle value before the system was reset */
+ status = val->nvmem_read(VAL_NVMEM_OFFSET(NV_TEST_DATA2), &key_id,
+ sizeof(psa_key_id_t));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+
+ status = val->nvmem_read(VAL_NVMEM_OFFSET(NV_TEST_DATA3), &key_handle,
+ sizeof(psa_key_handle_t));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+
+ /* Open a handle to an existing persistent key */
+ status = val->crypto_function(VAL_CRYPTO_OPEN_KEY, key_id, &key_handle);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(13));
+
+ /* If failure is expected, save and continue with the next data set */
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ ++i;
+ status = val->nvmem_write(VAL_NVMEM_OFFSET(NV_TEST_DATA1), &i, sizeof(int32_t));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
+
+ status = val->set_boot_flag(BOOT_NOT_EXPECTED);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(15));
+
+ continue;
+ }
+
+ /* Get the attributes of the imported key and check if it matches the given value */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_ATTRIBUTES, key_handle,
+ &get_attributes);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_TYPE, &attributes, &get_key_type);
+ TEST_ASSERT_EQUAL(get_key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(17));
+
+ if (check1[i].attr_bits != 0)
+ TEST_ASSERT_EQUAL(get_attributes.bits, check1[i].attr_bits,
+ TEST_CHECKPOINT_NUM(18));
+ else
+ TEST_ASSERT_EQUAL(get_attributes.bits, check1[i].expected_bit_length,
+ TEST_CHECKPOINT_NUM(19));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_USAGE_FLAGS, &attributes, &get_key_usage_flags);
+ TEST_ASSERT_EQUAL(get_key_usage_flags, check1[i].usage, TEST_CHECKPOINT_NUM(20));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ALGORITHM, &attributes, &get_key_algorithm);
+ TEST_ASSERT_EQUAL(get_key_algorithm, check1[i].key_alg, TEST_CHECKPOINT_NUM(21));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, key_handle, data,
+ BUFFER_SIZE, &length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(22));
+
+ /* Check the value of the exported key */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(23));
+
+ if (PSA_KEY_TYPE_IS_UNSTRUCTURED(check1[i].key_type))
+ {
+ TEST_ASSERT_MEMCMP(data, check1[i].key_data, length, TEST_CHECKPOINT_NUM(24));
+ }
+ else if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type)
+ || PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ TEST_ASSERT_MEMCMP(key_data, data, length, TEST_CHECKPOINT_NUM(25));
+ }
+ else
+ {
+ return VAL_STATUS_INVALID;
+ }
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Save the check ID and set boot flags */
+ ++i;
+ status = val->nvmem_write(VAL_NVMEM_OFFSET(NV_TEST_DATA1), &i, sizeof(int32_t));
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(26));
+
+ status = val->set_boot_flag(BOOT_NOT_EXPECTED);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(27));
+
+ }
+ else
+ return VAL_STATUS_ERROR;
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c050/test_c050.h b/api-tests/dev_apis/crypto/test_c050/test_c050.h
new file mode 100644
index 0000000..4680a0a
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c050/test_c050.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C050_CLIENT_TESTS_H_
+#define _TEST_C050_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c050)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c050_crypto_list[];
+
+int32_t psa_open_key_test(security_t caller);
+#endif /* _TEST_C050_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c050/test_data.h b/api-tests/dev_apis/crypto/test_c050/test_data.h
new file mode 100644
index 0000000..c0fdb56
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c050/test_data.h
@@ -0,0 +1,276 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ psa_key_id_t key_id;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ size_t attr_bits;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_key_lifetime_t key_lifetime;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_open_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES, 0x12,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x77},
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_KEY_LIFETIME_PERSISTENT,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_open_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES, 0x34,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05},
+ AES_24B_KEY_SIZE, BYTES_TO_BITS(AES_24B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ PSA_KEY_LIFETIME_PERSISTENT,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_open_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES, 0x56,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_KEY_LIFETIME_PERSISTENT,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_open_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY, 0x78,
+ {0},
+ 270, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_KEY_LIFETIME_PERSISTENT,
+ 2048, 270, PSA_SUCCESS
+},
+
+{"Test psa_open_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEY_PAIR, 0x89,
+ {0},
+ 1193, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_KEY_LIFETIME_PERSISTENT,
+ 2048, 1193, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_open_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES, 0x90,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, BYTES_TO_BITS(DES_8B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ PSA_KEY_LIFETIME_PERSISTENT,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_open_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES, 0x123,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_KEY_LIFETIME_PERSISTENT,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_open_key with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES, 0x456,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_KEY_LIFETIME_PERSISTENT,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECDSA
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_open_key with EC Public key\n", 9, 0x789,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+ {0},
+ 65, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY, PSA_KEY_LIFETIME_PERSISTENT,
+ 256, 65, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_open_key with EC keypair\n", 10, 0x1234,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1),
+ {0},
+ 28, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY, PSA_KEY_LIFETIME_PERSISTENT,
+ 224, 28, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES
+{"Test psa_open_key with key data greater than the algorithm size\n", 11, PSA_KEY_TYPE_AES,
+ 0x5678,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_KEY_LIFETIME_VOLATILE,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c050/test_entry_c050.c b/api-tests/dev_apis/crypto/test_c050/test_entry_c050.c
new file mode 100644
index 0000000..1af4e50
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c050/test_entry_c050.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c050.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 50)
+#define TEST_DESC "Testing crypto key management APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c050_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c051/test.cmake b/api-tests/dev_apis/crypto/test_c051/test.cmake
new file mode 100644
index 0000000..bb07510
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c051/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c051.c
+ test_c051.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c051/test_c051.c b/api-tests/dev_apis/crypto/test_c051/test_c051.c
new file mode 100644
index 0000000..e87dd92
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c051/test_c051.c
@@ -0,0 +1,177 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c051.h"
+#include "test_data.h"
+
+client_test_t test_c051_crypto_list[] = {
+ NULL,
+ psa_close_key_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_close_key_test(security_t caller)
+{
+ int32_t i, status;
+ const uint8_t *key_data;
+ psa_key_type_t get_key_type;
+ psa_key_id_t get_key_id;
+ psa_key_lifetime_t get_key_lifetime;
+ psa_key_usage_t get_key_usage_flags;
+ psa_algorithm_t get_key_algorithm;
+ size_t get_key_bits;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t set_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEY_PAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &set_attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_BITS, &set_attributes, check1[i].attr_bits);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &set_attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ID, &set_attributes, check1[i].key_id);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_LIFETIME, &set_attributes, check1[i].key_lifetime);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &set_attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &set_attributes, key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Close the key handle */
+ status = val->crypto_function(VAL_CRYPTO_CLOSE_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Getting the attributes of the closed key should return error */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_ATTRIBUTES, check1[i].key_handle,
+ &attributes);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(5));
+
+ /* Check if all the attributes are erased */
+ val->crypto_function(VAL_CRYPTO_GET_KEY_TYPE, &attributes, &get_key_type);
+ TEST_ASSERT_EQUAL(get_key_type, 0, TEST_CHECKPOINT_NUM(6));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ID, &attributes, &get_key_id);
+ TEST_ASSERT_EQUAL(get_key_id, 0, TEST_CHECKPOINT_NUM(7));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, &attributes, &get_key_lifetime);
+ TEST_ASSERT_EQUAL(get_key_lifetime, 0, TEST_CHECKPOINT_NUM(8));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_USAGE_FLAGS, &attributes, &get_key_usage_flags);
+ TEST_ASSERT_EQUAL(get_key_usage_flags, 0, TEST_CHECKPOINT_NUM(9));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ALGORITHM, &attributes, &get_key_algorithm);
+ TEST_ASSERT_EQUAL(get_key_algorithm, 0, TEST_CHECKPOINT_NUM(10));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_BITS, &attributes, &get_key_bits);
+ TEST_ASSERT_EQUAL(get_key_bits, 0, TEST_CHECKPOINT_NUM(11));
+
+ /* Closing an empty key handle should return error */
+ status = val->crypto_function(VAL_CRYPTO_CLOSE_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(12));
+
+ if (check1[i].key_lifetime == PSA_KEY_LIFETIME_PERSISTENT)
+ {
+ /* Open the key handle and retrieve the data */
+ status = val->crypto_function(VAL_CRYPTO_OPEN_KEY, check1[i].key_id,
+ &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_TYPE, &attributes, &get_key_type);
+ TEST_ASSERT_EQUAL(get_key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(14));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ID, &attributes, &get_key_id);
+ TEST_ASSERT_EQUAL(get_key_id, check1[i].key_id, TEST_CHECKPOINT_NUM(15));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, &attributes, &get_key_lifetime);
+ TEST_ASSERT_EQUAL(get_key_lifetime, check1[i].key_lifetime, TEST_CHECKPOINT_NUM(16));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_USAGE_FLAGS, &attributes, &get_key_usage_flags);
+ TEST_ASSERT_EQUAL(get_key_usage_flags, check1[i].usage, TEST_CHECKPOINT_NUM(17));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_ALGORITHM, &attributes, &get_key_algorithm);
+ TEST_ASSERT_EQUAL(get_key_algorithm, check1[i].key_alg, TEST_CHECKPOINT_NUM(18));
+
+ val->crypto_function(VAL_CRYPTO_GET_KEY_BITS, &attributes, &get_key_bits);
+ TEST_ASSERT_EQUAL(get_key_bits, check1[i].expected_bit_length,
+ TEST_CHECKPOINT_NUM(19));
+
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(20));
+
+ status = val->crypto_function(VAL_CRYPTO_CLOSE_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(21));
+ }
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c051/test_c051.h b/api-tests/dev_apis/crypto/test_c051/test_c051.h
new file mode 100644
index 0000000..552d28a
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c051/test_c051.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C051_CLIENT_TESTS_H_
+#define _TEST_C051_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c051)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c051_crypto_list[];
+
+int32_t psa_close_key_test(security_t caller);
+#endif /* _TEST_C051_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c051/test_data.h b/api-tests/dev_apis/crypto/test_c051/test_data.h
new file mode 100644
index 0000000..6792a2a
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c051/test_data.h
@@ -0,0 +1,272 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ size_t attr_bits;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_key_id_t key_id;
+ psa_key_lifetime_t key_lifetime;
+ uint32_t expected_bit_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_close_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, 0, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0x12, PSA_KEY_LIFETIME_VOLATILE,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_close_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
+ AES_24B_KEY_SIZE, BYTES_TO_BITS(AES_24B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0x34, PSA_KEY_LIFETIME_PERSISTENT,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_close_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0x56, PSA_KEY_LIFETIME_VOLATILE,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_close_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, 2048, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 0x78, PSA_KEY_LIFETIME_PERSISTENT,
+ 2048, PSA_SUCCESS
+},
+
+{"Test psa_close_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEY_PAIR,
+ {0},
+ 1193, 2048, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 0x89, PSA_KEY_LIFETIME_PERSISTENT,
+ 2048, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_close_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, BYTES_TO_BITS(DES_8B_KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0xAB, PSA_KEY_LIFETIME_PERSISTENT,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_close_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, BYTES_TO_BITS(DES3_2KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0xBC, PSA_KEY_LIFETIME_PERSISTENT,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_close_key with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, BYTES_TO_BITS(DES3_3KEY_SIZE), PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ 0xCD, PSA_KEY_LIFETIME_PERSISTENT,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECDSA
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_close_key with EC Public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+ {0},
+ 65, 256, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 0xEF, PSA_KEY_LIFETIME_PERSISTENT,
+ 256, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_close_key with EC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP224R1),
+ {0},
+ 28, 224, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
+ 0x123, PSA_KEY_LIFETIME_PERSISTENT,
+ 224, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c051/test_entry_c051.c b/api-tests/dev_apis/crypto/test_c051/test_entry_c051.c
new file mode 100644
index 0000000..7faa27d
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c051/test_entry_c051.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c051.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 51)
+#define TEST_DESC "Testing crypto key management APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c051_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c052/test.cmake b/api-tests/dev_apis/crypto/test_c052/test.cmake
new file mode 100644
index 0000000..ea2b77f
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c052/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c052.c
+ test_c052.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c052/test_c052.c b/api-tests/dev_apis/crypto/test_c052/test_c052.c
new file mode 100644
index 0000000..8e8df06
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c052/test_c052.c
@@ -0,0 +1,90 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c052.h"
+#include "test_data.h"
+
+client_test_t test_c052_crypto_list[] = {
+ NULL,
+ psa_aead_encrypt_setup_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_aead_encrypt_setup_test(security_t caller)
+{
+ int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the key for a multipart authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Setting up aead on destroyed key handle should return an error */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c052/test_c052.h b/api-tests/dev_apis/crypto/test_c052/test_c052.h
new file mode 100644
index 0000000..20fc744
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c052/test_c052.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C052_CLIENT_TESTS_H_
+#define _TEST_C052_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c052)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c052_crypto_list[];
+
+int32_t psa_aead_encrypt_setup_test(security_t caller);
+
+#endif /* _TEST_C052_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c052/test_data.h b/api-tests/dev_apis/crypto/test_c052/test_data.h
new file mode 100644
index 0000000..efe55f5
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c052/test_data.h
@@ -0,0 +1,88 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_algorithm_t alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_encrypt_setup - AES-CCM\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_encrypt_setup - AES-CCM 24 bytes Tag length = 4\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_encrypt_setup - GCM - 16B AES - 12B Nounce & 12B addi data\n", 3, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_aead_encrypt_setup - DES Key\n", 4, PSA_KEY_TYPE_DES,
+{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CIPER_MODE_CFB
+{"Test psa_aead_encrypt_setup - Unsupported Algorithm\n", 5, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CFB, PSA_ALG_CFB,
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_GCM
+{"Test psa_aead_encrypt_setup - Invalid key usage\n", 6, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+ PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c052/test_entry_c052.c b/api-tests/dev_apis/crypto/test_c052/test_entry_c052.c
new file mode 100644
index 0000000..9a93bfd
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c052/test_entry_c052.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c052.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 52)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c052_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c053/test.cmake b/api-tests/dev_apis/crypto/test_c053/test.cmake
new file mode 100644
index 0000000..661f1d8
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c053/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c053.c
+ test_c053.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c053/test_c053.c b/api-tests/dev_apis/crypto/test_c053/test_c053.c
new file mode 100644
index 0000000..c54b783
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c053/test_c053.c
@@ -0,0 +1,90 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c053.h"
+#include "test_data.h"
+
+client_test_t test_c053_crypto_list[] = {
+ NULL,
+ psa_aead_decrypt_setup_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_aead_decrypt_setup_test(security_t caller)
+{
+ int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the key for a multipart authenticated decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Setting up aead on destroyed key handle should return an error */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c053/test_c053.h b/api-tests/dev_apis/crypto/test_c053/test_c053.h
new file mode 100644
index 0000000..23afbc1
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c053/test_c053.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C053_CLIENT_TESTS_H_
+#define _TEST_C053_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c053)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c053_crypto_list[];
+
+int32_t psa_aead_decrypt_setup_test(security_t caller);
+
+#endif /* _TEST_C053_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c053/test_data.h b/api-tests/dev_apis/crypto/test_c053/test_data.h
new file mode 100644
index 0000000..1dd20fa
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c053/test_data.h
@@ -0,0 +1,88 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_algorithm_t alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_decrypt_setup - AES-CCM\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_decrypt_setup - AES-CCM 24 bytes Tag length = 4\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_decrypt_setup - GCM - 16B AES - 12B Nounce & 12B addi data\n", 3, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_aead_decrypt_setup - DES Key\n", 4, PSA_KEY_TYPE_DES,
+{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CIPER_MODE_CFB
+{"Test psa_aead_decrypt_setup - Unsupported Algorithm\n", 5, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CFB, PSA_ALG_CFB,
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_GCM
+{"Test psa_aead_decrypt_setup - Invalid key usage\n", 6, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+ PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c053/test_entry_c053.c b/api-tests/dev_apis/crypto/test_c053/test_entry_c053.c
new file mode 100644
index 0000000..70c9719
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c053/test_entry_c053.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c053.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 53)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c053_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c054/test.cmake b/api-tests/dev_apis/crypto/test_c054/test.cmake
new file mode 100644
index 0000000..6dcf140
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c054/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c054.c
+ test_c054.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c054/test_c054.c b/api-tests/dev_apis/crypto/test_c054/test_c054.c
new file mode 100644
index 0000000..c95b207
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c054/test_c054.c
@@ -0,0 +1,127 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c054.h"
+#include "test_data.h"
+
+client_test_t test_c054_crypto_list[] = {
+ NULL,
+ psa_aead_generate_nonce_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_aead_generate_nonce_test(security_t caller)
+{
+ int32_t i, j, status, nonce_sum;
+ uint8_t nonce[SIZE_32B];
+ size_t nonce_length;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the key for a multipart authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Generate a random nonce for an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_GENERATE_NONCE, &operation, nonce,
+ check1[i].nonce_size, &nonce_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+ continue;
+ }
+
+ /* Check that if generated iv are non-zero */
+ nonce_sum = 0;
+ for (j = 0; j < nonce_length; j++)
+ {
+ nonce_sum += nonce[j];
+ }
+
+ TEST_ASSERT_NOT_EQUAL(nonce_sum, 0, TEST_CHECKPOINT_NUM(8));
+
+ /* Generate a random nonce on an ongoing operation should be an error */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_GENERATE_NONCE, &operation, nonce,
+ check1[i].nonce_size, &nonce_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9));
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Generate a random nonce on an aborted operation should be an error */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_GENERATE_NONCE, &operation, nonce,
+ check1[i].nonce_size, &nonce_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(12));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c054/test_c054.h b/api-tests/dev_apis/crypto/test_c054/test_c054.h
new file mode 100644
index 0000000..11be08b
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c054/test_c054.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C054_CLIENT_TESTS_H_
+#define _TEST_C054_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c054)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c054_crypto_list[];
+
+int32_t psa_aead_generate_nonce_test(security_t caller);
+
+#endif /* _TEST_C054_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c054/test_data.h b/api-tests/dev_apis/crypto/test_c054/test_data.h
new file mode 100644
index 0000000..7fbeb40
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c054/test_data.h
@@ -0,0 +1,68 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_algorithm_t alg;
+ size_t nonce_size;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_generate_nonce - AES-CCM\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM, SIZE_32B,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_generate_nonce - AES-CCM 24 bytes Tag length = 4\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, SIZE_32B,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_generate_nonce - Small buffer size\n", 3, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM, 8,
+ PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_generate_nonce - GCM - 16B AES - 12B Nounce & 12B addi data\n", 4, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM, PSA_ALG_GCM, SIZE_32B,
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c054/test_entry_c054.c b/api-tests/dev_apis/crypto/test_c054/test_entry_c054.c
new file mode 100644
index 0000000..0092c86
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c054/test_entry_c054.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c054.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 54)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c054_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c055/test.cmake b/api-tests/dev_apis/crypto/test_c055/test.cmake
new file mode 100644
index 0000000..42bc8e6
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c055/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c055.c
+ test_c055.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c055/test_c055.c b/api-tests/dev_apis/crypto/test_c055/test_c055.c
new file mode 100644
index 0000000..d67a219
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c055/test_c055.c
@@ -0,0 +1,116 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c055.h"
+#include "test_data.h"
+
+client_test_t test_c055_crypto_list[] = {
+ NULL,
+ psa_aead_set_nonce_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_aead_set_nonce_test(security_t caller)
+{
+ int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the key for a multipart authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Set the nonce for an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_NONCE, &operation, check1[i].nonce,
+ check1[i].nonce_size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+ continue;
+ }
+
+ /* Setting the nonce on an ongoing operation should be an error */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_NONCE, &operation, check1[i].nonce,
+ check1[i].nonce_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9));
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Setting the nonce on an aborted operation should be an error */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_NONCE, &operation, check1[i].nonce,
+ check1[i].nonce_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(12));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c055/test_c055.h b/api-tests/dev_apis/crypto/test_c055/test_c055.h
new file mode 100644
index 0000000..fc9c9b8
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c055/test_c055.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C055_CLIENT_TESTS_H_
+#define _TEST_C055_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c055)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c055_crypto_list[];
+
+int32_t psa_aead_set_nonce_test(security_t caller);
+
+#endif /* _TEST_C055_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c055/test_data.h b/api-tests/dev_apis/crypto/test_c055/test_data.h
new file mode 100644
index 0000000..458e70b
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c055/test_data.h
@@ -0,0 +1,86 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_algorithm_t alg;
+ uint8_t nonce[32];
+ size_t nonce_size;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_set_nonce - AES-CCM\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_set_nonce - AES-CCM 24 bytes Tag length = 4\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_set_nonce - Small nounce size\n", 3, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x00, 0x01, 0x02}, 3,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_aead_set_nonce - Large nonce size\n", 4, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}, 32,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_set_nonce - GCM - 16B AES - 12B Nounce & 12B addi data\n", 6, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16,
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c055/test_entry_c055.c b/api-tests/dev_apis/crypto/test_c055/test_entry_c055.c
new file mode 100644
index 0000000..d70ff1a
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c055/test_entry_c055.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c055.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 55)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c055_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c056/test.cmake b/api-tests/dev_apis/crypto/test_c056/test.cmake
new file mode 100644
index 0000000..6aa55f5
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c056/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c056.c
+ test_c056.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c056/test_c056.c b/api-tests/dev_apis/crypto/test_c056/test_c056.c
new file mode 100644
index 0000000..c4356c6
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c056/test_c056.c
@@ -0,0 +1,121 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c056.h"
+#include "test_data.h"
+
+client_test_t test_c056_crypto_list[] = {
+ NULL,
+ psa_aead_set_lengths_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_aead_set_lengths_test(security_t caller)
+{
+ int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the key for a multipart authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Set the nonce for an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_NONCE, &operation, check1[i].nonce,
+ check1[i].nonce_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Declare the lengths of the message and additional data for AEAD */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_LENGTHS, &operation, check1[i].ad_length,
+ check1[i].plaintext_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Declare the lengths of failed operation should be an error */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_LENGTHS, &operation,
+ check1[i].ad_length, check1[i].plaintext_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(7));
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+ continue;
+ }
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Declare the lengths of an aborted operation should be an error */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_LENGTHS, &operation, check1[i].ad_length,
+ check1[i].plaintext_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(12));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c056/test_c056.h b/api-tests/dev_apis/crypto/test_c056/test_c056.h
new file mode 100644
index 0000000..ed57bdc
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c056/test_c056.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C056_CLIENT_TESTS_H_
+#define _TEST_C056_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c056)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c056_crypto_list[];
+
+int32_t psa_aead_set_lengths_test(security_t caller);
+
+#endif /* _TEST_C056_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c056/test_data.h b/api-tests/dev_apis/crypto/test_c056/test_data.h
new file mode 100644
index 0000000..8022ea9
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c056/test_data.h
@@ -0,0 +1,97 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_algorithm_t alg;
+ uint8_t nonce[32];
+ size_t nonce_size;
+ size_t ad_length;
+ size_t plaintext_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_set_lengths - AES-CCM\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 8, 32,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_set_lengths - AES-CCM 24 bytes Tag length = 4\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 8, 32,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_set_lengths - Zero ad size\n", 3, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 0, 32,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_aead_set_lengths - Zero plaintext size\n", 4, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 8, 0,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_aead_set_lengths - Invalid lengths\n", 5, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 1, 1,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_set_lengths - Vey large lengths\n", 6, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 1000, 1000,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c056/test_entry_c056.c b/api-tests/dev_apis/crypto/test_c056/test_entry_c056.c
new file mode 100644
index 0000000..7085f47
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c056/test_entry_c056.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c056.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 56)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c056_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c057/test.cmake b/api-tests/dev_apis/crypto/test_c057/test.cmake
new file mode 100644
index 0000000..1458e52
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c057/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c057.c
+ test_c057.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c057/test_c057.c b/api-tests/dev_apis/crypto/test_c057/test_c057.c
new file mode 100644
index 0000000..81cd91d
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c057/test_c057.c
@@ -0,0 +1,126 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c057.h"
+#include "test_data.h"
+
+client_test_t test_c057_crypto_list[] = {
+ NULL,
+ psa_aead_update_ad_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_aead_update_ad_test(security_t caller)
+{
+ int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the key for a multipart authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Set the nonce for an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_NONCE, &operation, check1[i].nonce,
+ check1[i].nonce_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Declare the lengths of the message and additional data for AEAD */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_LENGTHS, &operation, check1[i].ad_length,
+ check1[i].plaintext_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Pass additional data to an active AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE_AD, &operation,
+ check1[i].additional_data, check1[i].ad_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Pass additional data to an inactive AEAD operation should fail */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE_AD, &operation,
+ check1[i].additional_data, check1[i].ad_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(8));
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+ continue;
+ }
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Pass additional data to an inactive AEAD operation should fail */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE_AD, &operation,
+ check1[i].additional_data, check1[i].ad_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(13));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c057/test_c057.h b/api-tests/dev_apis/crypto/test_c057/test_c057.h
new file mode 100644
index 0000000..7a26ad9
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c057/test_c057.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C057_CLIENT_TESTS_H_
+#define _TEST_C057_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c057)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c057_crypto_list[];
+
+int32_t psa_aead_update_ad_test(security_t caller);
+
+#endif /* _TEST_C057_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c057/test_data.h b/api-tests/dev_apis/crypto/test_c057/test_data.h
new file mode 100644
index 0000000..68bb98c
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c057/test_data.h
@@ -0,0 +1,104 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_algorithm_t alg;
+ uint8_t additional_data[32];
+ uint8_t nonce[32];
+ size_t nonce_size;
+ size_t ad_length;
+ size_t plaintext_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_update_ad - AES-CCM\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 32,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_update_ad - AES-CCM 24 bytes Tag length = 4\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 32,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_update_ad - Zero ad size\n", 3, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 0, 32,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_aead_update_ad - Zero plaintext size\n", 4, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x0B, 0xE1, 0xA8, 0x8B, 0xAC, 0xE0, 0x18, 0xB1},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 8, 0,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_aead_update_ad - Invalid lengths\n", 5, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+{0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 1, 1,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_update_ad - Vey large lengths\n", 6, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+{0x10},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 1000, 1000,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c057/test_entry_c057.c b/api-tests/dev_apis/crypto/test_c057/test_entry_c057.c
new file mode 100644
index 0000000..50d33f7
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c057/test_entry_c057.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c057.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 57)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c057_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c058/test.cmake b/api-tests/dev_apis/crypto/test_c058/test.cmake
new file mode 100644
index 0000000..fc3c86d
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c058/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c058.c
+ test_c058.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c058/test_c058.c b/api-tests/dev_apis/crypto/test_c058/test_c058.c
new file mode 100644
index 0000000..5ab48c9
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c058/test_c058.c
@@ -0,0 +1,140 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c058.h"
+#include "test_data.h"
+
+client_test_t test_c058_crypto_list[] = {
+ NULL,
+ psa_aead_update_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_aead_update_test(security_t caller)
+{
+ int32_t i, status;
+ uint8_t output[BUFFER_SIZE];
+ size_t length;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the key for a multipart authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Set the nonce for an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_NONCE, &operation, check1[i].nonce,
+ check1[i].nonce_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Declare the lengths of the message and additional data for AEAD */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_LENGTHS, &operation, check1[i].ad_length,
+ check1[i].input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Pass additional data to an active AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE_AD, &operation,
+ check1[i].additional_data, check1[i].ad_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Encrypt or decrypt a message fragment in an active AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE, &operation,
+ check1[i].plaintext_length, check1[i].plaintext, output,
+ check1[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Encrypt or decrypt a message fragment in an inactive AEAD operation should fail */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE, &operation,
+ check1[i].plaintext_length, check1[i].plaintext, output,
+ check1[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9));
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+ continue;
+ }
+
+ /* Compare the output and its length with the expected values */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_length, TEST_CHECKPOINT_NUM(12));
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(13));
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Encrypt or decrypt a message fragment in an inactive AEAD operation should fail */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE, &operation,
+ check1[i].plaintext_length, check1[i].plaintext, output,
+ check1[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(16));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c058/test_c058.h b/api-tests/dev_apis/crypto/test_c058/test_c058.h
new file mode 100644
index 0000000..13f7b83
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c058/test_c058.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C058_CLIENT_TESTS_H_
+#define _TEST_C058_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c058)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c058_crypto_list[];
+
+int32_t psa_aead_update_test(security_t caller);
+
+#endif /* _TEST_C058_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c058/test_data.h b/api-tests/dev_apis/crypto/test_c058/test_data.h
new file mode 100644
index 0000000..bdae86a
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c058/test_data.h
@@ -0,0 +1,132 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_algorithm_t alg;
+ uint8_t plaintext[30];
+ uint8_t additional_data[32];
+ uint8_t nonce[32];
+ size_t nonce_size;
+ size_t ad_length;
+ size_t plaintext_length;
+ size_t input_length;
+ size_t output_size;
+ size_t expected_output[45];
+ size_t expected_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_update - AES-CCM\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 24, BUFFER_SIZE,
+{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6,
+ 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0xd8, 0x0e,
+ 0x8b, 0xf8, 0x0f, 0x4a, 0x46, 0xca, 0xb0, 0x6d, 0x43, 0x13, 0xf0, 0xdb, 0x9b,
+ 0xe9}, 40,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_update - AES-CCM 24 bytes Tag length = 4\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 24, BUFFER_SIZE,
+{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6,
+ 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0x64, 0x3b,
+ 0x4f, 0x39}, 28,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_update - Zero plaintext size\n", 3, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0},
+{0x0B, 0xE1, 0xA8, 0x8B, 0xAC, 0xE0, 0x18, 0xB1},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 8, 0, 0, BUFFER_SIZE, {0}, 0,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_aead_update - Small buffer size\n", 4, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 24, 10, {0}, 0,
+ PSA_ERROR_BUFFER_TOO_SMALL
+},
+
+{"Test psa_aead_update - Input length overflows plaintext length\n", 5, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 10, BUFFER_SIZE, {0}, 0,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_update - GCM - 16B AES - 12B Nounce & 12B addi data\n", 6, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+{0x45, 0x00, 0x00, 0x1c, 0x42, 0xa2, 0x00, 0x00, 0x80, 0x01, 0x44, 0x1f, 0x40,
+ 0x67, 0x93, 0xb6, 0xe0, 0x00, 0x00, 0x02, 0x0a, 0x00, 0xf5, 0xff, 0x01, 0x02,
+ 0x02, 0x01},
+{0x42, 0xf6, 0x7e, 0x3f, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10},
+{0x57, 0x69, 0x0e, 0x43, 0x4e, 0x28, 0x00, 0x00, 0xa2, 0xfc, 0xa1, 0xa3},
+ 12, 12, 28, 28, BUFFER_SIZE,
+{0xFB, 0xA2, 0xCA, 0x84, 0x5E, 0x5D, 0xF9, 0xF0, 0xF2, 0x2C, 0x3E, 0x6E, 0x86,
+ 0xDD, 0x83, 0x1E, 0x1F, 0xC6, 0x57, 0x92, 0xCD, 0x1A, 0xF9, 0x13, 0x0E, 0x13,
+ 0x79, 0xED, 0x36, 0x9F, 0x07, 0x1F, 0x35, 0xE0, 0x34, 0xBE, 0x95, 0xF1, 0x12,
+ 0xE4, 0xE7, 0xD0, 0x5D, 0x35}, 44,
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c058/test_entry_c058.c b/api-tests/dev_apis/crypto/test_c058/test_entry_c058.c
new file mode 100644
index 0000000..ba70861
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c058/test_entry_c058.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c058.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 58)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c058_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c059/test.cmake b/api-tests/dev_apis/crypto/test_c059/test.cmake
new file mode 100644
index 0000000..8bd61d7
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c059/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c059.c
+ test_c059.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c059/test_c059.c b/api-tests/dev_apis/crypto/test_c059/test_c059.c
new file mode 100644
index 0000000..5fb910f
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c059/test_c059.c
@@ -0,0 +1,145 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c059.h"
+#include "test_data.h"
+
+client_test_t test_c059_crypto_list[] = {
+ NULL,
+ psa_aead_finish_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_aead_finish_test(security_t caller)
+{
+ int32_t i, status;
+ uint8_t output[BUFFER_SIZE], tag[SIZE_128B];
+ size_t length, tag_length;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the key for a multipart authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Set the nonce for an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_NONCE, &operation, check1[i].nonce,
+ check1[i].nonce_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Declare the lengths of the message and additional data for AEAD */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_LENGTHS, &operation, check1[i].ad_length,
+ check1[i].input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Pass additional data to an active AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE_AD, &operation,
+ check1[i].additional_data, check1[i].ad_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Encrypt or decrypt a message fragment in an active AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE, &operation,
+ check1[i].plaintext_length, check1[i].plaintext, output,
+ BUFFER_SIZE, &length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Finish encrypting a message in an AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_FINISH, &operation, output,
+ check1[i].output_size, &length, tag, check1[i].tag_size, &tag_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Finish encrypting a message with an inactive operator should fail */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_FINISH, &operation, output,
+ check1[i].output_size, &length, tag, check1[i].tag_size, &tag_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(10));
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+ continue;
+ }
+
+ /* Compare the output and its length with the expected values */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_length, TEST_CHECKPOINT_NUM(13));
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(14));
+ TEST_ASSERT_EQUAL(tag_length, check1[i].expected_tag_length, TEST_CHECKPOINT_NUM(15));
+ TEST_ASSERT_MEMCMP(tag, check1[i].expected_tag, tag_length, TEST_CHECKPOINT_NUM(16));
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(17));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(18));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Finish encrypting a message with an inactive operator should fail */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_FINISH, &operation, output,
+ check1[i].output_size, &length, tag, check1[i].tag_size, &tag_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(19));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c059/test_c059.h b/api-tests/dev_apis/crypto/test_c059/test_c059.h
new file mode 100644
index 0000000..bc4dea7
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c059/test_c059.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C059_CLIENT_TESTS_H_
+#define _TEST_C059_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c059)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c059_crypto_list[];
+
+int32_t psa_aead_finish_test(security_t caller);
+
+#endif /* _TEST_C059_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c059/test_data.h b/api-tests/dev_apis/crypto/test_c059/test_data.h
new file mode 100644
index 0000000..9ea4b0e
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c059/test_data.h
@@ -0,0 +1,124 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_algorithm_t alg;
+ uint8_t plaintext[30];
+ uint8_t additional_data[32];
+ uint8_t nonce[32];
+ size_t nonce_size;
+ size_t ad_length;
+ size_t plaintext_length;
+ size_t input_length;
+ size_t output_size;
+ size_t expected_output[45];
+ size_t expected_length;
+ size_t tag_size;
+ size_t expected_tag[64];
+ size_t expected_tag_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_finish - AES-CCM\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 24, BUFFER_SIZE,
+{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6,
+ 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0xd8, 0x0e,
+ 0x8b, 0xf8, 0x0f, 0x4a, 0x46, 0xca, 0xb0, 0x6d, 0x43, 0x13, 0xf0, 0xdb, 0x9b,
+ 0xe9}, 40, SIZE_32B, {0}, 0,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_finish - AES-CCM 24 bytes Tag length = 4\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 24, BUFFER_SIZE,
+{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6,
+ 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0x64, 0x3b,
+ 0x4f, 0x39}, 28, SIZE_32B, {0}, 0,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_finish - Small buffer size\n", 4, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 24, 10, {0}, 0, SIZE_32B, {0}, 0,
+ PSA_ERROR_BUFFER_TOO_SMALL
+},
+
+{"Test psa_aead_finish - Input length is less than plaintext length\n", 5, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 30, BUFFER_SIZE, {0}, 0,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_finish - GCM - 16B AES - 12B Nounce & 12B addi data\n", 6, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+{0x45, 0x00, 0x00, 0x1c, 0x42, 0xa2, 0x00, 0x00, 0x80, 0x01, 0x44, 0x1f, 0x40,
+ 0x67, 0x93, 0xb6, 0xe0, 0x00, 0x00, 0x02, 0x0a, 0x00, 0xf5, 0xff, 0x01, 0x02,
+ 0x02, 0x01},
+{0x42, 0xf6, 0x7e, 0x3f, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10},
+{0x57, 0x69, 0x0e, 0x43, 0x4e, 0x28, 0x00, 0x00, 0xa2, 0xfc, 0xa1, 0xa3},
+ 12, 12, 28, 28, BUFFER_SIZE,
+{0xFB, 0xA2, 0xCA, 0x84, 0x5E, 0x5D, 0xF9, 0xF0, 0xF2, 0x2C, 0x3E, 0x6E, 0x86,
+ 0xDD, 0x83, 0x1E, 0x1F, 0xC6, 0x57, 0x92, 0xCD, 0x1A, 0xF9, 0x13, 0x0E, 0x13,
+ 0x79, 0xED, 0x36, 0x9F, 0x07, 0x1F, 0x35, 0xE0, 0x34, 0xBE, 0x95, 0xF1, 0x12,
+ 0xE4, 0xE7, 0xD0, 0x5D, 0x35}, 44,
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c059/test_entry_c059.c b/api-tests/dev_apis/crypto/test_c059/test_entry_c059.c
new file mode 100644
index 0000000..6fe4802
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c059/test_entry_c059.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c059.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 59)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c059_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c060/test.cmake b/api-tests/dev_apis/crypto/test_c060/test.cmake
new file mode 100644
index 0000000..37ad289
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c060/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c060.c
+ test_c060.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c060/test_c060.c b/api-tests/dev_apis/crypto/test_c060/test_c060.c
new file mode 100644
index 0000000..354f3b8
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c060/test_c060.c
@@ -0,0 +1,111 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c060.h"
+#include "test_data.h"
+
+client_test_t test_c060_crypto_list[] = {
+ NULL,
+ psa_aead_abort_test,
+ psa_aead_abort_init_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_aead_abort_test(security_t caller)
+{
+ int32_t i, status;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the key for a multipart authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Reset the key attributes and check if psa_import_key fails */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_aead_abort_init_test(security_t caller)
+{
+ int32_t i, status;
+ psa_aead_operation_t operation[] = {PSA_AEAD_OPERATION_INIT, psa_aead_operation_init(), {0} };
+ uint32_t operation_count = sizeof(operation)/sizeof(operation[0]);
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "Test psa_aead_abort with all initializations\n", 0);
+
+ for (i = 0; i < operation_count; i++)
+ {
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation[i]);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(2));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+
diff --git a/api-tests/dev_apis/crypto/test_c060/test_c060.h b/api-tests/dev_apis/crypto/test_c060/test_c060.h
new file mode 100644
index 0000000..856e188
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c060/test_c060.h
@@ -0,0 +1,32 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C060_CLIENT_TESTS_H_
+#define _TEST_C060_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c060)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c060_crypto_list[];
+
+int32_t psa_aead_abort_test(security_t caller);
+int32_t psa_aead_abort_init_test(security_t caller);
+
+#endif /* _TEST_C060_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c060/test_data.h b/api-tests/dev_apis/crypto/test_c060/test_data.h
new file mode 100644
index 0000000..fcdef1f
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c060/test_data.h
@@ -0,0 +1,60 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_algorithm_t alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_abort - AES-CCM\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_abort - AES-CCM 24 bytes Tag length = 4\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_abort - GCM - 16B AES - 12B Nounce & 12B addi data\n", 3, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c060/test_entry_c060.c b/api-tests/dev_apis/crypto/test_c060/test_entry_c060.c
new file mode 100644
index 0000000..2f7e4c1
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c060/test_entry_c060.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c060.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 60)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c060_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/test_c061/test.cmake b/api-tests/dev_apis/crypto/test_c061/test.cmake
new file mode 100644
index 0000000..5a24243
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c061/test.cmake
@@ -0,0 +1,24 @@
+#/** @file
+# * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+# * SPDX-License-Identifier : Apache-2.0
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+#**/
+
+list(APPEND CC_SOURCE
+ test_entry_c061.c
+ test_c061.c
+)
+list(APPEND CC_OPTIONS )
+list(APPEND AS_SOURCE )
+list(APPEND AS_OPTIONS )
diff --git a/api-tests/dev_apis/crypto/test_c061/test_c061.c b/api-tests/dev_apis/crypto/test_c061/test_c061.c
new file mode 100644
index 0000000..9becfed
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c061/test_c061.c
@@ -0,0 +1,145 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c061.h"
+#include "test_data.h"
+
+client_test_t test_c061_crypto_list[] = {
+ NULL,
+ psa_aead_verify_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_aead_verify_test(security_t caller)
+{
+ int32_t i, status;
+ uint8_t output[BUFFER_SIZE], tag[SIZE_128B];
+ size_t length;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+ if (num_checks == 0)
+ {
+ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0);
+ return RESULT_SKIP(VAL_STATUS_NO_TESTS);
+ }
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Setup the attributes for the key */
+ val->crypto_function(VAL_CRYPTO_SET_KEY_TYPE, &attributes, check1[i].key_type);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_USAGE_FLAGS, &attributes, check1[i].usage);
+ val->crypto_function(VAL_CRYPTO_SET_KEY_ALGORITHM, &attributes, check1[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, &attributes, check1[i].key_data,
+ check1[i].key_length, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the key for a multipart authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Set the nonce for an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_NONCE, &operation, check1[i].nonce,
+ check1[i].nonce_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Declare the lengths of the message and additional data for AEAD */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_SET_LENGTHS, &operation, check1[i].ad_length,
+ check1[i].input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Pass additional data to an active AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE_AD, &operation,
+ check1[i].additional_data, check1[i].ad_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Encrypt or decrypt a message fragment in an active AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_UPDATE, &operation,
+ check1[i].plaintext_length, check1[i].plaintext, output,
+ BUFFER_SIZE, &length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Finish authenticating and decrypting a message in an AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_VERIFY, &operation, output,
+ check1[i].output_size, &length, tag, check1[i].tag_size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Finish authenticating and decrypting a msg with an inactive operator should fail */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_VERIFY, &operation, output,
+ check1[i].output_size, &length, tag, check1[i].tag_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(10));
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+ continue;
+ }
+
+ /* Compare the output and its length with the expected values */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_length, TEST_CHECKPOINT_NUM(13));
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(14));
+ TEST_ASSERT_MEMCMP(tag, check1[i].expected_tag, check1[i].expected_tag_length,
+ TEST_CHECKPOINT_NUM(15));
+
+ /* Abort the AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16));
+
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(17));
+
+ /* Reset the key attributes */
+ val->crypto_function(VAL_CRYPTO_RESET_KEY_ATTRIBUTES, &attributes);
+
+ /* Finish authenticating and decrypting a message with an inactive operator should fail */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_VERIFY, &operation, output,
+ check1[i].output_size, &length, tag, check1[i].tag_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(18));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/api-tests/dev_apis/crypto/test_c061/test_c061.h b/api-tests/dev_apis/crypto/test_c061/test_c061.h
new file mode 100644
index 0000000..7b52a25
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c061/test_c061.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C061_CLIENT_TESTS_H_
+#define _TEST_C061_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_, c061)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c061_crypto_list[];
+
+int32_t psa_aead_verify_test(security_t caller);
+
+#endif /* _TEST_C061_CLIENT_TESTS_H_ */
diff --git a/api-tests/dev_apis/crypto/test_c061/test_data.h b/api-tests/dev_apis/crypto/test_c061/test_data.h
new file mode 100644
index 0000000..af8e261
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c061/test_data.h
@@ -0,0 +1,124 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_algorithm_t alg;
+ uint8_t plaintext[30];
+ uint8_t additional_data[32];
+ uint8_t nonce[32];
+ size_t nonce_size;
+ size_t ad_length;
+ size_t plaintext_length;
+ size_t input_length;
+ size_t output_size;
+ size_t expected_output[45];
+ size_t expected_length;
+ size_t tag_size;
+ size_t expected_tag[64];
+ size_t expected_tag_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_verify - AES-CCM\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 24, BUFFER_SIZE,
+{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6,
+ 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0xd8, 0x0e,
+ 0x8b, 0xf8, 0x0f, 0x4a, 0x46, 0xca, 0xb0, 0x6d, 0x43, 0x13, 0xf0, 0xdb, 0x9b,
+ 0xe9}, 40, SIZE_32B, {0}, 0,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_verify - AES-CCM 24 bytes Tag length = 4\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 24, BUFFER_SIZE,
+{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6,
+ 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0x64, 0x3b,
+ 0x4f, 0x39}, 28, SIZE_32B, {0}, 0,
+ PSA_SUCCESS
+},
+
+{"Test psa_aead_verify - Small buffer size\n", 4, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 24, 10, {0}, 0, SIZE_32B, {0}, 0,
+ PSA_ERROR_BUFFER_TOO_SMALL
+},
+
+{"Test psa_aead_verify - Input length is less than plaintext length\n", 5, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM, PSA_ALG_CCM,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef},
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16, 13, 24, 30, BUFFER_SIZE, {0}, 0,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_verify - GCM - 16B AES - 12B Nounce & 12B addi data\n", 6, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_GCM, PSA_ALG_GCM,
+{0x45, 0x00, 0x00, 0x1c, 0x42, 0xa2, 0x00, 0x00, 0x80, 0x01, 0x44, 0x1f, 0x40,
+ 0x67, 0x93, 0xb6, 0xe0, 0x00, 0x00, 0x02, 0x0a, 0x00, 0xf5, 0xff, 0x01, 0x02,
+ 0x02, 0x01},
+{0x42, 0xf6, 0x7e, 0x3f, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10},
+{0x57, 0x69, 0x0e, 0x43, 0x4e, 0x28, 0x00, 0x00, 0xa2, 0xfc, 0xa1, 0xa3},
+ 12, 12, 28, 28, BUFFER_SIZE,
+{0xFB, 0xA2, 0xCA, 0x84, 0x5E, 0x5D, 0xF9, 0xF0, 0xF2, 0x2C, 0x3E, 0x6E, 0x86,
+ 0xDD, 0x83, 0x1E, 0x1F, 0xC6, 0x57, 0x92, 0xCD, 0x1A, 0xF9, 0x13, 0x0E, 0x13,
+ 0x79, 0xED, 0x36, 0x9F, 0x07, 0x1F, 0x35, 0xE0, 0x34, 0xBE, 0x95, 0xF1, 0x12,
+ 0xE4, 0xE7, 0xD0, 0x5D, 0x35}, 44,
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/api-tests/dev_apis/crypto/test_c061/test_entry_c061.c b/api-tests/dev_apis/crypto/test_c061/test_entry_c061.c
new file mode 100644
index 0000000..4bc7d58
--- /dev/null
+++ b/api-tests/dev_apis/crypto/test_c061/test_entry_c061.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c061.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 61)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c061_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/api-tests/dev_apis/crypto/testsuite.db b/api-tests/dev_apis/crypto/testsuite.db
index ebe6839..e857a3e 100644
--- a/api-tests/dev_apis/crypto/testsuite.db
+++ b/api-tests/dev_apis/crypto/testsuite.db
@@ -64,5 +64,22 @@
test_c042
test_c043
test_c044
+test_c045
+test_c046
+test_c047
+test_c048
+test_c049
+test_c050
+test_c051
+test_c052
+test_c053
+test_c054
+test_c055
+test_c056
+test_c057
+test_c058
+test_c059
+test_c060
+test_c061
(END)
diff --git a/api-tests/dev_apis/initial_attestation/test_a001/test_a001.c b/api-tests/dev_apis/initial_attestation/test_a001/test_a001.c
index 1f6276d..222cd67 100644
--- a/api-tests/dev_apis/initial_attestation/test_a001/test_a001.c
+++ b/api-tests/dev_apis/initial_attestation/test_a001/test_a001.c
@@ -32,7 +32,9 @@
int32_t psa_initial_attestation_get_token_test(security_t caller)
{
int num_checks = sizeof(check1)/sizeof(check1[0]);
- uint32_t i, status, token_size;
+ uint32_t i;
+ int32_t status;
+ size_t token_buffer_size, token_size;
uint8_t challenge[PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64+1];
uint8_t token_buffer[TOKEN_SIZE];
@@ -45,14 +47,14 @@
memset(token_buffer, 0, sizeof(token_buffer));
status = val->attestation_function(VAL_INITIAL_ATTEST_GET_TOKEN_SIZE,
- check1[i].challenge_size, &token_size);
+ check1[i].challenge_size, &token_buffer_size);
if (status != PSA_SUCCESS)
{
if (check1[i].challenge_size != PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32 ||
check1[i].challenge_size != PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48 ||
check1[i].challenge_size != PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64)
{
- token_size = check1[i].token_size;
+ token_buffer_size = check1[i].token_size;
check1[i].challenge_size = check1[i].actual_challenge_size;
}
else
@@ -60,7 +62,7 @@
}
status = val->attestation_function(VAL_INITIAL_ATTEST_GET_TOKEN, challenge,
- check1[i].challenge_size, token_buffer, &token_size);
+ check1[i].challenge_size, token_buffer, token_buffer_size, &token_size);
TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(1));
if (check1[i].expected_status != PSA_SUCCESS)
@@ -78,7 +80,9 @@
int32_t psa_initial_attestation_get_token_size_test(security_t caller)
{
int num_checks = sizeof(check2)/sizeof(check2[0]);
- uint32_t i, status, token_size;
+ uint32_t i;
+ int32_t status;
+ size_t token_size;
for (i = 0; i < num_checks; i++)
{
diff --git a/api-tests/dev_apis/initial_attestation/test_a001/test_a001.h b/api-tests/dev_apis/initial_attestation/test_a001/test_a001.h
index f4e7024..29aae08 100644
--- a/api-tests/dev_apis/initial_attestation/test_a001/test_a001.h
+++ b/api-tests/dev_apis/initial_attestation/test_a001/test_a001.h
@@ -18,9 +18,9 @@
#define _TEST_A001_CLIENT_TESTS_H_
#include "val_attestation.h"
-#define test_entry CONCAT(test_entry_, a001)
-#define val CONCAT(val,test_entry)
-#define psa CONCAT(psa,test_entry)
+#define test_entry CONCAT(test_entry_, a001)
+#define val CONCAT(val, test_entry)
+#define psa CONCAT(psa, test_entry)
#define TOKEN_SIZE 512
diff --git a/api-tests/dev_apis/initial_attestation/test_a001/test_data.h b/api-tests/dev_apis/initial_attestation/test_a001/test_data.h
index bfeba55..036aab1 100644
--- a/api-tests/dev_apis/initial_attestation/test_a001/test_data.h
+++ b/api-tests/dev_apis/initial_attestation/test_a001/test_data.h
@@ -19,9 +19,9 @@
typedef struct {
char test_desc[100];
- uint32_t challenge_size;
- uint32_t actual_challenge_size;
- uint32_t token_size;
+ size_t challenge_size;
+ size_t actual_challenge_size;
+ size_t token_size;
psa_status_t expected_status;
} test_data;
@@ -40,31 +40,31 @@
},
{"Test psa_initial_attestation_get_token with zero challenge size\n",
- 0, 0, TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+ 0, 0, TOKEN_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_initial_attestation_get_token with small challenge size\n",
PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1,
- TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+ TOKEN_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_initial_attestation_get_token with invalid challenge size\n",
PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32+1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32+1,
- TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+ TOKEN_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_initial_attestation_get_token with large challenge size\n",
- MAX_CHALLENGE_SIZE+1, MAX_CHALLENGE_SIZE+1, TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+ MAX_CHALLENGE_SIZE+1, MAX_CHALLENGE_SIZE+1, TOKEN_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_initial_attestation_get_token with zero as token size\n",
PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32,
- 0, PSA_ATTEST_ERR_INVALID_INPUT
+ 0, PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_initial_attestation_get_token with small token size\n",
PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32,
- PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_ERROR_BUFFER_TOO_SMALL
},
};
@@ -83,21 +83,21 @@
{"Test psa_initial_attestation_get_token_size with zero challenge size\n",
0, 0,
- TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+ TOKEN_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_initial_attestation_get_token_size with small challenge size\n",
PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1,
- TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+ TOKEN_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_initial_attestation_get_token_size with invalid challenge size\n",
PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32+1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32+1,
- TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+ TOKEN_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
{"Test psa_initial_attestation_get_token_size with large challenge size\n",
MAX_CHALLENGE_SIZE+1, MAX_CHALLENGE_SIZE+1,
- TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+ TOKEN_SIZE, PSA_ERROR_INVALID_ARGUMENT
},
};
diff --git a/api-tests/docs/psa_attestation_testlist.md b/api-tests/docs/psa_attestation_testlist.md
index 478b494..12153ad 100644
--- a/api-tests/docs/psa_attestation_testlist.md
+++ b/api-tests/docs/psa_attestation_testlist.md
@@ -2,17 +2,17 @@
| Test | Return value | API | Test Algorithm | Test Cases |
|-----------|--------------------------------------|-------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| test_a001 | PSA_ATTEST_ERR_SUCCESS | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | 1. Provide correct inputs to API with described challenge sizes <br />2. Expect API to return this define as return value each time <br />3. Verify the token | 1. Challenge_size = 32 <br />2. Challenge_size = 48 <br />3. Challenge_size = 64 |
-| | PSA_ATTEST_ERR_INVALID_INPUT | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | 1. Provide described challenge sizes to the API along with other valid parameters <br />2. Expect API to return this define as return value each time | 1. Challenge_size is zero <br />2. Invalid challenge size between 0 and 32 <br />3. Invalid challenge size between 32 and 64 <br />4. Challenge_size is greater than MAX_CHALLENGE_SIZE |
-| | PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW | psa_initial_attest_get_token() | 1. Provide described taken size to the API along with other valid parameters <br />2. Expect API to return this define as return value each time | 1. Token_size as zero<br />2. Token_size less than challenge size |
-| | PSA_ATTEST_ERR_INIT_FAILED | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | Can't simulate. Test can't generate stimulus where attestation initialisation fails | |
-| | PSA_ATTEST_ERR_CLAIM_UNAVAILABLE | psa_initial_attest_get_token() | Can't simulate. Test can't generate stimulus where claim can unavailable | |
-| | PSA_ATTEST_ERR_GENERAL | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | Can't simulate. Test can't generate stimulus where unexpected error happened during API operation | |
+| test_a001 | PSA_SUCCESS | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | 1. Provide correct inputs to API with described challenge sizes <br />2. Expect API to return this define as return value each time <br />3. Verify the token | 1. Challenge_size = 32 <br />2. Challenge_size = 48 <br />3. Challenge_size = 64 |
+| | PSA_ERROR_INVALID_ARGUMENT | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | 1. Provide described challenge sizes to the API along with other valid parameters <br />2. Expect API to return this define as return value each time | 1. Challenge_size is zero <br />2. Invalid challenge size between 0 and 32 <br />3. Invalid challenge size between 32 and 64 <br />4. Challenge_size is greater than MAX_CHALLENGE_SIZE |
+| | PSA_ERROR_BUFFER_TOO_SMALL | psa_initial_attest_get_token() | 1. Provide described taken size to the API along with other valid parameters <br />2. Expect API to return this define as return value each time | 1. Token_size as zero<br />2. Token_size less than challenge size |
+| | PSA_ERROR_SERVICE_FAILURE | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | Can't simulate. Test can't generate stimulus where attestation initialisation fails | |
+| | PSA_ERROR_GENERIC_ERROR | psa_initial_attest_get_token()<br />psa_initial_attest_get_token_size() | Can't simulate. Test can't generate stimulus where unexpected error happened during API operation | |
## Note
-1. In verifying the token, only the data type of claims and presence of the mandatory claims are checked and the values of the claims are not checked.
-2. Checks related to token signature validation will be part of future release
+1. In verifying the token, only the data type of claims and presence of the mandatory claims are checked and the values of the claims are not checked. <br />
+2. Specify the version of underlying PSA crypto in <psa-arch-tests>/api-tests/platform/targets/<target_name>/nspe/common/pal_config.h <br />
+3. Supported crypto versions are CRYPTO_VERSION_BETA1, CRYPTO_VERSION_BETA2 and CRYPTO_VERSION_BETA3
# License
Arm PSA test suite is distributed under Apache v2.0 License.
diff --git a/api-tests/docs/psa_crypto_testlist.md b/api-tests/docs/psa_crypto_testlist.md
index 983ba36..67aa616 100644
--- a/api-tests/docs/psa_crypto_testlist.md
+++ b/api-tests/docs/psa_crypto_testlist.md
@@ -2,626 +2,750 @@
-| Group | Test | Function | Scenario | Return Value | Steps | Test Case |
-|------------------------------|-----------|----------------------------|-----------------------------------------------------------------------------------------------------------------------|---------------------------------|------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Basic | test_c001 | psa_crypto_init | Library initialization | PSA_SUCCESS | Calling this function should return SUCCESS | |
-| | | | Applications must call this function before calling any other function in this module. | PSA_SUCCESS | Try calling crypto operations doing a crypto_init should be successful(can be covered as part of other testcase) | |
-| | | | Applications may call this function more than once. Once a call succeeds, subsequent calls are guaranteed to succeed. | PSA_SUCCESS | Try calling multiple crypto init and should return SUCCESS | |
-| | | | Applications must call this function before calling any other function in this module. | PSA_ERROR_BAD_STATE | Try calling crypto operations without doing a crypto_init should return FAILURE | |
-| | | | | | | |
-| Key Management | test_c002 | psa_import_key | Import a key in binary format. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
-| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
-| | | | | | 5. Import the key data into the key slot | 5. 2048 RSA keypair |
-| | | | | | 6. Get basic metadata about a key | 6. DES 64 bit key |
-| | | | | | 7. Export a key in binary format | 7. Triple DES 2-Key |
-| | | | | | 8. Check if original key data matches with the exported data | 8. Triple DES 3-Key |
-| | | | | | | 9. EC Public key |
-| | | | | | | 10. EC keypair |
-| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with incorrect key type | Incorrect key type |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. Key data greater than the algorithm size |
-| | | | | | | 2. Incorrect key data size |
-| | | | | | | |
-| | | | | | | |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid key handle should return this error | 1. Destroyed key handle </br> 2. Zero as key handle</br> 3. Unallocated key handle |
-| | | | | PSA_ERROR_ALREADY_EXISTS | Pass the key slot to store data which is already occupied | Already occupied key slot |
-| | test_c003 | psa_export_key | Export a key in binary format | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
-| | | | | | | |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
-| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
-| | | | | | 5. Import the key data into the key slot | 5. 2048 RSA keypair |
-| | | | | | 6. Get basic metadata about a key | 6. DES 64 bit key |
-| | | | | | 7. Export a key in binary format | 7. Triple DES 2-Key |
-| | | | | | 8. Check if original key data matches with the exported data | 8. Triple DES 3-Key |
-| | | | | | | 9. EC Public key |
-| | | | | | | 10. EC keypair |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with buffer size less than required | Less buffer size |
-| | | | | PSA_ERROR_NOT_PERMITTED | Calling this function with with key policy as verify should return this error | Key policy as PSA_KEY_USAGE_VERIFY |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot |
-| | | | | | | 2. Unallocated key slot |
-| | | | | | | 3. Destroyed key slot |
-| | | | | PSA_ERROR_BAD_STATE | Calling this function with key policy that cannot be exported | Invalid key policy usage |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | Calling this function with empty key slot | Empty key slot |
-| | test_c004 | psa_export_public_key | Export a public key or the public part of a key pair in binary format. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 2048 RSA public key |
-| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 2048 RSA keypair |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. EC Public key |
-| | | | | | 4. Set the usage policy on a key slot | 4. EC keypair |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Get basic metadata about a key | |
-| | | | | | 7. Export a key in binary format | |
-| | | | | | 8. Check if original key data matches with the exported data | |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with buffer size less than required | Less buffer size |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. DES 64 bit key |
-| | | | | | | 2. Triple DES 2-Key |
-| | | | | | | 3. Triple DES 3-Key |
-| | | | | PSA_ERROR_NOT_PERMITTED | Calling this function with with key policy as verify should return this error | Key policy as PSA_KEY_USAGE_VERIFY |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid key handle should return this error | 1. Zero key slot |
-| | | | | | | 2. Unallocated key slot |
-| | | | | | | 3. Destroyed key slot |
-| | | | | PSA_ERROR_BAD_STATE | Calling this function with key policy that cannot be exported | Invalid key policy usage |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | Calling this function with empty key slot | Empty key slot |
-| | test_c005 | psa_destroy_key | Destroy a key and restore the slot to its default state. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
-| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
-| | | | | | 5. Import the key data into the key slot | 5. 2048 RSA keypair |
-| | | | | | 6. Get basic metadata about a key | 6. DES 64 bit key |
-| | | | | | 7. Destroy a key and restore the slot to its default state | 7. Triple DES 2-Key |
-| | | | | | 8. Check that if the key metadata are destroyed | 8. Triple DES 3-Key |
-| | | | | | | 9. EC Public key |
-| | | | | | | 10. EC keypair |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Invalid key slot |
-| | | | | | | 2. Zero key slot |
-| | | | | | | 3. Empty key slot |
-| | test_c006 | psa_get_key_information | Get basic metadata about a key. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
-| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
-| | | | | | 5. Import the key data into the key slot | 5. 2048 RSA keypair |
-| | | | | | 6. Get basic metadata about a key | 6. DES 64 bit key |
-| | | | | | | 7. Triple DES 2-Key |
-| | | | | | | 8. Triple DES 3-Key |
-| | | | | | | 9. EC Public key |
-| | | | | | | 10. EC keypair |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot |
-| | | | | | | 2. Unallocated key slot |
-| | | | | | | 2. Destroyed key slot |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | Pass the key slot number which has the key type as none | Empty key slot |
-| | NO TEST | psa_key_policy_set_usage | Set the standard fields of a policy structure. | void | Void function. Covered as part of other cases | |
-| | | | | | | |
-| Key Policies | test_c007 | psa_set_key_policy | Set the usage policy on a key slot. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
-| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
-| | | | | | 5. Import the key data into the key slot | 5. 2048 RSA keypair |
-| | | | | | 6. Get the usage policy for a key slot | 6. DES 64 bit key |
-| | | | | | 7. Check if the policy matches the original input | 7. Triple DES 2-Key |
-| | | | | | | 8. Triple DES 3-Key |
-| | | | | | | 9. EC Public key |
-| | | | | | | 10. EC keypair |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Unallocated key slot |
-| | | | | | | 2. Zero key slot |
-| | | | | | | 3. Destroyed key slot |
-| | | | | PSA_ERROR_ALREADY_EXISTS | Pass the key slot to store data which is already occupied | Already occupied key slot |
-| | test_c008 | psa_get_key_policy | Get the usage policy for a key slot | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
-| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
-| | | | | | 5. Change the lifetime of a key slot | 5. 2048 RSA keypair |
-| | | | | | 6. Import the key data into the key slot | 6. DES 64 bit key |
-| | | | | | 7. Get the usage policy for a key slot | 7. Triple DES 2-Key |
-| | | | | | 8. Retrieve the usage field of a policy structure | 8. Triple DES 3-Key |
-| | | | | | 9. Retrieve the algorithm field of a policy structure | 9. EC Public key |
-| | | | | | 10. Make sure they match the original value | 10. EC keypair |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot |
-| | | | | | | 2. Destroyed key slot |
-| | test_c009 | psa_allocate_key | Allocate a key slot for a transient key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Volatile keys |
-| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | |
-| | | | | | 3. Allocate a key slot for a transient key | |
-| | | | | | | |
-| | | | | | | |
-| | | | | | | |
-| | | | | | | |
-| | | | | | | |
-| | | | | PSA_ERROR_INSUFFICIENT_MEMORY | Calling this function with multiple time | |
-| | | | | | | |
-| | | | | | | |
-| | test_c010 | psa_get_key_lifetime | Retrieve the lifetime of a key slot. | PSA_SUCCESS | 1. Initialize the PSA crypto library | Testing only volatile keys and persistance key types will be supported in future release |
-| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | |
-| | | | | | 4. Set the usage policy on a key slot | |
-| | | | | | 5. Change the lifetime of a key slot | |
-| | | | | | 6. Import the key data into the key slot | |
-| | | | | | 7. Get the lifetime of a key slot | |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Zero key slot |
-| | | | | | | 2. Invalid key slot |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key policy |
-| Message Authentication Codes | test_c011 | psa_hash_start | Start a multipart hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 |
-| | | | | | 2. Start a multipart hash operation | 2. MD4 |
-| | | | | | | 3. MD5 |
-| | | | | | | 4. RIPEMD160 |
-| | | | | | | 5. SHA1 |
-| | | | | | | 6. SHA224 |
-| | | | | | | 7. SHA256 |
-| | | | | | | 8. SHA512 |
-| | | | | | | 9. SHA512_224 |
-| | | | | | | 10. SHA512_256 |
-| | | | | | | 11. SHA3_224 1 |
-| | | | | | | 2. SHA3_256 1 |
-| | | | | | | 3. SHA3_384 1 |
-| | | | | | | 4. SHA3_512 |
-| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with unsupported algorithm should return error | Invalid hash algorithm |
-| | test_c012 | psa_hash_update | Add a message fragment to a multipart hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 |
-| | | | | | 2. Start a multipart hash operation | 2. MD4 |
-| | | | | | 3. Add a message fragment to a multipart hash operation | 3. MD5 |
-| | | | | | | 4. RIPEMD160 |
-| | | | | | | 5. SHA1 |
-| | | | | | | 6. SHA224 |
-| | | | | | | 7. SHA256 |
-| | | | | | | 8. SHA384 |
-| | | | | | | 9. SHA512 |
-| | | | | PSA_ERROR_BAD_STATE | 1. Calling this function without calling the psa_hash_start() should return error | Inactive operation handle |
-| | | | | | 2. Calling this function with completed operation handle should return error | Completed operation handle |
-| | test_c013 | psa_hash_verify | Finish the calculation of the hash of a message and compare it with an expected value. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 |
-| | | | | | 2. Start a multipart hash operation | 2. MD4 |
-| | | | | | 3. Add a message fragment to a multipart hash operation | 3. MD5 |
-| | | | | | 4. Finish the calculation of the hash of a message and compare it with an expected value | 4. RIPEMD160 |
-| | | | | | | 5. SHA1 |
-| | | | | | | 6. SHA224 |
-| | | | | | | 7. SHA256 |
-| | | | | | | 8. SHA384 |
-| | | | | | | 9. SHA512 |
-| | | | | PSA_ERROR_BAD_STATE | Calling this function with inactive operation handle should return error | 1. Inactive operation handle |
-| | | | | | Calling this function with invalid operation handle should return error | 2. Invalid operation handle |
-| | | | | PSA_ERROR_INVALID_SIGNATURE | Calling this function with incorrect expected value should return error | 1. Incorrect expected hash value |
-| | | | | | | 2. Incorrect expected hash length |
-| | test_c014 | psa_hash_finish | Finish the calculation of the hash of a message. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 |
-| | | | | | 2. Start a multipart hash operation | 2. MD4 |
-| | | | | | 3. Add a message fragment to a multipart hash operation | 3. MD5 |
-| | | | | | 4. Finish the calculation of the hash of a message | 4. RIPEMD160 |
-| | | | | | 5. Compare it with the expected value | 5. SHA1 |
-| | | | | | | 6. SHA224 |
-| | | | | | | 7. SHA256 |
-| | | | | | | 8. SHA384 |
-| | | | | | | 9. SHA512 |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with an inactive operation handle should return error | Inactive operation handle |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with a hash buffer whose size is less than the algorithm output should return error | Buffer size less than required |
-| | test_c015 | psa_hash_abort | Abort a hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 |
-| | | | | | 2. Start a multipart hash operation | 2. MD4 |
-| | | | | | 3. Abort a hash operation | 3. MD5 |
-| | | | | | | 4. RIPEMD160 |
-| | | | | | | 5. SHA1 |
-| | | | | | | 6. SHA224 |
-| | | | | | | 7. SHA256 |
-| | | | | | | 8. SHA384 |
-| | | | | | | 9. SHA512 |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling psa_hash_finish after calling psa_hash_abort should return error | |
-| Generator | test_c016 | psa_generate_key | Generate a key or key pair | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES |
-| | | | | | 2. Initialize a key policy structure | 2. DES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. ECC |
-| | | | | | 4. Set the usage policy on a key slot | 4. RSA |
-| | | | | | 5. Generate a key or key pair | |
-| | | | | | 6. Get basic metadata about a key | |
-| | | | | | 7. Check if key type and key length matches | |
-| | | | | | 8. Export a key in binary format | |
-| | | | | | 9. Check if the metadata matches | |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with unallocated key slot should return this error | Unallocated key slot |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with zero as key slot should return this error | Zero as key slot |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with destroyed key slot should return this error | Destroyed as key slot |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with Null extra and Non-Zero extra size should return this error | Null extra and Non-Zero extra size |
-| | | | | PSA_ERROR_ALREADY_EXISTS | Calling this function with pre-occupied key slot should return this error | Pre-occupied key slot |
-| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function to generate only public key should return this error | Key type as public key |
-| | test_c017 | psa_generate_random | Generate random bytes | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte data |
-| | | | | | 2. Generate random bytes Run several times, to ensure that every output byte will be nonzero at least once | 2. 24 Byte data |
-| | | | | | 3. Check that no more than bytes have been overwritten | 3. 32 Byte data |
-| | | | | | 4. Check that every byte was changed to nonzero at least once. | 4. 64 Byte data |
-| | | | | | | 5. 128 Byte data |
-| | | | | | | 6. 256 Byte data |
-| | | | | | | 7. 512 Byte data |
-| | | | | | | 8. 1000 Byte data |
-| | | | | | | 9. 1024 Byte data |
-| | test_c018 | psa_generator_read | Read some data from a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte key |
-| | | | | | 2. Initialize a key policy structure | 2. 32 Byte key |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 8 Byte Key |
-| | | | | | 4. Set the usage policy on a key slot | 4. SHA 256 |
-| | | | | | 5. Import the key data into the key slot | 5. SHA 512 |
-| | | | | | 6. Set up a key derivation operation | 6. SHA 1 |
-| | | | | | 7. Generate random bytes | 7. Output size less than generator capacity |
-| | | | | | 8. Check that if generated data are non-zero | 8. Output size equal to generator capacity |
-| | | | | | 9. Generate random bytes for remaining capacity | 9. Request maximum capacity |
-| | | | | | 10. Check that if generated data are non-zero | |
-| | | | | | 11. Generate random bytes and check that it fails | |
-| | | | | PSA_ERROR_INSUFFICIENT_DATA | Calling this function with output size greater than the current capacity should return this error | Output size greater than the current capacity |
-| | | | | PSA_ERROR_INSUFFICIENT_DATA | Calling this function with capacity greater than the allowed capacity should return this error | Request maximum capacity +1 |
-| | | | | PSA_ERROR_BAD_STATE | Calling this function without setup should return this error | |
-| | test_c019 | psa_get_generator_capacity | Retrieve the current capacity of a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Output size less than generator capacity |
-| | | | | | 2. Initialize a key policy structure | 2. Output size equal to generator capacity |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | |
-| | | | | | 4. Set the usage policy on a key slot | |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Set up a key derivation operation | |
-| | | | | | 7. Retrieve the current capacity of a generator | |
-| | | | | | 8. Check that it is equal to the input capacity | |
-| | | | | | 9. Generate random bytes | |
-| | | | | | 10. Retrieve the current capacity of a generator | |
-| | | | | | 11. Check that it is equal to the remaining capacity | |
-| | | | | PSA_ERROR_BAD_STATE | Calling this function without setup should return this error | |
-| | test_c020 | psa_generator_import_key | Create a symmetric key from data read from a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure | 2. 32 Byte AES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | |
-| | | | | | 4. Set the usage policy on a key slot | |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Set up a key derivation operation | |
-| | | | | | 7. Initialize a key policy structure for new slot | |
-| | | | | | 8. Set the standard fields of a policy structure | |
-| | | | | | 9. Set the usage policy on a new key slot | |
-| | | | | | 10. Create a symmetric key from data read from a generator | |
-| | | | | | 11. Export a key in binary format | |
-| | | | | | 12. Check that length of the key matches | |
-| | | | | | 13. Check that the key is non-zero | |
-| | | | | | 14. Initialize a key policy structure for new slot | |
-| | | | | | 15. Set the standard fields of a policy structure | |
-| | | | | | 16. Set the usage policy on a new key slot | |
-| | | | | | 17. Create a symmetric key from data read from a generator for the remaining size | |
-| | | | | | 18. Export a key in binary format | |
-| | | | | | 19. Check that length of the key matches | |
-| | | | | | 20. Check that the key is non-zero | |
-| | | | | | 21. Initialize a key policy structure for new slot | |
-| | | | | | 22. Set the standard fields of a policy structure | |
-| | | | | | 23. Set the usage policy on a new key slot | |
-| | | | | | 24. Create a symmetric key from data read from a generator for the some size | |
-| | | | | | Check that it fails | |
-| | | | | PSA_ERROR_INSUFFICIENT_DATA | Calling this function with output greater than capacity should return this error | Output greater than capacity |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with public key algorithm should return this error | 1. RSA public key </br>2.Invalid key size |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid arguments should return this error | 1. Invalid key slot |
-| | | | | | | 2. Zero as key slot |
-| | | | | | | |
-| | | | | PSA_ERROR_ALREADY_EXISTS | Calling this function with already occupied key slot should return this error | Pre-occupied key slot |
-| | test_c021 | psa_generator_abort | Abort a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Abort |
-| | | | | | 2. Initialize a key policy structure | 2. Multiple |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. Calling generator functions after abort should fail |
-| | | | | | 4. Set the usage policy on a key slot | |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Set the key for a multipart symmetric encryption/decryption operation | |
-| | | | | | 7. Abort a cipher operation | |
-| | | | | | 8. Multiple abort cipher operation should return success | |
-| Key derivation | test_c022 | psa_key_derivation | Set up a key derivation operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte data with SHA-256 |
-| | | | | | 2. Initialize a key policy structure | 2. 32 byte data with SHA-512 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte data with MD-5 |
-| | | | | | 4. Import the key data into the key slot | 4. Salt and label provided as input |
-| | | | | | 5. Set up a key derivation operation | |
-| | | | | | 6. Retrieve the current capacity of a generator | |
-| | | | | | 7. Make sure that the capacity is same as input capacity | |
-| | | | | PSA_INVALID_ARGUMENT | Calling this function with invalid argument should return this error | 1. Invalid algorithm |
-| | | | | | | 2. Unsupported generator capacity |
-| | | | | | | 3. Unsupported key type |
-| | | | | PSA_ERROR_NOT_PERMITTED | Calling this function with incorrect usage should return this error | 1. Incorrect usage |
-| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with unsupported key derivation algorithm should return this error | 1. Unsupported key derivation algorithm |
-| | | | | PSA_ERROR_INVALID_HANDLE | Calling this functoin wih incorrect key handle | 1. Invalid key handle </br>2. Zero as key slot |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | Calling this function with empty key slot should return this error | Empty key slot |
-| Key policies | test_c023 | psa_key_policy_get_usage | Retrieve the usage field of a policy structure | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Encrypt |
-| | | | | | 2. Initialize a key policy structure | 2. Decrypt |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. Export |
-| | | | | | 4. Retrieve the usage field of a policy structure | 4. Sign |
-| | | | | | 5. Check that usage is same as input | 5. Verify |
-| | | | | | | 6. Derive |
-| AEAD | test_c024 | psa_aead_encrypt | Process an authenticated encryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. CCM - 16B AES - Nounce and additional data |
-| | | | | | 2. Initialize a key policy structure | 2. GCM - 16B AES - NULL Nounce & addi data |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. GCM -16B AES - 12B Nounce & 12B addi data |
-| | | | | | 4. Set the usage policy on a key slot | 4. CCM - 16B AES - 13B Nounce & 8B addi data |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Call aead encrypt | |
-| | | | | | 7. Check if the status is expected | |
-| | | | | | 8. Check if the cipher text is expected length | |
-| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. DES key |
-| | | | | | | 2. Unsupported algorithm |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Zero as key slot |
-| | | | | | | 2. Invalid key slot |
-| | | | | PSA_ERROR_NOT_PERMITTED | | 1. Small output buffer size |
-| | | | | | | 2. Invalid key usage |
-| | test_c025 | psa_aead_decrypt | Process an authenticated decryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. CCM - 16B AES - Nounce and additional data |
-| | | | | | 2. Initialize a key policy structure | 2. GCM - 16B AES - NULL Nounce & addi data |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. GCM -16B AES - 12B Nounce & 12B addi data |
-| | | | | | 4. Set the usage policy on a key slot | 4. CCM - 16B AES - 13B Nounce & 8B addi data |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Call aead decrypt | |
-| | | | | | 7. Check if the status is expected | |
-| | | | | | 8. Check if the plain text is expected length | |
-| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. DES key |
-| | | | | | | 2. Unsupported algorithm |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | Invalid tag length |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Zero as key slot |
-| | | | | | | 2. Invalid key slot |
-| | | | | PSA_ERROR_NOT_PERMITTED | | 1. Small output buffer size |
-| | | | | | | 2. Invalid key usage |
-| Message Authentication Codes | test_c026 | psa_mac_sign_setup | Start a multipart MAC calculation operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 64 Byte HMAC |
-| | | | | | 2. Initialize a key policy structure | 2. 16 Byte AES - CMAC |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | |
-| | | | | | 4. Set the usage policy on a key slot | |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Start a multipart MAC calculation operation | |
-| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. 16 Byte AES - GMAC |
-| | | | | | | 2. Incompatible HMAC for CMAC |
-| | | | | | | 3. Bad algorithm (unknown MAC algorithm) |
-| | | | | | | 4. Truncated MAC too small |
-| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type |
-| | | | | | | 2. Truncated MAC too large |
-| | | | | | | 3. Bad algorithm (not a MAC algorithm) |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key handle |
-| | | | | | | 2. Zero as key handle |
-| | test_c027 | psa_mac_update | Add a message fragment to a multipart MAC operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1.64 Byte HMAC SHA256 |
-| | | | | | 2. Initialize a key policy structure | 2. 16 Byte AES - CMAC |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte HMAC SHA512 |
-| | | | | | 4. Set the usage policy on a key slot | |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Start a multipart MAC calculation operation | |
-| | | | | | 7. Add a message fragment to a multipart MAC operation | |
-| | | | | | 8. Check for the expected status | |
-| | | | | | 9. If success, Finish the calculation of the MAC of a message | |
-| | | | | | 10. Add a message fragment to the same multipart MAC operation should fail | |
-| | | | | PSA_ERROR_BAD_STATE | | 1. Completed operation as input |
-| | | | | | | 2. Uninitialized operation as input |
-| | test_c028 | psa_mac_sign_finish | Finish the calculation of the MAC of a message | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. HMAC SHA 224 |
-| | | | | | 2. Initialize a key policy structure | 2. HMAC SHA 256 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. HMAC SHA 512 |
-| | | | | | 4. Set the usage policy on a key slot | 4. HMAC SHA 224 (truncated to 8 Byte) |
-| | | | | | 5. Import the key data into the key slot | 5. CMAC AES 128 |
-| | | | | | 6. Start a multipart MAC calculation operation | |
-| | | | | | 7. Add a message fragment to a multipart MAC operation | |
-| | | | | | 8. Finish the calculation of the MAC of a message | |
-| | | | | | 9. Check for the expected status | |
-| | | | | | 10. If success, Check if the MAC length matches with the expected length | |
-| | | | | | 11. Check if the MAC data matches with the expected data | |
-| | | | | | 12. Finish the calculation of the MAC of a message using same operation should return error | |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small size buffer |
-| | | | | PSA_ERROR_BAD_STATE | | Invalid operation as input |
-| | test_c029 | psa_mac_verify_setup | | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 64 Byte HMAC |
-| | | | | | 2. Initialize a key policy structure | 2. 16 Byte AES - CMAC |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | |
-| | | | | | 4. Set the usage policy on a key slot | |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Start a multipart MAC verification operation | |
-| | | | | | 7. Check for the expected status | |
-| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. 16 Byte AES - GMAC |
-| | | | | | | 2. Incompatible HMAC for CMAC |
-| | | | | | | 3. Bad algorithm (unknown MAC algorithm) |
-| | | | | | | 4. Truncated MAC too small |
-| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty slot as input |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type |
-| | | | | | | 2. Truncated MAC too large |
-| | | | | | | 3. Bad algorithm (unknown MAC algorithm) |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key handle |
-| | | | | | | 2. Zero as key handle |
-| | test_c030 | psa_mac_verify_finish | Finish the calculation of the MAC of a message and compare it with an expected value | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. HMAC SHA 224 |
-| | | | | | 2. Initialize a key policy structure | 2. HMAC SHA 256 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. HMAC SHA 512 |
-| | | | | | 4. Set the usage policy on a key slot | 4. HMAC SHA 224 (truncated to 8 Byte) |
-| | | | | | 5. Import the key data into the key slot | 5. CMAC AES 128 |
-| | | | | | 6. Start a multipart MAC calculation operation | |
-| | | | | | 7. Add a message fragment to a multipart MAC operation | |
-| | | | | | 8. Finish the calculation of the MAC of a message | |
-| | | | | | 9. Check for the expected status | |
-| | | | | | 10. Finish the calculation of the MAC of a message using same operation should return error | |
-| | | | | PSA_ERROR_INVALID_SIGNATURE | | 1. Small size buffer |
-| | | | | | | 2. Incorrect expected hash |
-| | | | | PSA_ERROR_BAD_STATE | | Invalid operation as input |
-| | test_c031 | psa_mac_abort | Abort a MAC operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. HMAC SHA 224 |
-| | | | | | 2. Initialize a key policy structure | 2. HMAC SHA 256 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. HMAC SHA 512 |
-| | | | | | 4. Set the usage policy on a key slot | 4. CMAC AES 128 |
-| | | | | | 5. Import the key data into the key slot | 5. HMAC truncated |
-| | | | | | 6. Start a multipart MAC calculation operation | 6. Multiple abort |
-| | | | | | 7. Abort the MAC operation | 7. psa_mac_finish after psa_mac_abort should return failure |
-| Symmetric Ciphers | test_c032 | psa_cipher_encrypt_setup | Set the key for a multipart symmetric encryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure | 2. 24 Byte AES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
-| | | | | | 4. Set the usage policy on a key slot | 4. DES 64 bit key |
-| | | | | | 5. Import the key data into the key slot | 5. Triple DES 2-Key |
-| | | | | | 6. Set the key for a multipart symmetric encryption operation | 6. Triple DES 3-Key |
-| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. 16 Byte raw data |
-| | | | | | | 2. Unknown cipher algorithm |
-| | | | | | | 3. Incompatible key ARC4 |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Not a cipher algorithm |
-| | | | | | | 2. RSA public key |
-| | | | | | | 3. RSA keypair |
-| | | | | | | 4. EC Public key |
-| | | | | | | 5. EC keypair |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot |
-| | | | | PSA_ERROR_NOT_PERMITTED | | Incorrect usage |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Unallocated key handle |
-| | | | | | | 2. Zero as key handle |
-| | test_c033 | psa_cipher_decrypt_setup | Set the key for a multipart symmetric decryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. HMAC SHA 224 |
-| | | | | | 2. Initialize a key policy structure | 2. HMAC SHA 256 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. HMAC SHA 512 |
-| | | | | | 4. Set the usage policy on a key slot | 4. CMAC AES 128 |
-| | | | | | 5. Import the key data into the key slot | 5. HMAC truncated |
-| | | | | | 6. Set the key for a multipart symmetric decryption operation | 6. Multiple abort |
-| | | | | | | 7. psa_mac_finish after psa_mac_abort should return failure |
-| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. 16 Byte raw data |
-| | | | | | | 2. Unknown cipher algorithm |
-| | | | | | | 3. Incompatible key ARC4 |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Not a cipher algorithm |
-| | | | | | | 2. RSA public key |
-| | | | | | | 3. RSA keypair |
-| | | | | | | 4. EC Public key |
-| | | | | | | 5. EC keypair |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Unallocated key handle |
-| | | | | | | 2. Zero as key handle |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot |
-| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
-| | test_c034 | psa_cipher_generate_iv | Generate an IV for a symmetric encryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure | 2. 24 Byte AES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
-| | | | | | 4. Set the usage policy on a key slot | 4. DES 64 bit key |
-| | | | | | 5. Import the key data into the key slot | 5. Triple DES 2-Key |
-| | | | | | 6. Set the key for a multipart symmetric encryption operation | 6. Triple DES 3-Key |
-| | | | | | 7. Generate an IV for a symmetric encryption operation | 7. AES - large iv buffer |
-| | | | | | 8. Check that if generated iv length match the expected length | 8. DES - large iv buffer |
-| | | | | | 9. Check that if generated iv are zero | |
-| | | | | | 10. Generating an IV for a symmetric encryption operation using the same operator should fail | |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | 1. AES - small iv buffer |
-| | | | | | | 2. DES - small iv buffer |
-| | | | | PSA_ERROR_BAD_STATE | | 1. Completed operation handle |
-| | test_c035 | psa_cipher_set_iv | Set the IV for a symmetric encryption or decryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure | 2. 24 Byte AES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
-| | | | | | 4. Set the usage policy on a key slot | 4. DES 64 bit key |
-| | | | | | 5. Import the key data into the key slot | 5. Triple DES 2-Key |
-| | | | | | 6. Set the key for a multipart symmetric encryption/decryption operation | 6. Triple DES 3-Key |
-| | | | | | 7. Set an IV for a symmetric encryption/decryption operation | |
-| | | | | | 8. Check that if generated iv length match the expected length | |
-| | | | | | 9. Check that if generated iv are zero | |
-| | | | | | 10. Setting an IV for a symmetric encryption/decryption operation using the same operator should fail | |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. AES - small iv buffer 2. DES - small iv buffer 3. AES - large iv buffer 4. DES - large iv buffer |
-| | | | | PSA_ERROR_BAD_STATE | | 1. Completed operation handle |
-| | test_c036 | psa_cipher_update | Encrypt or decrypt a message fragment in an active cipher operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES CBC_NO_PADDING |
-| | | | | | 2. Initialize a key policy structure | 2. AES CBC_NO_PADDING (Short input) |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. AES CBC_PKCS7 |
-| | | | | | 4. Set the usage policy on a key slot | 4. AES CBC_PKCS7 (Short input) |
-| | | | | | 5. Import the key data into the key slot | 5. AES CTR |
-| | | | | | 6. Set the key for a multipart symmetric encryption operation | 6. DES CBC (nopad) |
-| | | | | | 7. Set an IV for a symmetric encryption operation | 7. 2-key 3DE -CBC (nopad) |
-| | | | | | 8. Encrypt or decrypt a message fragment in an active cipher operation | 8. 3-key 3DE -CBC (nopad) |
-| | | | | | 9. Check if the output length matches the expected length | |
-| | | | | | 10. Check if the output data matches the expected data | |
-| | | | | | 11. Encrypt or decrypt a message fragment in an invalid cipher operation should fail | |
-| | | | | PSA_ERROR_BAD_STATE | Encrypt or decrypt a message fragment in an invalid cipher operation should fail | Invalid operation as input |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer size |
-| | test_c037 | psa_cipher_finish | Finish encrypting or decrypting a message in a cipher operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES CBC_NO_PADDING |
-| | | | | | 2. Initialize a key policy structure | 2. AES CBC_NO_PADDING (Short input) |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. AES CBC_PKCS7 |
-| | | | | | 4. Set the usage policy on a key slot | 4. AES CBC_PKCS7 (Short input) |
-| | | | | | 5. Import the key data into the key slot | 5. AES CTR |
-| | | | | | 6. Set the key for a multipart symmetric encryption operation | 6. DES CBC (nopad) |
-| | | | | | 7. Set an IV for a symmetric encryption operation | 7. 2-key 3DE -CBC (nopad) |
-| | | | | | 8. Encrypt or decrypt a message fragment in an active cipher operation | 8. 3-key 3DE -CBC (nopad) |
-| | | | | | 9. Finish encrypting or decrypting a message in a cipher operation | |
-| | | | | | 10. Check if the output length matches the expected length | |
-| | | | | | 11. Check if the output data matches the expected data | |
-| | | | | | 12. Finish encrypting or decrypting a message using an invalid operation should fail | |
-| | | | | PSA_ERROR_BAD_STATE | Encrypt or decrypt a message fragment in an invalid cipher operation should fail | Invalid operation as input |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer size |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | AES CBC_NO_PADDING (Short input) |
-| | test_c038 | psa_cipher_abort | Abort a cipher operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Encrypt - AES CBC_NO_PADDING |
-| | | | | | 2. Initialize a key policy structure | 2. Encrypt - AES CBC_PKCS7 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. Encrypt - AES CTR |
-| | | | | | 4. Set the usage policy on a key slot | 4. Encrypt - DES CBC (nopad) |
-| | | | | | 5. Import the key data into the key slot | 5. Encrypt - 2-key 3DE -CBC (nopad) |
-| | | | | | 6. Set the key for a multipart symmetric encryption/decryption operation | 6. Encrypt - 3-key 3DE -CBC (nopad) |
-| | | | | | 7. Abort a cipher operation | 7. Decrypt - AES CBC_NO_PADDING |
-| | | | | | 8. Multiple abort cipher operation should return success | 8. Decrypt - AES CBC_PKCS7 |
-| | | | | | | 9. Decrypt - AES CTR |
-| | | | | | | 10. Decrypt - DES CBC (nopad) |
-| | | | | | | 11. Decrypt - 2-key 3DE -CBC (nopad) |
-| | | | | | | 12. Decrypt - 3-key 3DE -CBC (nopad) |
-| | | | | | | 13. psa_cipher_update after psa_cipher_abort should fail |
-| Asymmetric Cryptography | test_c039 | psa_asymmetric_encrypt | Encrypt a short message with a public key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA PKCS1V15 |
-| | | | | | 2. Initialize a key policy structure | 2. RSA OAEP SHA256 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. RSA OAEP SHA256 with label |
-| | | | | | 4. Set the usage policy on a key slot | 4. RSA KEYPAIR PKCS1V15 |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Encrypt a short message with a public key | |
-| | | | | | 7. Check if the output length matches with the expected output length | |
-| | | | | | 8. Decrypt the cipher text | |
-| | | | | | 9. Check if the output length matches with the input length | |
-| | | | | | 10. Check if the output matches with the given input data | |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type |
-| | | | | | | 2. Invalid algorithm |
-| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Unallocated key handle |
-| | | | | | | 2. Zero as key handle |
-| | test_c040 | psa_asymmetric_decrypt | Decrypt a short message with a private key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 |
-| | | | | | 2. Initialize a key policy structure | 2. RSA KEYPAIR OAEP SHA256 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. RSA KEYPAIR OAEP SHA256 with label |
-| | | | | | 4. Set the usage policy on a key slot | |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Decrypt a short message with a private key | |
-| | | | | | 7. Check if the output length matches with the expected length | |
-| | | | | | 8. Check if the output matches with the expected data | |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type (RSA public key) |
-| | | | | | | 2. Invalid algorithm |
-| | | | | | | 3. Invalid key type (AES Key) |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot |
-| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot </br>2. Zero key slot |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer |
-| | test_c041 | psa_asymmetric_sign | Sign a hash or short message with a private key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 RAW |
-| | | | | | 2. Initialize a key policy structure | 2. RSA KEYPAIR PKCS1V15 SHA-256 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. ECDSA KEYPAIR SECP256R1 SHA-256 |
-| | | | | | 4. Set the usage policy on a key slot | |
-| | | | | | 5. Import the key data into the key slot | |
-| | | | | | 6. Sign a hash or short message with a private key | |
-| | | | | | 7. Check if the output length matches with the expected length | |
-| | | | | | 8. Check if the output matches with the expected data | |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type (RSA public key) |
-| | | | | | | 2. Invalid algorithm |
-| | | | | | | 3. Invalid key type (AES Key) |
-| | | | | | | 4. Wrong hash size |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot </br>2. Zero key slot |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot |
-| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer |
-| | test_c042 | psa_asymmetric_verify | Verify the signature a hash or short message using a public key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 RAW |
-| | | | | | 2. Initialize a key policy structure | 2. RSA KEYPAIR PKCS1V15 SHA-256 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. ECDSA KEYPAIR SECP256R1 SHA-256 |
-| | | | | | 4. Set the key data based on key type | 4. RSA public key |
-| | | | | | 5. Set the usage policy on a key slot | 5. EC public key |
-| | | | | | 6. Import the key data into the key slot | |
-| | | | | | 7. Verify the signature a hash or short message using a public key | |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid algorithm |
-| | | | | | | 2. Wrong hash size |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot </br>2. Zero key slot |
-| | | | | PSA_ERROR_INVALID_SIGNATURE | | Wrong signature size |
-| | | | | | | Wrong signature |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot |
-| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
-| | | | | PSA_ERROR_NOT_SUPPORTED | | Invalid key type (AES Key) |
-| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer |
-| | test_c043 | psa_key_agreement | Set up a key agreement operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. ECDH SECP256R1 |
-| | | | | | 2. Initialize a key policy structure | 2. ECDH SECP384R1 |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | |
-| | | | | | 4. Set the key data based on key type | |
-| | | | | | 5. Set the usage policy on a key slot | |
-| | | | | | 6. Import the key data into the key slot | |
-| | | | | | 7. Set up a key agreement operation | |
-| | | | | | 8. Retrieve the current capacity of a generator | |
-| | | | | | 9. Check if the generator capacity matches with the expected capacity | |
-| | | | | | 10. Read some data from a generator | |
-| | | | | | 11. Check if the output matches with the expected data | |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Not a key agreement alg |
-| | | | | | | 2. Public key on different curve |
-| | | | | | | 2. Public key instead of private key |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot </br>2. Zero key slot |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot |
-| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
-| | | | | PSA_ERROR_NOT_SUPPORTED | | Invalid key type (AES Key) |
-| | test_c044 | psa_copy_key | Copy key material from one location to another | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
-| | | | | | 2. Initialize a key policy structure | 2. 24 Byte AES |
-| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES with constraints |
-| | | | | | 4. Set the key data based on key type | 4. 2048 RSA public key |
-| | | | | | 5. Set the usage policy on a key slot | 5. 2048 RSA key pair |
-| | | | | | 6. Import the key data into the key slot | 6. DES 64 bit key |
-| | | | | | 7. Allocate a key slot for the target key | 7. Triple DES 2-Key |
-| | | | | | 8. Set the usage policy on a key slot | 8. Triple DES 3-Key |
-| | | | | | 9. Make a copy of a key | 9. EC Public key |
-| | | | | | 10. Destroy the source to ensure that this doesn't affect the target | 10. EC key pair |
-| | | | | | 11. Export a key in binary format and check if it matches with source material | 11. Incompatible target polic |
-| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Incompatible target policy(source and target) |
-| | | | | | | 2. Incompatible constraint |
-| | | | | PSA_SUCCESS | | 1. Unexport source key usage |
-| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Unallocated target key slot |
-| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty source handle |
-| | | | | PSA_ERROR_ALREADY_EXISTS | | Target already containing key material |
-
+| Group | Test | Function | Scenario | Return Value | Steps | Test Case | |
+|------------------------------|-----------|----------------------------------|----------------------------------------------------------------------------------------|---------------------------------------------|------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|---|
+| Library Initialization | test_c001 | psa_crypto_init | Library initialization | PSA_SUCCESS | Calling this function should return SUCCESS | | |
+| | | | Applications must call this function before calling any other function in this module. | PSA_SUCCESS | Try calling crypto operations doing a crypto_init should be successful(can be covered as part of other testcase) | | |
+| | | | Applications may call this function more than once. Once a call succeeds | subsequent calls are guaranteed to succeed. | PSA_SUCCESS | Try calling multiple crypto init and should return SUCCESS | |
+| | | | Applications must call this function before calling any other function in this module. | PSA_ERROR_BAD_STATE | Try calling crypto operations without doing a crypto_init should return FAILURE | | |
+| | | | | | | | |
+| Key Management | test_c002 | psa_import_key | Import a key in binary format. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | |
+| | | | | | 2. Setup the attributes for the key | 2. 24 Byte AES | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte AES | |
+| | | | | | 4. Get basic metadata about a key | 4. 2048 RSA public key | |
+| | | | | | 5. Export a key in binary format | 5. 2048 RSA keypair | |
+| | | | | | 6. Check if original key data matches with the exported data | 6. DES 64 bit key | |
+| | | | | | 7. Reset the key attributes | 7. Triple DES 2-Key | |
+| | | | | | | 8. Triple DES 3-Key | |
+| | | | | | | 9. EC Public key | |
+| | | | | | | 10. EC keypair | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with incorrect key type | Incorrect key type | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. Key data greater than the algorithm size | |
+| | | | | | | 2. Incorrect key data size | |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid key handle should return this error | | |
+| Key Management | test_c003 | psa_export_key | Export a key in binary format | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | |
+| | | | | | 2. Setup the attributes for the key | 2. 24 Byte AES | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte AES | |
+| | | | | | 4. Get basic metadata about a key | 4. 2048 RSA public key | |
+| | | | | | 5. Export a key in binary format | 5. 2048 RSA keypair | |
+| | | | | | 6. Check if original key data matches with the exported data | 6. DES 64 bit key | |
+| | | | | | 7. Reset the key attributes | 7. Triple DES 2-Key | |
+| | | | | | | 8. Triple DES 3-Key | |
+| | | | | | | 9. EC Public key | |
+| | | | | | | 10. EC keypair | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with buffer size less than required | Less buffer size | |
+| | | | | PSA_ERROR_NOT_PERMITTED | Calling this function with with key policy as verify should return this error | Key policy as PSA_KEY_USAGE_VERIFY | |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Destroyed key slot | |
+| Key Management | test_c004 | psa_export_public_key | Export a public key or the public part of a key pair in binary format. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 2048 RSA public key | |
+| | | | | | 2. Setup the attributes for the key | 2. 2048 RSA keypair | |
+| | | | | | 3. Import the key data into the key slot | 3. EC Public key | |
+| | | | | | 4. Get basic metadata about a key | 4. EC keypair | |
+| | | | | | 5. Export a key in binary format | | |
+| | | | | | 6. Check if original key data matches with the exported data | | |
+| | | | | | 7. Reset the key attributes | | |
+| | | | | | | | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with buffer size less than required | Less buffer size | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. DES 64 bit key | |
+| | | | | | | 2. Triple DES 2-Key | |
+| | | | | | | 3. Triple DES 3-Key | |
+| | | | | PSA_ERROR_NOT_PERMITTED | Calling this function with with key policy as verify should return this error | Key usage as PSA_KEY_USAGE_VERIFY | |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid key handle should return this error | 1. Destroyed key slot | |
+| | | | | PSA_ERROR_BAD_STATE | Calling this function with key policy that cannot be exported | Invalid key policy usage | |
+| | | | | PSA_ERROR_DOES_NOT_EXIST | Calling this function with empty key slot | Empty key slot | |
+| Key Management | test_c005 | psa_destroy_key | Destroy a key and restore the slot to its default state. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | |
+| | | | | | 2. Setup the attributes for the key | 2. 24 Byte AES | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte AES | |
+| | | | | | 4. Get basic metadata about a key | 4. 2048 RSA public key | |
+| | | | | | 5. Destroy a key and restore the slot to its default state | 5. 2048 RSA keypair | |
+| | | | | | 6. Check that if the key metadata are destroyed | 6. DES 64 bit key | |
+| | | | | | | 7. Triple DES 2-Key | |
+| | | | | | | 8. Triple DES 3-Key | |
+| | | | | | | 9. EC Public key | |
+| | | | | | | 10. EC keypair | |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | Already destroyed key slot | |
+| Message Digests | test_c006 | psa_hash_compute | Calculate the hash (digest) of a message | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | |
+| | | | | | 2. Calculate the hash (digest) of a message | 2. MD4 | |
+| | | | | | 3. Check if it matches with the expected values | 3. MD5 | |
+| | | | | | | 4. RIPEMD160 | |
+| | | | | | | 5. SHA1 | |
+| | | | | | | 6. SHA224 | |
+| | | | | | | 7. SHA256 | |
+| | | | | | | 8. SHA384 | |
+| | | | | | | 9. SHA512 | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with small buffer size should return this error | small buffer size | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with invalid algorithm should return this error | Invalid algorithm | |
+| Message Digests | test_c007 | psa_hash_compare | Calculate the hash (digest) of a message and compare it with a reference value | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | |
+| | | | | | 2. Calculate the hash (digest) of a message and compare it with a reference value | 2. MD4 | |
+| | | | | | | 3. MD5 | |
+| | | | | | | 4. RIPEMD160 | |
+| | | | | | | 5. SHA1 | |
+| | | | | | | 6. SHA224 | |
+| | | | | | | 7. SHA256 | |
+| | | | | | | 8. SHA384 | |
+| | | | | | | 9. SHA512 | |
+| | | | | PSA_ERROR_INVALID_SIGNATURE | Calling this function with incorrect expected hash | Incorrect expected hash | |
+| | | | | | Calling this function with incorrect expected hash | Incorrect expected hash length | |
+| Key Derivation | test_c008 | psa_key_derivation_setup | Set up a key derivation operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. ECDH + HKDF-SHA-256 | |
+| | | | | | 2. Set up a key derivation operation | | |
+| | | | | | 3. Abort the key derivation operation | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. Bad key derivation algorithm | |
+| | | | | | | 2. Invalid Algorithm | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with unsupported parameter should return this error | ECDH, unknown KDF | |
+| Key Derivation | test_c009 | psa_key_derivation_input_bytes | Provide an input for key derivation or key agreement | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Step as Info | |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. Step as salt | |
+| | | | | | 3. Provide an input for key derivation or key agreement | 3. Step as label | |
+| | | | | | 4. Allocate a key slot for a transient key | 4. Step as seed | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. Step as secret | |
+| | | | | | | 2. Invalid step | |
+| | | | | PSA_ERROR_BAD_STATE | Key derivation on an aborted operation | Aborted operation | |
+| Key Attributes | test_c010 | psa_set_key_id | Set the attributes for the key | NA | 1. Initialize the PSA crypto library | Testing only volatile keys and persistence key types will be supported in future release | |
+| | | psa_set_key_lifetime | | | 2. Check if all the attributes are initialized to zero | | |
+| | | psa_set_key_type | | | 3. Setup the attributes for the key | | |
+| | | psa_set_key_bits | | | 4. Check if all the attributes are as per the input | | |
+| | | psa_set_key_usage_flags | | | 5. Reset the attributes | | |
+| | | psa_set_key_algorithm | | | 6. Check if all the attributes are erased | | |
+| | | psa_get_key_id | Get the attributes for the key | | | | |
+| | | psa_get_key_lifetime | | | | | |
+| | | psa_get_key_type | | | | | |
+| | | psa_get_key_bits | | | | | |
+| | | psa_get_key_usage_flags | | | | | |
+| | | psa_get_key_algorithm | | | | | |
+| | | psa_reset_key_attributes | | | | | |
+| Message Digests | test_c011 | psa_hash_start | Start a multipart hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 | |
+| | | | | | 3. Abort the hash operation | 3. MD5 | |
+| | | | | | | 4. RIPEMD160 | |
+| | | | | | | 5. SHA1 | |
+| | | | | | | 6. SHA224 | |
+| | | | | | | 7. SHA256 | |
+| | | | | | | 8. SHA512 | |
+| | | | | | | 9. SHA512_224 | |
+| | | | | | | 10. SHA512_256 | |
+| | | | | | | 11. SHA3_224 1 | |
+| | | | | | | 2. SHA3_256 1 | |
+| | | | | | | 3. SHA3_384 1 | |
+| | | | | | | 4. SHA3_512 | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with unsupported algorithm should return error | Invalid hash algorithm | |
+| | | | | PSA_ERROR_BAD_STATE | Calling this function again after setup | Multiple setup calls after one another | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. Invalid algorithm | |
+| | | | | | | 2. CTR algorithm | |
+| Message Digests | test_c012 | psa_hash_update | Add a message fragment to a multipart hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 | |
+| | | | | | 3. Add a message fragment to a multipart hash operation | 3. MD5 | |
+| | | | | | 4. Abort the hash operation | 4. RIPEMD160 | |
+| | | | | | | 5. SHA1 | |
+| | | | | | | 6. SHA224 | |
+| | | | | | | 7. SHA256 | |
+| | | | | | | 8. SHA384 | |
+| | | | | | | 9. SHA512 | |
+| | | | | PSA_ERROR_BAD_STATE | 1. Calling this function without calling the psa_hash_setup() should return error | Operation handle without setup | |
+| | | | | | 2. Calling this function with completed operation handle should return error | Completed operation handle | |
+| Message Digests | test_c013 | psa_hash_verify | Finish the calculation of the hash of a message and compare it with an expected value. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 | |
+| | | | | | 3. Add a message fragment to a multipart hash operation | 3. MD5 | |
+| | | | | | 4. Finish the calculation of the hash of a message and compare it with an expected value | 4. RIPEMD160 | |
+| | | | | | 5. Abort the hash operation | 5. SHA1 | |
+| | | | | | | 6. SHA224 | |
+| | | | | | | 7. SHA256 | |
+| | | | | | | 8. SHA384 | |
+| | | | | | | 9. SHA512 | |
+| | | | | PSA_ERROR_BAD_STATE | Calling this function with inactive operation handle should return error | 1. Inactive operation handle | |
+| | | | | | Calling this function with invalid operation handle should return error | 2. Invalid operation handle | |
+| | | | | PSA_ERROR_INVALID_SIGNATURE | Calling this function with incorrect expected value should return error | 1. Incorrect expected hash value | |
+| | | | | | | 2. Incorrect expected hash length | |
+| Message Digests | test_c014 | psa_hash_finish | Finish the calculation of the hash of a message. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 | |
+| | | | | | 3. Add a message fragment to a multipart hash operation | 3. MD5 | |
+| | | | | | 4. Finish the calculation of the hash of a message | 4. RIPEMD160 | |
+| | | | | | 5. Compare it with the expected value | 5. SHA1 | |
+| | | | | | 6. Abort the hash operation | 6. SHA224 | |
+| | | | | | | 7. SHA256 | |
+| | | | | | | 8. SHA384 | |
+| | | | | | | 9. SHA512 | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with an inactive operation handle should return error | Inactive operation handle | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with a hash buffer whose size is less than the algorithm output should return error | Buffer size less than required | |
+| | | | | PSA_ERROR_BAD_STATE | Calling this function with completed operation handle | completed operation handle | |
+| Message Digests | test_c015 | psa_hash_abort | Abort a hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 | |
+| | | | | | 3. Abort a hash operation | 3. MD5 | |
+| | | | | | | 4. RIPEMD160 | |
+| | | | | | | 5. SHA1 | |
+| | | | | | | 6. SHA224 | |
+| | | | | | | 7. SHA256 | |
+| | | | | | | 8. SHA384 | |
+| | | | | | | 9. SHA512 | |
+| Generation | test_c016 | psa_generate_key | Generate a key or key pair | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES | |
+| | | | | | 2. Setup the attributes for the key | 2. DES | |
+| | | | | | 3. Generate a key or key pair | 3. ECC | |
+| | | | | | 4. Get basic metadata about a key | 4. RSA | |
+| | | | | | 5. Check if key type and key length matches | | |
+| | | | | | 6. Export a key in binary format | | |
+| | | | | | 7. Check if the metadata matches | | |
+| | | | | | 8. Reset and destroy the key | | |
+| | | | | | | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid usage flags | invalid usage flags | |
+| | | | | PSA_ERROR_ALREADY_EXISTS | Calling this function with pre-occupied key slot should return this error | Pre-occupied key slot | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function to generate only public key should return this error | 1. Key type as public key | |
+| | | | | | | 2. Invalid key type | |
+| Generation | test_c017 | psa_generate_random | Generate random bytes | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte data | |
+| | | | | | 2. Generate random bytes Run several times to ensure that every output byte will be nonzero at least once | 2. 24 Byte data | |
+| | | | | | 3. Check that no more than bytes have been overwritten | 3. 32 Byte data | |
+| | | | | | 4. Check that every byte was changed to nonzero at least once. | 4. 64 Byte data | |
+| | | | | | | 5. 128 Byte data | |
+| | | | | | | 6. 256 Byte data | |
+| | | | | | | 7. 512 Byte data | |
+| | | | | | | 8. 1000 Byte data | |
+| | | | | | | 9. 1024 Byte data | |
+| Key Derivation | test_c018 | psa_key_derivation_input_key | Provide an input for key derivation in the form of a key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte key | |
+| | | | | | 2. Setup the attributes for the key | | |
+| | | | | | 3. Import the key data into the key slot | | |
+| | | | | | 4. Set up a key derivation operation | | |
+| | | | | | 5. Provide an input for key derivation or key agreement | | |
+| | | | | | 6. Abort the key derivation operation | | |
+| | | | | PSA_ERROR_NOT_PERMITTED | Calling this function with incorrect data | 1. Invalid usage | |
+| | | | | | | 2. Incorrect key algorithm | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. Step as label | |
+| | | | | | | 2. Step as info | |
+| | | | | | | 3. Step as seed | |
+| | | | | | | 4. Step as salt | |
+| | | | | | | 5. Input key type as AES (not derive) | |
+| | | | | | | 6. Key type a RSA public key | |
+| | | | | | | 7. Key type as RSA Keypair | |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with destroyed key handle | 1. No key in slot | |
+| | | | | PSA_ERROR_BAD_STATE | Calling this function without setup should return this error | | |
+| Key Derivation | test_c019 | psa_key_derivation_key_agreement | Perform a key agreement and use the shared secret as input to a key derivation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. ECDH SECP256R1 | |
+| | | | | | 2. Setup the attributes for the key | 2. ECDH SECP384R1 | |
+| | | | | | 3. Import the key data into the key slot | | |
+| | | | | | 4. Set up a key agreement operation | | |
+| | | | | | 5. Perform a key agreement | | |
+| | | | | | 6. Abort | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. Invalid step | |
+| | | | | | | 2. Invalid usage | |
+| | | | | | | 3. KDF instead of a key agreement algorithm | |
+| | | | | | | 4. Public key on different curve | |
+| | | | | | | 5. Public key instead of private key | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Zero as key slot | |
+| | | | | | | 2. Empty key handle | |
+| Key Derivation | test_c020 | psa_key_derivation_output_bytes | Read some data from a key derivation operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Key | |
+| | | | | | 2. Setup the attributes for the key | 2. Info | |
+| | | | | | 3. Import the key if the derivation input is key | | |
+| | | | | | 4. Set up a key derivation operation | | |
+| | | | | | 5. Set the capacity for the generator | | |
+| | | | | | 6. Provide input as key or data depending on the step | | |
+| | | | | | 7. Read some data from a key derivation operation | | |
+| | | | | | 8. Abort the derivation operation | | |
+| | | | | PSA_ERROR_BAD_STATE | Calling this function with only supportive step | 1. Salt | |
+| | | | | | | 2. Label | |
+| | | | | | | 3. Seed | |
+| | | | | | | 4. Aborted operation | |
+| | | | | PSA_ERROR_INSUFFICIENT_DATA | Calling this function when there are no capacity | 1. Requesting greater capacity than available | |
+| | | | | | | 2. No data available in the operation | |
+| Key Derivation | test_c021 | psa_key_derivation_output_key | Derive a key from an ongoing key derivation operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Key | |
+| | | | | | 2. Setup the attributes for the key | 2. Indo | |
+| | | | | | 3. Import the key if the derivation input is key | 3. Label | |
+| | | | | | 4. Set up a key derivation operation | 4. Seed | |
+| | | | | | 5. Set the capacity for the generator | 5. Salt | |
+| | | | | | 6. Provide input as key or data depending on the step | 6. DES key export | |
+| | | | | | 7. Setup the attributes for the new key | 7. ECC keypair | |
+| | | | | | 8. Derive a key from an ongoing key derivation operation | 9. RSA keypair | |
+| | | | | | 9. Abort the derivation operation | | |
+| | | | | PSA_ERROR_INSUFFICIENT_DATA | Calling this function with insufficient data | 1. Requesting greater capacity than available | |
+| | | | | | | 2. No data available in the operation | |
+| | | | | PSA_ERROR_BAD_STATE | Calling this function on an aborted operation shoukd return this error | Aborted operation | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Generating public key | 1. RSA public key | |
+| | | | | | | 2. ECC public key | |
+| Key Derivation | test_c022 | psa_key_derivation_abort | Abort a key derivation operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | | |
+| | | | | | 2. Abort the key derivation operation for the different types of initialization | | |
+| | | | | | 3. Read some data from a key derivation operation with no data in the operation | | |
+| Key Derivation | test_c023 | psa_key_derivation_set_capacity | Set the maximum capacity of a key derivation operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Less than operation's capacity | |
+| | | psa_key_derivation_get_capacity | Retrieve the current capacity of a key derivation operation | | 2. Start the key derivation operation | 2. Equal to operation's capacity | |
+| | | | | | 3. Set the capacity for the generator | | |
+| | | | | | 4. Get the capacity for the generator | | |
+| | | | | | 5. Check if the capacity as per the expected value | | |
+| | | | | | 6. Abort the operation | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | More than operation's capacity | |
+| | | | | PSA_ERROR_BAD_STATE | Calling this function on an aborted operation shoukd return this error | 1. Get capacity on an aborted operation | |
+| | | | | | | 2. Set capacity on an aborted operation | |
+| AEAD | test_c024 | psa_aead_encrypt | Process an authenticated encryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. CCM - 16B AES - 13B Nounce & 8B addi data | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM | |
+| | | | | | 3. Import the key data into the key slot | 3. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 4. Call aead encrypt | 4. GCM - 16B AES - 12B Nounce & 12B addi data | |
+| | | | | | 5. Check if the status is expected | 5 | |
+| | | | | | 6. Check if the cipher text and length is as expected | | |
+| | | | | | 7. Destroy and reset the key | | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. DES key | |
+| | | | | | | 2. Unsupported algorithm | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Operation on a destroyed key handle | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | 1. Small output buffer size | |
+| | | | | | | 2. Invalid key usage | |
+| AEAD | test_c025 | psa_aead_decrypt | Process an authenticated decryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. GCM -16B AES - 12B Nounce & 12B addi data | |
+| | | | | | 2. Setup the attributes for the key | 2. CCM - 16B AES - 13B Nounce & 8B addi data | |
+| | | | | | 3. Import the key data into the key slot | 3. AES CCM | |
+| | | | | | 4. Call aead decrypt | 4. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 5. Check if the status is expected | | |
+| | | | | | 6. Check if the cipher text and length is as expected | | |
+| | | | | | 7. Destroy and reset the key | | |
+| | | | | | | | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. DES key | |
+| | | | | | | 2. Unsupported algorithm | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer size | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | Invalid tag length | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Destroyed key handle | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid key usage | |
+| | | | | PSA_ERROR_INVALID_SIGNATURE | | 1. Invalid cipher text | |
+| | | | | | | 2. Invalid cipher text size | |
+| Message Authentication Codes | test_c026 | psa_mac_sign_setup | Start a multipart MAC calculation operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 64 Byte HMAC | |
+| | | | | | 2. Setup the attributes for the key | 2. 16 Byte AES - CMAC | |
+| | | | | | 3. Import the key data into the key slot | | |
+| | | | | | 4. Start a multipart MAC calculation operation | | |
+| | | | | | 5. Abort the MAC operation | | |
+| | | | | | 6. Destroy the key | | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. 16 Byte AES - GMAC | |
+| | | | | | | 2. Incompatible HMAC for CMAC | |
+| | | | | | | 3. Bad algorithm (unknown MAC algorithm) | |
+| | | | | | | 4. Truncated MAC too small | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type | |
+| | | | | | | 2. Truncated MAC too large | |
+| | | | | | | 3. Bad algorithm (not a MAC algorithm) | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key handle | |
+| | | | | | | 2. Zero as key handle | |
+| Message Authentication Codes | test_c027 | psa_mac_update | Add a message fragment to a multipart MAC operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1.64 Byte HMAC SHA256 | |
+| | | | | | 2. Setup the attributes for the key | 2. 16 Byte AES - CMAC | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte HMAC SHA512 | |
+| | | | | | 4. Start a multipart MAC calculation operation | | |
+| | | | | | 5. Add a message fragment to a multipart MAC operation | | |
+| | | | | | 6. Finish the calculation of the MAC of a message | | |
+| | | | | | 7. Abort a MAC operation | | |
+| | | | | | 8. Destroy the key | | |
+| | | | | PSA_ERROR_BAD_STATE | | 1. Completed operation as input | |
+| | | | | | | 2. Uninitialized operation as input | |
+| Message Authentication Codes | test_c028 | psa_mac_sign_finish | Finish the calculation of the MAC of a message | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. HMAC SHA 224 | |
+| | | | | | 2. Setup the attributes for the key | 2. HMAC SHA 256 | |
+| | | | | | 3. Import the key data into the key slot | 3. HMAC SHA 512 | |
+| | | | | | 4. Start a multipart MAC calculation operation | 4. HMAC SHA 224 (truncated to 8 Byte) | |
+| | | | | | 5. Add a message fragment to a multipart MAC operation | 5. CMAC AES 128 | |
+| | | | | | 6. Finish the calculation of the MAC of a message | | |
+| | | | | | 7. Check if the MAC length matches with the expected length | | |
+| | | | | | 8. Check if the MAC data matches with the expected data | | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small size buffer | |
+| | | | | PSA_ERROR_BAD_STATE | Finish the calculation of the MAC of a message using same operation should return error | Aborted operation as input | |
+| Message Authentication Codes | test_c029 | psa_mac_verify_setup | | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 64 Byte HMAC | |
+| | | | | | 2. Setup the attributes for the key | 2. 16 Byte AES - CMAC | |
+| | | | | | 3. Import the key data into the key slot | | |
+| | | | | | 4. Start a multipart MAC calculation operation | | |
+| | | | | | 5. Abort the MAC operation | | |
+| | | | | | 6. Destroy the key | | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. 16 Byte AES - GMAC | |
+| | | | | | | 2. Incompatible HMAC for CMAC | |
+| | | | | | | 3. Bad algorithm (unknown MAC algorithm) | |
+| | | | | | | 4. Truncated MAC too small | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type | |
+| | | | | | | 2. Truncated MAC too large | |
+| | | | | | | 3. Bad algorithm (unknown MAC algorithm) | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key handle | |
+| | | | | | | 2. Zero as key handle | |
+| Message Authentication Codes | test_c030 | psa_mac_verify_finish | Finish the calculation of the MAC of a message and compare it with an expected value | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. HMAC SHA 224 | |
+| | | | | | 2. Setup the attributes for the key | 2. HMAC SHA 256 | |
+| | | | | | 3. Import the key data into the key slot | 3. HMAC SHA 512 | |
+| | | | | | 4. Start a multipart MAC calculation operation | 4. HMAC SHA 224 (truncated to 8 Byte) | |
+| | | | | | 5. Add a message fragment to a multipart MAC operation | 5. CMAC AES 128 | |
+| | | | | | 6. Finish the calculation of the MAC of a message and compare with expected value | | |
+| | | | | PSA_ERROR_INVALID_SIGNATURE | | 1. Small size buffer | |
+| | | | | | | 2. Incorrect expected hash | |
+| | | | | PSA_ERROR_BAD_STATE | | Invalid operation as input | |
+| Message Authentication Codes | test_c031 | psa_mac_abort | Abort a MAC operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. HMAC SHA 224 | |
+| | | | | | 2. Setup the attributes for the key | 2. HMAC SHA 256 | |
+| | | | | | 3. Import the key data into the key slot | 3. HMAC SHA 512 | |
+| | | | | | 4. Start a multipart MAC calculation operation | 4. CMAC AES 128 | |
+| | | | | | 5. Abort the MAC operation | 5. HMAC truncated | |
+| | | | | | 6. Destroy the key | 6. Multiple abort | |
+| | | | | | | 7. psa_mac_finish after psa_mac_abort should return failure | |
+| Symmetric Ciphers | test_c032 | psa_cipher_encrypt_setup | Set the key for a multipart symmetric encryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | |
+| | | | | | 2. Setup the attributes for the key | 2. 24 Byte AES | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte AES | |
+| | | | | | 4. Set the key for a multipart symmetric encryption operation | 4. DES 64 bit key | |
+| | | | | | 5. Reset and destroy the key | 5. Triple DES 2-Key | |
+| | | | | | | 6. Triple DES 3-Key | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. 16 Byte raw data | |
+| | | | | | | 2. Unknown cipher algorithm | |
+| | | | | | | 3. Incompatible key ARC4 | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Not a cipher algorithm | |
+| | | | | | | 2. RSA public key | |
+| | | | | | | 3. RSA keypair | |
+| | | | | | | 4. EC Public key | |
+| | | | | | | 5. EC keypair | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Incorrect usage | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Unallocated key handle | |
+| | | | | | | 2. Zero as key handle | |
+| Symmetric Ciphers | test_c033 | psa_cipher_decrypt_setup | Set the key for a multipart symmetric decryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | |
+| | | | | | 2. Setup the attributes for the key | 2. 24 Byte AES | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte AES | |
+| | | | | | 4. Set the key for a multipart symmetric decryption operation | 4. DES 64 bit key | |
+| | | | | | 5. Reset and destroy the key | 5. Triple DES 2-Key | |
+| | | | | | | 6. Triple DES 3-Key | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. 16 Byte raw data | |
+| | | | | | | 2. Unknown cipher algorithm | |
+| | | | | | | 3. Incompatible key ARC4 | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Not a cipher algorithm | |
+| | | | | | | 2. RSA public key | |
+| | | | | | | 3. RSA keypair | |
+| | | | | | | 4. EC Public key | |
+| | | | | | | 5. EC keypair | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Unallocated key handle | |
+| | | | | | | 2. Zero as key handle | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | |
+| Symmetric Ciphers | test_c034 | psa_cipher_generate_iv | Generate an IV for a symmetric encryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | |
+| | | | | | 2. Setup the attributes for the key | 2. 24 Byte AES | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte AES | |
+| | | | | | 4. Set the key for a multipart symmetric decryption operation | 4. DES 64 bit key | |
+| | | | | | 5. Generate an IV for a symmetric encryption operation | 5. Triple DES 2-Key | |
+| | | | | | 6. Check that if generated iv length match the expected length | 6. Triple DES 3-Key | |
+| | | | | | 7. Check that if generated iv are not zero | 7. AES - large iv buffer | |
+| | | | | | 8. Reset and destroy the key | 8. DES - large iv buffer | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | 1. AES - small iv buffer | |
+| | | | | | | 2. DES - small iv buffer | |
+| | | | | PSA_ERROR_BAD_STATE | | 1. Completed operation handle | |
+| Symmetric Ciphers | test_c035 | psa_cipher_set_iv | Set the IV for a symmetric encryption or decryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | |
+| | | | | | 2. Setup the attributes for the key | 2. 24 Byte AES | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte AES | |
+| | | | | | 4. Set the key for a multipart symmetric encryption/decryption operation | 4. DES 64 bit key | |
+| | | | | | 5. Set an IV for a symmetric encryption/decryption operation | 5. Triple DES 2-Key | |
+| | | | | | 6. Reset and destroy the key | 6. Triple DES 3-Key | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. AES - small iv buffer | |
+| | | | | | | 2. DES - small iv buffer | |
+| | | | | | | 3. AES - large iv buffer | |
+| | | | | | | 4. DES - large iv buffer | |
+| | | | | PSA_ERROR_BAD_STATE | Setting an IV for a symmetric encryption/decryption operation using the same operator should fail | 1. Completed operation handle | |
+| Symmetric Ciphers | test_c036 | psa_cipher_update | Encrypt or decrypt a message fragment in an active cipher operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES CBC_NO_PADDING | |
+| | | | | | 2. Setup the attributes for the key | 2. AES CBC_NO_PADDING (Short input) | |
+| | | | | | 3. Import the key data into the key slot | 3. AES CBC_PKCS7 | |
+| | | | | | 4. Set the key for a multipart symmetric encryption operation | 4. AES CBC_PKCS7 (Short input) | |
+| | | | | | 5. Set an IV for a symmetric encryption operation | 5. AES CTR | |
+| | | | | | 6. Encrypt or decrypt a message fragment in an active cipher operation | 6. DES CBC (nopad) | |
+| | | | | | 7. Check if the output length matches the expected length | 7. 2-key 3DE -CBC (nopad) | |
+| | | | | | 8. Check if the output data matches the expected data | 8. 3-key 3DE -CBC (nopad) | |
+| | | | | | 9. Reset and destroy the key | | |
+| | | | | PSA_ERROR_BAD_STATE | Encrypt or decrypt a message fragment in an invalid cipher operation should fail | Invalid operation as input | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer size | |
+| Symmetric Ciphers | test_c037 | psa_cipher_finish | Finish encrypting or decrypting a message in a cipher operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES CBC_NO_PADDING | |
+| | | | | | 2. Setup the attributes for the key | 2. AES CBC_PKCS7 | |
+| | | | | | 3. Import the key data into the key slot | 3. AES CBC_PKCS7 (Short input) | |
+| | | | | | 4. Set the key for a multipart symmetric encryption operation | 4. AES CTR | |
+| | | | | | 5. Set an IV for a symmetric encryption operation | 5. DES CBC (nopad) | |
+| | | | | | 6. Encrypt or decrypt a message fragment in an active cipher operation | 6. 2-key 3DE -CBC (nopad) | |
+| | | | | | 7. Finish encrypting or decrypting a message in a cipher operation | 7. 3-key 3DE -CBC (nopad) | |
+| | | | | | 8. Check if the output length matches the expected length | | |
+| | | | | | 9. Check if the output data matches the expected data | | |
+| | | | | | 10. Reset and destroy the key | | |
+| | | | | PSA_ERROR_BAD_STATE | Encrypt or decrypt a message fragment in an invalid cipher operation should fail | Invalid operation as input | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer size | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | AES CBC_NO_PADDING (Short input) | |
+| Symmetric Ciphers | test_c038 | psa_cipher_abort | Abort a cipher operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Encrypt - AES CBC_NO_PADDING | |
+| | | | | | 2. Setup the attributes for the key | 2. Encrypt - AES CBC_PKCS7 | |
+| | | | | | 3. Import the key data into the key slot | 3. Encrypt - AES CTR | |
+| | | | | | 4. Set the key for a multipart symmetric encryption/decryption operation | 4. Encrypt - DES CBC (nopad) | |
+| | | | | | 5. Abort a cipher operation | 5. Encrypt - 2-key 3DE -CBC (nopad) | |
+| | | | | | 6. Multiple abort cipher operation should return success | 6. Encrypt - 3-key 3DE -CBC (nopad) | |
+| | | | | | | 7. Decrypt - AES CBC_NO_PADDING | |
+| | | | | | | 8. Decrypt - AES CBC_PKCS7 | |
+| | | | | | | 9. Decrypt - AES CTR | |
+| | | | | | | 10. Decrypt - DES CBC (nopad) | |
+| | | | | | | 11. Decrypt - 2-key 3DE -CBC (nopad) | |
+| | | | | | | 12. Decrypt - 3-key 3DE -CBC (nopad) | |
+| | | | | | | 13. psa_cipher_update after psa_cipher_abort should fail | |
+| Asymmetric Cryptography | test_c039 | psa_asymmetric_encrypt | Encrypt a short message with a public key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA PKCS1V15 | |
+| | | | | | 2. Setup the attributes for the key | 2. RSA OAEP SHA256 | |
+| | | | | | 3. Import the key data into the key slot | 3. RSA OAEP SHA256 with label | |
+| | | | | | 4. Encrypt a short message with a public key | 4. RSA KEYPAIR PKCS1V15 | |
+| | | | | | 5. Check if the output length matches with the expected output length | | |
+| | | | | | 6. Decrypt the cipher text | | |
+| | | | | | 7. Check if the output length matches with the input length | | |
+| | | | | | 8. Check if the output matches with the given input data | | |
+| | | | | | 9. Reset and destroy the key | | |
+| | | | | | | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type | |
+| | | | | | | 2. Invalid algorithm | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid handle | |
+| | | | | | | 2. Zero as key handle | |
+| Asymmetric Cryptography | test_c040 | psa_asymmetric_decrypt | Decrypt a short message with a private key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 | |
+| | | | | | 2. Setup the attributes for the key | 2. RSA KEYPAIR OAEP SHA256 | |
+| | | | | | 3. Import the key data into the key slot | 3. RSA KEYPAIR OAEP SHA256 with label | |
+| | | | | | 4. Decrypt a short message with a private key | | |
+| | | | | | 5. Check if the output length matches with the expected length | | |
+| | | | | | 6. Check if the output matches with the expected data | | |
+| | | | | | 7. Reset and destroy the key | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT+E524 | | 1. Invalid key type (RSA public key) | |
+| | | | | | | 2. Invalid algorithm | |
+| | | | | | | 3. Invalid key type (AES Key) | |
+| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Uninitialized key handle | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer | |
+| Asymmetric Cryptography | test_c041 | psa_asymmetric_sign | Sign a hash or short message with a private key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 RAW | |
+| | | | | | 2. Setup the attributes for the key | 2. RSA KEYPAIR PKCS1V15 SHA-256 | |
+| | | | | | 3. Import the key data into the key slot | 3. ECDSA KEYPAIR SECP256R1 SHA-256 | |
+| | | | | | 4. Sign a hash or short message with a private key | | |
+| | | | | | 4. Check if the output length matches with the expected length | | |
+| | | | | | 5. Check if the output matches with the expected data | | |
+| | | | | | 6. Reset and destroy the key | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type (RSA public key) | |
+| | | | | | | 2. Invalid algorithm | |
+| | | | | | | 3. Invalid key type (AES Key) | |
+| | | | | | | 4. Wrong hash size | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Uninitialized key handle | |
+| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer | |
+| Asymmetric Cryptography | test_c042 | psa_asymmetric_verify | Verify the signature a hash or short message using a public key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 RAW | |
+| | | | | | 2. Setup the attributes for the key | 2. RSA KEYPAIR PKCS1V15 SHA-256 | |
+| | | | | | 3. Import the key data into the key slot | 3. ECDSA KEYPAIR SECP256R1 SHA-256 | |
+| | | | | | 4. Verify the signature a hash or short message using a public key | 4. RSA public key | |
+| | | | | | 5. Reset and destroy the key | 5. EC public key | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid algorithm | |
+| | | | | | | 2. Wrong hash size | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | | |
+| | | | | PSA_ERROR_INVALID_SIGNATURE | | Wrong signature size | |
+| | | | | | | Wrong signature | |
+| | | | | PSA_ERROR_DOES_NOT_EXIST | | Empty key slot | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | Invalid key type (AES Key) | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer | |
+| Key Derivation | test_c043 | psa_raw_key_agreement | Perform a key agreement and return the raw shared secret | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. ECDH SECP256R1 | |
+| | | | | | 2. Setup the attributes for the key | 2. ECDH SECP384R1 | |
+| | | | | | 3. Import the key data into the key slot | | |
+| | | | | | 4. Set up a key agreement operation | | |
+| | | | | | 5. Reset and destroy the key | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Not a key agreement alg | |
+| | | | | | | 2. Public key on different curve | |
+| | | | | | | 3. Public key instead of private key | |
+| | | | | | | 4. Unknown KDF | |
+| | | | | | | 5. Small size buffer | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Uninitialized key handle | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage | |
+| Key Management | test_c044 | psa_copy_key | Copy key material from one location to another | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | |
+| | | | | | 2. Setup the attributes for the key | 2. 24 Byte AES | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte AES with constraints | |
+| | | | | | 4. Setup the attributes for the target key | 4. 2048 RSA public key | |
+| | | | | | 5. Make a copy of a key | 5. 2048 RSA key pair | |
+| | | | | | 6. Destroy the source to ensure that this doesn't affect the target | 6. DES 64 bit key | |
+| | | | | | 7. Export a key in binary format and check if it matches with source material | 7. Triple DES 2-Key | |
+| | | | | | 8. Reset and destroy the key | 8. Triple DES 3-Key | |
+| | | | | | | 9. EC Public key | |
+| | | | | | | 10. EC key pair | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Incompatible target policy(source and target) | |
+| | | | | | | 2. Incompatible constraint | |
+| | | | | | | 3. Incompatible target policy | |
+| | | | | | | 4. Copy on a destroyed source | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Unallocated target key slot | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Usage set as export (not copy) | |
+| Key Management | test_c045 | psa_hash_clone | Clone a hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 | |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 | |
+| | | | | | 3. Clone a hash operation | 3. MD5 | |
+| | | | | | 4. Add a message fragment to a multipart hash source_operation | 4. RIPEMD160 | |
+| | | | | | 5. Finish the calculation of the hash of a message | 5. SHA1 | |
+| | | | | | 6. Abort the hash operation | 6. SHA224 | |
+| | | | | | | 7. SHA256 | |
+| | | | | | | 8. SHA512 | |
+| | | | | PSA_ERROR_BAD_STATE | Cloning to an active hash operation should be an error | 1. Active clone hash | |
+| | | | | | | 2. Aborted operator | |
+| Message Authentication Codes | test_c046 | psa_mac_compute | Calculate the MAC (message authentication code) of a message. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. HMAC SHA 224 | |
+| | | | | | 2. Setup the attributes for the key | 2. CMAC AES 128 | |
+| | | | | | 3. Import the key data into the key slot | 3. HMAC SHA 224 (truncated to 8 Byte | |
+| | | | | | 4. Calculate the MAC (message authentication code) of a message | 4. HMAC SHA 512 | |
+| | | | | | 5. Check if the MAC length and data matches with the expected values | 5. HMAC SHA 256 | |
+| | | | | | 6. Reset and destroy the key | | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with unsupported values | 1. Incompactible HMAC for CMAC | |
+| | | | | | | 2. Invalid usage | |
+| | | | | | | 3. Truncated MAC too small | |
+| | | | | | | 4. Bad algorithm (unknown MAC algorithm) | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. Invalid key type | |
+| | | | | | | 2. Truncated MAC too large | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small size buffer | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Destroyed key handle | |
+| Message Authentication Codes | test_c047 | psa_mac_verify | Calculate the MAC of a message and compare it with a reference value | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. HMAC SHA 224 | |
+| | | | | | 2. Setup the attributes for the key | 2. HMAC SHA 256 | |
+| | | | | | 3. Import the key data into the key slot | 3. HMAC SHA 512 | |
+| | | | | | 4. Calculate and verify MAC with reference value | 4. HMAC SHA 224 (truncated to 8 Byte) | |
+| | | | | | 5. Reset and destroy the key | 5. CMAC AES 128 | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with unsupported values | 1. Incompactible HMAC for CMAC | |
+| | | | | | | 2. Invalid usage | |
+| | | | | | | 3. Truncated MAC too small | |
+| | | | | | | 4. Bad algorithm (unknown MAC algorithm) | |
+| | | | | PSA_ERROR_INVALID_SIGNATURE | | 1. Small size buffer | |
+| | | | | | | 2. Incorrect expected MAC | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Truncated MAC too large | |
+| | | | | | | 2. Invalid key type | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Destroyed key handle | |
+| Symmetric Ciphers | test_c048 | psa_cipher_encrypt | Encrypt a message using a symmetric cipher. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES CBC_NO_PADDING | |
+| | | | | | 2. Setup the attributes for the key | 2. AES CBC_PKCS7 | |
+| | | | | | 3. Import the key data into the key slot | 3. AES CBC_PKCS7 (Short input) | |
+| | | | | | 4. Encrypt a message using a symmetric cipher | 4. AES CTR | |
+| | | | | | 5. Check if the output matches the expected value | 5. AES CTR (short input) | |
+| | | | | | 6. Reset and destroy the key | 6. DES CBC (nopad) | |
+| | | | | | | 7. 2-key 3DE -CBC (nopad) | |
+| | | | | | | 8. 3-key 3DE -CBC (nopad) | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Decrypt - AES CBC_NO_PADDING | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer size | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | AES CBC_NO_PADDING (Short input) | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Aborted key handle | |
+| Symmetric Ciphers | test_c049 | psa_cipher_decrypt | Decrypt a message using a symmetric cipher. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES CBC_NO_PADDING | |
+| | | | | | 2. Setup the attributes for the key | 2. AES CBC_PKCS7 | |
+| | | | | | 3. Import the key data into the key slot | 3. AES CBC_PKCS7 (Short input) | |
+| | | | | | 4. Encrypt a message using a symmetric cipher | 4. AES CTR | |
+| | | | | | 5. Check if the output matches the expected value | 5. AES CTR (short input) | |
+| | | | | | 6. Reset and destroy the key | 6. DES CBC (nopad) | |
+| | | | | | | 7. 2-key 3DE -CBC (nopad) | |
+| | | | | | | 8. 3-key 3DE -CBC (nopad) | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | AES CBC_NO_PADDING (Short input) | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | AES CBC_NO_PADDING | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer size | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Aborted key handle | |
+| Key Management | test_c050 | psa_open_key | Open a handle to an existing persistent key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | |
+| | | | | | 2. Setup the attributes for the key | 2. 24 Byte AES | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte AES | |
+| | | | | | 4. Save the details of current check, key id and key handle value in NV memory | 4. 2048 RSA public key | |
+| | | | | | 5. Reset the system | 5. 2048 RSA keypair | |
+| | | | | | 6. After reset, get the values of check, key id and key handle value before the system was reset from NV | 6. DES 64 bit key | |
+| | | | | | 7. Get the attributes of the imported key and check if it matches the given value | 7. Triple DES 2-Key | |
+| | | | | | 8. Export a key in binary format | 8. Triple DES 3-Key | |
+| | | | | | 9. Check the value of the exported key | 9. EC Public key | |
+| | | | | | 10. Reset and destroy the key | 10. EC keypair | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | Key data greater than the algorithm size | |
+| Key Management | test_c051 | psa_close_key | Close a key handle | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES | |
+| | | | | | 2. Setup the attributes for the key | 2. 24 Byte AES | |
+| | | | | | 3. Import the key data into the key slot | 3. 32 Byte AES | |
+| | | | | | 4. Close the key handle | 4. 2048 RSA public key | |
+| | | | | | 5. Check if all the attributes are erased | 5. 2048 RSA keypair | |
+| | | | | | 6. Open the key handle and retrieve the data | 6. DES 64 bit key | |
+| | | | | | | 7. Triple DES 2-Key | |
+| | | | | | | 8. Triple DES 3-Key | |
+| | | | | | | 9. EC Public key | |
+| | | | | | | 10. EC keypair | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Closing an empty key handle | |
+| AEAD | test_c052 | psa_aead_encrypt_setup | Set the key for a multipart authenticated encryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES-CCM | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 3. Import the key data into the key slot | 3. GCM - 16B AES - 12B Nounce & 12B addi data | |
+| | | | | | 4. Set the key for a multipart authenticated encryption operation | | |
+| | | | | | 5. Destroy the key | | |
+| | | | | | 6. Abort the AEAD operation | | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. DES Key | |
+| | | | | | | 2. Unsupported Algorithm | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid key usage | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Destroyed key handle | |
+| AEAD | test_c053 | psa_aead_decrypt_setup | Set the key for a multipart authenticated decryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES-CCM | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 3. Import the key data into the key slot | 3. GCM - 16B AES - 12B Nounce & 12B addi data | |
+| | | | | | 4. Set the key for a multipart authenticated decryption operation | | |
+| | | | | | 5. Destroy the key | | |
+| | | | | | 6. Abort the AEAD operation | | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. DES Key | |
+| | | | | | | 2. Unsupported Algorithm | |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid key usage | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | Destroyed key handle | |
+| AEAD | test_c054 | psa_aead_generate_nonce | Generate a random nonce for an authenticated encryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES-CCM | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 3. Import the key data into the key slot | 3. GCM - 16B AES - 12B Nounce & 12B addi data | |
+| | | | | | 4. Set the key for a multipart authenticated decryption operation | | |
+| | | | | | 5. Generate a random nonce for an authenticated encryption operation | | |
+| | | | | | 6. Check that if generated iv are non zero | | |
+| | | | | | 7. Destroy the key | | |
+| | | | | | 8. Reset the key attributes | | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small buffer size | |
+| | | | | PSA_ERROR_BAD_STATE | | 1. Call generate a random nonce twice | |
+| | | | | | | 2. Aborted operation | |
+| AEAD | test_c055 | psa_aead_set_nonce | Set the nonce for an authenticated encryption or decryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES-CCM | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 3. Import the key data into the key slot | 3. GCM - 16B AES - 12B Nounce & 12B addi data | |
+| | | | | | 4. Set the key for a multipart authenticated decryption operation | | |
+| | | | | | 5. Set the nonce for an authenticated encryption operation | | |
+| | | | | | 6. Reset and destroy the key | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Small nounce size | |
+| | | | | | | 2. Large nonce size | |
+| | | | | PSA_ERROR_BAD_STATE | | 1. Call set nonce twice | |
+| | | | | | | 2. Aborted operation | |
+| AEAD | test_c056 | psa_aead_set_lengths | Declare the lengths of the message and additional data for AEAD | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES-CCM | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 3. Import the key data into the key slot | | |
+| | | | | | 4. Set the key for a multipart authenticated decryption operation | | |
+| | | | | | 5. Set the nonce for an authenticated encryption operation | | |
+| | | | | | 6. Declare the lengths of the message and additional data for AEAD | | |
+| | | | | | 7. Abort the AEAD operation | | |
+| | | | | | 8. Reset and destroy the key | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Zero ad size | |
+| | | | | | | 2. Zero plaintext size | |
+| | | | | | | 3. Invalid lengths | |
+| | | | | | | 4. Vey large lengths | |
+| | | | | PSA_ERROR_BAD_STATE | | 1. Failed operation | |
+| | | | | | | 2. Aborted operation | |
+| AEAD | test_c057 | psa_aead_update_ad | Pass additional data to an active AEAD operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES-CCM | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 3. Import the key data into the key slot | | |
+| | | | | | 4. Set the key for a multipart authenticated decryption operation | | |
+| | | | | | 5. Set the nonce for an authenticated encryption operation | | |
+| | | | | | 6. Declare the lengths of the message and additional data for AEAD | | |
+| | | | | | 7. Pass additional data to an active AEAD operation | | |
+| | | | | | 8. Reset and destroy the key | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Zero ad size | |
+| | | | | | | 2. Zero plaintext size | |
+| | | | | | | 3. Invalid lengths | |
+| | | | | | | 4. Vey large lengths | |
+| | | | | PSA_ERROR_BAD_STATE | | Inactive AEAD operation | |
+| AEAD | test_c058 | psa_aead_update | Encrypt or decrypt a message fragment in an active AEAD operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES-CCM | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 3. Import the key data into the key slot | 3. GCM - 16B AES - 12B Nounce & 12B addi data | |
+| | | | | | 4. Set the key for a multipart authenticated decryption operation | | |
+| | | | | | 5. Set the nonce for an authenticated encryption operation | | |
+| | | | | | 6. Declare the lengths of the message and additional data for AEAD | | |
+| | | | | | 7. Pass additional data to an active AEAD operation | | |
+| | | | | | 8. Encrypt or decrypt a message fragment in an active AEAD operation | | |
+| | | | | | 9. Compare the output and its length with the expected values | | |
+| | | | | | 10. Abort the AEAD operation | | |
+| | | | | | 11. Reset and destroy the key | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Zero plaintext size | |
+| | | | | | | 2. Input length overflows plaintext length | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small buffer size | |
+| | | | | PSA_ERROR_BAD_STATE | | Inactive AEAD operation | |
+| AEAD | test_c059 | psa_aead_finish | Finish encrypting a message in an AEAD operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES-CCM | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 3. Import the key data into the key slot | 3. GCM - 16B AES - 12B Nounce & 12B addi data | |
+| | | | | | 4. Set the key for a multipart authenticated decryption operation | | |
+| | | | | | 5. Set the nonce for an authenticated encryption operation | | |
+| | | | | | 6. Declare the lengths of the message and additional data for AEAD | | |
+| | | | | | 7. Pass additional data to an active AEAD operation | | |
+| | | | | | 8. Encrypt or decrypt a message fragment in an active AEAD operation | | |
+| | | | | | 9. Finish encrypting a message in an AEAD operation | | |
+| | | | | | 10. Compare the output and its length with the expected values | | |
+| | | | | | 11. Abort the AEAD operation | | |
+| | | | | | 12. Reset and destroy the key | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Zero plaintext size | |
+| | | | | | | 2. Input length overflows plaintext length | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small buffer size | |
+| | | | | PSA_ERROR_BAD_STATE | | Inactive AEAD operation | |
+| AEAD | test_c060 | psa_aead_abort | Abort an AEAD operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES-CCM | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 3. Import the key data into the key slot | 3. GCM - 16B AES - 12B Nounce & 12B addi data | |
+| | | | | | 4. Set the key for a multipart authenticated decryption operation | | |
+| | | | | | 5. Abort the AEAD operation | | |
+| | | | | | 6. Reset and destroy the key | | |
+| AEAD | test_c061 | psa_aead_verify | Finish authenticating and decrypting a message in an AEAD operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES-CCM | |
+| | | | | | 2. Setup the attributes for the key | 2. AES-CCM 24 bytes Tag length = 4 | |
+| | | | | | 3. Import the key data into the key slot | 3. GCM - 16B AES - 12B Nounce & 12B addi data | |
+| | | | | | 4. Set the key for a multipart authenticated decryption operation | | |
+| | | | | | 5. Set the nonce for an authenticated encryption operation | | |
+| | | | | | 6. Declare the lengths of the message and additional data for AEAD | | |
+| | | | | | 7. Pass additional data to an active AEAD operation | | |
+| | | | | | 8. Encrypt or decrypt a message fragment in an active AEAD operation | | |
+| | | | | | 9. Finish decrypting a message in an AEAD operation | | |
+| | | | | | 10. Compare the output and its length with the expected values | | |
+| | | | | | 11. Abort the AEAD operation | | |
+| | | | | | 12. Reset and destroy the key | | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | Input length is less than plaintext length | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small buffer size | |
+| | | | | PSA_ERROR_BAD_STATE | | Inactive operator | |
## License
Arm PSA test suite is distributed under Apache v2.0 License.
diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_config.h
index 289dc5d..2871339 100644
--- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/common/pal_config.h
@@ -40,6 +40,9 @@
#define SP_HEAP_MEM_SUPP
#endif /* PSA_CMAKE_BUILD */
+/* Version of crypto spec used in attestation */
+#define CRYPTO_VERSION_BETA2
+
/*
* Include of PSA defined Header files
*/
diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_config_check.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_config_check.h
index f18a785..443e0bc 100644
--- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_config_check.h
+++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_config_check.h
@@ -94,13 +94,13 @@
#error "ARCH_TEST_CTR_AES defined, but not all prerequisites"
#endif
-#if (defined(ARCH_TEST_CBC_AES)|| defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
+#if (defined(ARCH_TEST_CBC_AES) || defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
(!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_AES defined, but not all prerequisites"
#endif
#if (defined(ARCH_TEST_CBC_NO_PADDING)) &&\
- (!defined(ARCH_TEST_CIPER) ||!defined(ARCH_TEST_CIPER_MODE_CBC))
+ (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_NO_PADDING defined, but not all prerequisites"
#endif
diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c
index 3df6aa8..fd2e055 100644
--- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c
+++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c
@@ -28,96 +28,124 @@
**/
int32_t pal_crypto_function(int type, va_list valist)
{
- int i;
- size_t size, *length, salt_length, label_length, ciphertext_size;
- uint8_t *buffer, *ciphertext;
- const uint8_t *salt, *label, *nonce, *additional_data;
- uint8_t *plaintext;
- uint32_t status;
- const void *extra;
- size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length;
- psa_key_handle_t handle, *key_handle, target_handle;
- psa_key_type_t key_type, *key_type_out;
- psa_key_policy_t *policy;
- psa_key_usage_t usage, *usage_out;
- psa_key_lifetime_t *lifetime_out;
- psa_algorithm_t alg, *alg_out;
- psa_hash_operation_t *hash_operation;
- psa_mac_operation_t *mac_operation;
- psa_cipher_operation_t *cipher_operation;
- psa_crypto_generator_t *generator;
-
+ int i;
+ psa_status_t status;
+ uint8_t *buffer, *ciphertext, *plaintext;
+ const uint8_t *nonce, *additional_data, *salt, *peer;
+ size_t *length, size, ciphertext_size, nonce_length;
+ size_t salt_length, peer_length, additional_data_length;
+ size_t *tag_length, plaintext_size;
+ psa_aead_operation_t *aead_operation;
+ psa_key_attributes_t *attributes;
+ psa_key_handle_t *handle, key_handle;
+ psa_key_type_t *key_type_out, key_type;
+ psa_key_usage_t *usage_out, usage;
+ psa_key_id_t *key_id_out, key_id;
+ psa_key_lifetime_t *key_lifetime_out, key_lifetime;
+ psa_algorithm_t *key_alg_out, key_alg, alg;
+ psa_hash_operation_t *hash_operation, *target_operation;
+ psa_mac_operation_t *mac_operation;
+ psa_cipher_operation_t *cipher_operation;
+ psa_key_derivation_operation_t *derive_operation;
+ psa_key_derivation_step_t step;
switch (type)
{
case PAL_CRYPTO_INIT:
return psa_crypto_init();
case PAL_CRYPTO_GENERATE_RANDOM:
- buffer = va_arg(valist, uint8_t*);
+ buffer = va_arg(valist, uint8_t *);
size = va_arg(valist, int);
return psa_generate_random(buffer, size);
case PAL_CRYPTO_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ buffer = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ status = psa_import_key(attributes, buffer, size, handle);
+ return status;
+ case PAL_CRYPTO_SET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
key_type = va_arg(valist, psa_key_type_t);
- buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- status = psa_import_key(handle, key_type, buffer, size);
- return status;
+ psa_set_key_type(attributes, key_type);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ size = va_arg(valist, size_t);
+ psa_set_key_bits(attributes, size);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ATTRIBUTES:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ return psa_get_key_attributes(key_handle, attributes);
+ case PAL_CRYPTO_GET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_type_out = va_arg(valist, psa_key_type_t *);
+ *key_type_out = psa_get_key_type(attributes);
+ return 0;
case PAL_CRYPTO_EXPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_public_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_KEY_POLICY_INIT:
- policy = va_arg(valist, psa_key_policy_t*);
- memset(policy, 0, sizeof(psa_key_policy_t));
- return 0;
- case PAL_CRYPTO_KEY_POLICY_SET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
usage = va_arg(valist, psa_key_usage_t);
- alg = va_arg(valist, psa_algorithm_t);
- psa_key_policy_set_usage(policy, usage, alg);
+ psa_set_key_usage_flags(attributes, usage);
return 0;
- case PAL_CRYPTO_SET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_set_key_policy(handle, policy);
- case PAL_CRYPTO_DESTROY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- status = psa_destroy_key(handle);
- return status;
- case PAL_CRYPTO_GET_KEY_INFORMATION:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type_out = va_arg(valist, psa_key_type_t*);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_get_key_information(handle, key_type_out, length);
- return status;
- case PAL_CRYPTO_GET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_get_key_policy(handle, policy);
- case PAL_CRYPTO_KEY_POLICY_GET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
- usage_out = va_arg(valist, psa_key_usage_t*);
- *usage_out = psa_key_policy_get_usage(policy);
+ case PAL_CRYPTO_RESET_KEY_ATTRIBUTES:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ psa_reset_key_attributes(attributes);
return 0;
- case PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM:
- policy = va_arg(valist, psa_key_policy_t*);
- alg_out = va_arg(valist, psa_algorithm_t*);
- *alg_out = psa_key_policy_get_algorithm(policy);
+ case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_public_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id = va_arg(valist, psa_key_id_t);
+ psa_set_key_id(attributes, key_id);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_LIFETIME:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime = va_arg(valist, psa_key_lifetime_t);
+ psa_set_key_lifetime(attributes, key_lifetime);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg = va_arg(valist, psa_algorithm_t);
+ psa_set_key_algorithm(attributes, key_alg);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id_out = va_arg(valist, psa_key_id_t *);
+ *key_id_out = psa_get_key_id(attributes);
return 0;
case PAL_CRYPTO_GET_KEY_LIFETIME:
- handle = (psa_key_handle_t)va_arg(valist, int);
- lifetime_out = va_arg(valist, psa_key_lifetime_t*);
- return psa_get_key_lifetime(handle, lifetime_out);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime_out = va_arg(valist, psa_key_lifetime_t *);
+ *key_lifetime_out = psa_get_key_lifetime(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ usage_out = va_arg(valist, psa_key_usage_t *);
+ *usage_out = psa_get_key_usage_flags(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg_out = va_arg(valist, psa_algorithm_t *);
+ *key_alg_out = psa_get_key_algorithm(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ length = va_arg(valist, size_t *);
+ *length = psa_get_key_bits(attributes);
+ return 0;
+ case PAL_CRYPTO_DESTROY_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_destroy_key(key_handle);
case PAL_CRYPTO_HASH_SETUP:
hash_operation = va_arg(valist, psa_hash_operation_t*);
alg = va_arg(valist, psa_algorithm_t);
@@ -141,44 +169,31 @@
case PAL_CRYPTO_HASH_ABORT:
hash_operation = va_arg(valist, psa_hash_operation_t*);
return psa_hash_abort(hash_operation);
- case PAL_CRYPTO_GENERATE_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- extra = va_arg(valist, const void*);
- extra_size = va_arg(valist, size_t);
- return psa_generate_key(handle, key_type, size, extra, extra_size);
- case PAL_CRYPTO_GENERATOR_READ:
- generator = va_arg(valist, psa_crypto_generator_t*);
+ case PAL_CRYPTO_HASH_COMPUTE:
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- return psa_generator_read(generator, buffer, size);
- case PAL_CRYPTO_KEY_DERIVATION:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_hash_compute(alg, plaintext, plaintext_size, buffer, size, length);
+ case PAL_CRYPTO_HASH_COMPARE:
alg = va_arg(valist, psa_algorithm_t);
- salt = va_arg(valist, const uint8_t *);
- salt_length = va_arg(valist, size_t);
- label = va_arg(valist, const uint8_t *);
- label_length = va_arg(valist, size_t);
- capacity = va_arg(valist, size_t);
- return psa_key_derivation(generator, handle, alg, salt, salt_length, label,
- label_length, capacity);
- case PAL_CRYPTO_GET_GENERATOR_CAPACITY:
- generator = va_arg(valist, psa_crypto_generator_t*);
- gen_cap = va_arg(valist, size_t*);
- return psa_get_generator_capacity(generator, gen_cap);
- case PAL_CRYPTO_GENERATOR_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_import_key(handle, key_type, size, generator);
- case PAL_CRYPTO_GENERATOR_ABORT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_abort(generator);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_hash_compare(alg, plaintext, plaintext_size, buffer, size);
+ case PAL_CRYPTO_HASH_CLONE:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ target_operation = va_arg(valist, psa_hash_operation_t*);
+ return psa_hash_clone(hash_operation, target_operation);
+ case PAL_CRYPTO_GENERATE_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_generate_key(attributes, handle);
case PAL_CRYPTO_AEAD_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -189,10 +204,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_encrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
+ return psa_aead_encrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
case PAL_CRYPTO_AEAD_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -203,13 +218,74 @@
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_decrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ return psa_aead_decrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ case PAL_CRYPTO_AEAD_ENCRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_encrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_DECRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_decrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_GENERATE_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_generate_nonce(aead_operation, buffer, size, length);
+ case PAL_CRYPTO_AEAD_SET_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_set_nonce(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_SET_LENGTHS:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ size = va_arg(valist, size_t);
+ plaintext_size = va_arg(valist, size_t);
+ return psa_aead_set_lengths(aead_operation, size, plaintext_size);
+ case PAL_CRYPTO_AEAD_UPDATE_AD:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_update_ad(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_UPDATE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_aead_update(aead_operation, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_AEAD_FINISH:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ tag_length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_finish(aead_operation, ciphertext, ciphertext_size, length, buffer,
+ size, tag_length);
+ case PAL_CRYPTO_AEAD_VERIFY:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_verify(aead_operation, plaintext, plaintext_size, length, buffer, size);
+ case PAL_CRYPTO_AEAD_ABORT:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ return psa_aead_abort(aead_operation);
case PAL_CRYPTO_MAC_SIGN_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_sign_setup(mac_operation, handle, alg);
+ return psa_mac_sign_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_UPDATE:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -223,9 +299,9 @@
return psa_mac_sign_finish(mac_operation, buffer, size, length);
case PAL_CRYPTO_MAC_VERIFY_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_verify_setup(mac_operation, handle, alg);
+ return psa_mac_verify_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_VERIFY_FINISH:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -234,8 +310,27 @@
case PAL_CRYPTO_MAC_ABORT:
mac_operation = va_arg(valist, psa_mac_operation_t*);
return psa_mac_abort(mac_operation);
+ case PAL_CRYPTO_MAC_COMPUTE:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_mac_compute(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_MAC_VERIFY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ return psa_mac_verify(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size);
case PAL_CRYPTO_ASYMMTERIC_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -244,10 +339,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_encrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_encrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_ASYMMTERIC_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -256,18 +351,18 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_decrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_decrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_encrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_encrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_DECRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_decrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_decrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_GENERATE_IV:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
buffer = va_arg(valist, uint8_t*);
@@ -287,7 +382,7 @@
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_cipher_update(cipher_operation, plaintext, size, ciphertext, ciphertext_size,
- length);
+ length);
case PAL_CRYPTO_CIPHER_FINISH:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
ciphertext = va_arg(valist, uint8_t *);
@@ -297,39 +392,110 @@
case PAL_CRYPTO_CIPHER_ABORT:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
return psa_cipher_abort(cipher_operation);
+ case PAL_CRYPTO_CIPHER_ENCRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_encrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
+ case PAL_CRYPTO_CIPHER_DECRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_decrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_SIGN:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_sign(handle, alg, buffer, size, ciphertext, ciphertext_size,
- length);
+ return psa_asymmetric_sign(key_handle, alg, buffer, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_VERIFY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
- return psa_asymmetric_verify(handle, alg, buffer, size, ciphertext, ciphertext_size);
- case PAL_CRYPTO_KEY_AGREEMENT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_asymmetric_verify(key_handle, alg, buffer, size, ciphertext,
+ ciphertext_size);
+ case PAL_CRYPTO_RAW_KEY_AGREEMENT:
+ alg = va_arg(valist, psa_algorithm_t);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
- alg = va_arg(valist, psa_algorithm_t);
- return psa_key_agreement(generator, handle, buffer, size, alg);
- case PAL_CRYPTO_ALLOCATE_KEY:
- key_handle = (psa_key_handle_t *)va_arg(valist, int*);
- return psa_allocate_key(key_handle);
+ length = va_arg(valist, size_t*);
+ return psa_raw_key_agreement(alg, key_handle, peer, peer_length, buffer, size, length);
case PAL_CRYPTO_COPY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- target_handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_copy_key(handle, target_handle, policy);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_copy_key(key_handle, attributes, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SETUP:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_key_derivation_setup(derive_operation, alg);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_input_bytes(derive_operation, step, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_key_derivation_input_key(derive_operation, step, key_handle);
+ case PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
+ return psa_key_derivation_key_agreement(derive_operation, step, key_handle, peer,
+ peer_length);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_output_bytes(derive_operation, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_key_derivation_output_key(attributes, derive_operation, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_set_capacity(derive_operation, size);
+ case PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ length = va_arg(valist, size_t *);
+ return psa_key_derivation_get_capacity(derive_operation, length);
+ case PAL_CRYPTO_KEY_DERIVATION_ABORT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ return psa_key_derivation_abort(derive_operation);
+ case PAL_CRYPTO_OPEN_KEY:
+ key_id = va_arg(valist, psa_key_id_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_open_key(key_id, handle);
+ case PAL_CRYPTO_CLOSE_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_close_key(key_handle);
case PAL_CRYPTO_FREE:
for (i = 0; i < PAL_KEY_SLOT_COUNT; i++)
psa_destroy_key(i);
diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h
index d1dabfa..486f793 100644
--- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h
+++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h
@@ -21,55 +21,82 @@
#include "pal_common.h"
enum crypto_function_code {
- PAL_CRYPTO_INIT = 0x1,
- PAL_CRYPTO_GENERATE_RANDOM = 0x2,
- PAL_CRYPTO_IMPORT_KEY = 0x3,
- PAL_CRYPTO_EXPORT_KEY = 0x4,
- PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
- PAL_CRYPTO_DESTROY_KEY = 0x6,
- PAL_CRYPTO_GET_KEY_INFO = 0x7,
- PAL_CRYPTO_KEY_POLICY_INIT = 0x8,
- PAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9,
- PAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA,
- PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB,
- PAL_CRYPTO_SET_KEY_POLICY = 0xC,
- PAL_CRYPTO_GET_KEY_POLICY = 0xD,
- PAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
- PAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
- PAL_CRYPTO_HASH_SETUP = 0x11,
- PAL_CRYPTO_HASH_UPDATE = 0x12,
- PAL_CRYPTO_HASH_VERIFY = 0x13,
- PAL_CRYPTO_HASH_FINISH = 0x14,
- PAL_CRYPTO_HASH_ABORT = 0x15,
- PAL_CRYPTO_GENERATE_KEY = 0x16,
- PAL_CRYPTO_GENERATOR_READ = 0x17,
- PAL_CRYPTO_KEY_DERIVATION = 0x18,
- PAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
- PAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
- PAL_CRYPTO_GENERATOR_ABORT = 0x1B,
- PAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
- PAL_CRYPTO_AEAD_DECRYPT = 0x1D,
- PAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
- PAL_CRYPTO_MAC_UPDATE = 0x1F,
- PAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
- PAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
- PAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
- PAL_CRYPTO_MAC_ABORT = 0x23,
- PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
- PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
- PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
- PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
- PAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
- PAL_CRYPTO_CIPHER_SET_IV = 0x2C,
- PAL_CRYPTO_CIPHER_UPDATE = 0x2D,
- PAL_CRYPTO_CIPHER_FINISH = 0x2E,
- PAL_CRYPTO_CIPHER_ABORT = 0x2F,
- PAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
- PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
- PAL_CRYPTO_KEY_AGREEMENT = 0x32,
- PAL_CRYPTO_ALLOCATE_KEY = 0x33,
- PAL_CRYPTO_COPY_KEY = 0x34,
- PAL_CRYPTO_FREE = 0xFE,
+ PAL_CRYPTO_INIT = 0x1,
+ PAL_CRYPTO_GENERATE_RANDOM = 0x2,
+ PAL_CRYPTO_IMPORT_KEY = 0x3,
+ PAL_CRYPTO_EXPORT_KEY = 0x4,
+ PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
+ PAL_CRYPTO_DESTROY_KEY = 0x6,
+ PAL_CRYPTO_HASH_SETUP = 0x7,
+ PAL_CRYPTO_HASH_UPDATE = 0x8,
+ PAL_CRYPTO_HASH_VERIFY = 0x9,
+ PAL_CRYPTO_HASH_FINISH = 0xA,
+ PAL_CRYPTO_HASH_ABORT = 0xB,
+ PAL_CRYPTO_GENERATE_KEY = 0xC,
+ PAL_CRYPTO_AEAD_ENCRYPT = 0xD,
+ PAL_CRYPTO_AEAD_DECRYPT = 0xE,
+ PAL_CRYPTO_MAC_SIGN_SETUP = 0xF,
+ PAL_CRYPTO_MAC_UPDATE = 0x10,
+ PAL_CRYPTO_MAC_SIGN_FINISH = 0x11,
+ PAL_CRYPTO_MAC_VERIFY_SETUP = 0x12,
+ PAL_CRYPTO_MAC_VERIFY_FINISH = 0x13,
+ PAL_CRYPTO_MAC_ABORT = 0x14,
+ PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x15,
+ PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x16,
+ PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x17,
+ PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x18,
+ PAL_CRYPTO_CIPHER_GENERATE_IV = 0x19,
+ PAL_CRYPTO_CIPHER_SET_IV = 0x1A,
+ PAL_CRYPTO_CIPHER_UPDATE = 0x1B,
+ PAL_CRYPTO_CIPHER_FINISH = 0x1C,
+ PAL_CRYPTO_CIPHER_ABORT = 0x1D,
+ PAL_CRYPTO_ASYMMTERIC_SIGN = 0x1E,
+ PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x1F,
+ PAL_CRYPTO_COPY_KEY = 0x20,
+ PAL_CRYPTO_SET_KEY_TYPE = 0x21,
+ PAL_CRYPTO_SET_KEY_BITS = 0x22,
+ PAL_CRYPTO_GET_KEY_ATTRIBUTES = 0x23,
+ PAL_CRYPTO_GET_KEY_TYPE = 0x24,
+ PAL_CRYPTO_SET_KEY_USAGE_FLAGS = 0x25,
+ PAL_CRYPTO_RESET_KEY_ATTRIBUTES = 0x26,
+ PAL_CRYPTO_SET_KEY_ID = 0x27,
+ PAL_CRYPTO_SET_KEY_LIFETIME = 0x28,
+ PAL_CRYPTO_SET_KEY_ALGORITHM = 0x29,
+ PAL_CRYPTO_GET_KEY_ID = 0x2A,
+ PAL_CRYPTO_GET_KEY_LIFETIME = 0x2B,
+ PAL_CRYPTO_GET_KEY_USAGE_FLAGS = 0x2C,
+ PAL_CRYPTO_GET_KEY_ALGORITHM = 0x2D,
+ PAL_CRYPTO_GET_KEY_BITS = 0x2E,
+ PAL_CRYPTO_HASH_COMPUTE = 0x2F,
+ PAL_CRYPTO_HASH_COMPARE = 0x30,
+ PAL_CRYPTO_KEY_DERIVATION_SETUP = 0x31,
+ PAL_CRYPTO_KEY_DERIVATION_ABORT = 0x32,
+ PAL_CRYPTO_RAW_KEY_AGREEMENT = 0x33,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES = 0x34,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY = 0x35,
+ PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT = 0x36,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES = 0x37,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY = 0x38,
+ PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY = 0x39,
+ PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY = 0x3A,
+ PAL_CRYPTO_HASH_CLONE = 0x3B,
+ PAL_CRYPTO_MAC_COMPUTE = 0x3C,
+ PAL_CRYPTO_MAC_VERIFY = 0x3D,
+ PAL_CRYPTO_CIPHER_ENCRYPT = 0x3F,
+ PAL_CRYPTO_CIPHER_DECRYPT = 0x40,
+ PAL_CRYPTO_OPEN_KEY = 0x41,
+ PAL_CRYPTO_CLOSE_KEY = 0x42,
+ PAL_CRYPTO_AEAD_ENCRYPT_SETUP = 0x43,
+ PAL_CRYPTO_AEAD_DECRYPT_SETUP = 0x44,
+ PAL_CRYPTO_AEAD_GENERATE_NONCE = 0x45,
+ PAL_CRYPTO_AEAD_SET_NONCE = 0x46,
+ PAL_CRYPTO_AEAD_SET_LENGTHS = 0X47,
+ PAL_CRYPTO_AEAD_UPDATE_AD = 0x48,
+ PAL_CRYPTO_AEAD_UPDATE = 0x49,
+ PAL_CRYPTO_AEAD_FINISH = 0x4A,
+ PAL_CRYPTO_AEAD_VERIFY = 0x4B,
+ PAL_CRYPTO_AEAD_ABORT = 0x4C,
+ PAL_CRYPTO_FREE = 0xFE,
};
int32_t pal_crypto_function(int type, va_list valist);
diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c
index ae2bdba..38ed283 100644
--- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c
+++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c
@@ -17,24 +17,14 @@
#include "pal_attestation_crypto.h"
-static uint32_t public_key_registered = 0;
-
+static uint32_t public_key_registered;
+static psa_key_handle_t public_key_handle;
static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf,
size_t amount)
{
return UsefulBuf_Head(buf, amount);
}
-static uint32_t check_hash_sizes(void)
-{
- if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256))
- {
- return PAL_ATTEST_HASH_FAIL;
- }
-
- return PAL_ATTEST_SUCCESS;
-}
-
static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve)
{
psa_ecc_curve_t psa_curve;
@@ -82,130 +72,94 @@
int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id)
{
- int32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t psa_alg;
- cose_ret = check_hash_sizes();
- if (cose_ret)
- {
- goto error;
- }
+ /* Map the algorithm ID */
+ psa_alg = cose_hash_alg_id_to_psa(cose_hash_alg_id);
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Actually do the hash set up */
+ hash_ctx->status = psa_hash_setup(&psa_hash, psa_alg);
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
- psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id));
+ /* Copy the PSA handle back into the context */
+ hash_ctx->context.handle = psa_hash.handle;
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- psa_hash_ctx->status = PAL_ATTEST_SUCCESS;
- cose_ret = PAL_ATTEST_SUCCESS;
- }
- else if (psa_ret == PSA_ERROR_NOT_SUPPORTED)
- {
- cose_ret = PAL_ATTEST_HASH_UNSUPPORTED;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
-
-error:
- return cose_ret;
+ /* Map errors and return */
+ return (psa_status_t)hash_ctx->status;
}
void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf_c data_to_hash)
{
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
+
+ if (hash_ctx->status != PSA_SUCCESS)
+ return;
+
+ if (data_to_hash.ptr == NULL) {
+ /* No data was passed in to be hashed indicating the mode of use is
+ * the computation of the size of hash. This mode is hashing is used
+ * by t_cose when it is requested to compute the size of the signed
+ * data it might compute, which is in turn used to compute the
+ * size of a would be token. When computing the size, the size
+ * like this, there is nothing to do in update()
+ */
return;
}
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ /* Actually hash the data */
+ hash_ctx->status = psa_hash_update(&psa_hash, data_to_hash.ptr, data_to_hash.len);
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- if (data_to_hash.ptr != NULL)
- {
- psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation,
- data_to_hash.ptr,
- data_to_hash.len);
- }
- else
- {
- /* Intentionally do nothing, just computing the size of the token */
- }
- }
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
}
int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf buffer_to_hold_result,
struct q_useful_buf_c *hash_result)
{
- uint32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ if (hash_ctx->status != PSA_SUCCESS)
+ goto Done;
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- psa_ret = psa_hash_finish(&psa_hash_ctx->operation,
- buffer_to_hold_result.ptr,
- buffer_to_hold_result.len,
- &(hash_result->len));
+ /* Actually finish up the hash */
+ hash_ctx->status = psa_hash_finish(&psa_hash, buffer_to_hold_result.ptr,
+ buffer_to_hold_result.len, &(hash_result->len));
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- hash_result->ptr = buffer_to_hold_result.ptr;
- cose_ret = 0;
- }
- else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL)
- {
- cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
+ hash_result->ptr = buffer_to_hold_result.ptr;
-error:
- return cose_ret;
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
+
+Done:
+ return ((psa_status_t)hash_ctx->status);
+
}
int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ uint32_t return_value = 0;
struct pal_cose_crypto_hash hash_ctx;
- status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
- if (status)
- return status;
+ return_value = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
+ if (return_value)
+ goto Done;
pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash);
- status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
+ return_value = pal_cose_crypto_hash_finish(&hash_ctx,
+ buffer_for_hash,
+ hash);
- return status;
+Done:
+ return return_value;
}
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
@@ -223,18 +177,19 @@
/* This builds the CBOR-format to-be-signed bytes */
QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part);
QCBOREncode_OpenArray(&cbor_encode_ctx);
+
/* context */
- QCBOREncode_AddSZString(&cbor_encode_ctx,
- COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+ QCBOREncode_AddSZString(&cbor_encode_ctx, COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+
/* body_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx,
- protected_headers);
- /* sign_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+ QCBOREncode_AddBytes(&cbor_encode_ctx, protected_headers);
+
+ /* sign_protected is not used for Sign1 */
/* external_aad */
QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
- /* fake payload */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+
+ /* The short fake payload. */
+ QCBOREncode_AddBytesLenOnly(&cbor_encode_ctx, payload);
QCBOREncode_CloseArray(&cbor_encode_ctx);
/* Get the result and convert it to struct q_useful_buf_c representation */
@@ -242,7 +197,8 @@
if (qcbor_result)
{
/* Mainly means that the protected_headers were too big
- (which should never happen) */
+ * (which should never happen)
+ */
status = PAL_ATTEST_ERR_SIGN_STRUCT;
goto Done;
}
@@ -257,90 +213,129 @@
if (status)
goto Done;
- /* Hash the first part of the TBS. Take all but the last two
- * bytes. The last two bytes are the fake payload from above. It
- * is replaced by the real payload which is hashed next. The fake
- * payload is needed so the array count is right. This is one of
- * the main things that make it possible to implement with one
- * buffer for the whole cose sign1.
+ /* This is hashing of the first part, all the CBOR
+ * except the payload.
*/
- pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part,
- tbs_first_part.len - 2));
+ pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, tbs_first_part.len));
- /* Hash the payload */
+ /* Hash the payload, the second part. */
pal_cose_crypto_hash_update(&hash_ctx, payload);
/* Finish the hash and set up to return it */
- status = pal_cose_crypto_hash_finish(&hash_ctx,
- buffer_for_hash,
- hash);
+ status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
Done:
return status;
}
-uint32_t pal_import_attest_key(int32_t alg)
+static uint32_t pal_import_attest_key(psa_algorithm_t key_alg)
{
- psa_key_type_t attest_key_type;
- size_t public_key_size;
- psa_status_t status = PSA_SUCCESS;
+ psa_status_t status = PAL_ATTEST_ERROR;
+ psa_key_usage_t usage = PSA_KEY_USAGE_VERIFY;
+ psa_ecc_curve_t psa_curve = attest_map_elliptic_curve_type(P_256);
+ psa_key_type_t attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
+ size_t public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
+
+#if defined(CRYPTO_VERSION_BETA1) || defined(CRYPTO_VERSION_BETA2)
psa_key_policy_t policy;
- psa_ecc_curve_t psa_curve;
- psa_key_handle_t public_key_handle;
- /* Mapping of COSE curve type to PSA curve types */
- psa_curve = attest_map_elliptic_curve_type(P_256);
- if (psa_curve == USHRT_MAX)
- return PAL_ATTEST_ERROR;
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
- /* Setup the key policy for public key */
- policy = psa_key_policy_init();
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg);
+ /* Setup the key policy for public key */
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage(&policy, usage, key_alg);
- status = psa_allocate_key(&public_key_handle);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_allocate_key(&public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- status = psa_set_key_policy(public_key_handle, &policy);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_set_key_policy(public_key_handle, &policy);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
-
- /* Register public key to crypto service */
- public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
-
- status = psa_import_key(public_key_handle,
+ /* Import the public key */
+ status = psa_import_key(public_key_handle,
attest_key_type,
- (const uint8_t *)&attest_public_key,
+ (const uint8_t *)&attest_public_key,
public_key_size + 1);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+
+#elif defined(CRYPTO_VERSION_BETA3)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
+
+ /* Set the attributes for the public key */
+ psa_set_key_type(&attributes, attest_key_type);
+ psa_set_key_bits(&attributes, public_key_size + 1);
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, key_alg);
+
+ /* Import the public key */
+ status = psa_import_key(&attributes,
+ (const uint8_t *)&attest_public_key,
+ public_key_size + 1,
+ &public_key_handle);
+
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+#endif
return status;
}
+static uint32_t pal_destroy_attest_key(void)
+{
+ psa_status_t status;
+
+ if (!public_key_registered)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ status = psa_destroy_key(public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 0;
+
+ return PAL_ATTEST_SUCCESS;
+}
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id,
struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ int32_t status = PAL_ATTEST_ERROR;
+ psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
- if (!public_key_registered)
- {
- status = pal_import_attest_key(cose_algorithm_id);
- if (status != PAL_ATTEST_SUCCESS)
- return status;
+ /* Register the attestation public key */
+ status = pal_import_attest_key(key_alg);
+ if (status != PAL_ATTEST_SUCCESS)
+ return status;
- public_key_registered = 1;
- }
-
-/*
- * Enable the verify function when Trusted Firmare - M Supports
-
- * Verify the signature a hash or short message using a public key.
+ /* Verify the signature */
status = psa_asymmetric_verify(public_key_handle,
- cose_algorithm_id, token_hash.ptr, token_hash.len,
- signature.ptr, signature.len);
-*/
- return status;
+ key_alg, token_hash.ptr, token_hash.len,
+ signature.ptr, signature.len);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_SIGNATURE_FAIL;
+
+ /* Unregister the attestation public key */
+ status = pal_destroy_attest_key();
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ return PAL_ATTEST_SUCCESS;
}
diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h
index 2d63ad1..2175e65 100644
--- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h
+++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h
@@ -22,9 +22,9 @@
typedef struct{
uint8_t *pubx_key;
- uint32_t pubx_key_size;
+ size_t pubx_key_size;
uint8_t *puby_key;
- uint32_t puby_key_size;
+ size_t puby_key_size;
} ecc_key_t;
struct ecc_public_key_t {
@@ -48,11 +48,11 @@
};
struct pal_cose_crypto_hash {
- /* Can't put the actual size here without creating dependecy on
- * actual hash implementation, so this is a fairly large and
- * accommodating size.
- */
- uint8_t bytes[128];
+ union {
+ void *ptr;
+ uint64_t handle;
+ } context;
+ int64_t status;
};
struct pal_cose_psa_crypto_hash {
@@ -95,7 +95,6 @@
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers,
struct q_useful_buf_c payload);
-uint32_t pal_import_attest_key(int32_t alg);
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature);
diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c
index 178fdc9..60c7164 100644
--- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c
+++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c
@@ -29,7 +29,7 @@
QCBORError qcbor_result;
QCBOREncodeContext cbor_encode_ctx;
int32_t cose_curve_id = P_256;
- struct q_useful_buf_c encoded_key_id;
+ struct q_useful_buf_c encoded_key_id;
/* Get the public key x and y */
/* Encode it into a COSE_Key structure */
@@ -136,26 +136,18 @@
}
static int parse_unprotected_headers(QCBORDecodeContext *decode_context,
- struct q_useful_buf_c *child,
- bool *loop_back)
+ struct q_useful_buf_c *child)
{
struct items_to_get_t item_list[3];
item_list[0].label = COSE_HEADER_PARAM_KID;
- item_list[1].label = T_COSE_SHORT_CIRCUIT_LABEL;
- item_list[2].label = 0;
- *loop_back = false;
+ item_list[1].label = 0;
if (get_items_in_map(decode_context, item_list))
{
return PAL_ATTEST_ERROR;
}
- if (item_list[1].item.uDataType == QCBOR_TYPE_TRUE)
- {
- *loop_back = true;
- }
-
if (item_list[0].item.uDataType != QCBOR_TYPE_BYTE_STRING)
{
return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
@@ -324,11 +316,10 @@
token_size : Size of the token buffer
@return - error status
**/
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size)
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size)
{
int32_t status = PAL_ATTEST_SUCCESS;
- bool short_circuit;
int32_t cose_algorithm_id;
QCBORItem item;
QCBORDecodeContext decode_context;
@@ -412,8 +403,7 @@
return status;
/* Parse the unprotected headers and check the data type and value */
- short_circuit = false;
- status = parse_unprotected_headers(&decode_context, &kid, &short_circuit);
+ status = parse_unprotected_headers(&decode_context, &kid);
if (status != PAL_ATTEST_SUCCESS)
return status;
diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h
index 8a0c545..e7449a0 100644
--- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h
+++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h
@@ -140,8 +140,7 @@
1 << (EAT_CBOR_ARM_RANGE_BASE \
- EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS))
-#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \
- 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID)
+#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT)
#define NULL_USEFUL_BUF_C NULLUsefulBufC
@@ -158,6 +157,8 @@
PAL_ATTEST_HASH_BUFFER_SIZE,
PAL_ATTEST_ERR_PROTECTED_HEADERS,
PAL_ATTEST_ERR_SIGN_STRUCT,
+ PAL_ATTEST_ERR_KEY_FAIL,
+ PAL_ATTEST_ERR_SIGNATURE_FAIL,
PAL_ATTEST_ERROR,
};
@@ -166,5 +167,5 @@
QCBORItem item;
};
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size);
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size);
diff --git a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.c b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.c
index 2d99f74..83c1ebd 100644
--- a/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.c
+++ b/api-tests/platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.c
@@ -27,25 +27,27 @@
int32_t pal_attestation_function(int type, va_list valist)
{
uint8_t *challenge, *token;
- uint32_t challenge_size, *token_size, verify_token_size;
+ size_t challenge_size, *token_size, verify_token_size, token_buffer_size;
switch (type)
{
case PAL_INITIAL_ATTEST_GET_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- token_size = va_arg(valist, uint32_t*);
- return psa_initial_attest_get_token(challenge, challenge_size, token, token_size);
+ token_buffer_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
+ return psa_initial_attest_get_token(challenge, challenge_size, token, token_buffer_size,
+ token_size);
case PAL_INITIAL_ATTEST_GET_TOKEN_SIZE:
- challenge_size = va_arg(valist, uint32_t);
- token_size = va_arg(valist, uint32_t*);
+ challenge_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
return psa_initial_attest_get_token_size(challenge_size, token_size);
case PAL_INITIAL_ATTEST_VERIFY_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- verify_token_size = va_arg(valist, uint32_t);
+ verify_token_size = va_arg(valist, size_t);
return pal_initial_attest_verify_token(challenge, challenge_size,
token, verify_token_size);
default:
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_config.h
index 289dc5d..2871339 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/common/pal_config.h
@@ -40,6 +40,9 @@
#define SP_HEAP_MEM_SUPP
#endif /* PSA_CMAKE_BUILD */
+/* Version of crypto spec used in attestation */
+#define CRYPTO_VERSION_BETA2
+
/*
* Include of PSA defined Header files
*/
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_config_check.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_config_check.h
index f18a785..443e0bc 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_config_check.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_config_check.h
@@ -94,13 +94,13 @@
#error "ARCH_TEST_CTR_AES defined, but not all prerequisites"
#endif
-#if (defined(ARCH_TEST_CBC_AES)|| defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
+#if (defined(ARCH_TEST_CBC_AES) || defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
(!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_AES defined, but not all prerequisites"
#endif
#if (defined(ARCH_TEST_CBC_NO_PADDING)) &&\
- (!defined(ARCH_TEST_CIPER) ||!defined(ARCH_TEST_CIPER_MODE_CBC))
+ (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_NO_PADDING defined, but not all prerequisites"
#endif
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.c
index 3df6aa8..fd2e055 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.c
@@ -28,96 +28,124 @@
**/
int32_t pal_crypto_function(int type, va_list valist)
{
- int i;
- size_t size, *length, salt_length, label_length, ciphertext_size;
- uint8_t *buffer, *ciphertext;
- const uint8_t *salt, *label, *nonce, *additional_data;
- uint8_t *plaintext;
- uint32_t status;
- const void *extra;
- size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length;
- psa_key_handle_t handle, *key_handle, target_handle;
- psa_key_type_t key_type, *key_type_out;
- psa_key_policy_t *policy;
- psa_key_usage_t usage, *usage_out;
- psa_key_lifetime_t *lifetime_out;
- psa_algorithm_t alg, *alg_out;
- psa_hash_operation_t *hash_operation;
- psa_mac_operation_t *mac_operation;
- psa_cipher_operation_t *cipher_operation;
- psa_crypto_generator_t *generator;
-
+ int i;
+ psa_status_t status;
+ uint8_t *buffer, *ciphertext, *plaintext;
+ const uint8_t *nonce, *additional_data, *salt, *peer;
+ size_t *length, size, ciphertext_size, nonce_length;
+ size_t salt_length, peer_length, additional_data_length;
+ size_t *tag_length, plaintext_size;
+ psa_aead_operation_t *aead_operation;
+ psa_key_attributes_t *attributes;
+ psa_key_handle_t *handle, key_handle;
+ psa_key_type_t *key_type_out, key_type;
+ psa_key_usage_t *usage_out, usage;
+ psa_key_id_t *key_id_out, key_id;
+ psa_key_lifetime_t *key_lifetime_out, key_lifetime;
+ psa_algorithm_t *key_alg_out, key_alg, alg;
+ psa_hash_operation_t *hash_operation, *target_operation;
+ psa_mac_operation_t *mac_operation;
+ psa_cipher_operation_t *cipher_operation;
+ psa_key_derivation_operation_t *derive_operation;
+ psa_key_derivation_step_t step;
switch (type)
{
case PAL_CRYPTO_INIT:
return psa_crypto_init();
case PAL_CRYPTO_GENERATE_RANDOM:
- buffer = va_arg(valist, uint8_t*);
+ buffer = va_arg(valist, uint8_t *);
size = va_arg(valist, int);
return psa_generate_random(buffer, size);
case PAL_CRYPTO_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ buffer = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ status = psa_import_key(attributes, buffer, size, handle);
+ return status;
+ case PAL_CRYPTO_SET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
key_type = va_arg(valist, psa_key_type_t);
- buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- status = psa_import_key(handle, key_type, buffer, size);
- return status;
+ psa_set_key_type(attributes, key_type);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ size = va_arg(valist, size_t);
+ psa_set_key_bits(attributes, size);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ATTRIBUTES:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ return psa_get_key_attributes(key_handle, attributes);
+ case PAL_CRYPTO_GET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_type_out = va_arg(valist, psa_key_type_t *);
+ *key_type_out = psa_get_key_type(attributes);
+ return 0;
case PAL_CRYPTO_EXPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_public_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_KEY_POLICY_INIT:
- policy = va_arg(valist, psa_key_policy_t*);
- memset(policy, 0, sizeof(psa_key_policy_t));
- return 0;
- case PAL_CRYPTO_KEY_POLICY_SET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
usage = va_arg(valist, psa_key_usage_t);
- alg = va_arg(valist, psa_algorithm_t);
- psa_key_policy_set_usage(policy, usage, alg);
+ psa_set_key_usage_flags(attributes, usage);
return 0;
- case PAL_CRYPTO_SET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_set_key_policy(handle, policy);
- case PAL_CRYPTO_DESTROY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- status = psa_destroy_key(handle);
- return status;
- case PAL_CRYPTO_GET_KEY_INFORMATION:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type_out = va_arg(valist, psa_key_type_t*);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_get_key_information(handle, key_type_out, length);
- return status;
- case PAL_CRYPTO_GET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_get_key_policy(handle, policy);
- case PAL_CRYPTO_KEY_POLICY_GET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
- usage_out = va_arg(valist, psa_key_usage_t*);
- *usage_out = psa_key_policy_get_usage(policy);
+ case PAL_CRYPTO_RESET_KEY_ATTRIBUTES:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ psa_reset_key_attributes(attributes);
return 0;
- case PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM:
- policy = va_arg(valist, psa_key_policy_t*);
- alg_out = va_arg(valist, psa_algorithm_t*);
- *alg_out = psa_key_policy_get_algorithm(policy);
+ case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_public_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id = va_arg(valist, psa_key_id_t);
+ psa_set_key_id(attributes, key_id);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_LIFETIME:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime = va_arg(valist, psa_key_lifetime_t);
+ psa_set_key_lifetime(attributes, key_lifetime);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg = va_arg(valist, psa_algorithm_t);
+ psa_set_key_algorithm(attributes, key_alg);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id_out = va_arg(valist, psa_key_id_t *);
+ *key_id_out = psa_get_key_id(attributes);
return 0;
case PAL_CRYPTO_GET_KEY_LIFETIME:
- handle = (psa_key_handle_t)va_arg(valist, int);
- lifetime_out = va_arg(valist, psa_key_lifetime_t*);
- return psa_get_key_lifetime(handle, lifetime_out);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime_out = va_arg(valist, psa_key_lifetime_t *);
+ *key_lifetime_out = psa_get_key_lifetime(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ usage_out = va_arg(valist, psa_key_usage_t *);
+ *usage_out = psa_get_key_usage_flags(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg_out = va_arg(valist, psa_algorithm_t *);
+ *key_alg_out = psa_get_key_algorithm(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ length = va_arg(valist, size_t *);
+ *length = psa_get_key_bits(attributes);
+ return 0;
+ case PAL_CRYPTO_DESTROY_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_destroy_key(key_handle);
case PAL_CRYPTO_HASH_SETUP:
hash_operation = va_arg(valist, psa_hash_operation_t*);
alg = va_arg(valist, psa_algorithm_t);
@@ -141,44 +169,31 @@
case PAL_CRYPTO_HASH_ABORT:
hash_operation = va_arg(valist, psa_hash_operation_t*);
return psa_hash_abort(hash_operation);
- case PAL_CRYPTO_GENERATE_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- extra = va_arg(valist, const void*);
- extra_size = va_arg(valist, size_t);
- return psa_generate_key(handle, key_type, size, extra, extra_size);
- case PAL_CRYPTO_GENERATOR_READ:
- generator = va_arg(valist, psa_crypto_generator_t*);
+ case PAL_CRYPTO_HASH_COMPUTE:
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- return psa_generator_read(generator, buffer, size);
- case PAL_CRYPTO_KEY_DERIVATION:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_hash_compute(alg, plaintext, plaintext_size, buffer, size, length);
+ case PAL_CRYPTO_HASH_COMPARE:
alg = va_arg(valist, psa_algorithm_t);
- salt = va_arg(valist, const uint8_t *);
- salt_length = va_arg(valist, size_t);
- label = va_arg(valist, const uint8_t *);
- label_length = va_arg(valist, size_t);
- capacity = va_arg(valist, size_t);
- return psa_key_derivation(generator, handle, alg, salt, salt_length, label,
- label_length, capacity);
- case PAL_CRYPTO_GET_GENERATOR_CAPACITY:
- generator = va_arg(valist, psa_crypto_generator_t*);
- gen_cap = va_arg(valist, size_t*);
- return psa_get_generator_capacity(generator, gen_cap);
- case PAL_CRYPTO_GENERATOR_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_import_key(handle, key_type, size, generator);
- case PAL_CRYPTO_GENERATOR_ABORT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_abort(generator);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_hash_compare(alg, plaintext, plaintext_size, buffer, size);
+ case PAL_CRYPTO_HASH_CLONE:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ target_operation = va_arg(valist, psa_hash_operation_t*);
+ return psa_hash_clone(hash_operation, target_operation);
+ case PAL_CRYPTO_GENERATE_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_generate_key(attributes, handle);
case PAL_CRYPTO_AEAD_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -189,10 +204,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_encrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
+ return psa_aead_encrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
case PAL_CRYPTO_AEAD_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -203,13 +218,74 @@
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_decrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ return psa_aead_decrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ case PAL_CRYPTO_AEAD_ENCRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_encrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_DECRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_decrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_GENERATE_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_generate_nonce(aead_operation, buffer, size, length);
+ case PAL_CRYPTO_AEAD_SET_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_set_nonce(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_SET_LENGTHS:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ size = va_arg(valist, size_t);
+ plaintext_size = va_arg(valist, size_t);
+ return psa_aead_set_lengths(aead_operation, size, plaintext_size);
+ case PAL_CRYPTO_AEAD_UPDATE_AD:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_update_ad(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_UPDATE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_aead_update(aead_operation, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_AEAD_FINISH:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ tag_length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_finish(aead_operation, ciphertext, ciphertext_size, length, buffer,
+ size, tag_length);
+ case PAL_CRYPTO_AEAD_VERIFY:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_verify(aead_operation, plaintext, plaintext_size, length, buffer, size);
+ case PAL_CRYPTO_AEAD_ABORT:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ return psa_aead_abort(aead_operation);
case PAL_CRYPTO_MAC_SIGN_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_sign_setup(mac_operation, handle, alg);
+ return psa_mac_sign_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_UPDATE:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -223,9 +299,9 @@
return psa_mac_sign_finish(mac_operation, buffer, size, length);
case PAL_CRYPTO_MAC_VERIFY_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_verify_setup(mac_operation, handle, alg);
+ return psa_mac_verify_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_VERIFY_FINISH:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -234,8 +310,27 @@
case PAL_CRYPTO_MAC_ABORT:
mac_operation = va_arg(valist, psa_mac_operation_t*);
return psa_mac_abort(mac_operation);
+ case PAL_CRYPTO_MAC_COMPUTE:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_mac_compute(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_MAC_VERIFY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ return psa_mac_verify(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size);
case PAL_CRYPTO_ASYMMTERIC_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -244,10 +339,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_encrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_encrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_ASYMMTERIC_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -256,18 +351,18 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_decrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_decrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_encrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_encrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_DECRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_decrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_decrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_GENERATE_IV:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
buffer = va_arg(valist, uint8_t*);
@@ -287,7 +382,7 @@
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_cipher_update(cipher_operation, plaintext, size, ciphertext, ciphertext_size,
- length);
+ length);
case PAL_CRYPTO_CIPHER_FINISH:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
ciphertext = va_arg(valist, uint8_t *);
@@ -297,39 +392,110 @@
case PAL_CRYPTO_CIPHER_ABORT:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
return psa_cipher_abort(cipher_operation);
+ case PAL_CRYPTO_CIPHER_ENCRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_encrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
+ case PAL_CRYPTO_CIPHER_DECRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_decrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_SIGN:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_sign(handle, alg, buffer, size, ciphertext, ciphertext_size,
- length);
+ return psa_asymmetric_sign(key_handle, alg, buffer, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_VERIFY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
- return psa_asymmetric_verify(handle, alg, buffer, size, ciphertext, ciphertext_size);
- case PAL_CRYPTO_KEY_AGREEMENT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_asymmetric_verify(key_handle, alg, buffer, size, ciphertext,
+ ciphertext_size);
+ case PAL_CRYPTO_RAW_KEY_AGREEMENT:
+ alg = va_arg(valist, psa_algorithm_t);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
- alg = va_arg(valist, psa_algorithm_t);
- return psa_key_agreement(generator, handle, buffer, size, alg);
- case PAL_CRYPTO_ALLOCATE_KEY:
- key_handle = (psa_key_handle_t *)va_arg(valist, int*);
- return psa_allocate_key(key_handle);
+ length = va_arg(valist, size_t*);
+ return psa_raw_key_agreement(alg, key_handle, peer, peer_length, buffer, size, length);
case PAL_CRYPTO_COPY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- target_handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_copy_key(handle, target_handle, policy);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_copy_key(key_handle, attributes, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SETUP:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_key_derivation_setup(derive_operation, alg);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_input_bytes(derive_operation, step, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_key_derivation_input_key(derive_operation, step, key_handle);
+ case PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
+ return psa_key_derivation_key_agreement(derive_operation, step, key_handle, peer,
+ peer_length);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_output_bytes(derive_operation, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_key_derivation_output_key(attributes, derive_operation, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_set_capacity(derive_operation, size);
+ case PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ length = va_arg(valist, size_t *);
+ return psa_key_derivation_get_capacity(derive_operation, length);
+ case PAL_CRYPTO_KEY_DERIVATION_ABORT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ return psa_key_derivation_abort(derive_operation);
+ case PAL_CRYPTO_OPEN_KEY:
+ key_id = va_arg(valist, psa_key_id_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_open_key(key_id, handle);
+ case PAL_CRYPTO_CLOSE_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_close_key(key_handle);
case PAL_CRYPTO_FREE:
for (i = 0; i < PAL_KEY_SLOT_COUNT; i++)
psa_destroy_key(i);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.h
index d1dabfa..486f793 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/crypto/pal_crypto_intf.h
@@ -21,55 +21,82 @@
#include "pal_common.h"
enum crypto_function_code {
- PAL_CRYPTO_INIT = 0x1,
- PAL_CRYPTO_GENERATE_RANDOM = 0x2,
- PAL_CRYPTO_IMPORT_KEY = 0x3,
- PAL_CRYPTO_EXPORT_KEY = 0x4,
- PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
- PAL_CRYPTO_DESTROY_KEY = 0x6,
- PAL_CRYPTO_GET_KEY_INFO = 0x7,
- PAL_CRYPTO_KEY_POLICY_INIT = 0x8,
- PAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9,
- PAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA,
- PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB,
- PAL_CRYPTO_SET_KEY_POLICY = 0xC,
- PAL_CRYPTO_GET_KEY_POLICY = 0xD,
- PAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
- PAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
- PAL_CRYPTO_HASH_SETUP = 0x11,
- PAL_CRYPTO_HASH_UPDATE = 0x12,
- PAL_CRYPTO_HASH_VERIFY = 0x13,
- PAL_CRYPTO_HASH_FINISH = 0x14,
- PAL_CRYPTO_HASH_ABORT = 0x15,
- PAL_CRYPTO_GENERATE_KEY = 0x16,
- PAL_CRYPTO_GENERATOR_READ = 0x17,
- PAL_CRYPTO_KEY_DERIVATION = 0x18,
- PAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
- PAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
- PAL_CRYPTO_GENERATOR_ABORT = 0x1B,
- PAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
- PAL_CRYPTO_AEAD_DECRYPT = 0x1D,
- PAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
- PAL_CRYPTO_MAC_UPDATE = 0x1F,
- PAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
- PAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
- PAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
- PAL_CRYPTO_MAC_ABORT = 0x23,
- PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
- PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
- PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
- PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
- PAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
- PAL_CRYPTO_CIPHER_SET_IV = 0x2C,
- PAL_CRYPTO_CIPHER_UPDATE = 0x2D,
- PAL_CRYPTO_CIPHER_FINISH = 0x2E,
- PAL_CRYPTO_CIPHER_ABORT = 0x2F,
- PAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
- PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
- PAL_CRYPTO_KEY_AGREEMENT = 0x32,
- PAL_CRYPTO_ALLOCATE_KEY = 0x33,
- PAL_CRYPTO_COPY_KEY = 0x34,
- PAL_CRYPTO_FREE = 0xFE,
+ PAL_CRYPTO_INIT = 0x1,
+ PAL_CRYPTO_GENERATE_RANDOM = 0x2,
+ PAL_CRYPTO_IMPORT_KEY = 0x3,
+ PAL_CRYPTO_EXPORT_KEY = 0x4,
+ PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
+ PAL_CRYPTO_DESTROY_KEY = 0x6,
+ PAL_CRYPTO_HASH_SETUP = 0x7,
+ PAL_CRYPTO_HASH_UPDATE = 0x8,
+ PAL_CRYPTO_HASH_VERIFY = 0x9,
+ PAL_CRYPTO_HASH_FINISH = 0xA,
+ PAL_CRYPTO_HASH_ABORT = 0xB,
+ PAL_CRYPTO_GENERATE_KEY = 0xC,
+ PAL_CRYPTO_AEAD_ENCRYPT = 0xD,
+ PAL_CRYPTO_AEAD_DECRYPT = 0xE,
+ PAL_CRYPTO_MAC_SIGN_SETUP = 0xF,
+ PAL_CRYPTO_MAC_UPDATE = 0x10,
+ PAL_CRYPTO_MAC_SIGN_FINISH = 0x11,
+ PAL_CRYPTO_MAC_VERIFY_SETUP = 0x12,
+ PAL_CRYPTO_MAC_VERIFY_FINISH = 0x13,
+ PAL_CRYPTO_MAC_ABORT = 0x14,
+ PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x15,
+ PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x16,
+ PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x17,
+ PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x18,
+ PAL_CRYPTO_CIPHER_GENERATE_IV = 0x19,
+ PAL_CRYPTO_CIPHER_SET_IV = 0x1A,
+ PAL_CRYPTO_CIPHER_UPDATE = 0x1B,
+ PAL_CRYPTO_CIPHER_FINISH = 0x1C,
+ PAL_CRYPTO_CIPHER_ABORT = 0x1D,
+ PAL_CRYPTO_ASYMMTERIC_SIGN = 0x1E,
+ PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x1F,
+ PAL_CRYPTO_COPY_KEY = 0x20,
+ PAL_CRYPTO_SET_KEY_TYPE = 0x21,
+ PAL_CRYPTO_SET_KEY_BITS = 0x22,
+ PAL_CRYPTO_GET_KEY_ATTRIBUTES = 0x23,
+ PAL_CRYPTO_GET_KEY_TYPE = 0x24,
+ PAL_CRYPTO_SET_KEY_USAGE_FLAGS = 0x25,
+ PAL_CRYPTO_RESET_KEY_ATTRIBUTES = 0x26,
+ PAL_CRYPTO_SET_KEY_ID = 0x27,
+ PAL_CRYPTO_SET_KEY_LIFETIME = 0x28,
+ PAL_CRYPTO_SET_KEY_ALGORITHM = 0x29,
+ PAL_CRYPTO_GET_KEY_ID = 0x2A,
+ PAL_CRYPTO_GET_KEY_LIFETIME = 0x2B,
+ PAL_CRYPTO_GET_KEY_USAGE_FLAGS = 0x2C,
+ PAL_CRYPTO_GET_KEY_ALGORITHM = 0x2D,
+ PAL_CRYPTO_GET_KEY_BITS = 0x2E,
+ PAL_CRYPTO_HASH_COMPUTE = 0x2F,
+ PAL_CRYPTO_HASH_COMPARE = 0x30,
+ PAL_CRYPTO_KEY_DERIVATION_SETUP = 0x31,
+ PAL_CRYPTO_KEY_DERIVATION_ABORT = 0x32,
+ PAL_CRYPTO_RAW_KEY_AGREEMENT = 0x33,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES = 0x34,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY = 0x35,
+ PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT = 0x36,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES = 0x37,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY = 0x38,
+ PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY = 0x39,
+ PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY = 0x3A,
+ PAL_CRYPTO_HASH_CLONE = 0x3B,
+ PAL_CRYPTO_MAC_COMPUTE = 0x3C,
+ PAL_CRYPTO_MAC_VERIFY = 0x3D,
+ PAL_CRYPTO_CIPHER_ENCRYPT = 0x3F,
+ PAL_CRYPTO_CIPHER_DECRYPT = 0x40,
+ PAL_CRYPTO_OPEN_KEY = 0x41,
+ PAL_CRYPTO_CLOSE_KEY = 0x42,
+ PAL_CRYPTO_AEAD_ENCRYPT_SETUP = 0x43,
+ PAL_CRYPTO_AEAD_DECRYPT_SETUP = 0x44,
+ PAL_CRYPTO_AEAD_GENERATE_NONCE = 0x45,
+ PAL_CRYPTO_AEAD_SET_NONCE = 0x46,
+ PAL_CRYPTO_AEAD_SET_LENGTHS = 0X47,
+ PAL_CRYPTO_AEAD_UPDATE_AD = 0x48,
+ PAL_CRYPTO_AEAD_UPDATE = 0x49,
+ PAL_CRYPTO_AEAD_FINISH = 0x4A,
+ PAL_CRYPTO_AEAD_VERIFY = 0x4B,
+ PAL_CRYPTO_AEAD_ABORT = 0x4C,
+ PAL_CRYPTO_FREE = 0xFE,
};
int32_t pal_crypto_function(int type, va_list valist);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.c
index ae2bdba..38ed283 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.c
@@ -17,24 +17,14 @@
#include "pal_attestation_crypto.h"
-static uint32_t public_key_registered = 0;
-
+static uint32_t public_key_registered;
+static psa_key_handle_t public_key_handle;
static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf,
size_t amount)
{
return UsefulBuf_Head(buf, amount);
}
-static uint32_t check_hash_sizes(void)
-{
- if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256))
- {
- return PAL_ATTEST_HASH_FAIL;
- }
-
- return PAL_ATTEST_SUCCESS;
-}
-
static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve)
{
psa_ecc_curve_t psa_curve;
@@ -82,130 +72,94 @@
int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id)
{
- int32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t psa_alg;
- cose_ret = check_hash_sizes();
- if (cose_ret)
- {
- goto error;
- }
+ /* Map the algorithm ID */
+ psa_alg = cose_hash_alg_id_to_psa(cose_hash_alg_id);
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Actually do the hash set up */
+ hash_ctx->status = psa_hash_setup(&psa_hash, psa_alg);
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
- psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id));
+ /* Copy the PSA handle back into the context */
+ hash_ctx->context.handle = psa_hash.handle;
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- psa_hash_ctx->status = PAL_ATTEST_SUCCESS;
- cose_ret = PAL_ATTEST_SUCCESS;
- }
- else if (psa_ret == PSA_ERROR_NOT_SUPPORTED)
- {
- cose_ret = PAL_ATTEST_HASH_UNSUPPORTED;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
-
-error:
- return cose_ret;
+ /* Map errors and return */
+ return (psa_status_t)hash_ctx->status;
}
void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf_c data_to_hash)
{
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
+
+ if (hash_ctx->status != PSA_SUCCESS)
+ return;
+
+ if (data_to_hash.ptr == NULL) {
+ /* No data was passed in to be hashed indicating the mode of use is
+ * the computation of the size of hash. This mode is hashing is used
+ * by t_cose when it is requested to compute the size of the signed
+ * data it might compute, which is in turn used to compute the
+ * size of a would be token. When computing the size, the size
+ * like this, there is nothing to do in update()
+ */
return;
}
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ /* Actually hash the data */
+ hash_ctx->status = psa_hash_update(&psa_hash, data_to_hash.ptr, data_to_hash.len);
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- if (data_to_hash.ptr != NULL)
- {
- psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation,
- data_to_hash.ptr,
- data_to_hash.len);
- }
- else
- {
- /* Intentionally do nothing, just computing the size of the token */
- }
- }
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
}
int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf buffer_to_hold_result,
struct q_useful_buf_c *hash_result)
{
- uint32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ if (hash_ctx->status != PSA_SUCCESS)
+ goto Done;
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- psa_ret = psa_hash_finish(&psa_hash_ctx->operation,
- buffer_to_hold_result.ptr,
- buffer_to_hold_result.len,
- &(hash_result->len));
+ /* Actually finish up the hash */
+ hash_ctx->status = psa_hash_finish(&psa_hash, buffer_to_hold_result.ptr,
+ buffer_to_hold_result.len, &(hash_result->len));
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- hash_result->ptr = buffer_to_hold_result.ptr;
- cose_ret = 0;
- }
- else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL)
- {
- cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
+ hash_result->ptr = buffer_to_hold_result.ptr;
-error:
- return cose_ret;
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
+
+Done:
+ return ((psa_status_t)hash_ctx->status);
+
}
int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ uint32_t return_value = 0;
struct pal_cose_crypto_hash hash_ctx;
- status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
- if (status)
- return status;
+ return_value = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
+ if (return_value)
+ goto Done;
pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash);
- status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
+ return_value = pal_cose_crypto_hash_finish(&hash_ctx,
+ buffer_for_hash,
+ hash);
- return status;
+Done:
+ return return_value;
}
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
@@ -223,18 +177,19 @@
/* This builds the CBOR-format to-be-signed bytes */
QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part);
QCBOREncode_OpenArray(&cbor_encode_ctx);
+
/* context */
- QCBOREncode_AddSZString(&cbor_encode_ctx,
- COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+ QCBOREncode_AddSZString(&cbor_encode_ctx, COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+
/* body_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx,
- protected_headers);
- /* sign_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+ QCBOREncode_AddBytes(&cbor_encode_ctx, protected_headers);
+
+ /* sign_protected is not used for Sign1 */
/* external_aad */
QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
- /* fake payload */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+
+ /* The short fake payload. */
+ QCBOREncode_AddBytesLenOnly(&cbor_encode_ctx, payload);
QCBOREncode_CloseArray(&cbor_encode_ctx);
/* Get the result and convert it to struct q_useful_buf_c representation */
@@ -242,7 +197,8 @@
if (qcbor_result)
{
/* Mainly means that the protected_headers were too big
- (which should never happen) */
+ * (which should never happen)
+ */
status = PAL_ATTEST_ERR_SIGN_STRUCT;
goto Done;
}
@@ -257,90 +213,129 @@
if (status)
goto Done;
- /* Hash the first part of the TBS. Take all but the last two
- * bytes. The last two bytes are the fake payload from above. It
- * is replaced by the real payload which is hashed next. The fake
- * payload is needed so the array count is right. This is one of
- * the main things that make it possible to implement with one
- * buffer for the whole cose sign1.
+ /* This is hashing of the first part, all the CBOR
+ * except the payload.
*/
- pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part,
- tbs_first_part.len - 2));
+ pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, tbs_first_part.len));
- /* Hash the payload */
+ /* Hash the payload, the second part. */
pal_cose_crypto_hash_update(&hash_ctx, payload);
/* Finish the hash and set up to return it */
- status = pal_cose_crypto_hash_finish(&hash_ctx,
- buffer_for_hash,
- hash);
+ status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
Done:
return status;
}
-uint32_t pal_import_attest_key(int32_t alg)
+static uint32_t pal_import_attest_key(psa_algorithm_t key_alg)
{
- psa_key_type_t attest_key_type;
- size_t public_key_size;
- psa_status_t status = PSA_SUCCESS;
+ psa_status_t status = PAL_ATTEST_ERROR;
+ psa_key_usage_t usage = PSA_KEY_USAGE_VERIFY;
+ psa_ecc_curve_t psa_curve = attest_map_elliptic_curve_type(P_256);
+ psa_key_type_t attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
+ size_t public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
+
+#if defined(CRYPTO_VERSION_BETA1) || defined(CRYPTO_VERSION_BETA2)
psa_key_policy_t policy;
- psa_ecc_curve_t psa_curve;
- psa_key_handle_t public_key_handle;
- /* Mapping of COSE curve type to PSA curve types */
- psa_curve = attest_map_elliptic_curve_type(P_256);
- if (psa_curve == USHRT_MAX)
- return PAL_ATTEST_ERROR;
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
- /* Setup the key policy for public key */
- policy = psa_key_policy_init();
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg);
+ /* Setup the key policy for public key */
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage(&policy, usage, key_alg);
- status = psa_allocate_key(&public_key_handle);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_allocate_key(&public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- status = psa_set_key_policy(public_key_handle, &policy);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_set_key_policy(public_key_handle, &policy);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
-
- /* Register public key to crypto service */
- public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
-
- status = psa_import_key(public_key_handle,
+ /* Import the public key */
+ status = psa_import_key(public_key_handle,
attest_key_type,
- (const uint8_t *)&attest_public_key,
+ (const uint8_t *)&attest_public_key,
public_key_size + 1);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+
+#elif defined(CRYPTO_VERSION_BETA3)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
+
+ /* Set the attributes for the public key */
+ psa_set_key_type(&attributes, attest_key_type);
+ psa_set_key_bits(&attributes, public_key_size + 1);
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, key_alg);
+
+ /* Import the public key */
+ status = psa_import_key(&attributes,
+ (const uint8_t *)&attest_public_key,
+ public_key_size + 1,
+ &public_key_handle);
+
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+#endif
return status;
}
+static uint32_t pal_destroy_attest_key(void)
+{
+ psa_status_t status;
+
+ if (!public_key_registered)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ status = psa_destroy_key(public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 0;
+
+ return PAL_ATTEST_SUCCESS;
+}
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id,
struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ int32_t status = PAL_ATTEST_ERROR;
+ psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
- if (!public_key_registered)
- {
- status = pal_import_attest_key(cose_algorithm_id);
- if (status != PAL_ATTEST_SUCCESS)
- return status;
+ /* Register the attestation public key */
+ status = pal_import_attest_key(key_alg);
+ if (status != PAL_ATTEST_SUCCESS)
+ return status;
- public_key_registered = 1;
- }
-
-/*
- * Enable the verify function when Trusted Firmare - M Supports
-
- * Verify the signature a hash or short message using a public key.
+ /* Verify the signature */
status = psa_asymmetric_verify(public_key_handle,
- cose_algorithm_id, token_hash.ptr, token_hash.len,
- signature.ptr, signature.len);
-*/
- return status;
+ key_alg, token_hash.ptr, token_hash.len,
+ signature.ptr, signature.len);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_SIGNATURE_FAIL;
+
+ /* Unregister the attestation public key */
+ status = pal_destroy_attest_key();
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ return PAL_ATTEST_SUCCESS;
}
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.h
index 2d63ad1..2175e65 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_crypto.h
@@ -22,9 +22,9 @@
typedef struct{
uint8_t *pubx_key;
- uint32_t pubx_key_size;
+ size_t pubx_key_size;
uint8_t *puby_key;
- uint32_t puby_key_size;
+ size_t puby_key_size;
} ecc_key_t;
struct ecc_public_key_t {
@@ -48,11 +48,11 @@
};
struct pal_cose_crypto_hash {
- /* Can't put the actual size here without creating dependecy on
- * actual hash implementation, so this is a fairly large and
- * accommodating size.
- */
- uint8_t bytes[128];
+ union {
+ void *ptr;
+ uint64_t handle;
+ } context;
+ int64_t status;
};
struct pal_cose_psa_crypto_hash {
@@ -95,7 +95,6 @@
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers,
struct q_useful_buf_c payload);
-uint32_t pal_import_attest_key(int32_t alg);
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.c
index 178fdc9..60c7164 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.c
@@ -29,7 +29,7 @@
QCBORError qcbor_result;
QCBOREncodeContext cbor_encode_ctx;
int32_t cose_curve_id = P_256;
- struct q_useful_buf_c encoded_key_id;
+ struct q_useful_buf_c encoded_key_id;
/* Get the public key x and y */
/* Encode it into a COSE_Key structure */
@@ -136,26 +136,18 @@
}
static int parse_unprotected_headers(QCBORDecodeContext *decode_context,
- struct q_useful_buf_c *child,
- bool *loop_back)
+ struct q_useful_buf_c *child)
{
struct items_to_get_t item_list[3];
item_list[0].label = COSE_HEADER_PARAM_KID;
- item_list[1].label = T_COSE_SHORT_CIRCUIT_LABEL;
- item_list[2].label = 0;
- *loop_back = false;
+ item_list[1].label = 0;
if (get_items_in_map(decode_context, item_list))
{
return PAL_ATTEST_ERROR;
}
- if (item_list[1].item.uDataType == QCBOR_TYPE_TRUE)
- {
- *loop_back = true;
- }
-
if (item_list[0].item.uDataType != QCBOR_TYPE_BYTE_STRING)
{
return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
@@ -324,11 +316,10 @@
token_size : Size of the token buffer
@return - error status
**/
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size)
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size)
{
int32_t status = PAL_ATTEST_SUCCESS;
- bool short_circuit;
int32_t cose_algorithm_id;
QCBORItem item;
QCBORDecodeContext decode_context;
@@ -412,8 +403,7 @@
return status;
/* Parse the unprotected headers and check the data type and value */
- short_circuit = false;
- status = parse_unprotected_headers(&decode_context, &kid, &short_circuit);
+ status = parse_unprotected_headers(&decode_context, &kid);
if (status != PAL_ATTEST_SUCCESS)
return status;
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.h
index 8a0c545..e7449a0 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_eat.h
@@ -140,8 +140,7 @@
1 << (EAT_CBOR_ARM_RANGE_BASE \
- EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS))
-#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \
- 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID)
+#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT)
#define NULL_USEFUL_BUF_C NULLUsefulBufC
@@ -158,6 +157,8 @@
PAL_ATTEST_HASH_BUFFER_SIZE,
PAL_ATTEST_ERR_PROTECTED_HEADERS,
PAL_ATTEST_ERR_SIGN_STRUCT,
+ PAL_ATTEST_ERR_KEY_FAIL,
+ PAL_ATTEST_ERR_SIGNATURE_FAIL,
PAL_ATTEST_ERROR,
};
@@ -166,5 +167,5 @@
QCBORItem item;
};
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size);
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_intf.c
index 2d99f74..83c1ebd 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_intf.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe/initial_attestation/pal_attestation_intf.c
@@ -27,25 +27,27 @@
int32_t pal_attestation_function(int type, va_list valist)
{
uint8_t *challenge, *token;
- uint32_t challenge_size, *token_size, verify_token_size;
+ size_t challenge_size, *token_size, verify_token_size, token_buffer_size;
switch (type)
{
case PAL_INITIAL_ATTEST_GET_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- token_size = va_arg(valist, uint32_t*);
- return psa_initial_attest_get_token(challenge, challenge_size, token, token_size);
+ token_buffer_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
+ return psa_initial_attest_get_token(challenge, challenge_size, token, token_buffer_size,
+ token_size);
case PAL_INITIAL_ATTEST_GET_TOKEN_SIZE:
- challenge_size = va_arg(valist, uint32_t);
- token_size = va_arg(valist, uint32_t*);
+ challenge_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
return psa_initial_attest_get_token_size(challenge_size, token_size);
case PAL_INITIAL_ATTEST_VERIFY_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- verify_token_size = va_arg(valist, uint32_t);
+ verify_token_size = va_arg(valist, size_t);
return pal_initial_attest_verify_token(challenge, challenge_size,
token, verify_token_size);
default:
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/common/pal_config.h
index 289dc5d..2871339 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/common/pal_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/common/pal_config.h
@@ -40,6 +40,9 @@
#define SP_HEAP_MEM_SUPP
#endif /* PSA_CMAKE_BUILD */
+/* Version of crypto spec used in attestation */
+#define CRYPTO_VERSION_BETA2
+
/*
* Include of PSA defined Header files
*/
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_config_check.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_config_check.h
index f18a785..443e0bc 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_config_check.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_config_check.h
@@ -94,13 +94,13 @@
#error "ARCH_TEST_CTR_AES defined, but not all prerequisites"
#endif
-#if (defined(ARCH_TEST_CBC_AES)|| defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
+#if (defined(ARCH_TEST_CBC_AES) || defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
(!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_AES defined, but not all prerequisites"
#endif
#if (defined(ARCH_TEST_CBC_NO_PADDING)) &&\
- (!defined(ARCH_TEST_CIPER) ||!defined(ARCH_TEST_CIPER_MODE_CBC))
+ (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_NO_PADDING defined, but not all prerequisites"
#endif
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_intf.c
index 3df6aa8..fd2e055 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_intf.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_intf.c
@@ -28,96 +28,124 @@
**/
int32_t pal_crypto_function(int type, va_list valist)
{
- int i;
- size_t size, *length, salt_length, label_length, ciphertext_size;
- uint8_t *buffer, *ciphertext;
- const uint8_t *salt, *label, *nonce, *additional_data;
- uint8_t *plaintext;
- uint32_t status;
- const void *extra;
- size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length;
- psa_key_handle_t handle, *key_handle, target_handle;
- psa_key_type_t key_type, *key_type_out;
- psa_key_policy_t *policy;
- psa_key_usage_t usage, *usage_out;
- psa_key_lifetime_t *lifetime_out;
- psa_algorithm_t alg, *alg_out;
- psa_hash_operation_t *hash_operation;
- psa_mac_operation_t *mac_operation;
- psa_cipher_operation_t *cipher_operation;
- psa_crypto_generator_t *generator;
-
+ int i;
+ psa_status_t status;
+ uint8_t *buffer, *ciphertext, *plaintext;
+ const uint8_t *nonce, *additional_data, *salt, *peer;
+ size_t *length, size, ciphertext_size, nonce_length;
+ size_t salt_length, peer_length, additional_data_length;
+ size_t *tag_length, plaintext_size;
+ psa_aead_operation_t *aead_operation;
+ psa_key_attributes_t *attributes;
+ psa_key_handle_t *handle, key_handle;
+ psa_key_type_t *key_type_out, key_type;
+ psa_key_usage_t *usage_out, usage;
+ psa_key_id_t *key_id_out, key_id;
+ psa_key_lifetime_t *key_lifetime_out, key_lifetime;
+ psa_algorithm_t *key_alg_out, key_alg, alg;
+ psa_hash_operation_t *hash_operation, *target_operation;
+ psa_mac_operation_t *mac_operation;
+ psa_cipher_operation_t *cipher_operation;
+ psa_key_derivation_operation_t *derive_operation;
+ psa_key_derivation_step_t step;
switch (type)
{
case PAL_CRYPTO_INIT:
return psa_crypto_init();
case PAL_CRYPTO_GENERATE_RANDOM:
- buffer = va_arg(valist, uint8_t*);
+ buffer = va_arg(valist, uint8_t *);
size = va_arg(valist, int);
return psa_generate_random(buffer, size);
case PAL_CRYPTO_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ buffer = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ status = psa_import_key(attributes, buffer, size, handle);
+ return status;
+ case PAL_CRYPTO_SET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
key_type = va_arg(valist, psa_key_type_t);
- buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- status = psa_import_key(handle, key_type, buffer, size);
- return status;
+ psa_set_key_type(attributes, key_type);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ size = va_arg(valist, size_t);
+ psa_set_key_bits(attributes, size);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ATTRIBUTES:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ return psa_get_key_attributes(key_handle, attributes);
+ case PAL_CRYPTO_GET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_type_out = va_arg(valist, psa_key_type_t *);
+ *key_type_out = psa_get_key_type(attributes);
+ return 0;
case PAL_CRYPTO_EXPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_public_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_KEY_POLICY_INIT:
- policy = va_arg(valist, psa_key_policy_t*);
- memset(policy, 0, sizeof(psa_key_policy_t));
- return 0;
- case PAL_CRYPTO_KEY_POLICY_SET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
usage = va_arg(valist, psa_key_usage_t);
- alg = va_arg(valist, psa_algorithm_t);
- psa_key_policy_set_usage(policy, usage, alg);
+ psa_set_key_usage_flags(attributes, usage);
return 0;
- case PAL_CRYPTO_SET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_set_key_policy(handle, policy);
- case PAL_CRYPTO_DESTROY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- status = psa_destroy_key(handle);
- return status;
- case PAL_CRYPTO_GET_KEY_INFORMATION:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type_out = va_arg(valist, psa_key_type_t*);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_get_key_information(handle, key_type_out, length);
- return status;
- case PAL_CRYPTO_GET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_get_key_policy(handle, policy);
- case PAL_CRYPTO_KEY_POLICY_GET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
- usage_out = va_arg(valist, psa_key_usage_t*);
- *usage_out = psa_key_policy_get_usage(policy);
+ case PAL_CRYPTO_RESET_KEY_ATTRIBUTES:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ psa_reset_key_attributes(attributes);
return 0;
- case PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM:
- policy = va_arg(valist, psa_key_policy_t*);
- alg_out = va_arg(valist, psa_algorithm_t*);
- *alg_out = psa_key_policy_get_algorithm(policy);
+ case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_public_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id = va_arg(valist, psa_key_id_t);
+ psa_set_key_id(attributes, key_id);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_LIFETIME:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime = va_arg(valist, psa_key_lifetime_t);
+ psa_set_key_lifetime(attributes, key_lifetime);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg = va_arg(valist, psa_algorithm_t);
+ psa_set_key_algorithm(attributes, key_alg);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id_out = va_arg(valist, psa_key_id_t *);
+ *key_id_out = psa_get_key_id(attributes);
return 0;
case PAL_CRYPTO_GET_KEY_LIFETIME:
- handle = (psa_key_handle_t)va_arg(valist, int);
- lifetime_out = va_arg(valist, psa_key_lifetime_t*);
- return psa_get_key_lifetime(handle, lifetime_out);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime_out = va_arg(valist, psa_key_lifetime_t *);
+ *key_lifetime_out = psa_get_key_lifetime(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ usage_out = va_arg(valist, psa_key_usage_t *);
+ *usage_out = psa_get_key_usage_flags(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg_out = va_arg(valist, psa_algorithm_t *);
+ *key_alg_out = psa_get_key_algorithm(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ length = va_arg(valist, size_t *);
+ *length = psa_get_key_bits(attributes);
+ return 0;
+ case PAL_CRYPTO_DESTROY_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_destroy_key(key_handle);
case PAL_CRYPTO_HASH_SETUP:
hash_operation = va_arg(valist, psa_hash_operation_t*);
alg = va_arg(valist, psa_algorithm_t);
@@ -141,44 +169,31 @@
case PAL_CRYPTO_HASH_ABORT:
hash_operation = va_arg(valist, psa_hash_operation_t*);
return psa_hash_abort(hash_operation);
- case PAL_CRYPTO_GENERATE_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- extra = va_arg(valist, const void*);
- extra_size = va_arg(valist, size_t);
- return psa_generate_key(handle, key_type, size, extra, extra_size);
- case PAL_CRYPTO_GENERATOR_READ:
- generator = va_arg(valist, psa_crypto_generator_t*);
+ case PAL_CRYPTO_HASH_COMPUTE:
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- return psa_generator_read(generator, buffer, size);
- case PAL_CRYPTO_KEY_DERIVATION:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_hash_compute(alg, plaintext, plaintext_size, buffer, size, length);
+ case PAL_CRYPTO_HASH_COMPARE:
alg = va_arg(valist, psa_algorithm_t);
- salt = va_arg(valist, const uint8_t *);
- salt_length = va_arg(valist, size_t);
- label = va_arg(valist, const uint8_t *);
- label_length = va_arg(valist, size_t);
- capacity = va_arg(valist, size_t);
- return psa_key_derivation(generator, handle, alg, salt, salt_length, label,
- label_length, capacity);
- case PAL_CRYPTO_GET_GENERATOR_CAPACITY:
- generator = va_arg(valist, psa_crypto_generator_t*);
- gen_cap = va_arg(valist, size_t*);
- return psa_get_generator_capacity(generator, gen_cap);
- case PAL_CRYPTO_GENERATOR_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_import_key(handle, key_type, size, generator);
- case PAL_CRYPTO_GENERATOR_ABORT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_abort(generator);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_hash_compare(alg, plaintext, plaintext_size, buffer, size);
+ case PAL_CRYPTO_HASH_CLONE:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ target_operation = va_arg(valist, psa_hash_operation_t*);
+ return psa_hash_clone(hash_operation, target_operation);
+ case PAL_CRYPTO_GENERATE_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_generate_key(attributes, handle);
case PAL_CRYPTO_AEAD_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -189,10 +204,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_encrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
+ return psa_aead_encrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
case PAL_CRYPTO_AEAD_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -203,13 +218,74 @@
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_decrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ return psa_aead_decrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ case PAL_CRYPTO_AEAD_ENCRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_encrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_DECRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_decrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_GENERATE_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_generate_nonce(aead_operation, buffer, size, length);
+ case PAL_CRYPTO_AEAD_SET_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_set_nonce(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_SET_LENGTHS:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ size = va_arg(valist, size_t);
+ plaintext_size = va_arg(valist, size_t);
+ return psa_aead_set_lengths(aead_operation, size, plaintext_size);
+ case PAL_CRYPTO_AEAD_UPDATE_AD:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_update_ad(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_UPDATE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_aead_update(aead_operation, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_AEAD_FINISH:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ tag_length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_finish(aead_operation, ciphertext, ciphertext_size, length, buffer,
+ size, tag_length);
+ case PAL_CRYPTO_AEAD_VERIFY:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_verify(aead_operation, plaintext, plaintext_size, length, buffer, size);
+ case PAL_CRYPTO_AEAD_ABORT:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ return psa_aead_abort(aead_operation);
case PAL_CRYPTO_MAC_SIGN_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_sign_setup(mac_operation, handle, alg);
+ return psa_mac_sign_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_UPDATE:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -223,9 +299,9 @@
return psa_mac_sign_finish(mac_operation, buffer, size, length);
case PAL_CRYPTO_MAC_VERIFY_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_verify_setup(mac_operation, handle, alg);
+ return psa_mac_verify_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_VERIFY_FINISH:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -234,8 +310,27 @@
case PAL_CRYPTO_MAC_ABORT:
mac_operation = va_arg(valist, psa_mac_operation_t*);
return psa_mac_abort(mac_operation);
+ case PAL_CRYPTO_MAC_COMPUTE:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_mac_compute(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_MAC_VERIFY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ return psa_mac_verify(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size);
case PAL_CRYPTO_ASYMMTERIC_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -244,10 +339,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_encrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_encrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_ASYMMTERIC_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -256,18 +351,18 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_decrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_decrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_encrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_encrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_DECRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_decrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_decrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_GENERATE_IV:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
buffer = va_arg(valist, uint8_t*);
@@ -287,7 +382,7 @@
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_cipher_update(cipher_operation, plaintext, size, ciphertext, ciphertext_size,
- length);
+ length);
case PAL_CRYPTO_CIPHER_FINISH:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
ciphertext = va_arg(valist, uint8_t *);
@@ -297,39 +392,110 @@
case PAL_CRYPTO_CIPHER_ABORT:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
return psa_cipher_abort(cipher_operation);
+ case PAL_CRYPTO_CIPHER_ENCRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_encrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
+ case PAL_CRYPTO_CIPHER_DECRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_decrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_SIGN:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_sign(handle, alg, buffer, size, ciphertext, ciphertext_size,
- length);
+ return psa_asymmetric_sign(key_handle, alg, buffer, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_VERIFY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
- return psa_asymmetric_verify(handle, alg, buffer, size, ciphertext, ciphertext_size);
- case PAL_CRYPTO_KEY_AGREEMENT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_asymmetric_verify(key_handle, alg, buffer, size, ciphertext,
+ ciphertext_size);
+ case PAL_CRYPTO_RAW_KEY_AGREEMENT:
+ alg = va_arg(valist, psa_algorithm_t);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
- alg = va_arg(valist, psa_algorithm_t);
- return psa_key_agreement(generator, handle, buffer, size, alg);
- case PAL_CRYPTO_ALLOCATE_KEY:
- key_handle = (psa_key_handle_t *)va_arg(valist, int*);
- return psa_allocate_key(key_handle);
+ length = va_arg(valist, size_t*);
+ return psa_raw_key_agreement(alg, key_handle, peer, peer_length, buffer, size, length);
case PAL_CRYPTO_COPY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- target_handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_copy_key(handle, target_handle, policy);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_copy_key(key_handle, attributes, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SETUP:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_key_derivation_setup(derive_operation, alg);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_input_bytes(derive_operation, step, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_key_derivation_input_key(derive_operation, step, key_handle);
+ case PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
+ return psa_key_derivation_key_agreement(derive_operation, step, key_handle, peer,
+ peer_length);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_output_bytes(derive_operation, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_key_derivation_output_key(attributes, derive_operation, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_set_capacity(derive_operation, size);
+ case PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ length = va_arg(valist, size_t *);
+ return psa_key_derivation_get_capacity(derive_operation, length);
+ case PAL_CRYPTO_KEY_DERIVATION_ABORT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ return psa_key_derivation_abort(derive_operation);
+ case PAL_CRYPTO_OPEN_KEY:
+ key_id = va_arg(valist, psa_key_id_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_open_key(key_id, handle);
+ case PAL_CRYPTO_CLOSE_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_close_key(key_handle);
case PAL_CRYPTO_FREE:
for (i = 0; i < PAL_KEY_SLOT_COUNT; i++)
psa_destroy_key(i);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_intf.h
index d1dabfa..486f793 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_intf.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/crypto/pal_crypto_intf.h
@@ -21,55 +21,82 @@
#include "pal_common.h"
enum crypto_function_code {
- PAL_CRYPTO_INIT = 0x1,
- PAL_CRYPTO_GENERATE_RANDOM = 0x2,
- PAL_CRYPTO_IMPORT_KEY = 0x3,
- PAL_CRYPTO_EXPORT_KEY = 0x4,
- PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
- PAL_CRYPTO_DESTROY_KEY = 0x6,
- PAL_CRYPTO_GET_KEY_INFO = 0x7,
- PAL_CRYPTO_KEY_POLICY_INIT = 0x8,
- PAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9,
- PAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA,
- PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB,
- PAL_CRYPTO_SET_KEY_POLICY = 0xC,
- PAL_CRYPTO_GET_KEY_POLICY = 0xD,
- PAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
- PAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
- PAL_CRYPTO_HASH_SETUP = 0x11,
- PAL_CRYPTO_HASH_UPDATE = 0x12,
- PAL_CRYPTO_HASH_VERIFY = 0x13,
- PAL_CRYPTO_HASH_FINISH = 0x14,
- PAL_CRYPTO_HASH_ABORT = 0x15,
- PAL_CRYPTO_GENERATE_KEY = 0x16,
- PAL_CRYPTO_GENERATOR_READ = 0x17,
- PAL_CRYPTO_KEY_DERIVATION = 0x18,
- PAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
- PAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
- PAL_CRYPTO_GENERATOR_ABORT = 0x1B,
- PAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
- PAL_CRYPTO_AEAD_DECRYPT = 0x1D,
- PAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
- PAL_CRYPTO_MAC_UPDATE = 0x1F,
- PAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
- PAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
- PAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
- PAL_CRYPTO_MAC_ABORT = 0x23,
- PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
- PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
- PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
- PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
- PAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
- PAL_CRYPTO_CIPHER_SET_IV = 0x2C,
- PAL_CRYPTO_CIPHER_UPDATE = 0x2D,
- PAL_CRYPTO_CIPHER_FINISH = 0x2E,
- PAL_CRYPTO_CIPHER_ABORT = 0x2F,
- PAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
- PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
- PAL_CRYPTO_KEY_AGREEMENT = 0x32,
- PAL_CRYPTO_ALLOCATE_KEY = 0x33,
- PAL_CRYPTO_COPY_KEY = 0x34,
- PAL_CRYPTO_FREE = 0xFE,
+ PAL_CRYPTO_INIT = 0x1,
+ PAL_CRYPTO_GENERATE_RANDOM = 0x2,
+ PAL_CRYPTO_IMPORT_KEY = 0x3,
+ PAL_CRYPTO_EXPORT_KEY = 0x4,
+ PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
+ PAL_CRYPTO_DESTROY_KEY = 0x6,
+ PAL_CRYPTO_HASH_SETUP = 0x7,
+ PAL_CRYPTO_HASH_UPDATE = 0x8,
+ PAL_CRYPTO_HASH_VERIFY = 0x9,
+ PAL_CRYPTO_HASH_FINISH = 0xA,
+ PAL_CRYPTO_HASH_ABORT = 0xB,
+ PAL_CRYPTO_GENERATE_KEY = 0xC,
+ PAL_CRYPTO_AEAD_ENCRYPT = 0xD,
+ PAL_CRYPTO_AEAD_DECRYPT = 0xE,
+ PAL_CRYPTO_MAC_SIGN_SETUP = 0xF,
+ PAL_CRYPTO_MAC_UPDATE = 0x10,
+ PAL_CRYPTO_MAC_SIGN_FINISH = 0x11,
+ PAL_CRYPTO_MAC_VERIFY_SETUP = 0x12,
+ PAL_CRYPTO_MAC_VERIFY_FINISH = 0x13,
+ PAL_CRYPTO_MAC_ABORT = 0x14,
+ PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x15,
+ PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x16,
+ PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x17,
+ PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x18,
+ PAL_CRYPTO_CIPHER_GENERATE_IV = 0x19,
+ PAL_CRYPTO_CIPHER_SET_IV = 0x1A,
+ PAL_CRYPTO_CIPHER_UPDATE = 0x1B,
+ PAL_CRYPTO_CIPHER_FINISH = 0x1C,
+ PAL_CRYPTO_CIPHER_ABORT = 0x1D,
+ PAL_CRYPTO_ASYMMTERIC_SIGN = 0x1E,
+ PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x1F,
+ PAL_CRYPTO_COPY_KEY = 0x20,
+ PAL_CRYPTO_SET_KEY_TYPE = 0x21,
+ PAL_CRYPTO_SET_KEY_BITS = 0x22,
+ PAL_CRYPTO_GET_KEY_ATTRIBUTES = 0x23,
+ PAL_CRYPTO_GET_KEY_TYPE = 0x24,
+ PAL_CRYPTO_SET_KEY_USAGE_FLAGS = 0x25,
+ PAL_CRYPTO_RESET_KEY_ATTRIBUTES = 0x26,
+ PAL_CRYPTO_SET_KEY_ID = 0x27,
+ PAL_CRYPTO_SET_KEY_LIFETIME = 0x28,
+ PAL_CRYPTO_SET_KEY_ALGORITHM = 0x29,
+ PAL_CRYPTO_GET_KEY_ID = 0x2A,
+ PAL_CRYPTO_GET_KEY_LIFETIME = 0x2B,
+ PAL_CRYPTO_GET_KEY_USAGE_FLAGS = 0x2C,
+ PAL_CRYPTO_GET_KEY_ALGORITHM = 0x2D,
+ PAL_CRYPTO_GET_KEY_BITS = 0x2E,
+ PAL_CRYPTO_HASH_COMPUTE = 0x2F,
+ PAL_CRYPTO_HASH_COMPARE = 0x30,
+ PAL_CRYPTO_KEY_DERIVATION_SETUP = 0x31,
+ PAL_CRYPTO_KEY_DERIVATION_ABORT = 0x32,
+ PAL_CRYPTO_RAW_KEY_AGREEMENT = 0x33,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES = 0x34,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY = 0x35,
+ PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT = 0x36,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES = 0x37,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY = 0x38,
+ PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY = 0x39,
+ PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY = 0x3A,
+ PAL_CRYPTO_HASH_CLONE = 0x3B,
+ PAL_CRYPTO_MAC_COMPUTE = 0x3C,
+ PAL_CRYPTO_MAC_VERIFY = 0x3D,
+ PAL_CRYPTO_CIPHER_ENCRYPT = 0x3F,
+ PAL_CRYPTO_CIPHER_DECRYPT = 0x40,
+ PAL_CRYPTO_OPEN_KEY = 0x41,
+ PAL_CRYPTO_CLOSE_KEY = 0x42,
+ PAL_CRYPTO_AEAD_ENCRYPT_SETUP = 0x43,
+ PAL_CRYPTO_AEAD_DECRYPT_SETUP = 0x44,
+ PAL_CRYPTO_AEAD_GENERATE_NONCE = 0x45,
+ PAL_CRYPTO_AEAD_SET_NONCE = 0x46,
+ PAL_CRYPTO_AEAD_SET_LENGTHS = 0X47,
+ PAL_CRYPTO_AEAD_UPDATE_AD = 0x48,
+ PAL_CRYPTO_AEAD_UPDATE = 0x49,
+ PAL_CRYPTO_AEAD_FINISH = 0x4A,
+ PAL_CRYPTO_AEAD_VERIFY = 0x4B,
+ PAL_CRYPTO_AEAD_ABORT = 0x4C,
+ PAL_CRYPTO_FREE = 0xFE,
};
int32_t pal_crypto_function(int type, va_list valist);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_crypto.c
index ae2bdba..38ed283 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_crypto.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_crypto.c
@@ -17,24 +17,14 @@
#include "pal_attestation_crypto.h"
-static uint32_t public_key_registered = 0;
-
+static uint32_t public_key_registered;
+static psa_key_handle_t public_key_handle;
static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf,
size_t amount)
{
return UsefulBuf_Head(buf, amount);
}
-static uint32_t check_hash_sizes(void)
-{
- if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256))
- {
- return PAL_ATTEST_HASH_FAIL;
- }
-
- return PAL_ATTEST_SUCCESS;
-}
-
static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve)
{
psa_ecc_curve_t psa_curve;
@@ -82,130 +72,94 @@
int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id)
{
- int32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t psa_alg;
- cose_ret = check_hash_sizes();
- if (cose_ret)
- {
- goto error;
- }
+ /* Map the algorithm ID */
+ psa_alg = cose_hash_alg_id_to_psa(cose_hash_alg_id);
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Actually do the hash set up */
+ hash_ctx->status = psa_hash_setup(&psa_hash, psa_alg);
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
- psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id));
+ /* Copy the PSA handle back into the context */
+ hash_ctx->context.handle = psa_hash.handle;
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- psa_hash_ctx->status = PAL_ATTEST_SUCCESS;
- cose_ret = PAL_ATTEST_SUCCESS;
- }
- else if (psa_ret == PSA_ERROR_NOT_SUPPORTED)
- {
- cose_ret = PAL_ATTEST_HASH_UNSUPPORTED;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
-
-error:
- return cose_ret;
+ /* Map errors and return */
+ return (psa_status_t)hash_ctx->status;
}
void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf_c data_to_hash)
{
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
+
+ if (hash_ctx->status != PSA_SUCCESS)
+ return;
+
+ if (data_to_hash.ptr == NULL) {
+ /* No data was passed in to be hashed indicating the mode of use is
+ * the computation of the size of hash. This mode is hashing is used
+ * by t_cose when it is requested to compute the size of the signed
+ * data it might compute, which is in turn used to compute the
+ * size of a would be token. When computing the size, the size
+ * like this, there is nothing to do in update()
+ */
return;
}
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ /* Actually hash the data */
+ hash_ctx->status = psa_hash_update(&psa_hash, data_to_hash.ptr, data_to_hash.len);
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- if (data_to_hash.ptr != NULL)
- {
- psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation,
- data_to_hash.ptr,
- data_to_hash.len);
- }
- else
- {
- /* Intentionally do nothing, just computing the size of the token */
- }
- }
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
}
int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf buffer_to_hold_result,
struct q_useful_buf_c *hash_result)
{
- uint32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ if (hash_ctx->status != PSA_SUCCESS)
+ goto Done;
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- psa_ret = psa_hash_finish(&psa_hash_ctx->operation,
- buffer_to_hold_result.ptr,
- buffer_to_hold_result.len,
- &(hash_result->len));
+ /* Actually finish up the hash */
+ hash_ctx->status = psa_hash_finish(&psa_hash, buffer_to_hold_result.ptr,
+ buffer_to_hold_result.len, &(hash_result->len));
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- hash_result->ptr = buffer_to_hold_result.ptr;
- cose_ret = 0;
- }
- else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL)
- {
- cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
+ hash_result->ptr = buffer_to_hold_result.ptr;
-error:
- return cose_ret;
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
+
+Done:
+ return ((psa_status_t)hash_ctx->status);
+
}
int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ uint32_t return_value = 0;
struct pal_cose_crypto_hash hash_ctx;
- status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
- if (status)
- return status;
+ return_value = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
+ if (return_value)
+ goto Done;
pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash);
- status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
+ return_value = pal_cose_crypto_hash_finish(&hash_ctx,
+ buffer_for_hash,
+ hash);
- return status;
+Done:
+ return return_value;
}
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
@@ -223,18 +177,19 @@
/* This builds the CBOR-format to-be-signed bytes */
QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part);
QCBOREncode_OpenArray(&cbor_encode_ctx);
+
/* context */
- QCBOREncode_AddSZString(&cbor_encode_ctx,
- COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+ QCBOREncode_AddSZString(&cbor_encode_ctx, COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+
/* body_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx,
- protected_headers);
- /* sign_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+ QCBOREncode_AddBytes(&cbor_encode_ctx, protected_headers);
+
+ /* sign_protected is not used for Sign1 */
/* external_aad */
QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
- /* fake payload */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+
+ /* The short fake payload. */
+ QCBOREncode_AddBytesLenOnly(&cbor_encode_ctx, payload);
QCBOREncode_CloseArray(&cbor_encode_ctx);
/* Get the result and convert it to struct q_useful_buf_c representation */
@@ -242,7 +197,8 @@
if (qcbor_result)
{
/* Mainly means that the protected_headers were too big
- (which should never happen) */
+ * (which should never happen)
+ */
status = PAL_ATTEST_ERR_SIGN_STRUCT;
goto Done;
}
@@ -257,90 +213,129 @@
if (status)
goto Done;
- /* Hash the first part of the TBS. Take all but the last two
- * bytes. The last two bytes are the fake payload from above. It
- * is replaced by the real payload which is hashed next. The fake
- * payload is needed so the array count is right. This is one of
- * the main things that make it possible to implement with one
- * buffer for the whole cose sign1.
+ /* This is hashing of the first part, all the CBOR
+ * except the payload.
*/
- pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part,
- tbs_first_part.len - 2));
+ pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, tbs_first_part.len));
- /* Hash the payload */
+ /* Hash the payload, the second part. */
pal_cose_crypto_hash_update(&hash_ctx, payload);
/* Finish the hash and set up to return it */
- status = pal_cose_crypto_hash_finish(&hash_ctx,
- buffer_for_hash,
- hash);
+ status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
Done:
return status;
}
-uint32_t pal_import_attest_key(int32_t alg)
+static uint32_t pal_import_attest_key(psa_algorithm_t key_alg)
{
- psa_key_type_t attest_key_type;
- size_t public_key_size;
- psa_status_t status = PSA_SUCCESS;
+ psa_status_t status = PAL_ATTEST_ERROR;
+ psa_key_usage_t usage = PSA_KEY_USAGE_VERIFY;
+ psa_ecc_curve_t psa_curve = attest_map_elliptic_curve_type(P_256);
+ psa_key_type_t attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
+ size_t public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
+
+#if defined(CRYPTO_VERSION_BETA1) || defined(CRYPTO_VERSION_BETA2)
psa_key_policy_t policy;
- psa_ecc_curve_t psa_curve;
- psa_key_handle_t public_key_handle;
- /* Mapping of COSE curve type to PSA curve types */
- psa_curve = attest_map_elliptic_curve_type(P_256);
- if (psa_curve == USHRT_MAX)
- return PAL_ATTEST_ERROR;
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
- /* Setup the key policy for public key */
- policy = psa_key_policy_init();
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg);
+ /* Setup the key policy for public key */
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage(&policy, usage, key_alg);
- status = psa_allocate_key(&public_key_handle);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_allocate_key(&public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- status = psa_set_key_policy(public_key_handle, &policy);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_set_key_policy(public_key_handle, &policy);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
-
- /* Register public key to crypto service */
- public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
-
- status = psa_import_key(public_key_handle,
+ /* Import the public key */
+ status = psa_import_key(public_key_handle,
attest_key_type,
- (const uint8_t *)&attest_public_key,
+ (const uint8_t *)&attest_public_key,
public_key_size + 1);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+
+#elif defined(CRYPTO_VERSION_BETA3)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
+
+ /* Set the attributes for the public key */
+ psa_set_key_type(&attributes, attest_key_type);
+ psa_set_key_bits(&attributes, public_key_size + 1);
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, key_alg);
+
+ /* Import the public key */
+ status = psa_import_key(&attributes,
+ (const uint8_t *)&attest_public_key,
+ public_key_size + 1,
+ &public_key_handle);
+
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+#endif
return status;
}
+static uint32_t pal_destroy_attest_key(void)
+{
+ psa_status_t status;
+
+ if (!public_key_registered)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ status = psa_destroy_key(public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 0;
+
+ return PAL_ATTEST_SUCCESS;
+}
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id,
struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ int32_t status = PAL_ATTEST_ERROR;
+ psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
- if (!public_key_registered)
- {
- status = pal_import_attest_key(cose_algorithm_id);
- if (status != PAL_ATTEST_SUCCESS)
- return status;
+ /* Register the attestation public key */
+ status = pal_import_attest_key(key_alg);
+ if (status != PAL_ATTEST_SUCCESS)
+ return status;
- public_key_registered = 1;
- }
-
-/*
- * Enable the verify function when Trusted Firmare - M Supports
-
- * Verify the signature a hash or short message using a public key.
+ /* Verify the signature */
status = psa_asymmetric_verify(public_key_handle,
- cose_algorithm_id, token_hash.ptr, token_hash.len,
- signature.ptr, signature.len);
-*/
- return status;
+ key_alg, token_hash.ptr, token_hash.len,
+ signature.ptr, signature.len);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_SIGNATURE_FAIL;
+
+ /* Unregister the attestation public key */
+ status = pal_destroy_attest_key();
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ return PAL_ATTEST_SUCCESS;
}
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_crypto.h
index 2d63ad1..2175e65 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_crypto.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_crypto.h
@@ -22,9 +22,9 @@
typedef struct{
uint8_t *pubx_key;
- uint32_t pubx_key_size;
+ size_t pubx_key_size;
uint8_t *puby_key;
- uint32_t puby_key_size;
+ size_t puby_key_size;
} ecc_key_t;
struct ecc_public_key_t {
@@ -48,11 +48,11 @@
};
struct pal_cose_crypto_hash {
- /* Can't put the actual size here without creating dependecy on
- * actual hash implementation, so this is a fairly large and
- * accommodating size.
- */
- uint8_t bytes[128];
+ union {
+ void *ptr;
+ uint64_t handle;
+ } context;
+ int64_t status;
};
struct pal_cose_psa_crypto_hash {
@@ -95,7 +95,6 @@
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers,
struct q_useful_buf_c payload);
-uint32_t pal_import_attest_key(int32_t alg);
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_eat.c
index 178fdc9..60c7164 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_eat.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_eat.c
@@ -29,7 +29,7 @@
QCBORError qcbor_result;
QCBOREncodeContext cbor_encode_ctx;
int32_t cose_curve_id = P_256;
- struct q_useful_buf_c encoded_key_id;
+ struct q_useful_buf_c encoded_key_id;
/* Get the public key x and y */
/* Encode it into a COSE_Key structure */
@@ -136,26 +136,18 @@
}
static int parse_unprotected_headers(QCBORDecodeContext *decode_context,
- struct q_useful_buf_c *child,
- bool *loop_back)
+ struct q_useful_buf_c *child)
{
struct items_to_get_t item_list[3];
item_list[0].label = COSE_HEADER_PARAM_KID;
- item_list[1].label = T_COSE_SHORT_CIRCUIT_LABEL;
- item_list[2].label = 0;
- *loop_back = false;
+ item_list[1].label = 0;
if (get_items_in_map(decode_context, item_list))
{
return PAL_ATTEST_ERROR;
}
- if (item_list[1].item.uDataType == QCBOR_TYPE_TRUE)
- {
- *loop_back = true;
- }
-
if (item_list[0].item.uDataType != QCBOR_TYPE_BYTE_STRING)
{
return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
@@ -324,11 +316,10 @@
token_size : Size of the token buffer
@return - error status
**/
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size)
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size)
{
int32_t status = PAL_ATTEST_SUCCESS;
- bool short_circuit;
int32_t cose_algorithm_id;
QCBORItem item;
QCBORDecodeContext decode_context;
@@ -412,8 +403,7 @@
return status;
/* Parse the unprotected headers and check the data type and value */
- short_circuit = false;
- status = parse_unprotected_headers(&decode_context, &kid, &short_circuit);
+ status = parse_unprotected_headers(&decode_context, &kid);
if (status != PAL_ATTEST_SUCCESS)
return status;
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_eat.h
index 8a0c545..e7449a0 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_eat.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_eat.h
@@ -140,8 +140,7 @@
1 << (EAT_CBOR_ARM_RANGE_BASE \
- EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS))
-#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \
- 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID)
+#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT)
#define NULL_USEFUL_BUF_C NULLUsefulBufC
@@ -158,6 +157,8 @@
PAL_ATTEST_HASH_BUFFER_SIZE,
PAL_ATTEST_ERR_PROTECTED_HEADERS,
PAL_ATTEST_ERR_SIGN_STRUCT,
+ PAL_ATTEST_ERR_KEY_FAIL,
+ PAL_ATTEST_ERR_SIGNATURE_FAIL,
PAL_ATTEST_ERROR,
};
@@ -166,5 +167,5 @@
QCBORItem item;
};
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size);
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_intf.c
index 2d99f74..83c1ebd 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_intf.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_an524/nspe/initial_attestation/pal_attestation_intf.c
@@ -27,25 +27,27 @@
int32_t pal_attestation_function(int type, va_list valist)
{
uint8_t *challenge, *token;
- uint32_t challenge_size, *token_size, verify_token_size;
+ size_t challenge_size, *token_size, verify_token_size, token_buffer_size;
switch (type)
{
case PAL_INITIAL_ATTEST_GET_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- token_size = va_arg(valist, uint32_t*);
- return psa_initial_attest_get_token(challenge, challenge_size, token, token_size);
+ token_buffer_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
+ return psa_initial_attest_get_token(challenge, challenge_size, token, token_buffer_size,
+ token_size);
case PAL_INITIAL_ATTEST_GET_TOKEN_SIZE:
- challenge_size = va_arg(valist, uint32_t);
- token_size = va_arg(valist, uint32_t*);
+ challenge_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
return psa_initial_attest_get_token_size(challenge_size, token_size);
case PAL_INITIAL_ATTEST_VERIFY_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- verify_token_size = va_arg(valist, uint32_t);
+ verify_token_size = va_arg(valist, size_t);
return pal_initial_attest_verify_token(challenge, challenge_size,
token, verify_token_size);
default:
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_config.h
index 289dc5d..2871339 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/common/pal_config.h
@@ -40,6 +40,9 @@
#define SP_HEAP_MEM_SUPP
#endif /* PSA_CMAKE_BUILD */
+/* Version of crypto spec used in attestation */
+#define CRYPTO_VERSION_BETA2
+
/*
* Include of PSA defined Header files
*/
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_config_check.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_config_check.h
index f18a785..443e0bc 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_config_check.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_config_check.h
@@ -94,13 +94,13 @@
#error "ARCH_TEST_CTR_AES defined, but not all prerequisites"
#endif
-#if (defined(ARCH_TEST_CBC_AES)|| defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
+#if (defined(ARCH_TEST_CBC_AES) || defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
(!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_AES defined, but not all prerequisites"
#endif
#if (defined(ARCH_TEST_CBC_NO_PADDING)) &&\
- (!defined(ARCH_TEST_CIPER) ||!defined(ARCH_TEST_CIPER_MODE_CBC))
+ (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_NO_PADDING defined, but not all prerequisites"
#endif
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.c
index 3df6aa8..fd2e055 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.c
@@ -28,96 +28,124 @@
**/
int32_t pal_crypto_function(int type, va_list valist)
{
- int i;
- size_t size, *length, salt_length, label_length, ciphertext_size;
- uint8_t *buffer, *ciphertext;
- const uint8_t *salt, *label, *nonce, *additional_data;
- uint8_t *plaintext;
- uint32_t status;
- const void *extra;
- size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length;
- psa_key_handle_t handle, *key_handle, target_handle;
- psa_key_type_t key_type, *key_type_out;
- psa_key_policy_t *policy;
- psa_key_usage_t usage, *usage_out;
- psa_key_lifetime_t *lifetime_out;
- psa_algorithm_t alg, *alg_out;
- psa_hash_operation_t *hash_operation;
- psa_mac_operation_t *mac_operation;
- psa_cipher_operation_t *cipher_operation;
- psa_crypto_generator_t *generator;
-
+ int i;
+ psa_status_t status;
+ uint8_t *buffer, *ciphertext, *plaintext;
+ const uint8_t *nonce, *additional_data, *salt, *peer;
+ size_t *length, size, ciphertext_size, nonce_length;
+ size_t salt_length, peer_length, additional_data_length;
+ size_t *tag_length, plaintext_size;
+ psa_aead_operation_t *aead_operation;
+ psa_key_attributes_t *attributes;
+ psa_key_handle_t *handle, key_handle;
+ psa_key_type_t *key_type_out, key_type;
+ psa_key_usage_t *usage_out, usage;
+ psa_key_id_t *key_id_out, key_id;
+ psa_key_lifetime_t *key_lifetime_out, key_lifetime;
+ psa_algorithm_t *key_alg_out, key_alg, alg;
+ psa_hash_operation_t *hash_operation, *target_operation;
+ psa_mac_operation_t *mac_operation;
+ psa_cipher_operation_t *cipher_operation;
+ psa_key_derivation_operation_t *derive_operation;
+ psa_key_derivation_step_t step;
switch (type)
{
case PAL_CRYPTO_INIT:
return psa_crypto_init();
case PAL_CRYPTO_GENERATE_RANDOM:
- buffer = va_arg(valist, uint8_t*);
+ buffer = va_arg(valist, uint8_t *);
size = va_arg(valist, int);
return psa_generate_random(buffer, size);
case PAL_CRYPTO_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ buffer = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ status = psa_import_key(attributes, buffer, size, handle);
+ return status;
+ case PAL_CRYPTO_SET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
key_type = va_arg(valist, psa_key_type_t);
- buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- status = psa_import_key(handle, key_type, buffer, size);
- return status;
+ psa_set_key_type(attributes, key_type);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ size = va_arg(valist, size_t);
+ psa_set_key_bits(attributes, size);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ATTRIBUTES:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ return psa_get_key_attributes(key_handle, attributes);
+ case PAL_CRYPTO_GET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_type_out = va_arg(valist, psa_key_type_t *);
+ *key_type_out = psa_get_key_type(attributes);
+ return 0;
case PAL_CRYPTO_EXPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_public_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_KEY_POLICY_INIT:
- policy = va_arg(valist, psa_key_policy_t*);
- memset(policy, 0, sizeof(psa_key_policy_t));
- return 0;
- case PAL_CRYPTO_KEY_POLICY_SET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
usage = va_arg(valist, psa_key_usage_t);
- alg = va_arg(valist, psa_algorithm_t);
- psa_key_policy_set_usage(policy, usage, alg);
+ psa_set_key_usage_flags(attributes, usage);
return 0;
- case PAL_CRYPTO_SET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_set_key_policy(handle, policy);
- case PAL_CRYPTO_DESTROY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- status = psa_destroy_key(handle);
- return status;
- case PAL_CRYPTO_GET_KEY_INFORMATION:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type_out = va_arg(valist, psa_key_type_t*);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_get_key_information(handle, key_type_out, length);
- return status;
- case PAL_CRYPTO_GET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_get_key_policy(handle, policy);
- case PAL_CRYPTO_KEY_POLICY_GET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
- usage_out = va_arg(valist, psa_key_usage_t*);
- *usage_out = psa_key_policy_get_usage(policy);
+ case PAL_CRYPTO_RESET_KEY_ATTRIBUTES:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ psa_reset_key_attributes(attributes);
return 0;
- case PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM:
- policy = va_arg(valist, psa_key_policy_t*);
- alg_out = va_arg(valist, psa_algorithm_t*);
- *alg_out = psa_key_policy_get_algorithm(policy);
+ case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_public_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id = va_arg(valist, psa_key_id_t);
+ psa_set_key_id(attributes, key_id);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_LIFETIME:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime = va_arg(valist, psa_key_lifetime_t);
+ psa_set_key_lifetime(attributes, key_lifetime);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg = va_arg(valist, psa_algorithm_t);
+ psa_set_key_algorithm(attributes, key_alg);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id_out = va_arg(valist, psa_key_id_t *);
+ *key_id_out = psa_get_key_id(attributes);
return 0;
case PAL_CRYPTO_GET_KEY_LIFETIME:
- handle = (psa_key_handle_t)va_arg(valist, int);
- lifetime_out = va_arg(valist, psa_key_lifetime_t*);
- return psa_get_key_lifetime(handle, lifetime_out);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime_out = va_arg(valist, psa_key_lifetime_t *);
+ *key_lifetime_out = psa_get_key_lifetime(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ usage_out = va_arg(valist, psa_key_usage_t *);
+ *usage_out = psa_get_key_usage_flags(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg_out = va_arg(valist, psa_algorithm_t *);
+ *key_alg_out = psa_get_key_algorithm(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ length = va_arg(valist, size_t *);
+ *length = psa_get_key_bits(attributes);
+ return 0;
+ case PAL_CRYPTO_DESTROY_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_destroy_key(key_handle);
case PAL_CRYPTO_HASH_SETUP:
hash_operation = va_arg(valist, psa_hash_operation_t*);
alg = va_arg(valist, psa_algorithm_t);
@@ -141,44 +169,31 @@
case PAL_CRYPTO_HASH_ABORT:
hash_operation = va_arg(valist, psa_hash_operation_t*);
return psa_hash_abort(hash_operation);
- case PAL_CRYPTO_GENERATE_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- extra = va_arg(valist, const void*);
- extra_size = va_arg(valist, size_t);
- return psa_generate_key(handle, key_type, size, extra, extra_size);
- case PAL_CRYPTO_GENERATOR_READ:
- generator = va_arg(valist, psa_crypto_generator_t*);
+ case PAL_CRYPTO_HASH_COMPUTE:
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- return psa_generator_read(generator, buffer, size);
- case PAL_CRYPTO_KEY_DERIVATION:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_hash_compute(alg, plaintext, plaintext_size, buffer, size, length);
+ case PAL_CRYPTO_HASH_COMPARE:
alg = va_arg(valist, psa_algorithm_t);
- salt = va_arg(valist, const uint8_t *);
- salt_length = va_arg(valist, size_t);
- label = va_arg(valist, const uint8_t *);
- label_length = va_arg(valist, size_t);
- capacity = va_arg(valist, size_t);
- return psa_key_derivation(generator, handle, alg, salt, salt_length, label,
- label_length, capacity);
- case PAL_CRYPTO_GET_GENERATOR_CAPACITY:
- generator = va_arg(valist, psa_crypto_generator_t*);
- gen_cap = va_arg(valist, size_t*);
- return psa_get_generator_capacity(generator, gen_cap);
- case PAL_CRYPTO_GENERATOR_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_import_key(handle, key_type, size, generator);
- case PAL_CRYPTO_GENERATOR_ABORT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_abort(generator);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_hash_compare(alg, plaintext, plaintext_size, buffer, size);
+ case PAL_CRYPTO_HASH_CLONE:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ target_operation = va_arg(valist, psa_hash_operation_t*);
+ return psa_hash_clone(hash_operation, target_operation);
+ case PAL_CRYPTO_GENERATE_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_generate_key(attributes, handle);
case PAL_CRYPTO_AEAD_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -189,10 +204,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_encrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
+ return psa_aead_encrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
case PAL_CRYPTO_AEAD_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -203,13 +218,74 @@
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_decrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ return psa_aead_decrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ case PAL_CRYPTO_AEAD_ENCRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_encrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_DECRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_decrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_GENERATE_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_generate_nonce(aead_operation, buffer, size, length);
+ case PAL_CRYPTO_AEAD_SET_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_set_nonce(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_SET_LENGTHS:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ size = va_arg(valist, size_t);
+ plaintext_size = va_arg(valist, size_t);
+ return psa_aead_set_lengths(aead_operation, size, plaintext_size);
+ case PAL_CRYPTO_AEAD_UPDATE_AD:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_update_ad(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_UPDATE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_aead_update(aead_operation, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_AEAD_FINISH:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ tag_length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_finish(aead_operation, ciphertext, ciphertext_size, length, buffer,
+ size, tag_length);
+ case PAL_CRYPTO_AEAD_VERIFY:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_verify(aead_operation, plaintext, plaintext_size, length, buffer, size);
+ case PAL_CRYPTO_AEAD_ABORT:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ return psa_aead_abort(aead_operation);
case PAL_CRYPTO_MAC_SIGN_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_sign_setup(mac_operation, handle, alg);
+ return psa_mac_sign_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_UPDATE:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -223,9 +299,9 @@
return psa_mac_sign_finish(mac_operation, buffer, size, length);
case PAL_CRYPTO_MAC_VERIFY_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_verify_setup(mac_operation, handle, alg);
+ return psa_mac_verify_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_VERIFY_FINISH:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -234,8 +310,27 @@
case PAL_CRYPTO_MAC_ABORT:
mac_operation = va_arg(valist, psa_mac_operation_t*);
return psa_mac_abort(mac_operation);
+ case PAL_CRYPTO_MAC_COMPUTE:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_mac_compute(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_MAC_VERIFY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ return psa_mac_verify(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size);
case PAL_CRYPTO_ASYMMTERIC_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -244,10 +339,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_encrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_encrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_ASYMMTERIC_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -256,18 +351,18 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_decrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_decrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_encrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_encrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_DECRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_decrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_decrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_GENERATE_IV:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
buffer = va_arg(valist, uint8_t*);
@@ -287,7 +382,7 @@
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_cipher_update(cipher_operation, plaintext, size, ciphertext, ciphertext_size,
- length);
+ length);
case PAL_CRYPTO_CIPHER_FINISH:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
ciphertext = va_arg(valist, uint8_t *);
@@ -297,39 +392,110 @@
case PAL_CRYPTO_CIPHER_ABORT:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
return psa_cipher_abort(cipher_operation);
+ case PAL_CRYPTO_CIPHER_ENCRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_encrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
+ case PAL_CRYPTO_CIPHER_DECRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_decrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_SIGN:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_sign(handle, alg, buffer, size, ciphertext, ciphertext_size,
- length);
+ return psa_asymmetric_sign(key_handle, alg, buffer, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_VERIFY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
- return psa_asymmetric_verify(handle, alg, buffer, size, ciphertext, ciphertext_size);
- case PAL_CRYPTO_KEY_AGREEMENT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_asymmetric_verify(key_handle, alg, buffer, size, ciphertext,
+ ciphertext_size);
+ case PAL_CRYPTO_RAW_KEY_AGREEMENT:
+ alg = va_arg(valist, psa_algorithm_t);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
- alg = va_arg(valist, psa_algorithm_t);
- return psa_key_agreement(generator, handle, buffer, size, alg);
- case PAL_CRYPTO_ALLOCATE_KEY:
- key_handle = (psa_key_handle_t *)va_arg(valist, int*);
- return psa_allocate_key(key_handle);
+ length = va_arg(valist, size_t*);
+ return psa_raw_key_agreement(alg, key_handle, peer, peer_length, buffer, size, length);
case PAL_CRYPTO_COPY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- target_handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_copy_key(handle, target_handle, policy);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_copy_key(key_handle, attributes, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SETUP:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_key_derivation_setup(derive_operation, alg);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_input_bytes(derive_operation, step, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_key_derivation_input_key(derive_operation, step, key_handle);
+ case PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
+ return psa_key_derivation_key_agreement(derive_operation, step, key_handle, peer,
+ peer_length);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_output_bytes(derive_operation, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_key_derivation_output_key(attributes, derive_operation, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_set_capacity(derive_operation, size);
+ case PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ length = va_arg(valist, size_t *);
+ return psa_key_derivation_get_capacity(derive_operation, length);
+ case PAL_CRYPTO_KEY_DERIVATION_ABORT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ return psa_key_derivation_abort(derive_operation);
+ case PAL_CRYPTO_OPEN_KEY:
+ key_id = va_arg(valist, psa_key_id_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_open_key(key_id, handle);
+ case PAL_CRYPTO_CLOSE_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_close_key(key_handle);
case PAL_CRYPTO_FREE:
for (i = 0; i < PAL_KEY_SLOT_COUNT; i++)
psa_destroy_key(i);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.h
index d1dabfa..486f793 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/crypto/pal_crypto_intf.h
@@ -21,55 +21,82 @@
#include "pal_common.h"
enum crypto_function_code {
- PAL_CRYPTO_INIT = 0x1,
- PAL_CRYPTO_GENERATE_RANDOM = 0x2,
- PAL_CRYPTO_IMPORT_KEY = 0x3,
- PAL_CRYPTO_EXPORT_KEY = 0x4,
- PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
- PAL_CRYPTO_DESTROY_KEY = 0x6,
- PAL_CRYPTO_GET_KEY_INFO = 0x7,
- PAL_CRYPTO_KEY_POLICY_INIT = 0x8,
- PAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9,
- PAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA,
- PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB,
- PAL_CRYPTO_SET_KEY_POLICY = 0xC,
- PAL_CRYPTO_GET_KEY_POLICY = 0xD,
- PAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
- PAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
- PAL_CRYPTO_HASH_SETUP = 0x11,
- PAL_CRYPTO_HASH_UPDATE = 0x12,
- PAL_CRYPTO_HASH_VERIFY = 0x13,
- PAL_CRYPTO_HASH_FINISH = 0x14,
- PAL_CRYPTO_HASH_ABORT = 0x15,
- PAL_CRYPTO_GENERATE_KEY = 0x16,
- PAL_CRYPTO_GENERATOR_READ = 0x17,
- PAL_CRYPTO_KEY_DERIVATION = 0x18,
- PAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
- PAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
- PAL_CRYPTO_GENERATOR_ABORT = 0x1B,
- PAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
- PAL_CRYPTO_AEAD_DECRYPT = 0x1D,
- PAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
- PAL_CRYPTO_MAC_UPDATE = 0x1F,
- PAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
- PAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
- PAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
- PAL_CRYPTO_MAC_ABORT = 0x23,
- PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
- PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
- PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
- PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
- PAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
- PAL_CRYPTO_CIPHER_SET_IV = 0x2C,
- PAL_CRYPTO_CIPHER_UPDATE = 0x2D,
- PAL_CRYPTO_CIPHER_FINISH = 0x2E,
- PAL_CRYPTO_CIPHER_ABORT = 0x2F,
- PAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
- PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
- PAL_CRYPTO_KEY_AGREEMENT = 0x32,
- PAL_CRYPTO_ALLOCATE_KEY = 0x33,
- PAL_CRYPTO_COPY_KEY = 0x34,
- PAL_CRYPTO_FREE = 0xFE,
+ PAL_CRYPTO_INIT = 0x1,
+ PAL_CRYPTO_GENERATE_RANDOM = 0x2,
+ PAL_CRYPTO_IMPORT_KEY = 0x3,
+ PAL_CRYPTO_EXPORT_KEY = 0x4,
+ PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
+ PAL_CRYPTO_DESTROY_KEY = 0x6,
+ PAL_CRYPTO_HASH_SETUP = 0x7,
+ PAL_CRYPTO_HASH_UPDATE = 0x8,
+ PAL_CRYPTO_HASH_VERIFY = 0x9,
+ PAL_CRYPTO_HASH_FINISH = 0xA,
+ PAL_CRYPTO_HASH_ABORT = 0xB,
+ PAL_CRYPTO_GENERATE_KEY = 0xC,
+ PAL_CRYPTO_AEAD_ENCRYPT = 0xD,
+ PAL_CRYPTO_AEAD_DECRYPT = 0xE,
+ PAL_CRYPTO_MAC_SIGN_SETUP = 0xF,
+ PAL_CRYPTO_MAC_UPDATE = 0x10,
+ PAL_CRYPTO_MAC_SIGN_FINISH = 0x11,
+ PAL_CRYPTO_MAC_VERIFY_SETUP = 0x12,
+ PAL_CRYPTO_MAC_VERIFY_FINISH = 0x13,
+ PAL_CRYPTO_MAC_ABORT = 0x14,
+ PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x15,
+ PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x16,
+ PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x17,
+ PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x18,
+ PAL_CRYPTO_CIPHER_GENERATE_IV = 0x19,
+ PAL_CRYPTO_CIPHER_SET_IV = 0x1A,
+ PAL_CRYPTO_CIPHER_UPDATE = 0x1B,
+ PAL_CRYPTO_CIPHER_FINISH = 0x1C,
+ PAL_CRYPTO_CIPHER_ABORT = 0x1D,
+ PAL_CRYPTO_ASYMMTERIC_SIGN = 0x1E,
+ PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x1F,
+ PAL_CRYPTO_COPY_KEY = 0x20,
+ PAL_CRYPTO_SET_KEY_TYPE = 0x21,
+ PAL_CRYPTO_SET_KEY_BITS = 0x22,
+ PAL_CRYPTO_GET_KEY_ATTRIBUTES = 0x23,
+ PAL_CRYPTO_GET_KEY_TYPE = 0x24,
+ PAL_CRYPTO_SET_KEY_USAGE_FLAGS = 0x25,
+ PAL_CRYPTO_RESET_KEY_ATTRIBUTES = 0x26,
+ PAL_CRYPTO_SET_KEY_ID = 0x27,
+ PAL_CRYPTO_SET_KEY_LIFETIME = 0x28,
+ PAL_CRYPTO_SET_KEY_ALGORITHM = 0x29,
+ PAL_CRYPTO_GET_KEY_ID = 0x2A,
+ PAL_CRYPTO_GET_KEY_LIFETIME = 0x2B,
+ PAL_CRYPTO_GET_KEY_USAGE_FLAGS = 0x2C,
+ PAL_CRYPTO_GET_KEY_ALGORITHM = 0x2D,
+ PAL_CRYPTO_GET_KEY_BITS = 0x2E,
+ PAL_CRYPTO_HASH_COMPUTE = 0x2F,
+ PAL_CRYPTO_HASH_COMPARE = 0x30,
+ PAL_CRYPTO_KEY_DERIVATION_SETUP = 0x31,
+ PAL_CRYPTO_KEY_DERIVATION_ABORT = 0x32,
+ PAL_CRYPTO_RAW_KEY_AGREEMENT = 0x33,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES = 0x34,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY = 0x35,
+ PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT = 0x36,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES = 0x37,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY = 0x38,
+ PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY = 0x39,
+ PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY = 0x3A,
+ PAL_CRYPTO_HASH_CLONE = 0x3B,
+ PAL_CRYPTO_MAC_COMPUTE = 0x3C,
+ PAL_CRYPTO_MAC_VERIFY = 0x3D,
+ PAL_CRYPTO_CIPHER_ENCRYPT = 0x3F,
+ PAL_CRYPTO_CIPHER_DECRYPT = 0x40,
+ PAL_CRYPTO_OPEN_KEY = 0x41,
+ PAL_CRYPTO_CLOSE_KEY = 0x42,
+ PAL_CRYPTO_AEAD_ENCRYPT_SETUP = 0x43,
+ PAL_CRYPTO_AEAD_DECRYPT_SETUP = 0x44,
+ PAL_CRYPTO_AEAD_GENERATE_NONCE = 0x45,
+ PAL_CRYPTO_AEAD_SET_NONCE = 0x46,
+ PAL_CRYPTO_AEAD_SET_LENGTHS = 0X47,
+ PAL_CRYPTO_AEAD_UPDATE_AD = 0x48,
+ PAL_CRYPTO_AEAD_UPDATE = 0x49,
+ PAL_CRYPTO_AEAD_FINISH = 0x4A,
+ PAL_CRYPTO_AEAD_VERIFY = 0x4B,
+ PAL_CRYPTO_AEAD_ABORT = 0x4C,
+ PAL_CRYPTO_FREE = 0xFE,
};
int32_t pal_crypto_function(int type, va_list valist);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.c
index ae2bdba..38ed283 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.c
@@ -17,24 +17,14 @@
#include "pal_attestation_crypto.h"
-static uint32_t public_key_registered = 0;
-
+static uint32_t public_key_registered;
+static psa_key_handle_t public_key_handle;
static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf,
size_t amount)
{
return UsefulBuf_Head(buf, amount);
}
-static uint32_t check_hash_sizes(void)
-{
- if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256))
- {
- return PAL_ATTEST_HASH_FAIL;
- }
-
- return PAL_ATTEST_SUCCESS;
-}
-
static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve)
{
psa_ecc_curve_t psa_curve;
@@ -82,130 +72,94 @@
int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id)
{
- int32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t psa_alg;
- cose_ret = check_hash_sizes();
- if (cose_ret)
- {
- goto error;
- }
+ /* Map the algorithm ID */
+ psa_alg = cose_hash_alg_id_to_psa(cose_hash_alg_id);
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Actually do the hash set up */
+ hash_ctx->status = psa_hash_setup(&psa_hash, psa_alg);
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
- psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id));
+ /* Copy the PSA handle back into the context */
+ hash_ctx->context.handle = psa_hash.handle;
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- psa_hash_ctx->status = PAL_ATTEST_SUCCESS;
- cose_ret = PAL_ATTEST_SUCCESS;
- }
- else if (psa_ret == PSA_ERROR_NOT_SUPPORTED)
- {
- cose_ret = PAL_ATTEST_HASH_UNSUPPORTED;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
-
-error:
- return cose_ret;
+ /* Map errors and return */
+ return (psa_status_t)hash_ctx->status;
}
void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf_c data_to_hash)
{
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
+
+ if (hash_ctx->status != PSA_SUCCESS)
+ return;
+
+ if (data_to_hash.ptr == NULL) {
+ /* No data was passed in to be hashed indicating the mode of use is
+ * the computation of the size of hash. This mode is hashing is used
+ * by t_cose when it is requested to compute the size of the signed
+ * data it might compute, which is in turn used to compute the
+ * size of a would be token. When computing the size, the size
+ * like this, there is nothing to do in update()
+ */
return;
}
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ /* Actually hash the data */
+ hash_ctx->status = psa_hash_update(&psa_hash, data_to_hash.ptr, data_to_hash.len);
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- if (data_to_hash.ptr != NULL)
- {
- psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation,
- data_to_hash.ptr,
- data_to_hash.len);
- }
- else
- {
- /* Intentionally do nothing, just computing the size of the token */
- }
- }
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
}
int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf buffer_to_hold_result,
struct q_useful_buf_c *hash_result)
{
- uint32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ if (hash_ctx->status != PSA_SUCCESS)
+ goto Done;
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- psa_ret = psa_hash_finish(&psa_hash_ctx->operation,
- buffer_to_hold_result.ptr,
- buffer_to_hold_result.len,
- &(hash_result->len));
+ /* Actually finish up the hash */
+ hash_ctx->status = psa_hash_finish(&psa_hash, buffer_to_hold_result.ptr,
+ buffer_to_hold_result.len, &(hash_result->len));
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- hash_result->ptr = buffer_to_hold_result.ptr;
- cose_ret = 0;
- }
- else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL)
- {
- cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
+ hash_result->ptr = buffer_to_hold_result.ptr;
-error:
- return cose_ret;
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
+
+Done:
+ return ((psa_status_t)hash_ctx->status);
+
}
int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ uint32_t return_value = 0;
struct pal_cose_crypto_hash hash_ctx;
- status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
- if (status)
- return status;
+ return_value = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
+ if (return_value)
+ goto Done;
pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash);
- status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
+ return_value = pal_cose_crypto_hash_finish(&hash_ctx,
+ buffer_for_hash,
+ hash);
- return status;
+Done:
+ return return_value;
}
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
@@ -223,18 +177,19 @@
/* This builds the CBOR-format to-be-signed bytes */
QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part);
QCBOREncode_OpenArray(&cbor_encode_ctx);
+
/* context */
- QCBOREncode_AddSZString(&cbor_encode_ctx,
- COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+ QCBOREncode_AddSZString(&cbor_encode_ctx, COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+
/* body_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx,
- protected_headers);
- /* sign_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+ QCBOREncode_AddBytes(&cbor_encode_ctx, protected_headers);
+
+ /* sign_protected is not used for Sign1 */
/* external_aad */
QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
- /* fake payload */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+
+ /* The short fake payload. */
+ QCBOREncode_AddBytesLenOnly(&cbor_encode_ctx, payload);
QCBOREncode_CloseArray(&cbor_encode_ctx);
/* Get the result and convert it to struct q_useful_buf_c representation */
@@ -242,7 +197,8 @@
if (qcbor_result)
{
/* Mainly means that the protected_headers were too big
- (which should never happen) */
+ * (which should never happen)
+ */
status = PAL_ATTEST_ERR_SIGN_STRUCT;
goto Done;
}
@@ -257,90 +213,129 @@
if (status)
goto Done;
- /* Hash the first part of the TBS. Take all but the last two
- * bytes. The last two bytes are the fake payload from above. It
- * is replaced by the real payload which is hashed next. The fake
- * payload is needed so the array count is right. This is one of
- * the main things that make it possible to implement with one
- * buffer for the whole cose sign1.
+ /* This is hashing of the first part, all the CBOR
+ * except the payload.
*/
- pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part,
- tbs_first_part.len - 2));
+ pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, tbs_first_part.len));
- /* Hash the payload */
+ /* Hash the payload, the second part. */
pal_cose_crypto_hash_update(&hash_ctx, payload);
/* Finish the hash and set up to return it */
- status = pal_cose_crypto_hash_finish(&hash_ctx,
- buffer_for_hash,
- hash);
+ status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
Done:
return status;
}
-uint32_t pal_import_attest_key(int32_t alg)
+static uint32_t pal_import_attest_key(psa_algorithm_t key_alg)
{
- psa_key_type_t attest_key_type;
- size_t public_key_size;
- psa_status_t status = PSA_SUCCESS;
+ psa_status_t status = PAL_ATTEST_ERROR;
+ psa_key_usage_t usage = PSA_KEY_USAGE_VERIFY;
+ psa_ecc_curve_t psa_curve = attest_map_elliptic_curve_type(P_256);
+ psa_key_type_t attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
+ size_t public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
+
+#if defined(CRYPTO_VERSION_BETA1) || defined(CRYPTO_VERSION_BETA2)
psa_key_policy_t policy;
- psa_ecc_curve_t psa_curve;
- psa_key_handle_t public_key_handle;
- /* Mapping of COSE curve type to PSA curve types */
- psa_curve = attest_map_elliptic_curve_type(P_256);
- if (psa_curve == USHRT_MAX)
- return PAL_ATTEST_ERROR;
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
- /* Setup the key policy for public key */
- policy = psa_key_policy_init();
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg);
+ /* Setup the key policy for public key */
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage(&policy, usage, key_alg);
- status = psa_allocate_key(&public_key_handle);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_allocate_key(&public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- status = psa_set_key_policy(public_key_handle, &policy);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_set_key_policy(public_key_handle, &policy);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
-
- /* Register public key to crypto service */
- public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
-
- status = psa_import_key(public_key_handle,
+ /* Import the public key */
+ status = psa_import_key(public_key_handle,
attest_key_type,
- (const uint8_t *)&attest_public_key,
+ (const uint8_t *)&attest_public_key,
public_key_size + 1);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+
+#elif defined(CRYPTO_VERSION_BETA3)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
+
+ /* Set the attributes for the public key */
+ psa_set_key_type(&attributes, attest_key_type);
+ psa_set_key_bits(&attributes, public_key_size + 1);
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, key_alg);
+
+ /* Import the public key */
+ status = psa_import_key(&attributes,
+ (const uint8_t *)&attest_public_key,
+ public_key_size + 1,
+ &public_key_handle);
+
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+#endif
return status;
}
+static uint32_t pal_destroy_attest_key(void)
+{
+ psa_status_t status;
+
+ if (!public_key_registered)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ status = psa_destroy_key(public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 0;
+
+ return PAL_ATTEST_SUCCESS;
+}
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id,
struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ int32_t status = PAL_ATTEST_ERROR;
+ psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
- if (!public_key_registered)
- {
- status = pal_import_attest_key(cose_algorithm_id);
- if (status != PAL_ATTEST_SUCCESS)
- return status;
+ /* Register the attestation public key */
+ status = pal_import_attest_key(key_alg);
+ if (status != PAL_ATTEST_SUCCESS)
+ return status;
- public_key_registered = 1;
- }
-
-/*
- * Enable the verify function when Trusted Firmare - M Supports
-
- * Verify the signature a hash or short message using a public key.
+ /* Verify the signature */
status = psa_asymmetric_verify(public_key_handle,
- cose_algorithm_id, token_hash.ptr, token_hash.len,
- signature.ptr, signature.len);
-*/
- return status;
+ key_alg, token_hash.ptr, token_hash.len,
+ signature.ptr, signature.len);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_SIGNATURE_FAIL;
+
+ /* Unregister the attestation public key */
+ status = pal_destroy_attest_key();
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ return PAL_ATTEST_SUCCESS;
}
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.h
index 2d63ad1..2175e65 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_crypto.h
@@ -22,9 +22,9 @@
typedef struct{
uint8_t *pubx_key;
- uint32_t pubx_key_size;
+ size_t pubx_key_size;
uint8_t *puby_key;
- uint32_t puby_key_size;
+ size_t puby_key_size;
} ecc_key_t;
struct ecc_public_key_t {
@@ -48,11 +48,11 @@
};
struct pal_cose_crypto_hash {
- /* Can't put the actual size here without creating dependecy on
- * actual hash implementation, so this is a fairly large and
- * accommodating size.
- */
- uint8_t bytes[128];
+ union {
+ void *ptr;
+ uint64_t handle;
+ } context;
+ int64_t status;
};
struct pal_cose_psa_crypto_hash {
@@ -95,7 +95,6 @@
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers,
struct q_useful_buf_c payload);
-uint32_t pal_import_attest_key(int32_t alg);
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.c
index 178fdc9..60c7164 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.c
@@ -29,7 +29,7 @@
QCBORError qcbor_result;
QCBOREncodeContext cbor_encode_ctx;
int32_t cose_curve_id = P_256;
- struct q_useful_buf_c encoded_key_id;
+ struct q_useful_buf_c encoded_key_id;
/* Get the public key x and y */
/* Encode it into a COSE_Key structure */
@@ -136,26 +136,18 @@
}
static int parse_unprotected_headers(QCBORDecodeContext *decode_context,
- struct q_useful_buf_c *child,
- bool *loop_back)
+ struct q_useful_buf_c *child)
{
struct items_to_get_t item_list[3];
item_list[0].label = COSE_HEADER_PARAM_KID;
- item_list[1].label = T_COSE_SHORT_CIRCUIT_LABEL;
- item_list[2].label = 0;
- *loop_back = false;
+ item_list[1].label = 0;
if (get_items_in_map(decode_context, item_list))
{
return PAL_ATTEST_ERROR;
}
- if (item_list[1].item.uDataType == QCBOR_TYPE_TRUE)
- {
- *loop_back = true;
- }
-
if (item_list[0].item.uDataType != QCBOR_TYPE_BYTE_STRING)
{
return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
@@ -324,11 +316,10 @@
token_size : Size of the token buffer
@return - error status
**/
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size)
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size)
{
int32_t status = PAL_ATTEST_SUCCESS;
- bool short_circuit;
int32_t cose_algorithm_id;
QCBORItem item;
QCBORDecodeContext decode_context;
@@ -412,8 +403,7 @@
return status;
/* Parse the unprotected headers and check the data type and value */
- short_circuit = false;
- status = parse_unprotected_headers(&decode_context, &kid, &short_circuit);
+ status = parse_unprotected_headers(&decode_context, &kid);
if (status != PAL_ATTEST_SUCCESS)
return status;
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.h
index 8a0c545..e7449a0 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_eat.h
@@ -140,8 +140,7 @@
1 << (EAT_CBOR_ARM_RANGE_BASE \
- EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS))
-#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \
- 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID)
+#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT)
#define NULL_USEFUL_BUF_C NULLUsefulBufC
@@ -158,6 +157,8 @@
PAL_ATTEST_HASH_BUFFER_SIZE,
PAL_ATTEST_ERR_PROTECTED_HEADERS,
PAL_ATTEST_ERR_SIGN_STRUCT,
+ PAL_ATTEST_ERR_KEY_FAIL,
+ PAL_ATTEST_ERR_SIGNATURE_FAIL,
PAL_ATTEST_ERROR,
};
@@ -166,5 +167,5 @@
QCBORItem item;
};
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size);
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_intf.c
index 2d99f74..83c1ebd 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_intf.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_a/nspe/initial_attestation/pal_attestation_intf.c
@@ -27,25 +27,27 @@
int32_t pal_attestation_function(int type, va_list valist)
{
uint8_t *challenge, *token;
- uint32_t challenge_size, *token_size, verify_token_size;
+ size_t challenge_size, *token_size, verify_token_size, token_buffer_size;
switch (type)
{
case PAL_INITIAL_ATTEST_GET_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- token_size = va_arg(valist, uint32_t*);
- return psa_initial_attest_get_token(challenge, challenge_size, token, token_size);
+ token_buffer_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
+ return psa_initial_attest_get_token(challenge, challenge_size, token, token_buffer_size,
+ token_size);
case PAL_INITIAL_ATTEST_GET_TOKEN_SIZE:
- challenge_size = va_arg(valist, uint32_t);
- token_size = va_arg(valist, uint32_t*);
+ challenge_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
return psa_initial_attest_get_token_size(challenge_size, token_size);
case PAL_INITIAL_ATTEST_VERIFY_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- verify_token_size = va_arg(valist, uint32_t);
+ verify_token_size = va_arg(valist, size_t);
return pal_initial_attest_verify_token(challenge, challenge_size,
token, verify_token_size);
default:
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_config.h
index 289dc5d..2871339 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/common/pal_config.h
@@ -40,6 +40,9 @@
#define SP_HEAP_MEM_SUPP
#endif /* PSA_CMAKE_BUILD */
+/* Version of crypto spec used in attestation */
+#define CRYPTO_VERSION_BETA2
+
/*
* Include of PSA defined Header files
*/
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_config_check.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_config_check.h
index f18a785..443e0bc 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_config_check.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_config_check.h
@@ -94,13 +94,13 @@
#error "ARCH_TEST_CTR_AES defined, but not all prerequisites"
#endif
-#if (defined(ARCH_TEST_CBC_AES)|| defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
+#if (defined(ARCH_TEST_CBC_AES) || defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
(!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_AES defined, but not all prerequisites"
#endif
#if (defined(ARCH_TEST_CBC_NO_PADDING)) &&\
- (!defined(ARCH_TEST_CIPER) ||!defined(ARCH_TEST_CIPER_MODE_CBC))
+ (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_NO_PADDING defined, but not all prerequisites"
#endif
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.c
index 3df6aa8..fd2e055 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.c
@@ -28,96 +28,124 @@
**/
int32_t pal_crypto_function(int type, va_list valist)
{
- int i;
- size_t size, *length, salt_length, label_length, ciphertext_size;
- uint8_t *buffer, *ciphertext;
- const uint8_t *salt, *label, *nonce, *additional_data;
- uint8_t *plaintext;
- uint32_t status;
- const void *extra;
- size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length;
- psa_key_handle_t handle, *key_handle, target_handle;
- psa_key_type_t key_type, *key_type_out;
- psa_key_policy_t *policy;
- psa_key_usage_t usage, *usage_out;
- psa_key_lifetime_t *lifetime_out;
- psa_algorithm_t alg, *alg_out;
- psa_hash_operation_t *hash_operation;
- psa_mac_operation_t *mac_operation;
- psa_cipher_operation_t *cipher_operation;
- psa_crypto_generator_t *generator;
-
+ int i;
+ psa_status_t status;
+ uint8_t *buffer, *ciphertext, *plaintext;
+ const uint8_t *nonce, *additional_data, *salt, *peer;
+ size_t *length, size, ciphertext_size, nonce_length;
+ size_t salt_length, peer_length, additional_data_length;
+ size_t *tag_length, plaintext_size;
+ psa_aead_operation_t *aead_operation;
+ psa_key_attributes_t *attributes;
+ psa_key_handle_t *handle, key_handle;
+ psa_key_type_t *key_type_out, key_type;
+ psa_key_usage_t *usage_out, usage;
+ psa_key_id_t *key_id_out, key_id;
+ psa_key_lifetime_t *key_lifetime_out, key_lifetime;
+ psa_algorithm_t *key_alg_out, key_alg, alg;
+ psa_hash_operation_t *hash_operation, *target_operation;
+ psa_mac_operation_t *mac_operation;
+ psa_cipher_operation_t *cipher_operation;
+ psa_key_derivation_operation_t *derive_operation;
+ psa_key_derivation_step_t step;
switch (type)
{
case PAL_CRYPTO_INIT:
return psa_crypto_init();
case PAL_CRYPTO_GENERATE_RANDOM:
- buffer = va_arg(valist, uint8_t*);
+ buffer = va_arg(valist, uint8_t *);
size = va_arg(valist, int);
return psa_generate_random(buffer, size);
case PAL_CRYPTO_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ buffer = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ status = psa_import_key(attributes, buffer, size, handle);
+ return status;
+ case PAL_CRYPTO_SET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
key_type = va_arg(valist, psa_key_type_t);
- buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- status = psa_import_key(handle, key_type, buffer, size);
- return status;
+ psa_set_key_type(attributes, key_type);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ size = va_arg(valist, size_t);
+ psa_set_key_bits(attributes, size);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ATTRIBUTES:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ return psa_get_key_attributes(key_handle, attributes);
+ case PAL_CRYPTO_GET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_type_out = va_arg(valist, psa_key_type_t *);
+ *key_type_out = psa_get_key_type(attributes);
+ return 0;
case PAL_CRYPTO_EXPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_public_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_KEY_POLICY_INIT:
- policy = va_arg(valist, psa_key_policy_t*);
- memset(policy, 0, sizeof(psa_key_policy_t));
- return 0;
- case PAL_CRYPTO_KEY_POLICY_SET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
usage = va_arg(valist, psa_key_usage_t);
- alg = va_arg(valist, psa_algorithm_t);
- psa_key_policy_set_usage(policy, usage, alg);
+ psa_set_key_usage_flags(attributes, usage);
return 0;
- case PAL_CRYPTO_SET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_set_key_policy(handle, policy);
- case PAL_CRYPTO_DESTROY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- status = psa_destroy_key(handle);
- return status;
- case PAL_CRYPTO_GET_KEY_INFORMATION:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type_out = va_arg(valist, psa_key_type_t*);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_get_key_information(handle, key_type_out, length);
- return status;
- case PAL_CRYPTO_GET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_get_key_policy(handle, policy);
- case PAL_CRYPTO_KEY_POLICY_GET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
- usage_out = va_arg(valist, psa_key_usage_t*);
- *usage_out = psa_key_policy_get_usage(policy);
+ case PAL_CRYPTO_RESET_KEY_ATTRIBUTES:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ psa_reset_key_attributes(attributes);
return 0;
- case PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM:
- policy = va_arg(valist, psa_key_policy_t*);
- alg_out = va_arg(valist, psa_algorithm_t*);
- *alg_out = psa_key_policy_get_algorithm(policy);
+ case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_public_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id = va_arg(valist, psa_key_id_t);
+ psa_set_key_id(attributes, key_id);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_LIFETIME:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime = va_arg(valist, psa_key_lifetime_t);
+ psa_set_key_lifetime(attributes, key_lifetime);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg = va_arg(valist, psa_algorithm_t);
+ psa_set_key_algorithm(attributes, key_alg);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id_out = va_arg(valist, psa_key_id_t *);
+ *key_id_out = psa_get_key_id(attributes);
return 0;
case PAL_CRYPTO_GET_KEY_LIFETIME:
- handle = (psa_key_handle_t)va_arg(valist, int);
- lifetime_out = va_arg(valist, psa_key_lifetime_t*);
- return psa_get_key_lifetime(handle, lifetime_out);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime_out = va_arg(valist, psa_key_lifetime_t *);
+ *key_lifetime_out = psa_get_key_lifetime(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ usage_out = va_arg(valist, psa_key_usage_t *);
+ *usage_out = psa_get_key_usage_flags(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg_out = va_arg(valist, psa_algorithm_t *);
+ *key_alg_out = psa_get_key_algorithm(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ length = va_arg(valist, size_t *);
+ *length = psa_get_key_bits(attributes);
+ return 0;
+ case PAL_CRYPTO_DESTROY_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_destroy_key(key_handle);
case PAL_CRYPTO_HASH_SETUP:
hash_operation = va_arg(valist, psa_hash_operation_t*);
alg = va_arg(valist, psa_algorithm_t);
@@ -141,44 +169,31 @@
case PAL_CRYPTO_HASH_ABORT:
hash_operation = va_arg(valist, psa_hash_operation_t*);
return psa_hash_abort(hash_operation);
- case PAL_CRYPTO_GENERATE_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- extra = va_arg(valist, const void*);
- extra_size = va_arg(valist, size_t);
- return psa_generate_key(handle, key_type, size, extra, extra_size);
- case PAL_CRYPTO_GENERATOR_READ:
- generator = va_arg(valist, psa_crypto_generator_t*);
+ case PAL_CRYPTO_HASH_COMPUTE:
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- return psa_generator_read(generator, buffer, size);
- case PAL_CRYPTO_KEY_DERIVATION:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_hash_compute(alg, plaintext, plaintext_size, buffer, size, length);
+ case PAL_CRYPTO_HASH_COMPARE:
alg = va_arg(valist, psa_algorithm_t);
- salt = va_arg(valist, const uint8_t *);
- salt_length = va_arg(valist, size_t);
- label = va_arg(valist, const uint8_t *);
- label_length = va_arg(valist, size_t);
- capacity = va_arg(valist, size_t);
- return psa_key_derivation(generator, handle, alg, salt, salt_length, label,
- label_length, capacity);
- case PAL_CRYPTO_GET_GENERATOR_CAPACITY:
- generator = va_arg(valist, psa_crypto_generator_t*);
- gen_cap = va_arg(valist, size_t*);
- return psa_get_generator_capacity(generator, gen_cap);
- case PAL_CRYPTO_GENERATOR_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_import_key(handle, key_type, size, generator);
- case PAL_CRYPTO_GENERATOR_ABORT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_abort(generator);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_hash_compare(alg, plaintext, plaintext_size, buffer, size);
+ case PAL_CRYPTO_HASH_CLONE:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ target_operation = va_arg(valist, psa_hash_operation_t*);
+ return psa_hash_clone(hash_operation, target_operation);
+ case PAL_CRYPTO_GENERATE_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_generate_key(attributes, handle);
case PAL_CRYPTO_AEAD_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -189,10 +204,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_encrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
+ return psa_aead_encrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
case PAL_CRYPTO_AEAD_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -203,13 +218,74 @@
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_decrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ return psa_aead_decrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ case PAL_CRYPTO_AEAD_ENCRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_encrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_DECRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_decrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_GENERATE_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_generate_nonce(aead_operation, buffer, size, length);
+ case PAL_CRYPTO_AEAD_SET_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_set_nonce(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_SET_LENGTHS:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ size = va_arg(valist, size_t);
+ plaintext_size = va_arg(valist, size_t);
+ return psa_aead_set_lengths(aead_operation, size, plaintext_size);
+ case PAL_CRYPTO_AEAD_UPDATE_AD:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_update_ad(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_UPDATE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_aead_update(aead_operation, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_AEAD_FINISH:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ tag_length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_finish(aead_operation, ciphertext, ciphertext_size, length, buffer,
+ size, tag_length);
+ case PAL_CRYPTO_AEAD_VERIFY:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_verify(aead_operation, plaintext, plaintext_size, length, buffer, size);
+ case PAL_CRYPTO_AEAD_ABORT:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ return psa_aead_abort(aead_operation);
case PAL_CRYPTO_MAC_SIGN_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_sign_setup(mac_operation, handle, alg);
+ return psa_mac_sign_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_UPDATE:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -223,9 +299,9 @@
return psa_mac_sign_finish(mac_operation, buffer, size, length);
case PAL_CRYPTO_MAC_VERIFY_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_verify_setup(mac_operation, handle, alg);
+ return psa_mac_verify_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_VERIFY_FINISH:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -234,8 +310,27 @@
case PAL_CRYPTO_MAC_ABORT:
mac_operation = va_arg(valist, psa_mac_operation_t*);
return psa_mac_abort(mac_operation);
+ case PAL_CRYPTO_MAC_COMPUTE:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_mac_compute(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_MAC_VERIFY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ return psa_mac_verify(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size);
case PAL_CRYPTO_ASYMMTERIC_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -244,10 +339,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_encrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_encrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_ASYMMTERIC_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -256,18 +351,18 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_decrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_decrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_encrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_encrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_DECRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_decrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_decrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_GENERATE_IV:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
buffer = va_arg(valist, uint8_t*);
@@ -287,7 +382,7 @@
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_cipher_update(cipher_operation, plaintext, size, ciphertext, ciphertext_size,
- length);
+ length);
case PAL_CRYPTO_CIPHER_FINISH:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
ciphertext = va_arg(valist, uint8_t *);
@@ -297,39 +392,110 @@
case PAL_CRYPTO_CIPHER_ABORT:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
return psa_cipher_abort(cipher_operation);
+ case PAL_CRYPTO_CIPHER_ENCRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_encrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
+ case PAL_CRYPTO_CIPHER_DECRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_decrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_SIGN:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_sign(handle, alg, buffer, size, ciphertext, ciphertext_size,
- length);
+ return psa_asymmetric_sign(key_handle, alg, buffer, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_VERIFY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
- return psa_asymmetric_verify(handle, alg, buffer, size, ciphertext, ciphertext_size);
- case PAL_CRYPTO_KEY_AGREEMENT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_asymmetric_verify(key_handle, alg, buffer, size, ciphertext,
+ ciphertext_size);
+ case PAL_CRYPTO_RAW_KEY_AGREEMENT:
+ alg = va_arg(valist, psa_algorithm_t);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
- alg = va_arg(valist, psa_algorithm_t);
- return psa_key_agreement(generator, handle, buffer, size, alg);
- case PAL_CRYPTO_ALLOCATE_KEY:
- key_handle = (psa_key_handle_t *)va_arg(valist, int*);
- return psa_allocate_key(key_handle);
+ length = va_arg(valist, size_t*);
+ return psa_raw_key_agreement(alg, key_handle, peer, peer_length, buffer, size, length);
case PAL_CRYPTO_COPY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- target_handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_copy_key(handle, target_handle, policy);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_copy_key(key_handle, attributes, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SETUP:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_key_derivation_setup(derive_operation, alg);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_input_bytes(derive_operation, step, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_key_derivation_input_key(derive_operation, step, key_handle);
+ case PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
+ return psa_key_derivation_key_agreement(derive_operation, step, key_handle, peer,
+ peer_length);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_output_bytes(derive_operation, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_key_derivation_output_key(attributes, derive_operation, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_set_capacity(derive_operation, size);
+ case PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ length = va_arg(valist, size_t *);
+ return psa_key_derivation_get_capacity(derive_operation, length);
+ case PAL_CRYPTO_KEY_DERIVATION_ABORT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ return psa_key_derivation_abort(derive_operation);
+ case PAL_CRYPTO_OPEN_KEY:
+ key_id = va_arg(valist, psa_key_id_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_open_key(key_id, handle);
+ case PAL_CRYPTO_CLOSE_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_close_key(key_handle);
case PAL_CRYPTO_FREE:
for (i = 0; i < PAL_KEY_SLOT_COUNT; i++)
psa_destroy_key(i);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.h
index d1dabfa..486f793 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/crypto/pal_crypto_intf.h
@@ -21,55 +21,82 @@
#include "pal_common.h"
enum crypto_function_code {
- PAL_CRYPTO_INIT = 0x1,
- PAL_CRYPTO_GENERATE_RANDOM = 0x2,
- PAL_CRYPTO_IMPORT_KEY = 0x3,
- PAL_CRYPTO_EXPORT_KEY = 0x4,
- PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
- PAL_CRYPTO_DESTROY_KEY = 0x6,
- PAL_CRYPTO_GET_KEY_INFO = 0x7,
- PAL_CRYPTO_KEY_POLICY_INIT = 0x8,
- PAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9,
- PAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA,
- PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB,
- PAL_CRYPTO_SET_KEY_POLICY = 0xC,
- PAL_CRYPTO_GET_KEY_POLICY = 0xD,
- PAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
- PAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
- PAL_CRYPTO_HASH_SETUP = 0x11,
- PAL_CRYPTO_HASH_UPDATE = 0x12,
- PAL_CRYPTO_HASH_VERIFY = 0x13,
- PAL_CRYPTO_HASH_FINISH = 0x14,
- PAL_CRYPTO_HASH_ABORT = 0x15,
- PAL_CRYPTO_GENERATE_KEY = 0x16,
- PAL_CRYPTO_GENERATOR_READ = 0x17,
- PAL_CRYPTO_KEY_DERIVATION = 0x18,
- PAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
- PAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
- PAL_CRYPTO_GENERATOR_ABORT = 0x1B,
- PAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
- PAL_CRYPTO_AEAD_DECRYPT = 0x1D,
- PAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
- PAL_CRYPTO_MAC_UPDATE = 0x1F,
- PAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
- PAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
- PAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
- PAL_CRYPTO_MAC_ABORT = 0x23,
- PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
- PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
- PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
- PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
- PAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
- PAL_CRYPTO_CIPHER_SET_IV = 0x2C,
- PAL_CRYPTO_CIPHER_UPDATE = 0x2D,
- PAL_CRYPTO_CIPHER_FINISH = 0x2E,
- PAL_CRYPTO_CIPHER_ABORT = 0x2F,
- PAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
- PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
- PAL_CRYPTO_KEY_AGREEMENT = 0x32,
- PAL_CRYPTO_ALLOCATE_KEY = 0x33,
- PAL_CRYPTO_COPY_KEY = 0x34,
- PAL_CRYPTO_FREE = 0xFE,
+ PAL_CRYPTO_INIT = 0x1,
+ PAL_CRYPTO_GENERATE_RANDOM = 0x2,
+ PAL_CRYPTO_IMPORT_KEY = 0x3,
+ PAL_CRYPTO_EXPORT_KEY = 0x4,
+ PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
+ PAL_CRYPTO_DESTROY_KEY = 0x6,
+ PAL_CRYPTO_HASH_SETUP = 0x7,
+ PAL_CRYPTO_HASH_UPDATE = 0x8,
+ PAL_CRYPTO_HASH_VERIFY = 0x9,
+ PAL_CRYPTO_HASH_FINISH = 0xA,
+ PAL_CRYPTO_HASH_ABORT = 0xB,
+ PAL_CRYPTO_GENERATE_KEY = 0xC,
+ PAL_CRYPTO_AEAD_ENCRYPT = 0xD,
+ PAL_CRYPTO_AEAD_DECRYPT = 0xE,
+ PAL_CRYPTO_MAC_SIGN_SETUP = 0xF,
+ PAL_CRYPTO_MAC_UPDATE = 0x10,
+ PAL_CRYPTO_MAC_SIGN_FINISH = 0x11,
+ PAL_CRYPTO_MAC_VERIFY_SETUP = 0x12,
+ PAL_CRYPTO_MAC_VERIFY_FINISH = 0x13,
+ PAL_CRYPTO_MAC_ABORT = 0x14,
+ PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x15,
+ PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x16,
+ PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x17,
+ PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x18,
+ PAL_CRYPTO_CIPHER_GENERATE_IV = 0x19,
+ PAL_CRYPTO_CIPHER_SET_IV = 0x1A,
+ PAL_CRYPTO_CIPHER_UPDATE = 0x1B,
+ PAL_CRYPTO_CIPHER_FINISH = 0x1C,
+ PAL_CRYPTO_CIPHER_ABORT = 0x1D,
+ PAL_CRYPTO_ASYMMTERIC_SIGN = 0x1E,
+ PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x1F,
+ PAL_CRYPTO_COPY_KEY = 0x20,
+ PAL_CRYPTO_SET_KEY_TYPE = 0x21,
+ PAL_CRYPTO_SET_KEY_BITS = 0x22,
+ PAL_CRYPTO_GET_KEY_ATTRIBUTES = 0x23,
+ PAL_CRYPTO_GET_KEY_TYPE = 0x24,
+ PAL_CRYPTO_SET_KEY_USAGE_FLAGS = 0x25,
+ PAL_CRYPTO_RESET_KEY_ATTRIBUTES = 0x26,
+ PAL_CRYPTO_SET_KEY_ID = 0x27,
+ PAL_CRYPTO_SET_KEY_LIFETIME = 0x28,
+ PAL_CRYPTO_SET_KEY_ALGORITHM = 0x29,
+ PAL_CRYPTO_GET_KEY_ID = 0x2A,
+ PAL_CRYPTO_GET_KEY_LIFETIME = 0x2B,
+ PAL_CRYPTO_GET_KEY_USAGE_FLAGS = 0x2C,
+ PAL_CRYPTO_GET_KEY_ALGORITHM = 0x2D,
+ PAL_CRYPTO_GET_KEY_BITS = 0x2E,
+ PAL_CRYPTO_HASH_COMPUTE = 0x2F,
+ PAL_CRYPTO_HASH_COMPARE = 0x30,
+ PAL_CRYPTO_KEY_DERIVATION_SETUP = 0x31,
+ PAL_CRYPTO_KEY_DERIVATION_ABORT = 0x32,
+ PAL_CRYPTO_RAW_KEY_AGREEMENT = 0x33,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES = 0x34,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY = 0x35,
+ PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT = 0x36,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES = 0x37,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY = 0x38,
+ PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY = 0x39,
+ PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY = 0x3A,
+ PAL_CRYPTO_HASH_CLONE = 0x3B,
+ PAL_CRYPTO_MAC_COMPUTE = 0x3C,
+ PAL_CRYPTO_MAC_VERIFY = 0x3D,
+ PAL_CRYPTO_CIPHER_ENCRYPT = 0x3F,
+ PAL_CRYPTO_CIPHER_DECRYPT = 0x40,
+ PAL_CRYPTO_OPEN_KEY = 0x41,
+ PAL_CRYPTO_CLOSE_KEY = 0x42,
+ PAL_CRYPTO_AEAD_ENCRYPT_SETUP = 0x43,
+ PAL_CRYPTO_AEAD_DECRYPT_SETUP = 0x44,
+ PAL_CRYPTO_AEAD_GENERATE_NONCE = 0x45,
+ PAL_CRYPTO_AEAD_SET_NONCE = 0x46,
+ PAL_CRYPTO_AEAD_SET_LENGTHS = 0X47,
+ PAL_CRYPTO_AEAD_UPDATE_AD = 0x48,
+ PAL_CRYPTO_AEAD_UPDATE = 0x49,
+ PAL_CRYPTO_AEAD_FINISH = 0x4A,
+ PAL_CRYPTO_AEAD_VERIFY = 0x4B,
+ PAL_CRYPTO_AEAD_ABORT = 0x4C,
+ PAL_CRYPTO_FREE = 0xFE,
};
int32_t pal_crypto_function(int type, va_list valist);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.c
index ae2bdba..38ed283 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.c
@@ -17,24 +17,14 @@
#include "pal_attestation_crypto.h"
-static uint32_t public_key_registered = 0;
-
+static uint32_t public_key_registered;
+static psa_key_handle_t public_key_handle;
static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf,
size_t amount)
{
return UsefulBuf_Head(buf, amount);
}
-static uint32_t check_hash_sizes(void)
-{
- if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256))
- {
- return PAL_ATTEST_HASH_FAIL;
- }
-
- return PAL_ATTEST_SUCCESS;
-}
-
static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve)
{
psa_ecc_curve_t psa_curve;
@@ -82,130 +72,94 @@
int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id)
{
- int32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t psa_alg;
- cose_ret = check_hash_sizes();
- if (cose_ret)
- {
- goto error;
- }
+ /* Map the algorithm ID */
+ psa_alg = cose_hash_alg_id_to_psa(cose_hash_alg_id);
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Actually do the hash set up */
+ hash_ctx->status = psa_hash_setup(&psa_hash, psa_alg);
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
- psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id));
+ /* Copy the PSA handle back into the context */
+ hash_ctx->context.handle = psa_hash.handle;
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- psa_hash_ctx->status = PAL_ATTEST_SUCCESS;
- cose_ret = PAL_ATTEST_SUCCESS;
- }
- else if (psa_ret == PSA_ERROR_NOT_SUPPORTED)
- {
- cose_ret = PAL_ATTEST_HASH_UNSUPPORTED;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
-
-error:
- return cose_ret;
+ /* Map errors and return */
+ return (psa_status_t)hash_ctx->status;
}
void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf_c data_to_hash)
{
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
+
+ if (hash_ctx->status != PSA_SUCCESS)
+ return;
+
+ if (data_to_hash.ptr == NULL) {
+ /* No data was passed in to be hashed indicating the mode of use is
+ * the computation of the size of hash. This mode is hashing is used
+ * by t_cose when it is requested to compute the size of the signed
+ * data it might compute, which is in turn used to compute the
+ * size of a would be token. When computing the size, the size
+ * like this, there is nothing to do in update()
+ */
return;
}
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ /* Actually hash the data */
+ hash_ctx->status = psa_hash_update(&psa_hash, data_to_hash.ptr, data_to_hash.len);
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- if (data_to_hash.ptr != NULL)
- {
- psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation,
- data_to_hash.ptr,
- data_to_hash.len);
- }
- else
- {
- /* Intentionally do nothing, just computing the size of the token */
- }
- }
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
}
int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf buffer_to_hold_result,
struct q_useful_buf_c *hash_result)
{
- uint32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ if (hash_ctx->status != PSA_SUCCESS)
+ goto Done;
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- psa_ret = psa_hash_finish(&psa_hash_ctx->operation,
- buffer_to_hold_result.ptr,
- buffer_to_hold_result.len,
- &(hash_result->len));
+ /* Actually finish up the hash */
+ hash_ctx->status = psa_hash_finish(&psa_hash, buffer_to_hold_result.ptr,
+ buffer_to_hold_result.len, &(hash_result->len));
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- hash_result->ptr = buffer_to_hold_result.ptr;
- cose_ret = 0;
- }
- else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL)
- {
- cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
+ hash_result->ptr = buffer_to_hold_result.ptr;
-error:
- return cose_ret;
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
+
+Done:
+ return ((psa_status_t)hash_ctx->status);
+
}
int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ uint32_t return_value = 0;
struct pal_cose_crypto_hash hash_ctx;
- status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
- if (status)
- return status;
+ return_value = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
+ if (return_value)
+ goto Done;
pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash);
- status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
+ return_value = pal_cose_crypto_hash_finish(&hash_ctx,
+ buffer_for_hash,
+ hash);
- return status;
+Done:
+ return return_value;
}
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
@@ -223,18 +177,19 @@
/* This builds the CBOR-format to-be-signed bytes */
QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part);
QCBOREncode_OpenArray(&cbor_encode_ctx);
+
/* context */
- QCBOREncode_AddSZString(&cbor_encode_ctx,
- COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+ QCBOREncode_AddSZString(&cbor_encode_ctx, COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+
/* body_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx,
- protected_headers);
- /* sign_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+ QCBOREncode_AddBytes(&cbor_encode_ctx, protected_headers);
+
+ /* sign_protected is not used for Sign1 */
/* external_aad */
QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
- /* fake payload */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+
+ /* The short fake payload. */
+ QCBOREncode_AddBytesLenOnly(&cbor_encode_ctx, payload);
QCBOREncode_CloseArray(&cbor_encode_ctx);
/* Get the result and convert it to struct q_useful_buf_c representation */
@@ -242,7 +197,8 @@
if (qcbor_result)
{
/* Mainly means that the protected_headers were too big
- (which should never happen) */
+ * (which should never happen)
+ */
status = PAL_ATTEST_ERR_SIGN_STRUCT;
goto Done;
}
@@ -257,90 +213,129 @@
if (status)
goto Done;
- /* Hash the first part of the TBS. Take all but the last two
- * bytes. The last two bytes are the fake payload from above. It
- * is replaced by the real payload which is hashed next. The fake
- * payload is needed so the array count is right. This is one of
- * the main things that make it possible to implement with one
- * buffer for the whole cose sign1.
+ /* This is hashing of the first part, all the CBOR
+ * except the payload.
*/
- pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part,
- tbs_first_part.len - 2));
+ pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, tbs_first_part.len));
- /* Hash the payload */
+ /* Hash the payload, the second part. */
pal_cose_crypto_hash_update(&hash_ctx, payload);
/* Finish the hash and set up to return it */
- status = pal_cose_crypto_hash_finish(&hash_ctx,
- buffer_for_hash,
- hash);
+ status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
Done:
return status;
}
-uint32_t pal_import_attest_key(int32_t alg)
+static uint32_t pal_import_attest_key(psa_algorithm_t key_alg)
{
- psa_key_type_t attest_key_type;
- size_t public_key_size;
- psa_status_t status = PSA_SUCCESS;
+ psa_status_t status = PAL_ATTEST_ERROR;
+ psa_key_usage_t usage = PSA_KEY_USAGE_VERIFY;
+ psa_ecc_curve_t psa_curve = attest_map_elliptic_curve_type(P_256);
+ psa_key_type_t attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
+ size_t public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
+
+#if defined(CRYPTO_VERSION_BETA1) || defined(CRYPTO_VERSION_BETA2)
psa_key_policy_t policy;
- psa_ecc_curve_t psa_curve;
- psa_key_handle_t public_key_handle;
- /* Mapping of COSE curve type to PSA curve types */
- psa_curve = attest_map_elliptic_curve_type(P_256);
- if (psa_curve == USHRT_MAX)
- return PAL_ATTEST_ERROR;
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
- /* Setup the key policy for public key */
- policy = psa_key_policy_init();
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg);
+ /* Setup the key policy for public key */
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage(&policy, usage, key_alg);
- status = psa_allocate_key(&public_key_handle);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_allocate_key(&public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- status = psa_set_key_policy(public_key_handle, &policy);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_set_key_policy(public_key_handle, &policy);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
-
- /* Register public key to crypto service */
- public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
-
- status = psa_import_key(public_key_handle,
+ /* Import the public key */
+ status = psa_import_key(public_key_handle,
attest_key_type,
- (const uint8_t *)&attest_public_key,
+ (const uint8_t *)&attest_public_key,
public_key_size + 1);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+
+#elif defined(CRYPTO_VERSION_BETA3)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
+
+ /* Set the attributes for the public key */
+ psa_set_key_type(&attributes, attest_key_type);
+ psa_set_key_bits(&attributes, public_key_size + 1);
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, key_alg);
+
+ /* Import the public key */
+ status = psa_import_key(&attributes,
+ (const uint8_t *)&attest_public_key,
+ public_key_size + 1,
+ &public_key_handle);
+
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+#endif
return status;
}
+static uint32_t pal_destroy_attest_key(void)
+{
+ psa_status_t status;
+
+ if (!public_key_registered)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ status = psa_destroy_key(public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 0;
+
+ return PAL_ATTEST_SUCCESS;
+}
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id,
struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ int32_t status = PAL_ATTEST_ERROR;
+ psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
- if (!public_key_registered)
- {
- status = pal_import_attest_key(cose_algorithm_id);
- if (status != PAL_ATTEST_SUCCESS)
- return status;
+ /* Register the attestation public key */
+ status = pal_import_attest_key(key_alg);
+ if (status != PAL_ATTEST_SUCCESS)
+ return status;
- public_key_registered = 1;
- }
-
-/*
- * Enable the verify function when Trusted Firmare - M Supports
-
- * Verify the signature a hash or short message using a public key.
+ /* Verify the signature */
status = psa_asymmetric_verify(public_key_handle,
- cose_algorithm_id, token_hash.ptr, token_hash.len,
- signature.ptr, signature.len);
-*/
- return status;
+ key_alg, token_hash.ptr, token_hash.len,
+ signature.ptr, signature.len);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_SIGNATURE_FAIL;
+
+ /* Unregister the attestation public key */
+ status = pal_destroy_attest_key();
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ return PAL_ATTEST_SUCCESS;
}
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.h
index 2d63ad1..2175e65 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_crypto.h
@@ -22,9 +22,9 @@
typedef struct{
uint8_t *pubx_key;
- uint32_t pubx_key_size;
+ size_t pubx_key_size;
uint8_t *puby_key;
- uint32_t puby_key_size;
+ size_t puby_key_size;
} ecc_key_t;
struct ecc_public_key_t {
@@ -48,11 +48,11 @@
};
struct pal_cose_crypto_hash {
- /* Can't put the actual size here without creating dependecy on
- * actual hash implementation, so this is a fairly large and
- * accommodating size.
- */
- uint8_t bytes[128];
+ union {
+ void *ptr;
+ uint64_t handle;
+ } context;
+ int64_t status;
};
struct pal_cose_psa_crypto_hash {
@@ -95,7 +95,6 @@
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers,
struct q_useful_buf_c payload);
-uint32_t pal_import_attest_key(int32_t alg);
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.c
index 178fdc9..60c7164 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.c
@@ -29,7 +29,7 @@
QCBORError qcbor_result;
QCBOREncodeContext cbor_encode_ctx;
int32_t cose_curve_id = P_256;
- struct q_useful_buf_c encoded_key_id;
+ struct q_useful_buf_c encoded_key_id;
/* Get the public key x and y */
/* Encode it into a COSE_Key structure */
@@ -136,26 +136,18 @@
}
static int parse_unprotected_headers(QCBORDecodeContext *decode_context,
- struct q_useful_buf_c *child,
- bool *loop_back)
+ struct q_useful_buf_c *child)
{
struct items_to_get_t item_list[3];
item_list[0].label = COSE_HEADER_PARAM_KID;
- item_list[1].label = T_COSE_SHORT_CIRCUIT_LABEL;
- item_list[2].label = 0;
- *loop_back = false;
+ item_list[1].label = 0;
if (get_items_in_map(decode_context, item_list))
{
return PAL_ATTEST_ERROR;
}
- if (item_list[1].item.uDataType == QCBOR_TYPE_TRUE)
- {
- *loop_back = true;
- }
-
if (item_list[0].item.uDataType != QCBOR_TYPE_BYTE_STRING)
{
return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
@@ -324,11 +316,10 @@
token_size : Size of the token buffer
@return - error status
**/
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size)
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size)
{
int32_t status = PAL_ATTEST_SUCCESS;
- bool short_circuit;
int32_t cose_algorithm_id;
QCBORItem item;
QCBORDecodeContext decode_context;
@@ -412,8 +403,7 @@
return status;
/* Parse the unprotected headers and check the data type and value */
- short_circuit = false;
- status = parse_unprotected_headers(&decode_context, &kid, &short_circuit);
+ status = parse_unprotected_headers(&decode_context, &kid);
if (status != PAL_ATTEST_SUCCESS)
return status;
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.h
index 8a0c545..e7449a0 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.h
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_eat.h
@@ -140,8 +140,7 @@
1 << (EAT_CBOR_ARM_RANGE_BASE \
- EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS))
-#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \
- 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID)
+#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT)
#define NULL_USEFUL_BUF_C NULLUsefulBufC
@@ -158,6 +157,8 @@
PAL_ATTEST_HASH_BUFFER_SIZE,
PAL_ATTEST_ERR_PROTECTED_HEADERS,
PAL_ATTEST_ERR_SIGN_STRUCT,
+ PAL_ATTEST_ERR_KEY_FAIL,
+ PAL_ATTEST_ERR_SIGNATURE_FAIL,
PAL_ATTEST_ERROR,
};
@@ -166,5 +167,5 @@
QCBORItem item;
};
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size);
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size);
diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_intf.c b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_intf.c
index 2d99f74..83c1ebd 100644
--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_intf.c
+++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/initial_attestation/pal_attestation_intf.c
@@ -27,25 +27,27 @@
int32_t pal_attestation_function(int type, va_list valist)
{
uint8_t *challenge, *token;
- uint32_t challenge_size, *token_size, verify_token_size;
+ size_t challenge_size, *token_size, verify_token_size, token_buffer_size;
switch (type)
{
case PAL_INITIAL_ATTEST_GET_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- token_size = va_arg(valist, uint32_t*);
- return psa_initial_attest_get_token(challenge, challenge_size, token, token_size);
+ token_buffer_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
+ return psa_initial_attest_get_token(challenge, challenge_size, token, token_buffer_size,
+ token_size);
case PAL_INITIAL_ATTEST_GET_TOKEN_SIZE:
- challenge_size = va_arg(valist, uint32_t);
- token_size = va_arg(valist, uint32_t*);
+ challenge_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
return psa_initial_attest_get_token_size(challenge_size, token_size);
case PAL_INITIAL_ATTEST_VERIFY_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- verify_token_size = va_arg(valist, uint32_t);
+ verify_token_size = va_arg(valist, size_t);
return pal_initial_attest_verify_token(challenge, challenge_size,
token, verify_token_size);
default:
diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_config.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_config.h
index 289dc5d..2871339 100644
--- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_config.h
+++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/common/pal_config.h
@@ -40,6 +40,9 @@
#define SP_HEAP_MEM_SUPP
#endif /* PSA_CMAKE_BUILD */
+/* Version of crypto spec used in attestation */
+#define CRYPTO_VERSION_BETA2
+
/*
* Include of PSA defined Header files
*/
diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_config_check.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_config_check.h
index f18a785..443e0bc 100644
--- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_config_check.h
+++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_config_check.h
@@ -94,13 +94,13 @@
#error "ARCH_TEST_CTR_AES defined, but not all prerequisites"
#endif
-#if (defined(ARCH_TEST_CBC_AES)|| defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
+#if (defined(ARCH_TEST_CBC_AES) || defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
(!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_AES defined, but not all prerequisites"
#endif
#if (defined(ARCH_TEST_CBC_NO_PADDING)) &&\
- (!defined(ARCH_TEST_CIPER) ||!defined(ARCH_TEST_CIPER_MODE_CBC))
+ (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_CIPER_MODE_CBC))
#error "ARCH_TEST_CBC_NO_PADDING defined, but not all prerequisites"
#endif
diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c
index 3df6aa8..fd2e055 100644
--- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c
+++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.c
@@ -28,96 +28,124 @@
**/
int32_t pal_crypto_function(int type, va_list valist)
{
- int i;
- size_t size, *length, salt_length, label_length, ciphertext_size;
- uint8_t *buffer, *ciphertext;
- const uint8_t *salt, *label, *nonce, *additional_data;
- uint8_t *plaintext;
- uint32_t status;
- const void *extra;
- size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length;
- psa_key_handle_t handle, *key_handle, target_handle;
- psa_key_type_t key_type, *key_type_out;
- psa_key_policy_t *policy;
- psa_key_usage_t usage, *usage_out;
- psa_key_lifetime_t *lifetime_out;
- psa_algorithm_t alg, *alg_out;
- psa_hash_operation_t *hash_operation;
- psa_mac_operation_t *mac_operation;
- psa_cipher_operation_t *cipher_operation;
- psa_crypto_generator_t *generator;
-
+ int i;
+ psa_status_t status;
+ uint8_t *buffer, *ciphertext, *plaintext;
+ const uint8_t *nonce, *additional_data, *salt, *peer;
+ size_t *length, size, ciphertext_size, nonce_length;
+ size_t salt_length, peer_length, additional_data_length;
+ size_t *tag_length, plaintext_size;
+ psa_aead_operation_t *aead_operation;
+ psa_key_attributes_t *attributes;
+ psa_key_handle_t *handle, key_handle;
+ psa_key_type_t *key_type_out, key_type;
+ psa_key_usage_t *usage_out, usage;
+ psa_key_id_t *key_id_out, key_id;
+ psa_key_lifetime_t *key_lifetime_out, key_lifetime;
+ psa_algorithm_t *key_alg_out, key_alg, alg;
+ psa_hash_operation_t *hash_operation, *target_operation;
+ psa_mac_operation_t *mac_operation;
+ psa_cipher_operation_t *cipher_operation;
+ psa_key_derivation_operation_t *derive_operation;
+ psa_key_derivation_step_t step;
switch (type)
{
case PAL_CRYPTO_INIT:
return psa_crypto_init();
case PAL_CRYPTO_GENERATE_RANDOM:
- buffer = va_arg(valist, uint8_t*);
+ buffer = va_arg(valist, uint8_t *);
size = va_arg(valist, int);
return psa_generate_random(buffer, size);
case PAL_CRYPTO_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ buffer = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ status = psa_import_key(attributes, buffer, size, handle);
+ return status;
+ case PAL_CRYPTO_SET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
key_type = va_arg(valist, psa_key_type_t);
- buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- status = psa_import_key(handle, key_type, buffer, size);
- return status;
+ psa_set_key_type(attributes, key_type);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ size = va_arg(valist, size_t);
+ psa_set_key_bits(attributes, size);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ATTRIBUTES:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ return psa_get_key_attributes(key_handle, attributes);
+ case PAL_CRYPTO_GET_KEY_TYPE:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_type_out = va_arg(valist, psa_key_type_t *);
+ *key_type_out = psa_get_key_type(attributes);
+ return 0;
case PAL_CRYPTO_EXPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- buffer = (uint8_t *)(va_arg(valist, uint8_t*));
- size = va_arg(valist, int);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_export_public_key(handle, buffer, size, length);
- return status;
- case PAL_CRYPTO_KEY_POLICY_INIT:
- policy = va_arg(valist, psa_key_policy_t*);
- memset(policy, 0, sizeof(psa_key_policy_t));
- return 0;
- case PAL_CRYPTO_KEY_POLICY_SET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
usage = va_arg(valist, psa_key_usage_t);
- alg = va_arg(valist, psa_algorithm_t);
- psa_key_policy_set_usage(policy, usage, alg);
+ psa_set_key_usage_flags(attributes, usage);
return 0;
- case PAL_CRYPTO_SET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_set_key_policy(handle, policy);
- case PAL_CRYPTO_DESTROY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- status = psa_destroy_key(handle);
- return status;
- case PAL_CRYPTO_GET_KEY_INFORMATION:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type_out = va_arg(valist, psa_key_type_t*);
- length = (size_t *)va_arg(valist, size_t*);
- status = psa_get_key_information(handle, key_type_out, length);
- return status;
- case PAL_CRYPTO_GET_KEY_POLICY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_get_key_policy(handle, policy);
- case PAL_CRYPTO_KEY_POLICY_GET_USAGE:
- policy = va_arg(valist, psa_key_policy_t*);
- usage_out = va_arg(valist, psa_key_usage_t*);
- *usage_out = psa_key_policy_get_usage(policy);
+ case PAL_CRYPTO_RESET_KEY_ATTRIBUTES:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ psa_reset_key_attributes(attributes);
return 0;
- case PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM:
- policy = va_arg(valist, psa_key_policy_t*);
- alg_out = va_arg(valist, psa_algorithm_t*);
- *alg_out = psa_key_policy_get_algorithm(policy);
+ case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t *));
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t *);
+ return psa_export_public_key(key_handle, buffer, size, length);
+ case PAL_CRYPTO_SET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id = va_arg(valist, psa_key_id_t);
+ psa_set_key_id(attributes, key_id);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_LIFETIME:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime = va_arg(valist, psa_key_lifetime_t);
+ psa_set_key_lifetime(attributes, key_lifetime);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg = va_arg(valist, psa_algorithm_t);
+ psa_set_key_algorithm(attributes, key_alg);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ID:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_id_out = va_arg(valist, psa_key_id_t *);
+ *key_id_out = psa_get_key_id(attributes);
return 0;
case PAL_CRYPTO_GET_KEY_LIFETIME:
- handle = (psa_key_handle_t)va_arg(valist, int);
- lifetime_out = va_arg(valist, psa_key_lifetime_t*);
- return psa_get_key_lifetime(handle, lifetime_out);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_lifetime_out = va_arg(valist, psa_key_lifetime_t *);
+ *key_lifetime_out = psa_get_key_lifetime(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_USAGE_FLAGS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ usage_out = va_arg(valist, psa_key_usage_t *);
+ *usage_out = psa_get_key_usage_flags(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_ALGORITHM:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ key_alg_out = va_arg(valist, psa_algorithm_t *);
+ *key_alg_out = psa_get_key_algorithm(attributes);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_BITS:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ length = va_arg(valist, size_t *);
+ *length = psa_get_key_bits(attributes);
+ return 0;
+ case PAL_CRYPTO_DESTROY_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_destroy_key(key_handle);
case PAL_CRYPTO_HASH_SETUP:
hash_operation = va_arg(valist, psa_hash_operation_t*);
alg = va_arg(valist, psa_algorithm_t);
@@ -141,44 +169,31 @@
case PAL_CRYPTO_HASH_ABORT:
hash_operation = va_arg(valist, psa_hash_operation_t*);
return psa_hash_abort(hash_operation);
- case PAL_CRYPTO_GENERATE_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- extra = va_arg(valist, const void*);
- extra_size = va_arg(valist, size_t);
- return psa_generate_key(handle, key_type, size, extra, extra_size);
- case PAL_CRYPTO_GENERATOR_READ:
- generator = va_arg(valist, psa_crypto_generator_t*);
+ case PAL_CRYPTO_HASH_COMPUTE:
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
- size = va_arg(valist, int);
- return psa_generator_read(generator, buffer, size);
- case PAL_CRYPTO_KEY_DERIVATION:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_hash_compute(alg, plaintext, plaintext_size, buffer, size, length);
+ case PAL_CRYPTO_HASH_COMPARE:
alg = va_arg(valist, psa_algorithm_t);
- salt = va_arg(valist, const uint8_t *);
- salt_length = va_arg(valist, size_t);
- label = va_arg(valist, const uint8_t *);
- label_length = va_arg(valist, size_t);
- capacity = va_arg(valist, size_t);
- return psa_key_derivation(generator, handle, alg, salt, salt_length, label,
- label_length, capacity);
- case PAL_CRYPTO_GET_GENERATOR_CAPACITY:
- generator = va_arg(valist, psa_crypto_generator_t*);
- gen_cap = va_arg(valist, size_t*);
- return psa_get_generator_capacity(generator, gen_cap);
- case PAL_CRYPTO_GENERATOR_IMPORT_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- key_type = va_arg(valist, psa_key_type_t);
- size = va_arg(valist, size_t);
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_import_key(handle, key_type, size, generator);
- case PAL_CRYPTO_GENERATOR_ABORT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- return psa_generator_abort(generator);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_hash_compare(alg, plaintext, plaintext_size, buffer, size);
+ case PAL_CRYPTO_HASH_CLONE:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ target_operation = va_arg(valist, psa_hash_operation_t*);
+ return psa_hash_clone(hash_operation, target_operation);
+ case PAL_CRYPTO_GENERATE_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_generate_key(attributes, handle);
case PAL_CRYPTO_AEAD_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -189,10 +204,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_encrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
+ return psa_aead_encrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
case PAL_CRYPTO_AEAD_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
nonce = va_arg(valist, const uint8_t *);
nonce_length = va_arg(valist, size_t);
@@ -203,13 +218,74 @@
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_aead_decrypt(handle, alg, nonce, nonce_length, additional_data,
- additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ return psa_aead_decrypt(key_handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ case PAL_CRYPTO_AEAD_ENCRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_encrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_DECRYPT_SETUP:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_aead_decrypt_setup(aead_operation, key_handle, alg);
+ case PAL_CRYPTO_AEAD_GENERATE_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_generate_nonce(aead_operation, buffer, size, length);
+ case PAL_CRYPTO_AEAD_SET_NONCE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_set_nonce(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_SET_LENGTHS:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ size = va_arg(valist, size_t);
+ plaintext_size = va_arg(valist, size_t);
+ return psa_aead_set_lengths(aead_operation, size, plaintext_size);
+ case PAL_CRYPTO_AEAD_UPDATE_AD:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_update_ad(aead_operation, buffer, size);
+ case PAL_CRYPTO_AEAD_UPDATE:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_aead_update(aead_operation, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_AEAD_FINISH:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ tag_length = (size_t *)va_arg(valist, size_t*);
+ return psa_aead_finish(aead_operation, ciphertext, ciphertext_size, length, buffer,
+ size, tag_length);
+ case PAL_CRYPTO_AEAD_VERIFY:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_aead_verify(aead_operation, plaintext, plaintext_size, length, buffer, size);
+ case PAL_CRYPTO_AEAD_ABORT:
+ aead_operation = va_arg(valist, psa_aead_operation_t *);
+ return psa_aead_abort(aead_operation);
case PAL_CRYPTO_MAC_SIGN_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_sign_setup(mac_operation, handle, alg);
+ return psa_mac_sign_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_UPDATE:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -223,9 +299,9 @@
return psa_mac_sign_finish(mac_operation, buffer, size, length);
case PAL_CRYPTO_MAC_VERIFY_SETUP:
mac_operation = va_arg(valist, psa_mac_operation_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_mac_verify_setup(mac_operation, handle, alg);
+ return psa_mac_verify_setup(mac_operation, key_handle, alg);
case PAL_CRYPTO_MAC_VERIFY_FINISH:
mac_operation = va_arg(valist, psa_mac_operation_t*);
buffer = va_arg(valist, uint8_t*);
@@ -234,8 +310,27 @@
case PAL_CRYPTO_MAC_ABORT:
mac_operation = va_arg(valist, psa_mac_operation_t*);
return psa_mac_abort(mac_operation);
+ case PAL_CRYPTO_MAC_COMPUTE:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_mac_compute(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size, length);
+ case PAL_CRYPTO_MAC_VERIFY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t*);
+ plaintext_size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t*);
+ ciphertext_size = va_arg(valist, size_t);
+ return psa_mac_verify(key_handle, alg, plaintext, plaintext_size, ciphertext,
+ ciphertext_size);
case PAL_CRYPTO_ASYMMTERIC_ENCRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -244,10 +339,10 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_encrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_encrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_ASYMMTERIC_DECRYPT:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
plaintext = va_arg(valist, uint8_t *);
size = va_arg(valist, size_t);
@@ -256,18 +351,18 @@
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_decrypt(handle, alg, plaintext, size, salt, salt_length,
- ciphertext, ciphertext_size, length);
+ return psa_asymmetric_decrypt(key_handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_encrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_encrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_DECRYPT_SETUP:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
- return psa_cipher_decrypt_setup(cipher_operation, handle, alg);
+ return psa_cipher_decrypt_setup(cipher_operation, key_handle, alg);
case PAL_CRYPTO_CIPHER_GENERATE_IV:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
buffer = va_arg(valist, uint8_t*);
@@ -287,7 +382,7 @@
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
return psa_cipher_update(cipher_operation, plaintext, size, ciphertext, ciphertext_size,
- length);
+ length);
case PAL_CRYPTO_CIPHER_FINISH:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
ciphertext = va_arg(valist, uint8_t *);
@@ -297,39 +392,110 @@
case PAL_CRYPTO_CIPHER_ABORT:
cipher_operation = va_arg(valist, psa_cipher_operation_t *);
return psa_cipher_abort(cipher_operation);
+ case PAL_CRYPTO_CIPHER_ENCRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_encrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
+ case PAL_CRYPTO_CIPHER_DECRYPT:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_decrypt(key_handle, alg, plaintext, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_SIGN:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
length = va_arg(valist, size_t*);
- return psa_asymmetric_sign(handle, alg, buffer, size, ciphertext, ciphertext_size,
- length);
+ return psa_asymmetric_sign(key_handle, alg, buffer, size, ciphertext, ciphertext_size,
+ length);
case PAL_CRYPTO_ASYMMTERIC_VERIFY:
- handle = (psa_key_handle_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
alg = va_arg(valist, psa_algorithm_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
ciphertext = va_arg(valist, uint8_t *);
ciphertext_size = va_arg(valist, size_t);
- return psa_asymmetric_verify(handle, alg, buffer, size, ciphertext, ciphertext_size);
- case PAL_CRYPTO_KEY_AGREEMENT:
- generator = va_arg(valist, psa_crypto_generator_t*);
- handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_asymmetric_verify(key_handle, alg, buffer, size, ciphertext,
+ ciphertext_size);
+ case PAL_CRYPTO_RAW_KEY_AGREEMENT:
+ alg = va_arg(valist, psa_algorithm_t);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
buffer = va_arg(valist, uint8_t*);
size = va_arg(valist, size_t);
- alg = va_arg(valist, psa_algorithm_t);
- return psa_key_agreement(generator, handle, buffer, size, alg);
- case PAL_CRYPTO_ALLOCATE_KEY:
- key_handle = (psa_key_handle_t *)va_arg(valist, int*);
- return psa_allocate_key(key_handle);
+ length = va_arg(valist, size_t*);
+ return psa_raw_key_agreement(alg, key_handle, peer, peer_length, buffer, size, length);
case PAL_CRYPTO_COPY_KEY:
- handle = (psa_key_handle_t)va_arg(valist, int);
- target_handle = (psa_key_handle_t)va_arg(valist, int);
- policy = va_arg(valist, psa_key_policy_t*);
- return psa_copy_key(handle, target_handle, policy);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_copy_key(key_handle, attributes, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SETUP:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_key_derivation_setup(derive_operation, alg);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_input_bytes(derive_operation, step, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_key_derivation_input_key(derive_operation, step, key_handle);
+ case PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ step = (psa_key_derivation_step_t)va_arg(valist, int);
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ peer = va_arg(valist, uint8_t*);
+ peer_length = va_arg(valist, size_t);
+ return psa_key_derivation_key_agreement(derive_operation, step, key_handle, peer,
+ peer_length);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_output_bytes(derive_operation, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY:
+ attributes = va_arg(valist, psa_key_attributes_t *);
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_key_derivation_output_key(attributes, derive_operation, handle);
+ case PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ size = va_arg(valist, size_t);
+ return psa_key_derivation_set_capacity(derive_operation, size);
+ case PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ length = va_arg(valist, size_t *);
+ return psa_key_derivation_get_capacity(derive_operation, length);
+ case PAL_CRYPTO_KEY_DERIVATION_ABORT:
+ derive_operation = va_arg(valist, psa_key_derivation_operation_t *);
+ return psa_key_derivation_abort(derive_operation);
+ case PAL_CRYPTO_OPEN_KEY:
+ key_id = va_arg(valist, psa_key_id_t);
+ handle = (psa_key_handle_t *)va_arg(valist, int *);
+ return psa_open_key(key_id, handle);
+ case PAL_CRYPTO_CLOSE_KEY:
+ key_handle = (psa_key_handle_t)va_arg(valist, int);
+ return psa_close_key(key_handle);
case PAL_CRYPTO_FREE:
for (i = 0; i < PAL_KEY_SLOT_COUNT; i++)
psa_destroy_key(i);
diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h
index d1dabfa..486f793 100644
--- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h
+++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/crypto/pal_crypto_intf.h
@@ -21,55 +21,82 @@
#include "pal_common.h"
enum crypto_function_code {
- PAL_CRYPTO_INIT = 0x1,
- PAL_CRYPTO_GENERATE_RANDOM = 0x2,
- PAL_CRYPTO_IMPORT_KEY = 0x3,
- PAL_CRYPTO_EXPORT_KEY = 0x4,
- PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
- PAL_CRYPTO_DESTROY_KEY = 0x6,
- PAL_CRYPTO_GET_KEY_INFO = 0x7,
- PAL_CRYPTO_KEY_POLICY_INIT = 0x8,
- PAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9,
- PAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA,
- PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB,
- PAL_CRYPTO_SET_KEY_POLICY = 0xC,
- PAL_CRYPTO_GET_KEY_POLICY = 0xD,
- PAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
- PAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
- PAL_CRYPTO_HASH_SETUP = 0x11,
- PAL_CRYPTO_HASH_UPDATE = 0x12,
- PAL_CRYPTO_HASH_VERIFY = 0x13,
- PAL_CRYPTO_HASH_FINISH = 0x14,
- PAL_CRYPTO_HASH_ABORT = 0x15,
- PAL_CRYPTO_GENERATE_KEY = 0x16,
- PAL_CRYPTO_GENERATOR_READ = 0x17,
- PAL_CRYPTO_KEY_DERIVATION = 0x18,
- PAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
- PAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
- PAL_CRYPTO_GENERATOR_ABORT = 0x1B,
- PAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
- PAL_CRYPTO_AEAD_DECRYPT = 0x1D,
- PAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
- PAL_CRYPTO_MAC_UPDATE = 0x1F,
- PAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
- PAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
- PAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
- PAL_CRYPTO_MAC_ABORT = 0x23,
- PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
- PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
- PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
- PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
- PAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
- PAL_CRYPTO_CIPHER_SET_IV = 0x2C,
- PAL_CRYPTO_CIPHER_UPDATE = 0x2D,
- PAL_CRYPTO_CIPHER_FINISH = 0x2E,
- PAL_CRYPTO_CIPHER_ABORT = 0x2F,
- PAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
- PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
- PAL_CRYPTO_KEY_AGREEMENT = 0x32,
- PAL_CRYPTO_ALLOCATE_KEY = 0x33,
- PAL_CRYPTO_COPY_KEY = 0x34,
- PAL_CRYPTO_FREE = 0xFE,
+ PAL_CRYPTO_INIT = 0x1,
+ PAL_CRYPTO_GENERATE_RANDOM = 0x2,
+ PAL_CRYPTO_IMPORT_KEY = 0x3,
+ PAL_CRYPTO_EXPORT_KEY = 0x4,
+ PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
+ PAL_CRYPTO_DESTROY_KEY = 0x6,
+ PAL_CRYPTO_HASH_SETUP = 0x7,
+ PAL_CRYPTO_HASH_UPDATE = 0x8,
+ PAL_CRYPTO_HASH_VERIFY = 0x9,
+ PAL_CRYPTO_HASH_FINISH = 0xA,
+ PAL_CRYPTO_HASH_ABORT = 0xB,
+ PAL_CRYPTO_GENERATE_KEY = 0xC,
+ PAL_CRYPTO_AEAD_ENCRYPT = 0xD,
+ PAL_CRYPTO_AEAD_DECRYPT = 0xE,
+ PAL_CRYPTO_MAC_SIGN_SETUP = 0xF,
+ PAL_CRYPTO_MAC_UPDATE = 0x10,
+ PAL_CRYPTO_MAC_SIGN_FINISH = 0x11,
+ PAL_CRYPTO_MAC_VERIFY_SETUP = 0x12,
+ PAL_CRYPTO_MAC_VERIFY_FINISH = 0x13,
+ PAL_CRYPTO_MAC_ABORT = 0x14,
+ PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x15,
+ PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x16,
+ PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x17,
+ PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x18,
+ PAL_CRYPTO_CIPHER_GENERATE_IV = 0x19,
+ PAL_CRYPTO_CIPHER_SET_IV = 0x1A,
+ PAL_CRYPTO_CIPHER_UPDATE = 0x1B,
+ PAL_CRYPTO_CIPHER_FINISH = 0x1C,
+ PAL_CRYPTO_CIPHER_ABORT = 0x1D,
+ PAL_CRYPTO_ASYMMTERIC_SIGN = 0x1E,
+ PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x1F,
+ PAL_CRYPTO_COPY_KEY = 0x20,
+ PAL_CRYPTO_SET_KEY_TYPE = 0x21,
+ PAL_CRYPTO_SET_KEY_BITS = 0x22,
+ PAL_CRYPTO_GET_KEY_ATTRIBUTES = 0x23,
+ PAL_CRYPTO_GET_KEY_TYPE = 0x24,
+ PAL_CRYPTO_SET_KEY_USAGE_FLAGS = 0x25,
+ PAL_CRYPTO_RESET_KEY_ATTRIBUTES = 0x26,
+ PAL_CRYPTO_SET_KEY_ID = 0x27,
+ PAL_CRYPTO_SET_KEY_LIFETIME = 0x28,
+ PAL_CRYPTO_SET_KEY_ALGORITHM = 0x29,
+ PAL_CRYPTO_GET_KEY_ID = 0x2A,
+ PAL_CRYPTO_GET_KEY_LIFETIME = 0x2B,
+ PAL_CRYPTO_GET_KEY_USAGE_FLAGS = 0x2C,
+ PAL_CRYPTO_GET_KEY_ALGORITHM = 0x2D,
+ PAL_CRYPTO_GET_KEY_BITS = 0x2E,
+ PAL_CRYPTO_HASH_COMPUTE = 0x2F,
+ PAL_CRYPTO_HASH_COMPARE = 0x30,
+ PAL_CRYPTO_KEY_DERIVATION_SETUP = 0x31,
+ PAL_CRYPTO_KEY_DERIVATION_ABORT = 0x32,
+ PAL_CRYPTO_RAW_KEY_AGREEMENT = 0x33,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES = 0x34,
+ PAL_CRYPTO_KEY_DERIVATION_INPUT_KEY = 0x35,
+ PAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT = 0x36,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES = 0x37,
+ PAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY = 0x38,
+ PAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY = 0x39,
+ PAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY = 0x3A,
+ PAL_CRYPTO_HASH_CLONE = 0x3B,
+ PAL_CRYPTO_MAC_COMPUTE = 0x3C,
+ PAL_CRYPTO_MAC_VERIFY = 0x3D,
+ PAL_CRYPTO_CIPHER_ENCRYPT = 0x3F,
+ PAL_CRYPTO_CIPHER_DECRYPT = 0x40,
+ PAL_CRYPTO_OPEN_KEY = 0x41,
+ PAL_CRYPTO_CLOSE_KEY = 0x42,
+ PAL_CRYPTO_AEAD_ENCRYPT_SETUP = 0x43,
+ PAL_CRYPTO_AEAD_DECRYPT_SETUP = 0x44,
+ PAL_CRYPTO_AEAD_GENERATE_NONCE = 0x45,
+ PAL_CRYPTO_AEAD_SET_NONCE = 0x46,
+ PAL_CRYPTO_AEAD_SET_LENGTHS = 0X47,
+ PAL_CRYPTO_AEAD_UPDATE_AD = 0x48,
+ PAL_CRYPTO_AEAD_UPDATE = 0x49,
+ PAL_CRYPTO_AEAD_FINISH = 0x4A,
+ PAL_CRYPTO_AEAD_VERIFY = 0x4B,
+ PAL_CRYPTO_AEAD_ABORT = 0x4C,
+ PAL_CRYPTO_FREE = 0xFE,
};
int32_t pal_crypto_function(int type, va_list valist);
diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c
index ae2bdba..38ed283 100644
--- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c
+++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.c
@@ -17,24 +17,14 @@
#include "pal_attestation_crypto.h"
-static uint32_t public_key_registered = 0;
-
+static uint32_t public_key_registered;
+static psa_key_handle_t public_key_handle;
static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf,
size_t amount)
{
return UsefulBuf_Head(buf, amount);
}
-static uint32_t check_hash_sizes(void)
-{
- if (T_COSE_CRYPTO_SHA256_SIZE != PSA_HASH_SIZE(PSA_ALG_SHA_256))
- {
- return PAL_ATTEST_HASH_FAIL;
- }
-
- return PAL_ATTEST_SUCCESS;
-}
-
static psa_ecc_curve_t attest_map_elliptic_curve_type(int32_t cose_curve)
{
psa_ecc_curve_t psa_curve;
@@ -82,130 +72,94 @@
int32_t pal_cose_crypto_hash_start(struct pal_cose_crypto_hash *hash_ctx, int32_t cose_hash_alg_id)
{
- int32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t psa_alg;
- cose_ret = check_hash_sizes();
- if (cose_ret)
- {
- goto error;
- }
+ /* Map the algorithm ID */
+ psa_alg = cose_hash_alg_id_to_psa(cose_hash_alg_id);
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Actually do the hash set up */
+ hash_ctx->status = psa_hash_setup(&psa_hash, psa_alg);
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
- psa_ret = psa_hash_setup(&psa_hash_ctx->operation, cose_hash_alg_id_to_psa(cose_hash_alg_id));
+ /* Copy the PSA handle back into the context */
+ hash_ctx->context.handle = psa_hash.handle;
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- psa_hash_ctx->status = PAL_ATTEST_SUCCESS;
- cose_ret = PAL_ATTEST_SUCCESS;
- }
- else if (psa_ret == PSA_ERROR_NOT_SUPPORTED)
- {
- cose_ret = PAL_ATTEST_HASH_UNSUPPORTED;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
-
-error:
- return cose_ret;
+ /* Map errors and return */
+ return (psa_status_t)hash_ctx->status;
}
void pal_cose_crypto_hash_update(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf_c data_to_hash)
{
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
+
+ if (hash_ctx->status != PSA_SUCCESS)
+ return;
+
+ if (data_to_hash.ptr == NULL) {
+ /* No data was passed in to be hashed indicating the mode of use is
+ * the computation of the size of hash. This mode is hashing is used
+ * by t_cose when it is requested to compute the size of the signed
+ * data it might compute, which is in turn used to compute the
+ * size of a would be token. When computing the size, the size
+ * like this, there is nothing to do in update()
+ */
return;
}
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ /* Actually hash the data */
+ hash_ctx->status = psa_hash_update(&psa_hash, data_to_hash.ptr, data_to_hash.len);
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- if (data_to_hash.ptr != NULL)
- {
- psa_hash_ctx->status = psa_hash_update(&psa_hash_ctx->operation,
- data_to_hash.ptr,
- data_to_hash.len);
- }
- else
- {
- /* Intentionally do nothing, just computing the size of the token */
- }
- }
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
}
int32_t pal_cose_crypto_hash_finish(struct pal_cose_crypto_hash *hash_ctx,
struct q_useful_buf buffer_to_hold_result,
struct q_useful_buf_c *hash_result)
{
- uint32_t cose_ret = PAL_ATTEST_SUCCESS;
- psa_status_t psa_ret;
- struct pal_cose_psa_crypto_hash *psa_hash_ctx;
+ psa_hash_operation_t psa_hash;
- if (sizeof(struct pal_cose_crypto_hash) < sizeof(struct pal_cose_psa_crypto_hash))
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- goto error;
- }
+ /* Copy the PSA handle out of the generic context */
+ psa_hash.handle = (uint32_t)hash_ctx->context.handle;
- psa_hash_ctx = (struct pal_cose_psa_crypto_hash *)hash_ctx;
+ if (hash_ctx->status != PSA_SUCCESS)
+ goto Done;
- if (psa_hash_ctx->status == PAL_ATTEST_SUCCESS)
- {
- psa_ret = psa_hash_finish(&psa_hash_ctx->operation,
- buffer_to_hold_result.ptr,
- buffer_to_hold_result.len,
- &(hash_result->len));
+ /* Actually finish up the hash */
+ hash_ctx->status = psa_hash_finish(&psa_hash, buffer_to_hold_result.ptr,
+ buffer_to_hold_result.len, &(hash_result->len));
- if (psa_ret == PAL_ATTEST_SUCCESS)
- {
- hash_result->ptr = buffer_to_hold_result.ptr;
- cose_ret = 0;
- }
- else if (psa_ret == PSA_ERROR_BUFFER_TOO_SMALL)
- {
- cose_ret = PAL_ATTEST_HASH_BUFFER_SIZE;
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
- }
- else
- {
- cose_ret = PAL_ATTEST_HASH_FAIL;
- }
+ hash_result->ptr = buffer_to_hold_result.ptr;
-error:
- return cose_ret;
+ /* Copy the PSA handle back into the context. */
+ hash_ctx->context.handle = psa_hash.handle;
+
+Done:
+ return ((psa_status_t)hash_ctx->status);
+
}
int pal_create_sha256(struct q_useful_buf_c bytes_to_hash, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ uint32_t return_value = 0;
struct pal_cose_crypto_hash hash_ctx;
- status = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
- if (status)
- return status;
+ return_value = pal_cose_crypto_hash_start(&hash_ctx, COSE_ALG_SHA256_PROPRIETARY);
+ if (return_value)
+ goto Done;
pal_cose_crypto_hash_update(&hash_ctx, bytes_to_hash);
- status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
+ return_value = pal_cose_crypto_hash_finish(&hash_ctx,
+ buffer_for_hash,
+ hash);
- return status;
+Done:
+ return return_value;
}
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
@@ -223,18 +177,19 @@
/* This builds the CBOR-format to-be-signed bytes */
QCBOREncode_Init(&cbor_encode_ctx, buffer_for_TBS_first_part);
QCBOREncode_OpenArray(&cbor_encode_ctx);
+
/* context */
- QCBOREncode_AddSZString(&cbor_encode_ctx,
- COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+ QCBOREncode_AddSZString(&cbor_encode_ctx, COSE_SIG_CONTEXT_STRING_SIGNATURE1);
+
/* body_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx,
- protected_headers);
- /* sign_protected */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+ QCBOREncode_AddBytes(&cbor_encode_ctx, protected_headers);
+
+ /* sign_protected is not used for Sign1 */
/* external_aad */
QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
- /* fake payload */
- QCBOREncode_AddBytes(&cbor_encode_ctx, NULL_USEFUL_BUF_C);
+
+ /* The short fake payload. */
+ QCBOREncode_AddBytesLenOnly(&cbor_encode_ctx, payload);
QCBOREncode_CloseArray(&cbor_encode_ctx);
/* Get the result and convert it to struct q_useful_buf_c representation */
@@ -242,7 +197,8 @@
if (qcbor_result)
{
/* Mainly means that the protected_headers were too big
- (which should never happen) */
+ * (which should never happen)
+ */
status = PAL_ATTEST_ERR_SIGN_STRUCT;
goto Done;
}
@@ -257,90 +213,129 @@
if (status)
goto Done;
- /* Hash the first part of the TBS. Take all but the last two
- * bytes. The last two bytes are the fake payload from above. It
- * is replaced by the real payload which is hashed next. The fake
- * payload is needed so the array count is right. This is one of
- * the main things that make it possible to implement with one
- * buffer for the whole cose sign1.
+ /* This is hashing of the first part, all the CBOR
+ * except the payload.
*/
- pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part,
- tbs_first_part.len - 2));
+ pal_cose_crypto_hash_update(&hash_ctx, useful_buf_head(tbs_first_part, tbs_first_part.len));
- /* Hash the payload */
+ /* Hash the payload, the second part. */
pal_cose_crypto_hash_update(&hash_ctx, payload);
/* Finish the hash and set up to return it */
- status = pal_cose_crypto_hash_finish(&hash_ctx,
- buffer_for_hash,
- hash);
+ status = pal_cose_crypto_hash_finish(&hash_ctx, buffer_for_hash, hash);
Done:
return status;
}
-uint32_t pal_import_attest_key(int32_t alg)
+static uint32_t pal_import_attest_key(psa_algorithm_t key_alg)
{
- psa_key_type_t attest_key_type;
- size_t public_key_size;
- psa_status_t status = PSA_SUCCESS;
+ psa_status_t status = PAL_ATTEST_ERROR;
+ psa_key_usage_t usage = PSA_KEY_USAGE_VERIFY;
+ psa_ecc_curve_t psa_curve = attest_map_elliptic_curve_type(P_256);
+ psa_key_type_t attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
+ size_t public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
+
+#if defined(CRYPTO_VERSION_BETA1) || defined(CRYPTO_VERSION_BETA2)
psa_key_policy_t policy;
- psa_ecc_curve_t psa_curve;
- psa_key_handle_t public_key_handle;
- /* Mapping of COSE curve type to PSA curve types */
- psa_curve = attest_map_elliptic_curve_type(P_256);
- if (psa_curve == USHRT_MAX)
- return PAL_ATTEST_ERROR;
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
- /* Setup the key policy for public key */
- policy = psa_key_policy_init();
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_VERIFY, alg);
+ /* Setup the key policy for public key */
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage(&policy, usage, key_alg);
- status = psa_allocate_key(&public_key_handle);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_allocate_key(&public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- status = psa_set_key_policy(public_key_handle, &policy);
- if (status != PSA_SUCCESS)
- return status;
+ status = psa_set_key_policy(public_key_handle, &policy);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
- attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(psa_curve);
-
- /* Register public key to crypto service */
- public_key_size = attest_key.pubx_key_size + attest_key.puby_key_size;
-
- status = psa_import_key(public_key_handle,
+ /* Import the public key */
+ status = psa_import_key(public_key_handle,
attest_key_type,
- (const uint8_t *)&attest_public_key,
+ (const uint8_t *)&attest_public_key,
public_key_size + 1);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+
+#elif defined(CRYPTO_VERSION_BETA3)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (!public_key_registered)
+ {
+ if (psa_curve == USHRT_MAX)
+ return PAL_ATTEST_ERROR;
+
+ /* Set the attributes for the public key */
+ psa_set_key_type(&attributes, attest_key_type);
+ psa_set_key_bits(&attributes, public_key_size + 1);
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, key_alg);
+
+ /* Import the public key */
+ status = psa_import_key(&attributes,
+ (const uint8_t *)&attest_public_key,
+ public_key_size + 1,
+ &public_key_handle);
+
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 1;
+ }
+#endif
return status;
}
+static uint32_t pal_destroy_attest_key(void)
+{
+ psa_status_t status;
+
+ if (!public_key_registered)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ status = psa_destroy_key(public_key_handle);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ public_key_registered = 0;
+
+ return PAL_ATTEST_SUCCESS;
+}
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id,
struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature)
{
- uint32_t status = PAL_ATTEST_SUCCESS;
+ int32_t status = PAL_ATTEST_ERROR;
+ psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
- if (!public_key_registered)
- {
- status = pal_import_attest_key(cose_algorithm_id);
- if (status != PAL_ATTEST_SUCCESS)
- return status;
+ /* Register the attestation public key */
+ status = pal_import_attest_key(key_alg);
+ if (status != PAL_ATTEST_SUCCESS)
+ return status;
- public_key_registered = 1;
- }
-
-/*
- * Enable the verify function when Trusted Firmare - M Supports
-
- * Verify the signature a hash or short message using a public key.
+ /* Verify the signature */
status = psa_asymmetric_verify(public_key_handle,
- cose_algorithm_id, token_hash.ptr, token_hash.len,
- signature.ptr, signature.len);
-*/
- return status;
+ key_alg, token_hash.ptr, token_hash.len,
+ signature.ptr, signature.len);
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_SIGNATURE_FAIL;
+
+ /* Unregister the attestation public key */
+ status = pal_destroy_attest_key();
+ if (status != PSA_SUCCESS)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ return PAL_ATTEST_SUCCESS;
}
diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h
index 2d63ad1..2175e65 100644
--- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h
+++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_crypto.h
@@ -22,9 +22,9 @@
typedef struct{
uint8_t *pubx_key;
- uint32_t pubx_key_size;
+ size_t pubx_key_size;
uint8_t *puby_key;
- uint32_t puby_key_size;
+ size_t puby_key_size;
} ecc_key_t;
struct ecc_public_key_t {
@@ -48,11 +48,11 @@
};
struct pal_cose_crypto_hash {
- /* Can't put the actual size here without creating dependecy on
- * actual hash implementation, so this is a fairly large and
- * accommodating size.
- */
- uint8_t bytes[128];
+ union {
+ void *ptr;
+ uint64_t handle;
+ } context;
+ int64_t status;
};
struct pal_cose_psa_crypto_hash {
@@ -95,7 +95,6 @@
uint32_t pal_compute_hash(int32_t cose_alg_id, struct q_useful_buf buffer_for_hash,
struct q_useful_buf_c *hash, struct q_useful_buf_c protected_headers,
struct q_useful_buf_c payload);
-uint32_t pal_import_attest_key(int32_t alg);
uint32_t pal_crypto_pub_key_verify(int32_t cose_algorithm_id, struct q_useful_buf_c token_hash,
struct q_useful_buf_c signature);
diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c
index 178fdc9..60c7164 100644
--- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c
+++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c
@@ -29,7 +29,7 @@
QCBORError qcbor_result;
QCBOREncodeContext cbor_encode_ctx;
int32_t cose_curve_id = P_256;
- struct q_useful_buf_c encoded_key_id;
+ struct q_useful_buf_c encoded_key_id;
/* Get the public key x and y */
/* Encode it into a COSE_Key structure */
@@ -136,26 +136,18 @@
}
static int parse_unprotected_headers(QCBORDecodeContext *decode_context,
- struct q_useful_buf_c *child,
- bool *loop_back)
+ struct q_useful_buf_c *child)
{
struct items_to_get_t item_list[3];
item_list[0].label = COSE_HEADER_PARAM_KID;
- item_list[1].label = T_COSE_SHORT_CIRCUIT_LABEL;
- item_list[2].label = 0;
- *loop_back = false;
+ item_list[1].label = 0;
if (get_items_in_map(decode_context, item_list))
{
return PAL_ATTEST_ERROR;
}
- if (item_list[1].item.uDataType == QCBOR_TYPE_TRUE)
- {
- *loop_back = true;
- }
-
if (item_list[0].item.uDataType != QCBOR_TYPE_BYTE_STRING)
{
return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
@@ -324,11 +316,10 @@
token_size : Size of the token buffer
@return - error status
**/
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size)
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size)
{
int32_t status = PAL_ATTEST_SUCCESS;
- bool short_circuit;
int32_t cose_algorithm_id;
QCBORItem item;
QCBORDecodeContext decode_context;
@@ -412,8 +403,7 @@
return status;
/* Parse the unprotected headers and check the data type and value */
- short_circuit = false;
- status = parse_unprotected_headers(&decode_context, &kid, &short_circuit);
+ status = parse_unprotected_headers(&decode_context, &kid);
if (status != PAL_ATTEST_SUCCESS)
return status;
diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h
index 8a0c545..e7449a0 100644
--- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h
+++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h
@@ -140,8 +140,7 @@
1 << (EAT_CBOR_ARM_RANGE_BASE \
- EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS))
-#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT | \
- 1 << EAT_CBOR_SW_COMPONENT_SIGNER_ID)
+#define MANDATORY_SW_COMP (1 << EAT_CBOR_SW_COMPONENT_MEASUREMENT)
#define NULL_USEFUL_BUF_C NULLUsefulBufC
@@ -158,6 +157,8 @@
PAL_ATTEST_HASH_BUFFER_SIZE,
PAL_ATTEST_ERR_PROTECTED_HEADERS,
PAL_ATTEST_ERR_SIGN_STRUCT,
+ PAL_ATTEST_ERR_KEY_FAIL,
+ PAL_ATTEST_ERR_SIGNATURE_FAIL,
PAL_ATTEST_ERROR,
};
@@ -166,5 +167,5 @@
QCBORItem item;
};
-int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
- uint8_t *token, uint32_t token_size);
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, size_t challenge_size,
+ uint8_t *token, size_t token_size);
diff --git a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.c b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.c
index 2d99f74..83c1ebd 100644
--- a/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.c
+++ b/api-tests/platform/targets/tgt_ff_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.c
@@ -27,25 +27,27 @@
int32_t pal_attestation_function(int type, va_list valist)
{
uint8_t *challenge, *token;
- uint32_t challenge_size, *token_size, verify_token_size;
+ size_t challenge_size, *token_size, verify_token_size, token_buffer_size;
switch (type)
{
case PAL_INITIAL_ATTEST_GET_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- token_size = va_arg(valist, uint32_t*);
- return psa_initial_attest_get_token(challenge, challenge_size, token, token_size);
+ token_buffer_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
+ return psa_initial_attest_get_token(challenge, challenge_size, token, token_buffer_size,
+ token_size);
case PAL_INITIAL_ATTEST_GET_TOKEN_SIZE:
- challenge_size = va_arg(valist, uint32_t);
- token_size = va_arg(valist, uint32_t*);
+ challenge_size = va_arg(valist, size_t);
+ token_size = va_arg(valist, size_t*);
return psa_initial_attest_get_token_size(challenge_size, token_size);
case PAL_INITIAL_ATTEST_VERIFY_TOKEN:
challenge = va_arg(valist, uint8_t*);
- challenge_size = va_arg(valist, uint32_t);
+ challenge_size = va_arg(valist, size_t);
token = va_arg(valist, uint8_t*);
- verify_token_size = va_arg(valist, uint32_t);
+ verify_token_size = va_arg(valist, size_t);
return pal_initial_attest_verify_token(challenge, challenge_size,
token, verify_token_size);
default:
diff --git a/api-tests/val/common/val.h b/api-tests/val/common/val.h
index 2af2858..3b1a713 100644
--- a/api-tests/val/common/val.h
+++ b/api-tests/val/common/val.h
@@ -186,10 +186,16 @@
BOOT_EXPECTED_NS = 0x3,
/* Test performs panic check for secure test run and expect reboot */
BOOT_EXPECTED_S = 0x4,
- /* Test expected reboot but it didn't happen */
+ /* Test expects reboot but it didn't happen */
BOOT_EXPECTED_BUT_FAILED = 0x5,
- /* Test expect reboot for secure/non-secure test run. If reboot happens, re-enter same test */
+ /* Test expects reboot for secure/non-secure test run. If reboot happens,
+ * re-enter the same test and execute the next check function
+ */
BOOT_EXPECTED_REENTER_TEST = 0x6,
+ /* Test expect reboot for the test run. If reboot happens,
+ * re-enter the same test and continue executing the same check function
+ */
+ BOOT_EXPECTED_CONT_TEST_EXEC = 0x7,
} boot_state_t;
typedef enum {
@@ -197,6 +203,9 @@
NV_TEST_ID_PREVIOUS = 0x1,
NV_TEST_ID_CURRENT = 0x2,
NV_TEST_CNT = 0x3,
+ NV_TEST_DATA1 = 0x4,
+ NV_TEST_DATA2 = 0x5,
+ NV_TEST_DATA3 = 0x6,
} nvmem_index_t;
/* enums to report test sub-state */
@@ -231,6 +240,7 @@
VAL_STATUS_HEAP_NOT_AVAILABLE = 0x2A,
VAL_STATUS_UNSUPPORTED = 0x2B,
VAL_STATUS_DRIVER_FN_FAILED = 0x2C,
+ VAL_STATUS_NO_TESTS = 0X2D,
VAL_STATUS_ERROR_MAX = INT_MAX,
} val_status_t;
diff --git a/api-tests/val/nspe/val_crypto.h b/api-tests/val/nspe/val_crypto.h
index 6fc3f56..8956d56 100644
--- a/api-tests/val/nspe/val_crypto.h
+++ b/api-tests/val/nspe/val_crypto.h
@@ -50,57 +50,86 @@
#define PSA_KEY_USAGE_INVALID 0xFFFFFFFF
#define PSA_HASH_ALG_INVALID 0x01FFFFFF
#define PSA_ALG_INVALID 0xFFFFFFFF
+#define PSA_KEY_DERIVATION_STEP_INVALID 0x0000FFFF
enum crypto_function_code {
- VAL_CRYPTO_INIT = 0x1,
- VAL_CRYPTO_GENERATE_RANDOM = 0x2,
- VAL_CRYPTO_IMPORT_KEY = 0x3,
- VAL_CRYPTO_EXPORT_KEY = 0x4,
- VAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
- VAL_CRYPTO_DESTROY_KEY = 0x6,
- VAL_CRYPTO_GET_KEY_INFO = 0x7,
- VAL_CRYPTO_KEY_POLICY_INIT = 0x8,
- VAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9,
- VAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA,
- VAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB,
- VAL_CRYPTO_SET_KEY_POLICY = 0xC,
- VAL_CRYPTO_GET_KEY_POLICY = 0xD,
- VAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
- VAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
- VAL_CRYPTO_HASH_SETUP = 0x11,
- VAL_CRYPTO_HASH_UPDATE = 0x12,
- VAL_CRYPTO_HASH_VERIFY = 0x13,
- VAL_CRYPTO_HASH_FINISH = 0x14,
- VAL_CRYPTO_HASH_ABORT = 0x15,
- VAL_CRYPTO_GENERATE_KEY = 0x16,
- VAL_CRYPTO_GENERATOR_READ = 0x17,
- VAL_CRYPTO_KEY_DERIVATION = 0x18,
- VAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
- VAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
- VAL_CRYPTO_GENERATOR_ABORT = 0x1B,
- VAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
- VAL_CRYPTO_AEAD_DECRYPT = 0x1D,
- VAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
- VAL_CRYPTO_MAC_UPDATE = 0x1F,
- VAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
- VAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
- VAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
- VAL_CRYPTO_MAC_ABORT = 0x23,
- VAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
- VAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
- VAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
- VAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
- VAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
- VAL_CRYPTO_CIPHER_SET_IV = 0x2C,
- VAL_CRYPTO_CIPHER_UPDATE = 0x2D,
- VAL_CRYPTO_CIPHER_FINISH = 0x2E,
- VAL_CRYPTO_CIPHER_ABORT = 0x2F,
- VAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
- VAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
- VAL_CRYPTO_KEY_AGREEMENT = 0x32,
- VAL_CRYPTO_ALLOCATE_KEY = 0x33,
- VAL_CRYPTO_COPY_KEY = 0x34,
- VAL_CRYPTO_FREE = 0xFE,
+ VAL_CRYPTO_INIT = 0x1,
+ VAL_CRYPTO_GENERATE_RANDOM = 0x2,
+ VAL_CRYPTO_IMPORT_KEY = 0x3,
+ VAL_CRYPTO_EXPORT_KEY = 0x4,
+ VAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
+ VAL_CRYPTO_DESTROY_KEY = 0x6,
+ VAL_CRYPTO_HASH_SETUP = 0x7,
+ VAL_CRYPTO_HASH_UPDATE = 0x8,
+ VAL_CRYPTO_HASH_VERIFY = 0x9,
+ VAL_CRYPTO_HASH_FINISH = 0xA,
+ VAL_CRYPTO_HASH_ABORT = 0xB,
+ VAL_CRYPTO_GENERATE_KEY = 0xC,
+ VAL_CRYPTO_AEAD_ENCRYPT = 0xD,
+ VAL_CRYPTO_AEAD_DECRYPT = 0xE,
+ VAL_CRYPTO_MAC_SIGN_SETUP = 0xF,
+ VAL_CRYPTO_MAC_UPDATE = 0x10,
+ VAL_CRYPTO_MAC_SIGN_FINISH = 0x11,
+ VAL_CRYPTO_MAC_VERIFY_SETUP = 0x12,
+ VAL_CRYPTO_MAC_VERIFY_FINISH = 0x13,
+ VAL_CRYPTO_MAC_ABORT = 0x14,
+ VAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x15,
+ VAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x16,
+ VAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x17,
+ VAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x18,
+ VAL_CRYPTO_CIPHER_GENERATE_IV = 0x19,
+ VAL_CRYPTO_CIPHER_SET_IV = 0x1A,
+ VAL_CRYPTO_CIPHER_UPDATE = 0x1B,
+ VAL_CRYPTO_CIPHER_FINISH = 0x1C,
+ VAL_CRYPTO_CIPHER_ABORT = 0x1D,
+ VAL_CRYPTO_ASYMMTERIC_SIGN = 0x1E,
+ VAL_CRYPTO_ASYMMTERIC_VERIFY = 0x1F,
+ VAL_CRYPTO_COPY_KEY = 0x20,
+ VAL_CRYPTO_SET_KEY_TYPE = 0x21,
+ VAL_CRYPTO_SET_KEY_BITS = 0x22,
+ VAL_CRYPTO_GET_KEY_ATTRIBUTES = 0x23,
+ VAL_CRYPTO_GET_KEY_TYPE = 0x24,
+ VAL_CRYPTO_SET_KEY_USAGE_FLAGS = 0x25,
+ VAL_CRYPTO_RESET_KEY_ATTRIBUTES = 0x26,
+ VAL_CRYPTO_SET_KEY_ID = 0x27,
+ VAL_CRYPTO_SET_KEY_LIFETIME = 0x28,
+ VAL_CRYPTO_SET_KEY_ALGORITHM = 0x29,
+ VAL_CRYPTO_GET_KEY_ID = 0x2A,
+ VAL_CRYPTO_GET_KEY_LIFETIME = 0x2B,
+ VAL_CRYPTO_GET_KEY_USAGE_FLAGS = 0x2C,
+ VAL_CRYPTO_GET_KEY_ALGORITHM = 0x2D,
+ VAL_CRYPTO_GET_KEY_BITS = 0x2E,
+ VAL_CRYPTO_HASH_COMPUTE = 0x2F,
+ VAL_CRYPTO_HASH_COMPARE = 0x30,
+ VAL_CRYPTO_KEY_DERIVATION_SETUP = 0x31,
+ VAL_CRYPTO_KEY_DERIVATION_ABORT = 0x32,
+ VAL_CRYPTO_RAW_KEY_AGREEMENT = 0x33,
+ VAL_CRYPTO_KEY_DERIVATION_INPUT_BYTES = 0x34,
+ VAL_CRYPTO_KEY_DERIVATION_INPUT_KEY = 0x35,
+ VAL_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT = 0x36,
+ VAL_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES = 0x37,
+ VAL_CRYPTO_KEY_DERIVATION_OUTPUT_KEY = 0x38,
+ VAL_CRYPTO_KEY_DERIVATION_SET_CAPACITY = 0x39,
+ VAL_CRYPTO_KEY_DERIVATION_GET_CAPACITY = 0x3A,
+ VAL_CRYPTO_HASH_CLONE = 0x3B,
+ VAL_CRYPTO_MAC_COMPUTE = 0x3C,
+ VAL_CRYPTO_MAC_VERIFY = 0x3D,
+ VAL_CRYPTO_CIPHER_ENCRYPT = 0x3F,
+ VAL_CRYPTO_CIPHER_DECRYPT = 0x40,
+ VAL_CRYPTO_OPEN_KEY = 0x41,
+ VAL_CRYPTO_CLOSE_KEY = 0x42,
+ VAL_CRYPTO_AEAD_ENCRYPT_SETUP = 0x43,
+ VAL_CRYPTO_AEAD_DECRYPT_SETUP = 0x44,
+ VAL_CRYPTO_AEAD_GENERATE_NONCE = 0x45,
+ VAL_CRYPTO_AEAD_SET_NONCE = 0x46,
+ VAL_CRYPTO_AEAD_SET_LENGTHS = 0x47,
+ VAL_CRYPTO_AEAD_UPDATE_AD = 0x48,
+ VAL_CRYPTO_AEAD_UPDATE = 0x49,
+ VAL_CRYPTO_AEAD_FINISH = 0x4A,
+ VAL_CRYPTO_AEAD_VERIFY = 0x4B,
+ VAL_CRYPTO_AEAD_ABORT = 0x4C,
+ VAL_CRYPTO_RESET = 0xFD,
+ VAL_CRYPTO_FREE = 0xFE,
};
int32_t val_crypto_function(int type, ...);
diff --git a/api-tests/val/nspe/val_framework.c b/api-tests/val/nspe/val_framework.c
index dad52d6..19f8356 100644
--- a/api-tests/val/nspe/val_framework.c
+++ b/api-tests/val/nspe/val_framework.c
@@ -111,7 +111,8 @@
return status;
}
- if (boot.state == BOOT_NOT_EXPECTED || boot.state == BOOT_EXPECTED_REENTER_TEST)
+ if (boot.state == BOOT_NOT_EXPECTED || boot.state == BOOT_EXPECTED_REENTER_TEST
+ || boot.state == BOOT_EXPECTED_CONT_TEST_EXEC)
{
while (tests_list[i] != NULL)
{
@@ -127,10 +128,13 @@
continue;
}
- status = val_set_boot_flag(BOOT_NOT_EXPECTED);
- if (VAL_ERROR(status))
+ if (boot.state != BOOT_EXPECTED_CONT_TEST_EXEC)
{
- return status;
+ status = val_set_boot_flag(BOOT_NOT_EXPECTED);
+ if (VAL_ERROR(status))
+ {
+ return status;
+ }
}
if (i == 1)
@@ -556,7 +560,8 @@
BOOT_EXPECTED_NS,
BOOT_EXPECTED_S,
BOOT_EXPECTED_BUT_FAILED,
- BOOT_EXPECTED_REENTER_TEST
+ BOOT_EXPECTED_REENTER_TEST,
+ BOOT_EXPECTED_CONT_TEST_EXEC
};
status = val_get_boot_flag(&boot.state);