1a8e1175bSopenharmony_ci/* BEGIN_HEADER */ 2a8e1175bSopenharmony_ci#include <stdint.h> 3a8e1175bSopenharmony_ci 4a8e1175bSopenharmony_ci#include "mbedtls/asn1.h" 5a8e1175bSopenharmony_ci#include "mbedtls/asn1write.h" 6a8e1175bSopenharmony_ci#include "mbedtls/oid.h" 7a8e1175bSopenharmony_ci#include "common.h" 8a8e1175bSopenharmony_ci 9a8e1175bSopenharmony_ci#include "mbedtls/psa_util.h" 10a8e1175bSopenharmony_ci 11a8e1175bSopenharmony_ci/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random() 12a8e1175bSopenharmony_ci * uses mbedtls_ctr_drbg internally. */ 13a8e1175bSopenharmony_ci#include "mbedtls/ctr_drbg.h" 14a8e1175bSopenharmony_ci 15a8e1175bSopenharmony_ci#include "psa/crypto.h" 16a8e1175bSopenharmony_ci#include "psa_crypto_slot_management.h" 17a8e1175bSopenharmony_ci 18a8e1175bSopenharmony_ci#include "psa_crypto_core.h" 19a8e1175bSopenharmony_ci 20a8e1175bSopenharmony_ci#include "test/asn1_helpers.h" 21a8e1175bSopenharmony_ci#include "test/psa_crypto_helpers.h" 22a8e1175bSopenharmony_ci#include "test/psa_exercise_key.h" 23a8e1175bSopenharmony_ci#if defined(PSA_CRYPTO_DRIVER_TEST) 24a8e1175bSopenharmony_ci#include "test/drivers/test_driver.h" 25a8e1175bSopenharmony_ci#define TEST_DRIVER_LOCATION PSA_CRYPTO_TEST_DRIVER_LOCATION 26a8e1175bSopenharmony_ci#else 27a8e1175bSopenharmony_ci#define TEST_DRIVER_LOCATION 0x7fffff 28a8e1175bSopenharmony_ci#endif 29a8e1175bSopenharmony_ci 30a8e1175bSopenharmony_ci#if defined(MBEDTLS_THREADING_PTHREAD) 31a8e1175bSopenharmony_ci#include "mbedtls/threading.h" 32a8e1175bSopenharmony_ci#endif 33a8e1175bSopenharmony_ci 34a8e1175bSopenharmony_ci/* If this comes up, it's a bug in the test code or in the test data. */ 35a8e1175bSopenharmony_ci#define UNUSED 0xdeadbeef 36a8e1175bSopenharmony_ci 37a8e1175bSopenharmony_ci/* Assert that an operation is (not) active. 38a8e1175bSopenharmony_ci * This serves as a proxy for checking if the operation is aborted. */ 39a8e1175bSopenharmony_ci#define ASSERT_OPERATION_IS_ACTIVE(operation) TEST_ASSERT(operation.id != 0) 40a8e1175bSopenharmony_ci#define ASSERT_OPERATION_IS_INACTIVE(operation) TEST_ASSERT(operation.id == 0) 41a8e1175bSopenharmony_ci 42a8e1175bSopenharmony_ci#if defined(PSA_WANT_ALG_JPAKE) 43a8e1175bSopenharmony_ciint ecjpake_operation_setup(psa_pake_operation_t *operation, 44a8e1175bSopenharmony_ci psa_pake_cipher_suite_t *cipher_suite, 45a8e1175bSopenharmony_ci psa_pake_role_t role, 46a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key, 47a8e1175bSopenharmony_ci size_t key_available) 48a8e1175bSopenharmony_ci{ 49a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(operation)); 50a8e1175bSopenharmony_ci 51a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(operation, cipher_suite)); 52a8e1175bSopenharmony_ci 53a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_role(operation, role)); 54a8e1175bSopenharmony_ci 55a8e1175bSopenharmony_ci if (key_available) { 56a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_password_key(operation, key)); 57a8e1175bSopenharmony_ci } 58a8e1175bSopenharmony_ci return 0; 59a8e1175bSopenharmony_ciexit: 60a8e1175bSopenharmony_ci return 1; 61a8e1175bSopenharmony_ci} 62a8e1175bSopenharmony_ci#endif 63a8e1175bSopenharmony_ci 64a8e1175bSopenharmony_ci/** An invalid export length that will never be set by psa_export_key(). */ 65a8e1175bSopenharmony_cistatic const size_t INVALID_EXPORT_LENGTH = ~0U; 66a8e1175bSopenharmony_ci 67a8e1175bSopenharmony_ci/** Test if a buffer contains a constant byte value. 68a8e1175bSopenharmony_ci * 69a8e1175bSopenharmony_ci * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`. 70a8e1175bSopenharmony_ci * 71a8e1175bSopenharmony_ci * \param buffer Pointer to the beginning of the buffer. 72a8e1175bSopenharmony_ci * \param c Expected value of every byte. 73a8e1175bSopenharmony_ci * \param size Size of the buffer in bytes. 74a8e1175bSopenharmony_ci * 75a8e1175bSopenharmony_ci * \return 1 if the buffer is all-bits-zero. 76a8e1175bSopenharmony_ci * \return 0 if there is at least one nonzero byte. 77a8e1175bSopenharmony_ci */ 78a8e1175bSopenharmony_cistatic int mem_is_char(void *buffer, unsigned char c, size_t size) 79a8e1175bSopenharmony_ci{ 80a8e1175bSopenharmony_ci size_t i; 81a8e1175bSopenharmony_ci for (i = 0; i < size; i++) { 82a8e1175bSopenharmony_ci if (((unsigned char *) buffer)[i] != c) { 83a8e1175bSopenharmony_ci return 0; 84a8e1175bSopenharmony_ci } 85a8e1175bSopenharmony_ci } 86a8e1175bSopenharmony_ci return 1; 87a8e1175bSopenharmony_ci} 88a8e1175bSopenharmony_ci#if defined(MBEDTLS_ASN1_WRITE_C) 89a8e1175bSopenharmony_ci/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */ 90a8e1175bSopenharmony_cistatic int asn1_write_10x(unsigned char **p, 91a8e1175bSopenharmony_ci unsigned char *start, 92a8e1175bSopenharmony_ci size_t bits, 93a8e1175bSopenharmony_ci unsigned char x) 94a8e1175bSopenharmony_ci{ 95a8e1175bSopenharmony_ci int ret; 96a8e1175bSopenharmony_ci int len = bits / 8 + 1; 97a8e1175bSopenharmony_ci if (bits == 0) { 98a8e1175bSopenharmony_ci return MBEDTLS_ERR_ASN1_INVALID_DATA; 99a8e1175bSopenharmony_ci } 100a8e1175bSopenharmony_ci if (bits <= 8 && x >= 1 << (bits - 1)) { 101a8e1175bSopenharmony_ci return MBEDTLS_ERR_ASN1_INVALID_DATA; 102a8e1175bSopenharmony_ci } 103a8e1175bSopenharmony_ci if (*p < start || *p - start < (ptrdiff_t) len) { 104a8e1175bSopenharmony_ci return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; 105a8e1175bSopenharmony_ci } 106a8e1175bSopenharmony_ci *p -= len; 107a8e1175bSopenharmony_ci (*p)[len-1] = x; 108a8e1175bSopenharmony_ci if (bits % 8 == 0) { 109a8e1175bSopenharmony_ci (*p)[1] |= 1; 110a8e1175bSopenharmony_ci } else { 111a8e1175bSopenharmony_ci (*p)[0] |= 1 << (bits % 8); 112a8e1175bSopenharmony_ci } 113a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); 114a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, 115a8e1175bSopenharmony_ci MBEDTLS_ASN1_INTEGER)); 116a8e1175bSopenharmony_ci return len; 117a8e1175bSopenharmony_ci} 118a8e1175bSopenharmony_ci 119a8e1175bSopenharmony_cistatic int construct_fake_rsa_key(unsigned char *buffer, 120a8e1175bSopenharmony_ci size_t buffer_size, 121a8e1175bSopenharmony_ci unsigned char **p, 122a8e1175bSopenharmony_ci size_t bits, 123a8e1175bSopenharmony_ci int keypair) 124a8e1175bSopenharmony_ci{ 125a8e1175bSopenharmony_ci size_t half_bits = (bits + 1) / 2; 126a8e1175bSopenharmony_ci int ret; 127a8e1175bSopenharmony_ci int len = 0; 128a8e1175bSopenharmony_ci /* Construct something that looks like a DER encoding of 129a8e1175bSopenharmony_ci * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2: 130a8e1175bSopenharmony_ci * RSAPrivateKey ::= SEQUENCE { 131a8e1175bSopenharmony_ci * version Version, 132a8e1175bSopenharmony_ci * modulus INTEGER, -- n 133a8e1175bSopenharmony_ci * publicExponent INTEGER, -- e 134a8e1175bSopenharmony_ci * privateExponent INTEGER, -- d 135a8e1175bSopenharmony_ci * prime1 INTEGER, -- p 136a8e1175bSopenharmony_ci * prime2 INTEGER, -- q 137a8e1175bSopenharmony_ci * exponent1 INTEGER, -- d mod (p-1) 138a8e1175bSopenharmony_ci * exponent2 INTEGER, -- d mod (q-1) 139a8e1175bSopenharmony_ci * coefficient INTEGER, -- (inverse of q) mod p 140a8e1175bSopenharmony_ci * otherPrimeInfos OtherPrimeInfos OPTIONAL 141a8e1175bSopenharmony_ci * } 142a8e1175bSopenharmony_ci * Or, for a public key, the same structure with only 143a8e1175bSopenharmony_ci * version, modulus and publicExponent. 144a8e1175bSopenharmony_ci */ 145a8e1175bSopenharmony_ci *p = buffer + buffer_size; 146a8e1175bSopenharmony_ci if (keypair) { 147a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, /* pq */ 148a8e1175bSopenharmony_ci asn1_write_10x(p, buffer, half_bits, 1)); 149a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, /* dq */ 150a8e1175bSopenharmony_ci asn1_write_10x(p, buffer, half_bits, 1)); 151a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, /* dp */ 152a8e1175bSopenharmony_ci asn1_write_10x(p, buffer, half_bits, 1)); 153a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, /* q */ 154a8e1175bSopenharmony_ci asn1_write_10x(p, buffer, half_bits, 1)); 155a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, /* p != q to pass mbedtls sanity checks */ 156a8e1175bSopenharmony_ci asn1_write_10x(p, buffer, half_bits, 3)); 157a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, /* d */ 158a8e1175bSopenharmony_ci asn1_write_10x(p, buffer, bits, 1)); 159a8e1175bSopenharmony_ci } 160a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, /* e = 65537 */ 161a8e1175bSopenharmony_ci asn1_write_10x(p, buffer, 17, 1)); 162a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, /* n */ 163a8e1175bSopenharmony_ci asn1_write_10x(p, buffer, bits, 1)); 164a8e1175bSopenharmony_ci if (keypair) { 165a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, /* version = 0 */ 166a8e1175bSopenharmony_ci mbedtls_asn1_write_int(p, buffer, 0)); 167a8e1175bSopenharmony_ci } 168a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buffer, len)); 169a8e1175bSopenharmony_ci { 170a8e1175bSopenharmony_ci const unsigned char tag = 171a8e1175bSopenharmony_ci MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE; 172a8e1175bSopenharmony_ci MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buffer, tag)); 173a8e1175bSopenharmony_ci } 174a8e1175bSopenharmony_ci return len; 175a8e1175bSopenharmony_ci} 176a8e1175bSopenharmony_ci#endif /* MBEDTLS_ASN1_WRITE_C */ 177a8e1175bSopenharmony_ci 178a8e1175bSopenharmony_ciint exercise_mac_setup(psa_key_type_t key_type, 179a8e1175bSopenharmony_ci const unsigned char *key_bytes, 180a8e1175bSopenharmony_ci size_t key_length, 181a8e1175bSopenharmony_ci psa_algorithm_t alg, 182a8e1175bSopenharmony_ci psa_mac_operation_t *operation, 183a8e1175bSopenharmony_ci psa_status_t *status) 184a8e1175bSopenharmony_ci{ 185a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 186a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 187a8e1175bSopenharmony_ci 188a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 189a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 190a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 191a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_bytes, key_length, &key)); 192a8e1175bSopenharmony_ci 193a8e1175bSopenharmony_ci *status = psa_mac_sign_setup(operation, key, alg); 194a8e1175bSopenharmony_ci /* Whether setup succeeded or failed, abort must succeed. */ 195a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(operation)); 196a8e1175bSopenharmony_ci /* If setup failed, reproduce the failure, so that the caller can 197a8e1175bSopenharmony_ci * test the resulting state of the operation object. */ 198a8e1175bSopenharmony_ci if (*status != PSA_SUCCESS) { 199a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_sign_setup(operation, key, alg), *status); 200a8e1175bSopenharmony_ci } 201a8e1175bSopenharmony_ci 202a8e1175bSopenharmony_ci psa_destroy_key(key); 203a8e1175bSopenharmony_ci return 1; 204a8e1175bSopenharmony_ci 205a8e1175bSopenharmony_ciexit: 206a8e1175bSopenharmony_ci psa_destroy_key(key); 207a8e1175bSopenharmony_ci return 0; 208a8e1175bSopenharmony_ci} 209a8e1175bSopenharmony_ci 210a8e1175bSopenharmony_ciint exercise_cipher_setup(psa_key_type_t key_type, 211a8e1175bSopenharmony_ci const unsigned char *key_bytes, 212a8e1175bSopenharmony_ci size_t key_length, 213a8e1175bSopenharmony_ci psa_algorithm_t alg, 214a8e1175bSopenharmony_ci psa_cipher_operation_t *operation, 215a8e1175bSopenharmony_ci psa_status_t *status) 216a8e1175bSopenharmony_ci{ 217a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 218a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 219a8e1175bSopenharmony_ci 220a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 221a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 222a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 223a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_bytes, key_length, &key)); 224a8e1175bSopenharmony_ci 225a8e1175bSopenharmony_ci *status = psa_cipher_encrypt_setup(operation, key, alg); 226a8e1175bSopenharmony_ci /* Whether setup succeeded or failed, abort must succeed. */ 227a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(operation)); 228a8e1175bSopenharmony_ci /* If setup failed, reproduce the failure, so that the caller can 229a8e1175bSopenharmony_ci * test the resulting state of the operation object. */ 230a8e1175bSopenharmony_ci if (*status != PSA_SUCCESS) { 231a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_encrypt_setup(operation, key, alg), 232a8e1175bSopenharmony_ci *status); 233a8e1175bSopenharmony_ci } 234a8e1175bSopenharmony_ci 235a8e1175bSopenharmony_ci psa_destroy_key(key); 236a8e1175bSopenharmony_ci return 1; 237a8e1175bSopenharmony_ci 238a8e1175bSopenharmony_ciexit: 239a8e1175bSopenharmony_ci psa_destroy_key(key); 240a8e1175bSopenharmony_ci return 0; 241a8e1175bSopenharmony_ci} 242a8e1175bSopenharmony_ci 243a8e1175bSopenharmony_cistatic int test_operations_on_invalid_key(mbedtls_svc_key_id_t key) 244a8e1175bSopenharmony_ci{ 245a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 246a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(1, 0x6964); 247a8e1175bSopenharmony_ci uint8_t buffer[1]; 248a8e1175bSopenharmony_ci size_t length; 249a8e1175bSopenharmony_ci int ok = 0; 250a8e1175bSopenharmony_ci 251a8e1175bSopenharmony_ci psa_set_key_id(&attributes, key_id); 252a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 253a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, PSA_ALG_CTR); 254a8e1175bSopenharmony_ci psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); 255a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_attributes(key, &attributes), 256a8e1175bSopenharmony_ci PSA_ERROR_INVALID_HANDLE); 257a8e1175bSopenharmony_ci TEST_EQUAL( 258a8e1175bSopenharmony_ci MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0); 259a8e1175bSopenharmony_ci TEST_EQUAL( 260a8e1175bSopenharmony_ci MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(psa_get_key_id(&attributes)), 0); 261a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&attributes), 0); 262a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&attributes), 0); 263a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&attributes), 0); 264a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&attributes), 0); 265a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&attributes), 0); 266a8e1175bSopenharmony_ci 267a8e1175bSopenharmony_ci TEST_EQUAL(psa_export_key(key, buffer, sizeof(buffer), &length), 268a8e1175bSopenharmony_ci PSA_ERROR_INVALID_HANDLE); 269a8e1175bSopenharmony_ci TEST_EQUAL(psa_export_public_key(key, 270a8e1175bSopenharmony_ci buffer, sizeof(buffer), &length), 271a8e1175bSopenharmony_ci PSA_ERROR_INVALID_HANDLE); 272a8e1175bSopenharmony_ci 273a8e1175bSopenharmony_ci ok = 1; 274a8e1175bSopenharmony_ci 275a8e1175bSopenharmony_ciexit: 276a8e1175bSopenharmony_ci /* 277a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 278a8e1175bSopenharmony_ci * thus reset them as required. 279a8e1175bSopenharmony_ci */ 280a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 281a8e1175bSopenharmony_ci 282a8e1175bSopenharmony_ci return ok; 283a8e1175bSopenharmony_ci} 284a8e1175bSopenharmony_ci 285a8e1175bSopenharmony_ci/* Assert that a key isn't reported as having a slot number. */ 286a8e1175bSopenharmony_ci#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 287a8e1175bSopenharmony_ci#define ASSERT_NO_SLOT_NUMBER(attributes) \ 288a8e1175bSopenharmony_ci do \ 289a8e1175bSopenharmony_ci { \ 290a8e1175bSopenharmony_ci psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \ 291a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_slot_number( \ 292a8e1175bSopenharmony_ci attributes, \ 293a8e1175bSopenharmony_ci &ASSERT_NO_SLOT_NUMBER_slot_number), \ 294a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); \ 295a8e1175bSopenharmony_ci } \ 296a8e1175bSopenharmony_ci while (0) 297a8e1175bSopenharmony_ci#else /* MBEDTLS_PSA_CRYPTO_SE_C */ 298a8e1175bSopenharmony_ci#define ASSERT_NO_SLOT_NUMBER(attributes) \ 299a8e1175bSopenharmony_ci ((void) 0) 300a8e1175bSopenharmony_ci#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 301a8e1175bSopenharmony_ci 302a8e1175bSopenharmony_ci#define INPUT_INTEGER 0x10000 /* Out of range of psa_key_type_t */ 303a8e1175bSopenharmony_ci 304a8e1175bSopenharmony_ci/* An overapproximation of the amount of storage needed for a key of the 305a8e1175bSopenharmony_ci * given type and with the given content. The API doesn't make it easy 306a8e1175bSopenharmony_ci * to find a good value for the size. The current implementation doesn't 307a8e1175bSopenharmony_ci * care about the value anyway. */ 308a8e1175bSopenharmony_ci#define KEY_BITS_FROM_DATA(type, data) \ 309a8e1175bSopenharmony_ci (data)->len 310a8e1175bSopenharmony_ci 311a8e1175bSopenharmony_citypedef enum { 312a8e1175bSopenharmony_ci IMPORT_KEY = 0, 313a8e1175bSopenharmony_ci GENERATE_KEY = 1, 314a8e1175bSopenharmony_ci DERIVE_KEY = 2 315a8e1175bSopenharmony_ci} generate_method; 316a8e1175bSopenharmony_ci 317a8e1175bSopenharmony_citypedef enum { 318a8e1175bSopenharmony_ci DO_NOT_SET_LENGTHS = 0, 319a8e1175bSopenharmony_ci SET_LENGTHS_BEFORE_NONCE = 1, 320a8e1175bSopenharmony_ci SET_LENGTHS_AFTER_NONCE = 2 321a8e1175bSopenharmony_ci} set_lengths_method_t; 322a8e1175bSopenharmony_ci 323a8e1175bSopenharmony_citypedef enum { 324a8e1175bSopenharmony_ci USE_NULL_TAG = 0, 325a8e1175bSopenharmony_ci USE_GIVEN_TAG = 1, 326a8e1175bSopenharmony_ci} tag_usage_method_t; 327a8e1175bSopenharmony_ci 328a8e1175bSopenharmony_ci 329a8e1175bSopenharmony_ci/*! 330a8e1175bSopenharmony_ci * \brief Internal Function for AEAD multipart tests. 331a8e1175bSopenharmony_ci * \param key_type_arg Type of key passed in 332a8e1175bSopenharmony_ci * \param key_data The encryption / decryption key data 333a8e1175bSopenharmony_ci * \param alg_arg The type of algorithm used 334a8e1175bSopenharmony_ci * \param nonce Nonce data 335a8e1175bSopenharmony_ci * \param additional_data Additional data 336a8e1175bSopenharmony_ci * \param ad_part_len_arg If not -1, the length of chunks to 337a8e1175bSopenharmony_ci * feed additional data in to be encrypted / 338a8e1175bSopenharmony_ci * decrypted. If -1, no chunking. 339a8e1175bSopenharmony_ci * \param input_data Data to encrypt / decrypt 340a8e1175bSopenharmony_ci * \param data_part_len_arg If not -1, the length of chunks to feed 341a8e1175bSopenharmony_ci * the data in to be encrypted / decrypted. If 342a8e1175bSopenharmony_ci * -1, no chunking 343a8e1175bSopenharmony_ci * \param set_lengths_method A member of the set_lengths_method_t enum is 344a8e1175bSopenharmony_ci * expected here, this controls whether or not 345a8e1175bSopenharmony_ci * to set lengths, and in what order with 346a8e1175bSopenharmony_ci * respect to set nonce. 347a8e1175bSopenharmony_ci * \param expected_output Expected output 348a8e1175bSopenharmony_ci * \param is_encrypt If non-zero this is an encryption operation. 349a8e1175bSopenharmony_ci * \param do_zero_parts If non-zero, interleave zero length chunks 350a8e1175bSopenharmony_ci * with normal length chunks. 351a8e1175bSopenharmony_ci * \return int Zero on failure, non-zero on success. 352a8e1175bSopenharmony_ci */ 353a8e1175bSopenharmony_cistatic int aead_multipart_internal_func(int key_type_arg, data_t *key_data, 354a8e1175bSopenharmony_ci int alg_arg, 355a8e1175bSopenharmony_ci data_t *nonce, 356a8e1175bSopenharmony_ci data_t *additional_data, 357a8e1175bSopenharmony_ci int ad_part_len_arg, 358a8e1175bSopenharmony_ci data_t *input_data, 359a8e1175bSopenharmony_ci int data_part_len_arg, 360a8e1175bSopenharmony_ci set_lengths_method_t set_lengths_method, 361a8e1175bSopenharmony_ci data_t *expected_output, 362a8e1175bSopenharmony_ci int is_encrypt, 363a8e1175bSopenharmony_ci int do_zero_parts) 364a8e1175bSopenharmony_ci{ 365a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 366a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 367a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 368a8e1175bSopenharmony_ci psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 369a8e1175bSopenharmony_ci unsigned char *output_data = NULL; 370a8e1175bSopenharmony_ci unsigned char *part_data = NULL; 371a8e1175bSopenharmony_ci unsigned char *final_data = NULL; 372a8e1175bSopenharmony_ci size_t data_true_size = 0; 373a8e1175bSopenharmony_ci size_t part_data_size = 0; 374a8e1175bSopenharmony_ci size_t output_size = 0; 375a8e1175bSopenharmony_ci size_t final_output_size = 0; 376a8e1175bSopenharmony_ci size_t output_length = 0; 377a8e1175bSopenharmony_ci size_t key_bits = 0; 378a8e1175bSopenharmony_ci size_t tag_length = 0; 379a8e1175bSopenharmony_ci size_t part_offset = 0; 380a8e1175bSopenharmony_ci size_t part_length = 0; 381a8e1175bSopenharmony_ci size_t output_part_length = 0; 382a8e1175bSopenharmony_ci size_t tag_size = 0; 383a8e1175bSopenharmony_ci size_t ad_part_len = 0; 384a8e1175bSopenharmony_ci size_t data_part_len = 0; 385a8e1175bSopenharmony_ci uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 386a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 387a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 388a8e1175bSopenharmony_ci 389a8e1175bSopenharmony_ci int test_ok = 0; 390a8e1175bSopenharmony_ci size_t part_count = 0; 391a8e1175bSopenharmony_ci 392a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 393a8e1175bSopenharmony_ci 394a8e1175bSopenharmony_ci if (is_encrypt) { 395a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 396a8e1175bSopenharmony_ci } else { 397a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 398a8e1175bSopenharmony_ci } 399a8e1175bSopenharmony_ci 400a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 401a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 402a8e1175bSopenharmony_ci 403a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 404a8e1175bSopenharmony_ci &key)); 405a8e1175bSopenharmony_ci 406a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 407a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 408a8e1175bSopenharmony_ci 409a8e1175bSopenharmony_ci tag_length = PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); 410a8e1175bSopenharmony_ci 411a8e1175bSopenharmony_ci if (is_encrypt) { 412a8e1175bSopenharmony_ci /* Tag gets written at end of buffer. */ 413a8e1175bSopenharmony_ci output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, 414a8e1175bSopenharmony_ci (input_data->len + 415a8e1175bSopenharmony_ci tag_length)); 416a8e1175bSopenharmony_ci data_true_size = input_data->len; 417a8e1175bSopenharmony_ci } else { 418a8e1175bSopenharmony_ci output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, 419a8e1175bSopenharmony_ci (input_data->len - 420a8e1175bSopenharmony_ci tag_length)); 421a8e1175bSopenharmony_ci 422a8e1175bSopenharmony_ci /* Do not want to attempt to decrypt tag. */ 423a8e1175bSopenharmony_ci data_true_size = input_data->len - tag_length; 424a8e1175bSopenharmony_ci } 425a8e1175bSopenharmony_ci 426a8e1175bSopenharmony_ci TEST_CALLOC(output_data, output_size); 427a8e1175bSopenharmony_ci 428a8e1175bSopenharmony_ci if (is_encrypt) { 429a8e1175bSopenharmony_ci final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); 430a8e1175bSopenharmony_ci TEST_LE_U(final_output_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE); 431a8e1175bSopenharmony_ci } else { 432a8e1175bSopenharmony_ci final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg); 433a8e1175bSopenharmony_ci TEST_LE_U(final_output_size, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE); 434a8e1175bSopenharmony_ci } 435a8e1175bSopenharmony_ci 436a8e1175bSopenharmony_ci TEST_CALLOC(final_data, final_output_size); 437a8e1175bSopenharmony_ci 438a8e1175bSopenharmony_ci if (is_encrypt) { 439a8e1175bSopenharmony_ci status = psa_aead_encrypt_setup(&operation, key, alg); 440a8e1175bSopenharmony_ci } else { 441a8e1175bSopenharmony_ci status = psa_aead_decrypt_setup(&operation, key, alg); 442a8e1175bSopenharmony_ci } 443a8e1175bSopenharmony_ci 444a8e1175bSopenharmony_ci /* If the operation is not supported, just skip and not fail in case the 445a8e1175bSopenharmony_ci * encryption involves a common limitation of cryptography hardwares and 446a8e1175bSopenharmony_ci * an alternative implementation. */ 447a8e1175bSopenharmony_ci if (status == PSA_ERROR_NOT_SUPPORTED) { 448a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8); 449a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce->len); 450a8e1175bSopenharmony_ci } 451a8e1175bSopenharmony_ci 452a8e1175bSopenharmony_ci PSA_ASSERT(status); 453a8e1175bSopenharmony_ci 454a8e1175bSopenharmony_ci if (set_lengths_method == DO_NOT_SET_LENGTHS) { 455a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 456a8e1175bSopenharmony_ci } else if (set_lengths_method == SET_LENGTHS_BEFORE_NONCE) { 457a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 458a8e1175bSopenharmony_ci data_true_size)); 459a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 460a8e1175bSopenharmony_ci } else if (set_lengths_method == SET_LENGTHS_AFTER_NONCE) { 461a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 462a8e1175bSopenharmony_ci 463a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 464a8e1175bSopenharmony_ci data_true_size)); 465a8e1175bSopenharmony_ci } 466a8e1175bSopenharmony_ci 467a8e1175bSopenharmony_ci if (ad_part_len_arg != -1) { 468a8e1175bSopenharmony_ci /* Pass additional data in parts */ 469a8e1175bSopenharmony_ci ad_part_len = (size_t) ad_part_len_arg; 470a8e1175bSopenharmony_ci 471a8e1175bSopenharmony_ci for (part_offset = 0, part_count = 0; 472a8e1175bSopenharmony_ci part_offset < additional_data->len; 473a8e1175bSopenharmony_ci part_offset += part_length, part_count++) { 474a8e1175bSopenharmony_ci if (do_zero_parts && (part_count & 0x01)) { 475a8e1175bSopenharmony_ci part_length = 0; 476a8e1175bSopenharmony_ci } else if (additional_data->len - part_offset < ad_part_len) { 477a8e1175bSopenharmony_ci part_length = additional_data->len - part_offset; 478a8e1175bSopenharmony_ci } else { 479a8e1175bSopenharmony_ci part_length = ad_part_len; 480a8e1175bSopenharmony_ci } 481a8e1175bSopenharmony_ci 482a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, 483a8e1175bSopenharmony_ci additional_data->x + part_offset, 484a8e1175bSopenharmony_ci part_length)); 485a8e1175bSopenharmony_ci 486a8e1175bSopenharmony_ci } 487a8e1175bSopenharmony_ci } else { 488a8e1175bSopenharmony_ci /* Pass additional data in one go. */ 489a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 490a8e1175bSopenharmony_ci additional_data->len)); 491a8e1175bSopenharmony_ci } 492a8e1175bSopenharmony_ci 493a8e1175bSopenharmony_ci if (data_part_len_arg != -1) { 494a8e1175bSopenharmony_ci /* Pass data in parts */ 495a8e1175bSopenharmony_ci data_part_len = (size_t) data_part_len_arg; 496a8e1175bSopenharmony_ci part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, 497a8e1175bSopenharmony_ci (size_t) data_part_len); 498a8e1175bSopenharmony_ci 499a8e1175bSopenharmony_ci TEST_CALLOC(part_data, part_data_size); 500a8e1175bSopenharmony_ci 501a8e1175bSopenharmony_ci for (part_offset = 0, part_count = 0; 502a8e1175bSopenharmony_ci part_offset < data_true_size; 503a8e1175bSopenharmony_ci part_offset += part_length, part_count++) { 504a8e1175bSopenharmony_ci if (do_zero_parts && (part_count & 0x01)) { 505a8e1175bSopenharmony_ci part_length = 0; 506a8e1175bSopenharmony_ci } else if ((data_true_size - part_offset) < data_part_len) { 507a8e1175bSopenharmony_ci part_length = (data_true_size - part_offset); 508a8e1175bSopenharmony_ci } else { 509a8e1175bSopenharmony_ci part_length = data_part_len; 510a8e1175bSopenharmony_ci } 511a8e1175bSopenharmony_ci 512a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update(&operation, 513a8e1175bSopenharmony_ci (input_data->x + part_offset), 514a8e1175bSopenharmony_ci part_length, part_data, 515a8e1175bSopenharmony_ci part_data_size, 516a8e1175bSopenharmony_ci &output_part_length)); 517a8e1175bSopenharmony_ci 518a8e1175bSopenharmony_ci if (output_data && output_part_length) { 519a8e1175bSopenharmony_ci memcpy((output_data + output_length), part_data, 520a8e1175bSopenharmony_ci output_part_length); 521a8e1175bSopenharmony_ci } 522a8e1175bSopenharmony_ci 523a8e1175bSopenharmony_ci output_length += output_part_length; 524a8e1175bSopenharmony_ci } 525a8e1175bSopenharmony_ci } else { 526a8e1175bSopenharmony_ci /* Pass all data in one go. */ 527a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update(&operation, input_data->x, 528a8e1175bSopenharmony_ci data_true_size, output_data, 529a8e1175bSopenharmony_ci output_size, &output_length)); 530a8e1175bSopenharmony_ci } 531a8e1175bSopenharmony_ci 532a8e1175bSopenharmony_ci if (is_encrypt) { 533a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_finish(&operation, final_data, 534a8e1175bSopenharmony_ci final_output_size, 535a8e1175bSopenharmony_ci &output_part_length, 536a8e1175bSopenharmony_ci tag_buffer, tag_length, 537a8e1175bSopenharmony_ci &tag_size)); 538a8e1175bSopenharmony_ci } else { 539a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_verify(&operation, final_data, 540a8e1175bSopenharmony_ci final_output_size, 541a8e1175bSopenharmony_ci &output_part_length, 542a8e1175bSopenharmony_ci (input_data->x + data_true_size), 543a8e1175bSopenharmony_ci tag_length)); 544a8e1175bSopenharmony_ci } 545a8e1175bSopenharmony_ci 546a8e1175bSopenharmony_ci if (output_data && output_part_length) { 547a8e1175bSopenharmony_ci memcpy((output_data + output_length), final_data, 548a8e1175bSopenharmony_ci output_part_length); 549a8e1175bSopenharmony_ci } 550a8e1175bSopenharmony_ci 551a8e1175bSopenharmony_ci output_length += output_part_length; 552a8e1175bSopenharmony_ci 553a8e1175bSopenharmony_ci 554a8e1175bSopenharmony_ci /* For all currently defined algorithms, PSA_AEAD_xxx_OUTPUT_SIZE 555a8e1175bSopenharmony_ci * should be exact.*/ 556a8e1175bSopenharmony_ci if (is_encrypt) { 557a8e1175bSopenharmony_ci TEST_EQUAL(tag_length, tag_size); 558a8e1175bSopenharmony_ci 559a8e1175bSopenharmony_ci if (output_data && tag_length) { 560a8e1175bSopenharmony_ci memcpy((output_data + output_length), tag_buffer, 561a8e1175bSopenharmony_ci tag_length); 562a8e1175bSopenharmony_ci } 563a8e1175bSopenharmony_ci 564a8e1175bSopenharmony_ci output_length += tag_length; 565a8e1175bSopenharmony_ci 566a8e1175bSopenharmony_ci TEST_EQUAL(output_length, 567a8e1175bSopenharmony_ci PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, 568a8e1175bSopenharmony_ci input_data->len)); 569a8e1175bSopenharmony_ci TEST_LE_U(output_length, 570a8e1175bSopenharmony_ci PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 571a8e1175bSopenharmony_ci } else { 572a8e1175bSopenharmony_ci TEST_EQUAL(output_length, 573a8e1175bSopenharmony_ci PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, 574a8e1175bSopenharmony_ci input_data->len)); 575a8e1175bSopenharmony_ci TEST_LE_U(output_length, 576a8e1175bSopenharmony_ci PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(input_data->len)); 577a8e1175bSopenharmony_ci } 578a8e1175bSopenharmony_ci 579a8e1175bSopenharmony_ci 580a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 581a8e1175bSopenharmony_ci output_data, output_length); 582a8e1175bSopenharmony_ci 583a8e1175bSopenharmony_ci 584a8e1175bSopenharmony_ci test_ok = 1; 585a8e1175bSopenharmony_ci 586a8e1175bSopenharmony_ciexit: 587a8e1175bSopenharmony_ci psa_destroy_key(key); 588a8e1175bSopenharmony_ci psa_aead_abort(&operation); 589a8e1175bSopenharmony_ci mbedtls_free(output_data); 590a8e1175bSopenharmony_ci mbedtls_free(part_data); 591a8e1175bSopenharmony_ci mbedtls_free(final_data); 592a8e1175bSopenharmony_ci PSA_DONE(); 593a8e1175bSopenharmony_ci 594a8e1175bSopenharmony_ci return test_ok; 595a8e1175bSopenharmony_ci} 596a8e1175bSopenharmony_ci 597a8e1175bSopenharmony_ci/*! 598a8e1175bSopenharmony_ci * \brief Internal Function for MAC multipart tests. 599a8e1175bSopenharmony_ci * \param key_type_arg Type of key passed in 600a8e1175bSopenharmony_ci * \param key_data The encryption / decryption key data 601a8e1175bSopenharmony_ci * \param alg_arg The type of algorithm used 602a8e1175bSopenharmony_ci * \param input_data Data to encrypt / decrypt 603a8e1175bSopenharmony_ci * \param data_part_len_arg If not -1, the length of chunks to feed 604a8e1175bSopenharmony_ci * the data in to be encrypted / decrypted. If 605a8e1175bSopenharmony_ci * -1, no chunking 606a8e1175bSopenharmony_ci * \param expected_output Expected output 607a8e1175bSopenharmony_ci * \param is_verify If non-zero this is a verify operation. 608a8e1175bSopenharmony_ci * \param do_zero_parts If non-zero, interleave zero length chunks 609a8e1175bSopenharmony_ci * with normal length chunks. 610a8e1175bSopenharmony_ci * \return int Zero on failure, non-zero on success. 611a8e1175bSopenharmony_ci */ 612a8e1175bSopenharmony_cistatic int mac_multipart_internal_func(int key_type_arg, data_t *key_data, 613a8e1175bSopenharmony_ci int alg_arg, 614a8e1175bSopenharmony_ci data_t *input_data, 615a8e1175bSopenharmony_ci int data_part_len_arg, 616a8e1175bSopenharmony_ci data_t *expected_output, 617a8e1175bSopenharmony_ci int is_verify, 618a8e1175bSopenharmony_ci int do_zero_parts) 619a8e1175bSopenharmony_ci{ 620a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 621a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 622a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 623a8e1175bSopenharmony_ci psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 624a8e1175bSopenharmony_ci unsigned char mac[PSA_MAC_MAX_SIZE]; 625a8e1175bSopenharmony_ci size_t part_offset = 0; 626a8e1175bSopenharmony_ci size_t part_length = 0; 627a8e1175bSopenharmony_ci size_t data_part_len = 0; 628a8e1175bSopenharmony_ci size_t mac_len = 0; 629a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 630a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 631a8e1175bSopenharmony_ci 632a8e1175bSopenharmony_ci int test_ok = 0; 633a8e1175bSopenharmony_ci size_t part_count = 0; 634a8e1175bSopenharmony_ci 635a8e1175bSopenharmony_ci PSA_INIT(); 636a8e1175bSopenharmony_ci 637a8e1175bSopenharmony_ci if (is_verify) { 638a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 639a8e1175bSopenharmony_ci } else { 640a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 641a8e1175bSopenharmony_ci } 642a8e1175bSopenharmony_ci 643a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 644a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 645a8e1175bSopenharmony_ci 646a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 647a8e1175bSopenharmony_ci &key)); 648a8e1175bSopenharmony_ci 649a8e1175bSopenharmony_ci if (is_verify) { 650a8e1175bSopenharmony_ci status = psa_mac_verify_setup(&operation, key, alg); 651a8e1175bSopenharmony_ci } else { 652a8e1175bSopenharmony_ci status = psa_mac_sign_setup(&operation, key, alg); 653a8e1175bSopenharmony_ci } 654a8e1175bSopenharmony_ci 655a8e1175bSopenharmony_ci PSA_ASSERT(status); 656a8e1175bSopenharmony_ci 657a8e1175bSopenharmony_ci if (data_part_len_arg != -1) { 658a8e1175bSopenharmony_ci /* Pass data in parts */ 659a8e1175bSopenharmony_ci data_part_len = (size_t) data_part_len_arg; 660a8e1175bSopenharmony_ci 661a8e1175bSopenharmony_ci for (part_offset = 0, part_count = 0; 662a8e1175bSopenharmony_ci part_offset < input_data->len; 663a8e1175bSopenharmony_ci part_offset += part_length, part_count++) { 664a8e1175bSopenharmony_ci if (do_zero_parts && (part_count & 0x01)) { 665a8e1175bSopenharmony_ci part_length = 0; 666a8e1175bSopenharmony_ci } else if ((input_data->len - part_offset) < data_part_len) { 667a8e1175bSopenharmony_ci part_length = (input_data->len - part_offset); 668a8e1175bSopenharmony_ci } else { 669a8e1175bSopenharmony_ci part_length = data_part_len; 670a8e1175bSopenharmony_ci } 671a8e1175bSopenharmony_ci 672a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, 673a8e1175bSopenharmony_ci (input_data->x + part_offset), 674a8e1175bSopenharmony_ci part_length)); 675a8e1175bSopenharmony_ci } 676a8e1175bSopenharmony_ci } else { 677a8e1175bSopenharmony_ci /* Pass all data in one go. */ 678a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, input_data->x, 679a8e1175bSopenharmony_ci input_data->len)); 680a8e1175bSopenharmony_ci } 681a8e1175bSopenharmony_ci 682a8e1175bSopenharmony_ci if (is_verify) { 683a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_finish(&operation, expected_output->x, 684a8e1175bSopenharmony_ci expected_output->len)); 685a8e1175bSopenharmony_ci } else { 686a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_sign_finish(&operation, mac, 687a8e1175bSopenharmony_ci PSA_MAC_MAX_SIZE, &mac_len)); 688a8e1175bSopenharmony_ci 689a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 690a8e1175bSopenharmony_ci mac, mac_len); 691a8e1175bSopenharmony_ci } 692a8e1175bSopenharmony_ci 693a8e1175bSopenharmony_ci test_ok = 1; 694a8e1175bSopenharmony_ci 695a8e1175bSopenharmony_ciexit: 696a8e1175bSopenharmony_ci psa_destroy_key(key); 697a8e1175bSopenharmony_ci psa_mac_abort(&operation); 698a8e1175bSopenharmony_ci PSA_DONE(); 699a8e1175bSopenharmony_ci 700a8e1175bSopenharmony_ci return test_ok; 701a8e1175bSopenharmony_ci} 702a8e1175bSopenharmony_ci 703a8e1175bSopenharmony_ci#if defined(PSA_WANT_ALG_JPAKE) 704a8e1175bSopenharmony_cistatic void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, 705a8e1175bSopenharmony_ci psa_pake_operation_t *server, 706a8e1175bSopenharmony_ci psa_pake_operation_t *client, 707a8e1175bSopenharmony_ci int client_input_first, 708a8e1175bSopenharmony_ci int round, int inject_error) 709a8e1175bSopenharmony_ci{ 710a8e1175bSopenharmony_ci unsigned char *buffer0 = NULL, *buffer1 = NULL; 711a8e1175bSopenharmony_ci size_t buffer_length = ( 712a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + 713a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + 714a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; 715a8e1175bSopenharmony_ci /* The output should be exactly this size according to the spec */ 716a8e1175bSopenharmony_ci const size_t expected_size_key_share = 717a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); 718a8e1175bSopenharmony_ci /* The output should be exactly this size according to the spec */ 719a8e1175bSopenharmony_ci const size_t expected_size_zk_public = 720a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); 721a8e1175bSopenharmony_ci /* The output can be smaller: the spec allows stripping leading zeroes */ 722a8e1175bSopenharmony_ci const size_t max_expected_size_zk_proof = 723a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); 724a8e1175bSopenharmony_ci size_t buffer0_off = 0; 725a8e1175bSopenharmony_ci size_t buffer1_off = 0; 726a8e1175bSopenharmony_ci size_t s_g1_len, s_g2_len, s_a_len; 727a8e1175bSopenharmony_ci size_t s_g1_off, s_g2_off, s_a_off; 728a8e1175bSopenharmony_ci size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; 729a8e1175bSopenharmony_ci size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; 730a8e1175bSopenharmony_ci size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; 731a8e1175bSopenharmony_ci size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; 732a8e1175bSopenharmony_ci size_t c_g1_len, c_g2_len, c_a_len; 733a8e1175bSopenharmony_ci size_t c_g1_off, c_g2_off, c_a_off; 734a8e1175bSopenharmony_ci size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; 735a8e1175bSopenharmony_ci size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; 736a8e1175bSopenharmony_ci size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; 737a8e1175bSopenharmony_ci size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; 738a8e1175bSopenharmony_ci psa_status_t expected_status = PSA_SUCCESS; 739a8e1175bSopenharmony_ci psa_status_t status; 740a8e1175bSopenharmony_ci 741a8e1175bSopenharmony_ci TEST_CALLOC(buffer0, buffer_length); 742a8e1175bSopenharmony_ci TEST_CALLOC(buffer1, buffer_length); 743a8e1175bSopenharmony_ci 744a8e1175bSopenharmony_ci switch (round) { 745a8e1175bSopenharmony_ci case 1: 746a8e1175bSopenharmony_ci /* Server first round Output */ 747a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 748a8e1175bSopenharmony_ci buffer0 + buffer0_off, 749a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_g1_len)); 750a8e1175bSopenharmony_ci TEST_EQUAL(s_g1_len, expected_size_key_share); 751a8e1175bSopenharmony_ci s_g1_off = buffer0_off; 752a8e1175bSopenharmony_ci buffer0_off += s_g1_len; 753a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 754a8e1175bSopenharmony_ci buffer0 + buffer0_off, 755a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x1_pk_len)); 756a8e1175bSopenharmony_ci TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); 757a8e1175bSopenharmony_ci s_x1_pk_off = buffer0_off; 758a8e1175bSopenharmony_ci buffer0_off += s_x1_pk_len; 759a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 760a8e1175bSopenharmony_ci buffer0 + buffer0_off, 761a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x1_pr_len)); 762a8e1175bSopenharmony_ci TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); 763a8e1175bSopenharmony_ci s_x1_pr_off = buffer0_off; 764a8e1175bSopenharmony_ci buffer0_off += s_x1_pr_len; 765a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 766a8e1175bSopenharmony_ci buffer0 + buffer0_off, 767a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_g2_len)); 768a8e1175bSopenharmony_ci TEST_EQUAL(s_g2_len, expected_size_key_share); 769a8e1175bSopenharmony_ci s_g2_off = buffer0_off; 770a8e1175bSopenharmony_ci buffer0_off += s_g2_len; 771a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 772a8e1175bSopenharmony_ci buffer0 + buffer0_off, 773a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x2_pk_len)); 774a8e1175bSopenharmony_ci TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); 775a8e1175bSopenharmony_ci s_x2_pk_off = buffer0_off; 776a8e1175bSopenharmony_ci buffer0_off += s_x2_pk_len; 777a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 778a8e1175bSopenharmony_ci buffer0 + buffer0_off, 779a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x2_pr_len)); 780a8e1175bSopenharmony_ci TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); 781a8e1175bSopenharmony_ci s_x2_pr_off = buffer0_off; 782a8e1175bSopenharmony_ci buffer0_off += s_x2_pr_len; 783a8e1175bSopenharmony_ci 784a8e1175bSopenharmony_ci if (inject_error == 1) { 785a8e1175bSopenharmony_ci buffer0[s_x1_pr_off + 8] ^= 1; 786a8e1175bSopenharmony_ci buffer0[s_x2_pr_off + 7] ^= 1; 787a8e1175bSopenharmony_ci expected_status = PSA_ERROR_DATA_INVALID; 788a8e1175bSopenharmony_ci } 789a8e1175bSopenharmony_ci 790a8e1175bSopenharmony_ci /* 791a8e1175bSopenharmony_ci * When injecting errors in inputs, the implementation is 792a8e1175bSopenharmony_ci * free to detect it right away of with a delay. 793a8e1175bSopenharmony_ci * This permits delaying the error until the end of the input 794a8e1175bSopenharmony_ci * sequence, if no error appears then, this will be treated 795a8e1175bSopenharmony_ci * as an error. 796a8e1175bSopenharmony_ci */ 797a8e1175bSopenharmony_ci 798a8e1175bSopenharmony_ci if (client_input_first == 1) { 799a8e1175bSopenharmony_ci /* Client first round Input */ 800a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 801a8e1175bSopenharmony_ci buffer0 + s_g1_off, s_g1_len); 802a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 803a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 804a8e1175bSopenharmony_ci break; 805a8e1175bSopenharmony_ci } else { 806a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 807a8e1175bSopenharmony_ci } 808a8e1175bSopenharmony_ci 809a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 810a8e1175bSopenharmony_ci buffer0 + s_x1_pk_off, 811a8e1175bSopenharmony_ci s_x1_pk_len); 812a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 813a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 814a8e1175bSopenharmony_ci break; 815a8e1175bSopenharmony_ci } else { 816a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 817a8e1175bSopenharmony_ci } 818a8e1175bSopenharmony_ci 819a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 820a8e1175bSopenharmony_ci buffer0 + s_x1_pr_off, 821a8e1175bSopenharmony_ci s_x1_pr_len); 822a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 823a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 824a8e1175bSopenharmony_ci break; 825a8e1175bSopenharmony_ci } else { 826a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 827a8e1175bSopenharmony_ci } 828a8e1175bSopenharmony_ci 829a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 830a8e1175bSopenharmony_ci buffer0 + s_g2_off, 831a8e1175bSopenharmony_ci s_g2_len); 832a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 833a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 834a8e1175bSopenharmony_ci break; 835a8e1175bSopenharmony_ci } else { 836a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 837a8e1175bSopenharmony_ci } 838a8e1175bSopenharmony_ci 839a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 840a8e1175bSopenharmony_ci buffer0 + s_x2_pk_off, 841a8e1175bSopenharmony_ci s_x2_pk_len); 842a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 843a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 844a8e1175bSopenharmony_ci break; 845a8e1175bSopenharmony_ci } else { 846a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 847a8e1175bSopenharmony_ci } 848a8e1175bSopenharmony_ci 849a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 850a8e1175bSopenharmony_ci buffer0 + s_x2_pr_off, 851a8e1175bSopenharmony_ci s_x2_pr_len); 852a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 853a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 854a8e1175bSopenharmony_ci break; 855a8e1175bSopenharmony_ci } else { 856a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 857a8e1175bSopenharmony_ci } 858a8e1175bSopenharmony_ci 859a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 860a8e1175bSopenharmony_ci if (inject_error == 1) { 861a8e1175bSopenharmony_ci TEST_ASSERT( 862a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 863a8e1175bSopenharmony_ci } 864a8e1175bSopenharmony_ci } 865a8e1175bSopenharmony_ci 866a8e1175bSopenharmony_ci /* Client first round Output */ 867a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 868a8e1175bSopenharmony_ci buffer1 + buffer1_off, 869a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_g1_len)); 870a8e1175bSopenharmony_ci TEST_EQUAL(c_g1_len, expected_size_key_share); 871a8e1175bSopenharmony_ci c_g1_off = buffer1_off; 872a8e1175bSopenharmony_ci buffer1_off += c_g1_len; 873a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 874a8e1175bSopenharmony_ci buffer1 + buffer1_off, 875a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x1_pk_len)); 876a8e1175bSopenharmony_ci TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); 877a8e1175bSopenharmony_ci c_x1_pk_off = buffer1_off; 878a8e1175bSopenharmony_ci buffer1_off += c_x1_pk_len; 879a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 880a8e1175bSopenharmony_ci buffer1 + buffer1_off, 881a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x1_pr_len)); 882a8e1175bSopenharmony_ci TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); 883a8e1175bSopenharmony_ci c_x1_pr_off = buffer1_off; 884a8e1175bSopenharmony_ci buffer1_off += c_x1_pr_len; 885a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 886a8e1175bSopenharmony_ci buffer1 + buffer1_off, 887a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_g2_len)); 888a8e1175bSopenharmony_ci TEST_EQUAL(c_g2_len, expected_size_key_share); 889a8e1175bSopenharmony_ci c_g2_off = buffer1_off; 890a8e1175bSopenharmony_ci buffer1_off += c_g2_len; 891a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 892a8e1175bSopenharmony_ci buffer1 + buffer1_off, 893a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x2_pk_len)); 894a8e1175bSopenharmony_ci TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); 895a8e1175bSopenharmony_ci c_x2_pk_off = buffer1_off; 896a8e1175bSopenharmony_ci buffer1_off += c_x2_pk_len; 897a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 898a8e1175bSopenharmony_ci buffer1 + buffer1_off, 899a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x2_pr_len)); 900a8e1175bSopenharmony_ci TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); 901a8e1175bSopenharmony_ci c_x2_pr_off = buffer1_off; 902a8e1175bSopenharmony_ci buffer1_off += c_x2_pr_len; 903a8e1175bSopenharmony_ci 904a8e1175bSopenharmony_ci if (client_input_first == 0) { 905a8e1175bSopenharmony_ci /* Client first round Input */ 906a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 907a8e1175bSopenharmony_ci buffer0 + s_g1_off, s_g1_len); 908a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 909a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 910a8e1175bSopenharmony_ci break; 911a8e1175bSopenharmony_ci } else { 912a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 913a8e1175bSopenharmony_ci } 914a8e1175bSopenharmony_ci 915a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 916a8e1175bSopenharmony_ci buffer0 + s_x1_pk_off, 917a8e1175bSopenharmony_ci s_x1_pk_len); 918a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 919a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 920a8e1175bSopenharmony_ci break; 921a8e1175bSopenharmony_ci } else { 922a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 923a8e1175bSopenharmony_ci } 924a8e1175bSopenharmony_ci 925a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 926a8e1175bSopenharmony_ci buffer0 + s_x1_pr_off, 927a8e1175bSopenharmony_ci s_x1_pr_len); 928a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 929a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 930a8e1175bSopenharmony_ci break; 931a8e1175bSopenharmony_ci } else { 932a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 933a8e1175bSopenharmony_ci } 934a8e1175bSopenharmony_ci 935a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 936a8e1175bSopenharmony_ci buffer0 + s_g2_off, 937a8e1175bSopenharmony_ci s_g2_len); 938a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 939a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 940a8e1175bSopenharmony_ci break; 941a8e1175bSopenharmony_ci } else { 942a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 943a8e1175bSopenharmony_ci } 944a8e1175bSopenharmony_ci 945a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 946a8e1175bSopenharmony_ci buffer0 + s_x2_pk_off, 947a8e1175bSopenharmony_ci s_x2_pk_len); 948a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 949a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 950a8e1175bSopenharmony_ci break; 951a8e1175bSopenharmony_ci } else { 952a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 953a8e1175bSopenharmony_ci } 954a8e1175bSopenharmony_ci 955a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 956a8e1175bSopenharmony_ci buffer0 + s_x2_pr_off, 957a8e1175bSopenharmony_ci s_x2_pr_len); 958a8e1175bSopenharmony_ci if (inject_error == 1 && status != PSA_SUCCESS) { 959a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 960a8e1175bSopenharmony_ci break; 961a8e1175bSopenharmony_ci } else { 962a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 963a8e1175bSopenharmony_ci } 964a8e1175bSopenharmony_ci 965a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 966a8e1175bSopenharmony_ci if (inject_error == 1) { 967a8e1175bSopenharmony_ci TEST_ASSERT( 968a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 969a8e1175bSopenharmony_ci } 970a8e1175bSopenharmony_ci } 971a8e1175bSopenharmony_ci 972a8e1175bSopenharmony_ci if (inject_error == 2) { 973a8e1175bSopenharmony_ci buffer1[c_x1_pr_off + 12] ^= 1; 974a8e1175bSopenharmony_ci buffer1[c_x2_pr_off + 7] ^= 1; 975a8e1175bSopenharmony_ci expected_status = PSA_ERROR_DATA_INVALID; 976a8e1175bSopenharmony_ci } 977a8e1175bSopenharmony_ci 978a8e1175bSopenharmony_ci /* Server first round Input */ 979a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 980a8e1175bSopenharmony_ci buffer1 + c_g1_off, c_g1_len); 981a8e1175bSopenharmony_ci if (inject_error == 2 && status != PSA_SUCCESS) { 982a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 983a8e1175bSopenharmony_ci break; 984a8e1175bSopenharmony_ci } else { 985a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 986a8e1175bSopenharmony_ci } 987a8e1175bSopenharmony_ci 988a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 989a8e1175bSopenharmony_ci buffer1 + c_x1_pk_off, c_x1_pk_len); 990a8e1175bSopenharmony_ci if (inject_error == 2 && status != PSA_SUCCESS) { 991a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 992a8e1175bSopenharmony_ci break; 993a8e1175bSopenharmony_ci } else { 994a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 995a8e1175bSopenharmony_ci } 996a8e1175bSopenharmony_ci 997a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 998a8e1175bSopenharmony_ci buffer1 + c_x1_pr_off, c_x1_pr_len); 999a8e1175bSopenharmony_ci if (inject_error == 2 && status != PSA_SUCCESS) { 1000a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1001a8e1175bSopenharmony_ci break; 1002a8e1175bSopenharmony_ci } else { 1003a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1004a8e1175bSopenharmony_ci } 1005a8e1175bSopenharmony_ci 1006a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 1007a8e1175bSopenharmony_ci buffer1 + c_g2_off, c_g2_len); 1008a8e1175bSopenharmony_ci if (inject_error == 2 && status != PSA_SUCCESS) { 1009a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1010a8e1175bSopenharmony_ci break; 1011a8e1175bSopenharmony_ci } else { 1012a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1013a8e1175bSopenharmony_ci } 1014a8e1175bSopenharmony_ci 1015a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 1016a8e1175bSopenharmony_ci buffer1 + c_x2_pk_off, c_x2_pk_len); 1017a8e1175bSopenharmony_ci if (inject_error == 2 && status != PSA_SUCCESS) { 1018a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1019a8e1175bSopenharmony_ci break; 1020a8e1175bSopenharmony_ci } else { 1021a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1022a8e1175bSopenharmony_ci } 1023a8e1175bSopenharmony_ci 1024a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 1025a8e1175bSopenharmony_ci buffer1 + c_x2_pr_off, c_x2_pr_len); 1026a8e1175bSopenharmony_ci if (inject_error == 2 && status != PSA_SUCCESS) { 1027a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1028a8e1175bSopenharmony_ci break; 1029a8e1175bSopenharmony_ci } else { 1030a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1031a8e1175bSopenharmony_ci } 1032a8e1175bSopenharmony_ci 1033a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 1034a8e1175bSopenharmony_ci if (inject_error == 2) { 1035a8e1175bSopenharmony_ci TEST_ASSERT( 1036a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 1037a8e1175bSopenharmony_ci } 1038a8e1175bSopenharmony_ci 1039a8e1175bSopenharmony_ci break; 1040a8e1175bSopenharmony_ci 1041a8e1175bSopenharmony_ci case 2: 1042a8e1175bSopenharmony_ci /* Server second round Output */ 1043a8e1175bSopenharmony_ci buffer0_off = 0; 1044a8e1175bSopenharmony_ci 1045a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 1046a8e1175bSopenharmony_ci buffer0 + buffer0_off, 1047a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_a_len)); 1048a8e1175bSopenharmony_ci TEST_EQUAL(s_a_len, expected_size_key_share); 1049a8e1175bSopenharmony_ci s_a_off = buffer0_off; 1050a8e1175bSopenharmony_ci buffer0_off += s_a_len; 1051a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 1052a8e1175bSopenharmony_ci buffer0 + buffer0_off, 1053a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x2s_pk_len)); 1054a8e1175bSopenharmony_ci TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); 1055a8e1175bSopenharmony_ci s_x2s_pk_off = buffer0_off; 1056a8e1175bSopenharmony_ci buffer0_off += s_x2s_pk_len; 1057a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 1058a8e1175bSopenharmony_ci buffer0 + buffer0_off, 1059a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x2s_pr_len)); 1060a8e1175bSopenharmony_ci TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); 1061a8e1175bSopenharmony_ci s_x2s_pr_off = buffer0_off; 1062a8e1175bSopenharmony_ci buffer0_off += s_x2s_pr_len; 1063a8e1175bSopenharmony_ci 1064a8e1175bSopenharmony_ci if (inject_error == 3) { 1065a8e1175bSopenharmony_ci buffer0[s_x2s_pk_off + 12] += 0x33; 1066a8e1175bSopenharmony_ci expected_status = PSA_ERROR_DATA_INVALID; 1067a8e1175bSopenharmony_ci } 1068a8e1175bSopenharmony_ci 1069a8e1175bSopenharmony_ci if (client_input_first == 1) { 1070a8e1175bSopenharmony_ci /* Client second round Input */ 1071a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 1072a8e1175bSopenharmony_ci buffer0 + s_a_off, s_a_len); 1073a8e1175bSopenharmony_ci if (inject_error == 3 && status != PSA_SUCCESS) { 1074a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1075a8e1175bSopenharmony_ci break; 1076a8e1175bSopenharmony_ci } else { 1077a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1078a8e1175bSopenharmony_ci } 1079a8e1175bSopenharmony_ci 1080a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 1081a8e1175bSopenharmony_ci buffer0 + s_x2s_pk_off, 1082a8e1175bSopenharmony_ci s_x2s_pk_len); 1083a8e1175bSopenharmony_ci if (inject_error == 3 && status != PSA_SUCCESS) { 1084a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1085a8e1175bSopenharmony_ci break; 1086a8e1175bSopenharmony_ci } else { 1087a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1088a8e1175bSopenharmony_ci } 1089a8e1175bSopenharmony_ci 1090a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 1091a8e1175bSopenharmony_ci buffer0 + s_x2s_pr_off, 1092a8e1175bSopenharmony_ci s_x2s_pr_len); 1093a8e1175bSopenharmony_ci if (inject_error == 3 && status != PSA_SUCCESS) { 1094a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1095a8e1175bSopenharmony_ci break; 1096a8e1175bSopenharmony_ci } else { 1097a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1098a8e1175bSopenharmony_ci } 1099a8e1175bSopenharmony_ci 1100a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 1101a8e1175bSopenharmony_ci if (inject_error == 3) { 1102a8e1175bSopenharmony_ci TEST_ASSERT( 1103a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 1104a8e1175bSopenharmony_ci } 1105a8e1175bSopenharmony_ci } 1106a8e1175bSopenharmony_ci 1107a8e1175bSopenharmony_ci /* Client second round Output */ 1108a8e1175bSopenharmony_ci buffer1_off = 0; 1109a8e1175bSopenharmony_ci 1110a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 1111a8e1175bSopenharmony_ci buffer1 + buffer1_off, 1112a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_a_len)); 1113a8e1175bSopenharmony_ci TEST_EQUAL(c_a_len, expected_size_key_share); 1114a8e1175bSopenharmony_ci c_a_off = buffer1_off; 1115a8e1175bSopenharmony_ci buffer1_off += c_a_len; 1116a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 1117a8e1175bSopenharmony_ci buffer1 + buffer1_off, 1118a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x2s_pk_len)); 1119a8e1175bSopenharmony_ci TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); 1120a8e1175bSopenharmony_ci c_x2s_pk_off = buffer1_off; 1121a8e1175bSopenharmony_ci buffer1_off += c_x2s_pk_len; 1122a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 1123a8e1175bSopenharmony_ci buffer1 + buffer1_off, 1124a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x2s_pr_len)); 1125a8e1175bSopenharmony_ci TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); 1126a8e1175bSopenharmony_ci c_x2s_pr_off = buffer1_off; 1127a8e1175bSopenharmony_ci buffer1_off += c_x2s_pr_len; 1128a8e1175bSopenharmony_ci 1129a8e1175bSopenharmony_ci if (client_input_first == 0) { 1130a8e1175bSopenharmony_ci /* Client second round Input */ 1131a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 1132a8e1175bSopenharmony_ci buffer0 + s_a_off, s_a_len); 1133a8e1175bSopenharmony_ci if (inject_error == 3 && status != PSA_SUCCESS) { 1134a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1135a8e1175bSopenharmony_ci break; 1136a8e1175bSopenharmony_ci } else { 1137a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1138a8e1175bSopenharmony_ci } 1139a8e1175bSopenharmony_ci 1140a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 1141a8e1175bSopenharmony_ci buffer0 + s_x2s_pk_off, 1142a8e1175bSopenharmony_ci s_x2s_pk_len); 1143a8e1175bSopenharmony_ci if (inject_error == 3 && status != PSA_SUCCESS) { 1144a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1145a8e1175bSopenharmony_ci break; 1146a8e1175bSopenharmony_ci } else { 1147a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1148a8e1175bSopenharmony_ci } 1149a8e1175bSopenharmony_ci 1150a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 1151a8e1175bSopenharmony_ci buffer0 + s_x2s_pr_off, 1152a8e1175bSopenharmony_ci s_x2s_pr_len); 1153a8e1175bSopenharmony_ci if (inject_error == 3 && status != PSA_SUCCESS) { 1154a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1155a8e1175bSopenharmony_ci break; 1156a8e1175bSopenharmony_ci } else { 1157a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1158a8e1175bSopenharmony_ci } 1159a8e1175bSopenharmony_ci 1160a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 1161a8e1175bSopenharmony_ci if (inject_error == 3) { 1162a8e1175bSopenharmony_ci TEST_ASSERT( 1163a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 1164a8e1175bSopenharmony_ci } 1165a8e1175bSopenharmony_ci } 1166a8e1175bSopenharmony_ci 1167a8e1175bSopenharmony_ci if (inject_error == 4) { 1168a8e1175bSopenharmony_ci buffer1[c_x2s_pk_off + 7] += 0x28; 1169a8e1175bSopenharmony_ci expected_status = PSA_ERROR_DATA_INVALID; 1170a8e1175bSopenharmony_ci } 1171a8e1175bSopenharmony_ci 1172a8e1175bSopenharmony_ci /* Server second round Input */ 1173a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 1174a8e1175bSopenharmony_ci buffer1 + c_a_off, c_a_len); 1175a8e1175bSopenharmony_ci if (inject_error == 4 && status != PSA_SUCCESS) { 1176a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1177a8e1175bSopenharmony_ci break; 1178a8e1175bSopenharmony_ci } else { 1179a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1180a8e1175bSopenharmony_ci } 1181a8e1175bSopenharmony_ci 1182a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 1183a8e1175bSopenharmony_ci buffer1 + c_x2s_pk_off, c_x2s_pk_len); 1184a8e1175bSopenharmony_ci if (inject_error == 4 && status != PSA_SUCCESS) { 1185a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1186a8e1175bSopenharmony_ci break; 1187a8e1175bSopenharmony_ci } else { 1188a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1189a8e1175bSopenharmony_ci } 1190a8e1175bSopenharmony_ci 1191a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 1192a8e1175bSopenharmony_ci buffer1 + c_x2s_pr_off, c_x2s_pr_len); 1193a8e1175bSopenharmony_ci if (inject_error == 4 && status != PSA_SUCCESS) { 1194a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1195a8e1175bSopenharmony_ci break; 1196a8e1175bSopenharmony_ci } else { 1197a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 1198a8e1175bSopenharmony_ci } 1199a8e1175bSopenharmony_ci 1200a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 1201a8e1175bSopenharmony_ci if (inject_error == 4) { 1202a8e1175bSopenharmony_ci TEST_ASSERT( 1203a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 1204a8e1175bSopenharmony_ci } 1205a8e1175bSopenharmony_ci 1206a8e1175bSopenharmony_ci break; 1207a8e1175bSopenharmony_ci 1208a8e1175bSopenharmony_ci } 1209a8e1175bSopenharmony_ci 1210a8e1175bSopenharmony_ciexit: 1211a8e1175bSopenharmony_ci mbedtls_free(buffer0); 1212a8e1175bSopenharmony_ci mbedtls_free(buffer1); 1213a8e1175bSopenharmony_ci} 1214a8e1175bSopenharmony_ci#endif /* PSA_WANT_ALG_JPAKE */ 1215a8e1175bSopenharmony_ci 1216a8e1175bSopenharmony_citypedef enum { 1217a8e1175bSopenharmony_ci INJECT_ERR_NONE = 0, 1218a8e1175bSopenharmony_ci INJECT_ERR_UNINITIALIZED_ACCESS, 1219a8e1175bSopenharmony_ci INJECT_ERR_DUPLICATE_SETUP, 1220a8e1175bSopenharmony_ci INJECT_ERR_INVALID_USER, 1221a8e1175bSopenharmony_ci INJECT_ERR_INVALID_PEER, 1222a8e1175bSopenharmony_ci INJECT_ERR_SET_USER, 1223a8e1175bSopenharmony_ci INJECT_ERR_SET_PEER, 1224a8e1175bSopenharmony_ci INJECT_EMPTY_IO_BUFFER, 1225a8e1175bSopenharmony_ci INJECT_UNKNOWN_STEP, 1226a8e1175bSopenharmony_ci INJECT_INVALID_FIRST_STEP, 1227a8e1175bSopenharmony_ci INJECT_WRONG_BUFFER_SIZE, 1228a8e1175bSopenharmony_ci INJECT_VALID_OPERATION_AFTER_FAILURE, 1229a8e1175bSopenharmony_ci INJECT_ANTICIPATE_KEY_DERIVATION_1, 1230a8e1175bSopenharmony_ci INJECT_ANTICIPATE_KEY_DERIVATION_2, 1231a8e1175bSopenharmony_ci} ecjpake_injected_failure_t; 1232a8e1175bSopenharmony_ci 1233a8e1175bSopenharmony_ci#if defined(MBEDTLS_ECP_RESTARTABLE) 1234a8e1175bSopenharmony_ci 1235a8e1175bSopenharmony_cistatic void interruptible_signverify_get_minmax_completes(uint32_t max_ops, 1236a8e1175bSopenharmony_ci psa_status_t expected_status, 1237a8e1175bSopenharmony_ci size_t *min_completes, 1238a8e1175bSopenharmony_ci size_t *max_completes) 1239a8e1175bSopenharmony_ci{ 1240a8e1175bSopenharmony_ci 1241a8e1175bSopenharmony_ci /* This is slightly contrived, but we only really know that with a minimum 1242a8e1175bSopenharmony_ci value of max_ops that a successful operation should take more than one op 1243a8e1175bSopenharmony_ci to complete, and likewise that with a max_ops of 1244a8e1175bSopenharmony_ci PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, it should complete in one go. */ 1245a8e1175bSopenharmony_ci if (max_ops == 0 || max_ops == 1) { 1246a8e1175bSopenharmony_ci 1247a8e1175bSopenharmony_ci if (expected_status == PSA_SUCCESS) { 1248a8e1175bSopenharmony_ci *min_completes = 2; 1249a8e1175bSopenharmony_ci } else { 1250a8e1175bSopenharmony_ci *min_completes = 1; 1251a8e1175bSopenharmony_ci } 1252a8e1175bSopenharmony_ci 1253a8e1175bSopenharmony_ci *max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; 1254a8e1175bSopenharmony_ci } else { 1255a8e1175bSopenharmony_ci *min_completes = 1; 1256a8e1175bSopenharmony_ci *max_completes = 1; 1257a8e1175bSopenharmony_ci } 1258a8e1175bSopenharmony_ci} 1259a8e1175bSopenharmony_ci#endif /* MBEDTLS_ECP_RESTARTABLE */ 1260a8e1175bSopenharmony_ci 1261a8e1175bSopenharmony_ci#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) 1262a8e1175bSopenharmony_cistatic int rsa_test_e(mbedtls_svc_key_id_t key, 1263a8e1175bSopenharmony_ci size_t bits, 1264a8e1175bSopenharmony_ci const data_t *e_arg) 1265a8e1175bSopenharmony_ci{ 1266a8e1175bSopenharmony_ci uint8_t *exported = NULL; 1267a8e1175bSopenharmony_ci size_t exported_size = 1268a8e1175bSopenharmony_ci PSA_EXPORT_KEY_OUTPUT_SIZE(PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits); 1269a8e1175bSopenharmony_ci size_t exported_length = SIZE_MAX; 1270a8e1175bSopenharmony_ci int ok = 0; 1271a8e1175bSopenharmony_ci 1272a8e1175bSopenharmony_ci TEST_CALLOC(exported, exported_size); 1273a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_public_key(key, 1274a8e1175bSopenharmony_ci exported, exported_size, 1275a8e1175bSopenharmony_ci &exported_length)); 1276a8e1175bSopenharmony_ci uint8_t *p = exported; 1277a8e1175bSopenharmony_ci uint8_t *end = exported + exported_length; 1278a8e1175bSopenharmony_ci size_t len; 1279a8e1175bSopenharmony_ci /* RSAPublicKey ::= SEQUENCE { 1280a8e1175bSopenharmony_ci * modulus INTEGER, -- n 1281a8e1175bSopenharmony_ci * publicExponent INTEGER } -- e 1282a8e1175bSopenharmony_ci */ 1283a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_asn1_get_tag(&p, end, &len, 1284a8e1175bSopenharmony_ci MBEDTLS_ASN1_SEQUENCE | 1285a8e1175bSopenharmony_ci MBEDTLS_ASN1_CONSTRUCTED)); 1286a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)); 1287a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_asn1_get_tag(&p, end, &len, 1288a8e1175bSopenharmony_ci MBEDTLS_ASN1_INTEGER)); 1289a8e1175bSopenharmony_ci if (len >= 1 && p[0] == 0) { 1290a8e1175bSopenharmony_ci ++p; 1291a8e1175bSopenharmony_ci --len; 1292a8e1175bSopenharmony_ci } 1293a8e1175bSopenharmony_ci if (e_arg->len == 0) { 1294a8e1175bSopenharmony_ci TEST_EQUAL(len, 3); 1295a8e1175bSopenharmony_ci TEST_EQUAL(p[0], 1); 1296a8e1175bSopenharmony_ci TEST_EQUAL(p[1], 0); 1297a8e1175bSopenharmony_ci TEST_EQUAL(p[2], 1); 1298a8e1175bSopenharmony_ci } else { 1299a8e1175bSopenharmony_ci const uint8_t *expected = e_arg->x; 1300a8e1175bSopenharmony_ci size_t expected_len = e_arg->len; 1301a8e1175bSopenharmony_ci while (expected_len > 0 && *expected == 0) { 1302a8e1175bSopenharmony_ci ++expected; 1303a8e1175bSopenharmony_ci --expected_len; 1304a8e1175bSopenharmony_ci } 1305a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(p, len, expected, expected_len); 1306a8e1175bSopenharmony_ci } 1307a8e1175bSopenharmony_ci ok = 1; 1308a8e1175bSopenharmony_ci 1309a8e1175bSopenharmony_ciexit: 1310a8e1175bSopenharmony_ci mbedtls_free(exported); 1311a8e1175bSopenharmony_ci return ok; 1312a8e1175bSopenharmony_ci} 1313a8e1175bSopenharmony_ci#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */ 1314a8e1175bSopenharmony_ci 1315a8e1175bSopenharmony_cistatic int setup_key_production_parameters( 1316a8e1175bSopenharmony_ci psa_key_production_parameters_t **params, size_t *params_data_length, 1317a8e1175bSopenharmony_ci int flags_arg, const data_t *params_data) 1318a8e1175bSopenharmony_ci{ 1319a8e1175bSopenharmony_ci *params_data_length = params_data->len; 1320a8e1175bSopenharmony_ci /* If there are N bytes of padding at the end of 1321a8e1175bSopenharmony_ci * psa_key_production_parameters_t, then it's enough to allocate 1322a8e1175bSopenharmony_ci * MIN(sizeof(psa_key_production_parameters_t), 1323a8e1175bSopenharmony_ci * offsetof(psa_key_production_parameters_t, data) + params_data_length). 1324a8e1175bSopenharmony_ci * 1325a8e1175bSopenharmony_ci * For simplicity, here, we allocate up to N more bytes than necessary. 1326a8e1175bSopenharmony_ci * In practice, the current layout of psa_key_production_parameters_t 1327a8e1175bSopenharmony_ci * makes padding extremely unlikely, so we don't worry about testing 1328a8e1175bSopenharmony_ci * that the library code doesn't try to access these extra N bytes. 1329a8e1175bSopenharmony_ci */ 1330a8e1175bSopenharmony_ci *params = mbedtls_calloc(1, sizeof(**params) + *params_data_length); 1331a8e1175bSopenharmony_ci TEST_ASSERT(*params != NULL); 1332a8e1175bSopenharmony_ci (*params)->flags = (uint32_t) flags_arg; 1333a8e1175bSopenharmony_ci memcpy((*params)->data, params_data->x, params_data->len); 1334a8e1175bSopenharmony_ci return 1; 1335a8e1175bSopenharmony_ciexit: 1336a8e1175bSopenharmony_ci return 0; 1337a8e1175bSopenharmony_ci} 1338a8e1175bSopenharmony_ci 1339a8e1175bSopenharmony_ci#if defined(MBEDTLS_THREADING_PTHREAD) 1340a8e1175bSopenharmony_ci 1341a8e1175bSopenharmony_citypedef struct same_key_context { 1342a8e1175bSopenharmony_ci data_t *data; 1343a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key; 1344a8e1175bSopenharmony_ci psa_key_attributes_t *attributes; 1345a8e1175bSopenharmony_ci int type; 1346a8e1175bSopenharmony_ci int bits; 1347a8e1175bSopenharmony_ci /* The following two parameters are used to ensure that when multiple 1348a8e1175bSopenharmony_ci * threads attempt to load/destroy the key, exactly one thread succeeds. */ 1349a8e1175bSopenharmony_ci int key_loaded; 1350a8e1175bSopenharmony_ci mbedtls_threading_mutex_t MBEDTLS_PRIVATE(key_loaded_mutex); 1351a8e1175bSopenharmony_ci} 1352a8e1175bSopenharmony_cisame_key_context; 1353a8e1175bSopenharmony_ci 1354a8e1175bSopenharmony_ci/* Attempt to import the key in ctx. This handles any valid error codes 1355a8e1175bSopenharmony_ci * and reports an error for any invalid codes. This function also insures 1356a8e1175bSopenharmony_ci * that once imported by some thread, all threads can use the key. */ 1357a8e1175bSopenharmony_civoid *thread_import_key(void *ctx) 1358a8e1175bSopenharmony_ci{ 1359a8e1175bSopenharmony_ci mbedtls_svc_key_id_t returned_key_id; 1360a8e1175bSopenharmony_ci same_key_context *skc = (struct same_key_context *) ctx; 1361a8e1175bSopenharmony_ci psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 1362a8e1175bSopenharmony_ci 1363a8e1175bSopenharmony_ci /* Import the key, exactly one thread must succeed. */ 1364a8e1175bSopenharmony_ci psa_status_t status = psa_import_key(skc->attributes, skc->data->x, 1365a8e1175bSopenharmony_ci skc->data->len, &returned_key_id); 1366a8e1175bSopenharmony_ci switch (status) { 1367a8e1175bSopenharmony_ci case PSA_SUCCESS: 1368a8e1175bSopenharmony_ci if (mbedtls_mutex_lock(&skc->key_loaded_mutex) == 0) { 1369a8e1175bSopenharmony_ci if (skc->key_loaded) { 1370a8e1175bSopenharmony_ci mbedtls_mutex_unlock(&skc->key_loaded_mutex); 1371a8e1175bSopenharmony_ci /* More than one thread has succeeded, report a failure. */ 1372a8e1175bSopenharmony_ci TEST_FAIL("The same key has been loaded into the key store multiple times."); 1373a8e1175bSopenharmony_ci } 1374a8e1175bSopenharmony_ci skc->key_loaded = 1; 1375a8e1175bSopenharmony_ci mbedtls_mutex_unlock(&skc->key_loaded_mutex); 1376a8e1175bSopenharmony_ci } 1377a8e1175bSopenharmony_ci break; 1378a8e1175bSopenharmony_ci case PSA_ERROR_INSUFFICIENT_MEMORY: 1379a8e1175bSopenharmony_ci /* If all of the key slots are reserved when a thread 1380a8e1175bSopenharmony_ci * locks the mutex to reserve a new slot, it will return 1381a8e1175bSopenharmony_ci * PSA_ERROR_INSUFFICIENT_MEMORY; this is correct behaviour. 1382a8e1175bSopenharmony_ci * There is a chance for this to occur here when the number of 1383a8e1175bSopenharmony_ci * threads running this function is larger than the number of 1384a8e1175bSopenharmony_ci * free key slots. Each thread reserves an empty key slot, 1385a8e1175bSopenharmony_ci * unlocks the mutex, then relocks it to finalize key creation. 1386a8e1175bSopenharmony_ci * It is at that point where the thread sees that the key 1387a8e1175bSopenharmony_ci * already exists, releases the reserved slot, 1388a8e1175bSopenharmony_ci * and returns PSA_ERROR_ALREADY_EXISTS. 1389a8e1175bSopenharmony_ci * There is no guarantee that the key is loaded upon this return 1390a8e1175bSopenharmony_ci * code, so we can't test the key information. Just stop this 1391a8e1175bSopenharmony_ci * thread from executing, note that this is not an error. */ 1392a8e1175bSopenharmony_ci goto exit; 1393a8e1175bSopenharmony_ci break; 1394a8e1175bSopenharmony_ci case PSA_ERROR_ALREADY_EXISTS: 1395a8e1175bSopenharmony_ci /* The key has been loaded by a different thread. */ 1396a8e1175bSopenharmony_ci break; 1397a8e1175bSopenharmony_ci default: 1398a8e1175bSopenharmony_ci PSA_ASSERT(status); 1399a8e1175bSopenharmony_ci } 1400a8e1175bSopenharmony_ci /* At this point the key must exist, test the key information. */ 1401a8e1175bSopenharmony_ci status = psa_get_key_attributes(skc->key, &got_attributes); 1402a8e1175bSopenharmony_ci if (status == PSA_ERROR_INSUFFICIENT_MEMORY) { 1403a8e1175bSopenharmony_ci /* This is not a test failure. The following sequence of events 1404a8e1175bSopenharmony_ci * causes this to occur: 1405a8e1175bSopenharmony_ci * 1: This thread successfuly imports a persistent key skc->key. 1406a8e1175bSopenharmony_ci * 2: N threads reserve an empty key slot in psa_import_key, 1407a8e1175bSopenharmony_ci * where N is equal to the number of free key slots. 1408a8e1175bSopenharmony_ci * 3: A final thread attempts to reserve an empty key slot, kicking 1409a8e1175bSopenharmony_ci * skc->key (which has no registered readers) out of its slot. 1410a8e1175bSopenharmony_ci * 4: This thread calls psa_get_key_attributes(skc->key,...): 1411a8e1175bSopenharmony_ci * it sees that skc->key is not in a slot, attempts to load it and 1412a8e1175bSopenharmony_ci * finds that there are no free slots. 1413a8e1175bSopenharmony_ci * This thread returns PSA_ERROR_INSUFFICIENT_MEMORY. 1414a8e1175bSopenharmony_ci * 1415a8e1175bSopenharmony_ci * The PSA spec allows this behaviour, it is an unavoidable consequence 1416a8e1175bSopenharmony_ci * of allowing persistent keys to be kicked out of the key store while 1417a8e1175bSopenharmony_ci * they are still valid. */ 1418a8e1175bSopenharmony_ci goto exit; 1419a8e1175bSopenharmony_ci } 1420a8e1175bSopenharmony_ci PSA_ASSERT(status); 1421a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&got_attributes), skc->type); 1422a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&got_attributes), skc->bits); 1423a8e1175bSopenharmony_ci 1424a8e1175bSopenharmony_ciexit: 1425a8e1175bSopenharmony_ci /* Key attributes may have been returned by psa_get_key_attributes(), 1426a8e1175bSopenharmony_ci * reset them as required. */ 1427a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 1428a8e1175bSopenharmony_ci return NULL; 1429a8e1175bSopenharmony_ci} 1430a8e1175bSopenharmony_ci 1431a8e1175bSopenharmony_civoid *thread_use_and_destroy_key(void *ctx) 1432a8e1175bSopenharmony_ci{ 1433a8e1175bSopenharmony_ci same_key_context *skc = (struct same_key_context *) ctx; 1434a8e1175bSopenharmony_ci 1435a8e1175bSopenharmony_ci /* Do something with the key according 1436a8e1175bSopenharmony_ci * to its type and permitted usage. */ 1437a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_psa_exercise_key(skc->key, 1438a8e1175bSopenharmony_ci skc->attributes->policy.usage, 1439a8e1175bSopenharmony_ci skc->attributes->policy.alg, 1)); 1440a8e1175bSopenharmony_ci 1441a8e1175bSopenharmony_ci psa_status_t status = psa_destroy_key(skc->key); 1442a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 1443a8e1175bSopenharmony_ci if (mbedtls_mutex_lock(&skc->key_loaded_mutex) == 0) { 1444a8e1175bSopenharmony_ci /* Ensure that we are the only thread to succeed. */ 1445a8e1175bSopenharmony_ci if (skc->key_loaded != 1) { 1446a8e1175bSopenharmony_ci mbedtls_mutex_unlock(&skc->key_loaded_mutex); 1447a8e1175bSopenharmony_ci TEST_FAIL("The same key has been destroyed multiple times."); 1448a8e1175bSopenharmony_ci } 1449a8e1175bSopenharmony_ci skc->key_loaded = 0; 1450a8e1175bSopenharmony_ci mbedtls_mutex_unlock(&skc->key_loaded_mutex); 1451a8e1175bSopenharmony_ci } 1452a8e1175bSopenharmony_ci } else { 1453a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_INVALID_HANDLE); 1454a8e1175bSopenharmony_ci } 1455a8e1175bSopenharmony_ci 1456a8e1175bSopenharmony_ciexit: 1457a8e1175bSopenharmony_ci return NULL; 1458a8e1175bSopenharmony_ci} 1459a8e1175bSopenharmony_ci 1460a8e1175bSopenharmony_citypedef struct generate_key_context { 1461a8e1175bSopenharmony_ci psa_key_type_t type; 1462a8e1175bSopenharmony_ci psa_key_usage_t usage; 1463a8e1175bSopenharmony_ci size_t bits; 1464a8e1175bSopenharmony_ci psa_algorithm_t alg; 1465a8e1175bSopenharmony_ci psa_status_t expected_status; 1466a8e1175bSopenharmony_ci psa_key_attributes_t *attributes; 1467a8e1175bSopenharmony_ci int is_large_key; 1468a8e1175bSopenharmony_ci int reps; 1469a8e1175bSopenharmony_ci} 1470a8e1175bSopenharmony_cigenerate_key_context; 1471a8e1175bSopenharmony_civoid *thread_generate_key(void *ctx) 1472a8e1175bSopenharmony_ci{ 1473a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1474a8e1175bSopenharmony_ci psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 1475a8e1175bSopenharmony_ci generate_key_context *gkc = (struct generate_key_context *) ctx; 1476a8e1175bSopenharmony_ci 1477a8e1175bSopenharmony_ci /* If there are race conditions, it is likely the case that they do not 1478a8e1175bSopenharmony_ci * arise every time the code runs. We repeat the code to increase the 1479a8e1175bSopenharmony_ci * chance that any race conditions will be hit. */ 1480a8e1175bSopenharmony_ci for (int n = 0; n < gkc->reps; n++) { 1481a8e1175bSopenharmony_ci /* Generate a key */ 1482a8e1175bSopenharmony_ci psa_status_t status = psa_generate_key(gkc->attributes, &key); 1483a8e1175bSopenharmony_ci 1484a8e1175bSopenharmony_ci if (gkc->is_large_key > 0) { 1485a8e1175bSopenharmony_ci TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY); 1486a8e1175bSopenharmony_ci } 1487a8e1175bSopenharmony_ci 1488a8e1175bSopenharmony_ci TEST_EQUAL(status, gkc->expected_status); 1489a8e1175bSopenharmony_ci if (gkc->expected_status != PSA_SUCCESS) { 1490a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 1491a8e1175bSopenharmony_ci goto exit; 1492a8e1175bSopenharmony_ci } 1493a8e1175bSopenharmony_ci 1494a8e1175bSopenharmony_ci /* Test the key information */ 1495a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); 1496a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&got_attributes), gkc->type); 1497a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&got_attributes), gkc->bits); 1498a8e1175bSopenharmony_ci 1499a8e1175bSopenharmony_ci /* Do something with the key according 1500a8e1175bSopenharmony_ci * to its type and permitted usage. */ 1501a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(key, gkc->usage, gkc->alg, 0)) { 1502a8e1175bSopenharmony_ci psa_destroy_key(key); 1503a8e1175bSopenharmony_ci goto exit; 1504a8e1175bSopenharmony_ci } 1505a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 1506a8e1175bSopenharmony_ci 1507a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 1508a8e1175bSopenharmony_ci } 1509a8e1175bSopenharmony_ciexit: 1510a8e1175bSopenharmony_ci /* 1511a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 1512a8e1175bSopenharmony_ci * thus reset them as required. 1513a8e1175bSopenharmony_ci */ 1514a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 1515a8e1175bSopenharmony_ci return NULL; 1516a8e1175bSopenharmony_ci} 1517a8e1175bSopenharmony_ci#endif /* MBEDTLS_THREADING_PTHREAD */ 1518a8e1175bSopenharmony_ci 1519a8e1175bSopenharmony_ci/* END_HEADER */ 1520a8e1175bSopenharmony_ci 1521a8e1175bSopenharmony_ci/* BEGIN_DEPENDENCIES 1522a8e1175bSopenharmony_ci * depends_on:MBEDTLS_PSA_CRYPTO_C 1523a8e1175bSopenharmony_ci * END_DEPENDENCIES 1524a8e1175bSopenharmony_ci */ 1525a8e1175bSopenharmony_ci 1526a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1527a8e1175bSopenharmony_civoid psa_can_do_hash() 1528a8e1175bSopenharmony_ci{ 1529a8e1175bSopenharmony_ci /* We can't test that this is specific to drivers until partial init has 1530a8e1175bSopenharmony_ci * been implemented, but we can at least test before/after full init. */ 1531a8e1175bSopenharmony_ci TEST_EQUAL(0, psa_can_do_hash(PSA_ALG_NONE)); 1532a8e1175bSopenharmony_ci PSA_INIT(); 1533a8e1175bSopenharmony_ci TEST_EQUAL(1, psa_can_do_hash(PSA_ALG_NONE)); 1534a8e1175bSopenharmony_ci PSA_DONE(); 1535a8e1175bSopenharmony_ci} 1536a8e1175bSopenharmony_ci/* END_CASE */ 1537a8e1175bSopenharmony_ci 1538a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1539a8e1175bSopenharmony_civoid static_checks() 1540a8e1175bSopenharmony_ci{ 1541a8e1175bSopenharmony_ci size_t max_truncated_mac_size = 1542a8e1175bSopenharmony_ci PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET; 1543a8e1175bSopenharmony_ci 1544a8e1175bSopenharmony_ci /* Check that the length for a truncated MAC always fits in the algorithm 1545a8e1175bSopenharmony_ci * encoding. The shifted mask is the maximum truncated value. The 1546a8e1175bSopenharmony_ci * untruncated algorithm may be one byte larger. */ 1547a8e1175bSopenharmony_ci TEST_LE_U(PSA_MAC_MAX_SIZE, 1 + max_truncated_mac_size); 1548a8e1175bSopenharmony_ci} 1549a8e1175bSopenharmony_ci/* END_CASE */ 1550a8e1175bSopenharmony_ci 1551a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1552a8e1175bSopenharmony_civoid import_with_policy(int type_arg, 1553a8e1175bSopenharmony_ci int usage_arg, int alg_arg, 1554a8e1175bSopenharmony_ci int expected_status_arg) 1555a8e1175bSopenharmony_ci{ 1556a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1557a8e1175bSopenharmony_ci psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 1558a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1559a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 1560a8e1175bSopenharmony_ci psa_key_usage_t usage = usage_arg; 1561a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 1562a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 1563a8e1175bSopenharmony_ci const uint8_t key_material[16] = { 0 }; 1564a8e1175bSopenharmony_ci psa_status_t status; 1565a8e1175bSopenharmony_ci 1566a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 1567a8e1175bSopenharmony_ci 1568a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 1569a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage); 1570a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 1571a8e1175bSopenharmony_ci 1572a8e1175bSopenharmony_ci status = psa_import_key(&attributes, 1573a8e1175bSopenharmony_ci key_material, sizeof(key_material), 1574a8e1175bSopenharmony_ci &key); 1575a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1576a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 1577a8e1175bSopenharmony_ci goto exit; 1578a8e1175bSopenharmony_ci } 1579a8e1175bSopenharmony_ci 1580a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); 1581a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&got_attributes), type); 1582a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&got_attributes), 1583a8e1175bSopenharmony_ci mbedtls_test_update_key_usage_flags(usage)); 1584a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&got_attributes), alg); 1585a8e1175bSopenharmony_ci ASSERT_NO_SLOT_NUMBER(&got_attributes); 1586a8e1175bSopenharmony_ci 1587a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 1588a8e1175bSopenharmony_ci test_operations_on_invalid_key(key); 1589a8e1175bSopenharmony_ci 1590a8e1175bSopenharmony_ciexit: 1591a8e1175bSopenharmony_ci /* 1592a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 1593a8e1175bSopenharmony_ci * thus reset them as required. 1594a8e1175bSopenharmony_ci */ 1595a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 1596a8e1175bSopenharmony_ci 1597a8e1175bSopenharmony_ci psa_destroy_key(key); 1598a8e1175bSopenharmony_ci PSA_DONE(); 1599a8e1175bSopenharmony_ci} 1600a8e1175bSopenharmony_ci/* END_CASE */ 1601a8e1175bSopenharmony_ci 1602a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1603a8e1175bSopenharmony_civoid import_with_data(data_t *data, int type_arg, 1604a8e1175bSopenharmony_ci int attr_bits_arg, 1605a8e1175bSopenharmony_ci int expected_status_arg) 1606a8e1175bSopenharmony_ci{ 1607a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1608a8e1175bSopenharmony_ci psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 1609a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1610a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 1611a8e1175bSopenharmony_ci size_t attr_bits = attr_bits_arg; 1612a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 1613a8e1175bSopenharmony_ci psa_status_t status; 1614a8e1175bSopenharmony_ci 1615a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 1616a8e1175bSopenharmony_ci 1617a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 1618a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, attr_bits); 1619a8e1175bSopenharmony_ci 1620a8e1175bSopenharmony_ci status = psa_import_key(&attributes, data->x, data->len, &key); 1621a8e1175bSopenharmony_ci /* When expecting INVALID_ARGUMENT, also accept NOT_SUPPORTED. 1622a8e1175bSopenharmony_ci * 1623a8e1175bSopenharmony_ci * This can happen with a type supported only by a driver: 1624a8e1175bSopenharmony_ci * - the driver sees the invalid data (for example wrong size) and thinks 1625a8e1175bSopenharmony_ci * "well perhaps this is a key size I don't support" so it returns 1626a8e1175bSopenharmony_ci * NOT_SUPPORTED which is correct at this point; 1627a8e1175bSopenharmony_ci * - we fallback to built-ins, which don't support this type, so return 1628a8e1175bSopenharmony_ci * NOT_SUPPORTED which again is correct at this point. 1629a8e1175bSopenharmony_ci */ 1630a8e1175bSopenharmony_ci if (expected_status == PSA_ERROR_INVALID_ARGUMENT && 1631a8e1175bSopenharmony_ci status == PSA_ERROR_NOT_SUPPORTED) { 1632a8e1175bSopenharmony_ci ; // OK 1633a8e1175bSopenharmony_ci } else { 1634a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1635a8e1175bSopenharmony_ci } 1636a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 1637a8e1175bSopenharmony_ci goto exit; 1638a8e1175bSopenharmony_ci } 1639a8e1175bSopenharmony_ci 1640a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); 1641a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&got_attributes), type); 1642a8e1175bSopenharmony_ci if (attr_bits != 0) { 1643a8e1175bSopenharmony_ci TEST_EQUAL(attr_bits, psa_get_key_bits(&got_attributes)); 1644a8e1175bSopenharmony_ci } 1645a8e1175bSopenharmony_ci ASSERT_NO_SLOT_NUMBER(&got_attributes); 1646a8e1175bSopenharmony_ci 1647a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 1648a8e1175bSopenharmony_ci test_operations_on_invalid_key(key); 1649a8e1175bSopenharmony_ci 1650a8e1175bSopenharmony_ciexit: 1651a8e1175bSopenharmony_ci /* 1652a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 1653a8e1175bSopenharmony_ci * thus reset them as required. 1654a8e1175bSopenharmony_ci */ 1655a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 1656a8e1175bSopenharmony_ci 1657a8e1175bSopenharmony_ci psa_destroy_key(key); 1658a8e1175bSopenharmony_ci PSA_DONE(); 1659a8e1175bSopenharmony_ci} 1660a8e1175bSopenharmony_ci/* END_CASE */ 1661a8e1175bSopenharmony_ci 1662a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1663a8e1175bSopenharmony_ci/* Construct and attempt to import a large unstructured key. */ 1664a8e1175bSopenharmony_civoid import_large_key(int type_arg, int byte_size_arg, 1665a8e1175bSopenharmony_ci int expected_status_arg) 1666a8e1175bSopenharmony_ci{ 1667a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 1668a8e1175bSopenharmony_ci size_t byte_size = byte_size_arg; 1669a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1670a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 1671a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1672a8e1175bSopenharmony_ci psa_status_t status; 1673a8e1175bSopenharmony_ci uint8_t *buffer = NULL; 1674a8e1175bSopenharmony_ci size_t buffer_size = byte_size + 1; 1675a8e1175bSopenharmony_ci size_t n; 1676a8e1175bSopenharmony_ci 1677a8e1175bSopenharmony_ci /* Skip the test case if the target running the test cannot 1678a8e1175bSopenharmony_ci * accommodate large keys due to heap size constraints */ 1679a8e1175bSopenharmony_ci TEST_CALLOC_OR_SKIP(buffer, buffer_size); 1680a8e1175bSopenharmony_ci memset(buffer, 'K', byte_size); 1681a8e1175bSopenharmony_ci 1682a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 1683a8e1175bSopenharmony_ci 1684a8e1175bSopenharmony_ci /* Try importing the key */ 1685a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 1686a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 1687a8e1175bSopenharmony_ci status = psa_import_key(&attributes, buffer, byte_size, &key); 1688a8e1175bSopenharmony_ci TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY); 1689a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1690a8e1175bSopenharmony_ci 1691a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 1692a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1693a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&attributes), type); 1694a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&attributes), 1695a8e1175bSopenharmony_ci PSA_BYTES_TO_BITS(byte_size)); 1696a8e1175bSopenharmony_ci ASSERT_NO_SLOT_NUMBER(&attributes); 1697a8e1175bSopenharmony_ci memset(buffer, 0, byte_size + 1); 1698a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_key(key, buffer, byte_size, &n)); 1699a8e1175bSopenharmony_ci for (n = 0; n < byte_size; n++) { 1700a8e1175bSopenharmony_ci TEST_EQUAL(buffer[n], 'K'); 1701a8e1175bSopenharmony_ci } 1702a8e1175bSopenharmony_ci for (n = byte_size; n < buffer_size; n++) { 1703a8e1175bSopenharmony_ci TEST_EQUAL(buffer[n], 0); 1704a8e1175bSopenharmony_ci } 1705a8e1175bSopenharmony_ci } 1706a8e1175bSopenharmony_ci 1707a8e1175bSopenharmony_ciexit: 1708a8e1175bSopenharmony_ci /* 1709a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 1710a8e1175bSopenharmony_ci * thus reset them as required. 1711a8e1175bSopenharmony_ci */ 1712a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 1713a8e1175bSopenharmony_ci 1714a8e1175bSopenharmony_ci psa_destroy_key(key); 1715a8e1175bSopenharmony_ci PSA_DONE(); 1716a8e1175bSopenharmony_ci mbedtls_free(buffer); 1717a8e1175bSopenharmony_ci} 1718a8e1175bSopenharmony_ci/* END_CASE */ 1719a8e1175bSopenharmony_ci 1720a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C */ 1721a8e1175bSopenharmony_ci/* Import an RSA key with a valid structure (but not valid numbers 1722a8e1175bSopenharmony_ci * inside, beyond having sensible size and parity). This is expected to 1723a8e1175bSopenharmony_ci * fail for large keys. */ 1724a8e1175bSopenharmony_civoid import_rsa_made_up(int bits_arg, int keypair, int expected_status_arg) 1725a8e1175bSopenharmony_ci{ 1726a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1727a8e1175bSopenharmony_ci size_t bits = bits_arg; 1728a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 1729a8e1175bSopenharmony_ci psa_status_t status; 1730a8e1175bSopenharmony_ci psa_key_type_t type = 1731a8e1175bSopenharmony_ci keypair ? PSA_KEY_TYPE_RSA_KEY_PAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY; 1732a8e1175bSopenharmony_ci size_t buffer_size = /* Slight overapproximations */ 1733a8e1175bSopenharmony_ci keypair ? bits * 9 / 16 + 80 : bits / 8 + 20; 1734a8e1175bSopenharmony_ci unsigned char *buffer = NULL; 1735a8e1175bSopenharmony_ci unsigned char *p; 1736a8e1175bSopenharmony_ci int ret; 1737a8e1175bSopenharmony_ci size_t length; 1738a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1739a8e1175bSopenharmony_ci 1740a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 1741a8e1175bSopenharmony_ci TEST_CALLOC(buffer, buffer_size); 1742a8e1175bSopenharmony_ci 1743a8e1175bSopenharmony_ci TEST_ASSERT((ret = construct_fake_rsa_key(buffer, buffer_size, &p, 1744a8e1175bSopenharmony_ci bits, keypair)) >= 0); 1745a8e1175bSopenharmony_ci length = ret; 1746a8e1175bSopenharmony_ci 1747a8e1175bSopenharmony_ci /* Try importing the key */ 1748a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 1749a8e1175bSopenharmony_ci status = psa_import_key(&attributes, p, length, &key); 1750a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 1751a8e1175bSopenharmony_ci 1752a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 1753a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 1754a8e1175bSopenharmony_ci } 1755a8e1175bSopenharmony_ci 1756a8e1175bSopenharmony_ciexit: 1757a8e1175bSopenharmony_ci mbedtls_free(buffer); 1758a8e1175bSopenharmony_ci PSA_DONE(); 1759a8e1175bSopenharmony_ci} 1760a8e1175bSopenharmony_ci/* END_CASE */ 1761a8e1175bSopenharmony_ci 1762a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1763a8e1175bSopenharmony_civoid import_export(data_t *data, 1764a8e1175bSopenharmony_ci int type_arg, 1765a8e1175bSopenharmony_ci int usage_arg, int alg_arg, 1766a8e1175bSopenharmony_ci int lifetime_arg, 1767a8e1175bSopenharmony_ci int expected_bits, 1768a8e1175bSopenharmony_ci int export_size_delta, 1769a8e1175bSopenharmony_ci int expected_export_status_arg, 1770a8e1175bSopenharmony_ci /*whether reexport must give the original input exactly*/ 1771a8e1175bSopenharmony_ci int canonical_input) 1772a8e1175bSopenharmony_ci{ 1773a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1774a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 1775a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 1776a8e1175bSopenharmony_ci psa_status_t expected_export_status = expected_export_status_arg; 1777a8e1175bSopenharmony_ci psa_status_t status; 1778a8e1175bSopenharmony_ci psa_key_lifetime_t lifetime = lifetime_arg; 1779a8e1175bSopenharmony_ci unsigned char *exported = NULL; 1780a8e1175bSopenharmony_ci unsigned char *reexported = NULL; 1781a8e1175bSopenharmony_ci size_t export_size; 1782a8e1175bSopenharmony_ci size_t exported_length = INVALID_EXPORT_LENGTH; 1783a8e1175bSopenharmony_ci size_t reexported_length; 1784a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1785a8e1175bSopenharmony_ci psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 1786a8e1175bSopenharmony_ci 1787a8e1175bSopenharmony_ci export_size = (ptrdiff_t) data->len + export_size_delta; 1788a8e1175bSopenharmony_ci TEST_CALLOC(exported, export_size); 1789a8e1175bSopenharmony_ci if (!canonical_input) { 1790a8e1175bSopenharmony_ci TEST_CALLOC(reexported, export_size); 1791a8e1175bSopenharmony_ci } 1792a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 1793a8e1175bSopenharmony_ci 1794a8e1175bSopenharmony_ci psa_set_key_lifetime(&attributes, lifetime); 1795a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage_arg); 1796a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 1797a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 1798a8e1175bSopenharmony_ci 1799a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_DH(type) && 1800a8e1175bSopenharmony_ci expected_export_status == PSA_ERROR_BUFFER_TOO_SMALL) { 1801a8e1175bSopenharmony_ci /* Simulate that buffer is too small, by decreasing its size by 1 byte. */ 1802a8e1175bSopenharmony_ci export_size -= 1; 1803a8e1175bSopenharmony_ci } 1804a8e1175bSopenharmony_ci 1805a8e1175bSopenharmony_ci /* Import the key */ 1806a8e1175bSopenharmony_ci TEST_EQUAL(psa_import_key(&attributes, data->x, data->len, &key), 1807a8e1175bSopenharmony_ci PSA_SUCCESS); 1808a8e1175bSopenharmony_ci 1809a8e1175bSopenharmony_ci /* Test the key information */ 1810a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); 1811a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&got_attributes), type); 1812a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&got_attributes), (size_t) expected_bits); 1813a8e1175bSopenharmony_ci ASSERT_NO_SLOT_NUMBER(&got_attributes); 1814a8e1175bSopenharmony_ci 1815a8e1175bSopenharmony_ci /* Export the key */ 1816a8e1175bSopenharmony_ci status = psa_export_key(key, exported, export_size, &exported_length); 1817a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_export_status); 1818a8e1175bSopenharmony_ci 1819a8e1175bSopenharmony_ci /* The exported length must be set by psa_export_key() to a value between 0 1820a8e1175bSopenharmony_ci * and export_size. On errors, the exported length must be 0. */ 1821a8e1175bSopenharmony_ci TEST_ASSERT(exported_length != INVALID_EXPORT_LENGTH); 1822a8e1175bSopenharmony_ci TEST_ASSERT(status == PSA_SUCCESS || exported_length == 0); 1823a8e1175bSopenharmony_ci TEST_LE_U(exported_length, export_size); 1824a8e1175bSopenharmony_ci 1825a8e1175bSopenharmony_ci TEST_ASSERT(mem_is_char(exported + exported_length, 0, 1826a8e1175bSopenharmony_ci export_size - exported_length)); 1827a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 1828a8e1175bSopenharmony_ci TEST_EQUAL(exported_length, 0); 1829a8e1175bSopenharmony_ci goto destroy; 1830a8e1175bSopenharmony_ci } 1831a8e1175bSopenharmony_ci 1832a8e1175bSopenharmony_ci /* Run sanity checks on the exported key. For non-canonical inputs, 1833a8e1175bSopenharmony_ci * this validates the canonical representations. For canonical inputs, 1834a8e1175bSopenharmony_ci * this doesn't directly validate the implementation, but it still helps 1835a8e1175bSopenharmony_ci * by cross-validating the test data with the sanity check code. */ 1836a8e1175bSopenharmony_ci if (!psa_key_lifetime_is_external(lifetime)) { 1837a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(key, usage_arg, 0, 0)) { 1838a8e1175bSopenharmony_ci goto exit; 1839a8e1175bSopenharmony_ci } 1840a8e1175bSopenharmony_ci } 1841a8e1175bSopenharmony_ci 1842a8e1175bSopenharmony_ci if (canonical_input) { 1843a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(data->x, data->len, exported, exported_length); 1844a8e1175bSopenharmony_ci } else { 1845a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; 1846a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, exported, exported_length, 1847a8e1175bSopenharmony_ci &key2)); 1848a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_key(key2, 1849a8e1175bSopenharmony_ci reexported, 1850a8e1175bSopenharmony_ci export_size, 1851a8e1175bSopenharmony_ci &reexported_length)); 1852a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(exported, exported_length, 1853a8e1175bSopenharmony_ci reexported, reexported_length); 1854a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key2)); 1855a8e1175bSopenharmony_ci } 1856a8e1175bSopenharmony_ci TEST_LE_U(exported_length, 1857a8e1175bSopenharmony_ci PSA_EXPORT_KEY_OUTPUT_SIZE(type, 1858a8e1175bSopenharmony_ci psa_get_key_bits(&got_attributes))); 1859a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { 1860a8e1175bSopenharmony_ci TEST_LE_U(exported_length, PSA_EXPORT_KEY_PAIR_MAX_SIZE); 1861a8e1175bSopenharmony_ci } else if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { 1862a8e1175bSopenharmony_ci TEST_LE_U(exported_length, PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); 1863a8e1175bSopenharmony_ci } 1864a8e1175bSopenharmony_ci 1865a8e1175bSopenharmony_cidestroy: 1866a8e1175bSopenharmony_ci /* Destroy the key */ 1867a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 1868a8e1175bSopenharmony_ci test_operations_on_invalid_key(key); 1869a8e1175bSopenharmony_ci 1870a8e1175bSopenharmony_ciexit: 1871a8e1175bSopenharmony_ci /* 1872a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 1873a8e1175bSopenharmony_ci * thus reset them as required. 1874a8e1175bSopenharmony_ci */ 1875a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 1876a8e1175bSopenharmony_ci psa_destroy_key(key); 1877a8e1175bSopenharmony_ci mbedtls_free(exported); 1878a8e1175bSopenharmony_ci mbedtls_free(reexported); 1879a8e1175bSopenharmony_ci PSA_DONE(); 1880a8e1175bSopenharmony_ci} 1881a8e1175bSopenharmony_ci/* END_CASE */ 1882a8e1175bSopenharmony_ci 1883a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1884a8e1175bSopenharmony_civoid import_export_public_key(data_t *data, 1885a8e1175bSopenharmony_ci int type_arg, // key pair or public key 1886a8e1175bSopenharmony_ci int alg_arg, 1887a8e1175bSopenharmony_ci int lifetime_arg, 1888a8e1175bSopenharmony_ci int export_size_delta, 1889a8e1175bSopenharmony_ci int expected_export_status_arg, 1890a8e1175bSopenharmony_ci data_t *expected_public_key) 1891a8e1175bSopenharmony_ci{ 1892a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1893a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 1894a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 1895a8e1175bSopenharmony_ci psa_status_t expected_export_status = expected_export_status_arg; 1896a8e1175bSopenharmony_ci psa_status_t status; 1897a8e1175bSopenharmony_ci psa_key_lifetime_t lifetime = lifetime_arg; 1898a8e1175bSopenharmony_ci unsigned char *exported = NULL; 1899a8e1175bSopenharmony_ci size_t export_size = expected_public_key->len + export_size_delta; 1900a8e1175bSopenharmony_ci size_t exported_length = INVALID_EXPORT_LENGTH; 1901a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1902a8e1175bSopenharmony_ci 1903a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 1904a8e1175bSopenharmony_ci 1905a8e1175bSopenharmony_ci psa_set_key_lifetime(&attributes, lifetime); 1906a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 1907a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 1908a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 1909a8e1175bSopenharmony_ci 1910a8e1175bSopenharmony_ci /* Import the key */ 1911a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, &key)); 1912a8e1175bSopenharmony_ci 1913a8e1175bSopenharmony_ci /* Export the public key */ 1914a8e1175bSopenharmony_ci TEST_CALLOC(exported, export_size); 1915a8e1175bSopenharmony_ci status = psa_export_public_key(key, 1916a8e1175bSopenharmony_ci exported, export_size, 1917a8e1175bSopenharmony_ci &exported_length); 1918a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_export_status); 1919a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 1920a8e1175bSopenharmony_ci psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type); 1921a8e1175bSopenharmony_ci size_t bits; 1922a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1923a8e1175bSopenharmony_ci bits = psa_get_key_bits(&attributes); 1924a8e1175bSopenharmony_ci TEST_LE_U(expected_public_key->len, 1925a8e1175bSopenharmony_ci PSA_EXPORT_KEY_OUTPUT_SIZE(public_type, bits)); 1926a8e1175bSopenharmony_ci TEST_LE_U(expected_public_key->len, 1927a8e1175bSopenharmony_ci PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, bits)); 1928a8e1175bSopenharmony_ci TEST_LE_U(expected_public_key->len, 1929a8e1175bSopenharmony_ci PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); 1930a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_public_key->x, expected_public_key->len, 1931a8e1175bSopenharmony_ci exported, exported_length); 1932a8e1175bSopenharmony_ci } 1933a8e1175bSopenharmony_ciexit: 1934a8e1175bSopenharmony_ci /* 1935a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 1936a8e1175bSopenharmony_ci * thus reset them as required. 1937a8e1175bSopenharmony_ci */ 1938a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 1939a8e1175bSopenharmony_ci 1940a8e1175bSopenharmony_ci mbedtls_free(exported); 1941a8e1175bSopenharmony_ci psa_destroy_key(key); 1942a8e1175bSopenharmony_ci PSA_DONE(); 1943a8e1175bSopenharmony_ci} 1944a8e1175bSopenharmony_ci/* END_CASE */ 1945a8e1175bSopenharmony_ci 1946a8e1175bSopenharmony_ci 1947a8e1175bSopenharmony_ci#if defined(MBEDTLS_THREADING_PTHREAD) 1948a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_CRYPTO_STORAGE_C */ 1949a8e1175bSopenharmony_civoid concurrently_use_same_persistent_key(data_t *data, 1950a8e1175bSopenharmony_ci int type_arg, 1951a8e1175bSopenharmony_ci int bits_arg, 1952a8e1175bSopenharmony_ci int alg_arg, 1953a8e1175bSopenharmony_ci int thread_count_arg) 1954a8e1175bSopenharmony_ci{ 1955a8e1175bSopenharmony_ci size_t thread_count = (size_t) thread_count_arg; 1956a8e1175bSopenharmony_ci mbedtls_test_thread_t *threads = NULL; 1957a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(1, 1); 1958a8e1175bSopenharmony_ci same_key_context skc; 1959a8e1175bSopenharmony_ci skc.data = data; 1960a8e1175bSopenharmony_ci skc.key = key_id; 1961a8e1175bSopenharmony_ci skc.type = type_arg; 1962a8e1175bSopenharmony_ci skc.bits = bits_arg; 1963a8e1175bSopenharmony_ci skc.key_loaded = 0; 1964a8e1175bSopenharmony_ci mbedtls_mutex_init(&skc.key_loaded_mutex); 1965a8e1175bSopenharmony_ci psa_key_usage_t usage = mbedtls_test_psa_usage_to_exercise(skc.type, alg_arg); 1966a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1967a8e1175bSopenharmony_ci 1968a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 1969a8e1175bSopenharmony_ci 1970a8e1175bSopenharmony_ci psa_set_key_id(&attributes, key_id); 1971a8e1175bSopenharmony_ci psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT); 1972a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage); 1973a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg_arg); 1974a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type_arg); 1975a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, bits_arg); 1976a8e1175bSopenharmony_ci skc.attributes = &attributes; 1977a8e1175bSopenharmony_ci 1978a8e1175bSopenharmony_ci TEST_CALLOC(threads, sizeof(mbedtls_test_thread_t) * thread_count); 1979a8e1175bSopenharmony_ci 1980a8e1175bSopenharmony_ci /* Test that when multiple threads import the same key, 1981a8e1175bSopenharmony_ci * exactly one thread succeeds and the rest fail with valid errors. 1982a8e1175bSopenharmony_ci * Also test that all threads can use the key as soon as it has been 1983a8e1175bSopenharmony_ci * imported. */ 1984a8e1175bSopenharmony_ci for (size_t i = 0; i < thread_count; i++) { 1985a8e1175bSopenharmony_ci TEST_EQUAL( 1986a8e1175bSopenharmony_ci mbedtls_test_thread_create(&threads[i], thread_import_key, 1987a8e1175bSopenharmony_ci (void *) &skc), 0); 1988a8e1175bSopenharmony_ci } 1989a8e1175bSopenharmony_ci 1990a8e1175bSopenharmony_ci /* Join threads. */ 1991a8e1175bSopenharmony_ci for (size_t i = 0; i < thread_count; i++) { 1992a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_test_thread_join(&threads[i]), 0); 1993a8e1175bSopenharmony_ci } 1994a8e1175bSopenharmony_ci 1995a8e1175bSopenharmony_ci /* Test that when multiple threads use and destroy a key no corruption 1996a8e1175bSopenharmony_ci * occurs, and exactly one thread succeeds when destroying the key. */ 1997a8e1175bSopenharmony_ci for (size_t i = 0; i < thread_count; i++) { 1998a8e1175bSopenharmony_ci TEST_EQUAL( 1999a8e1175bSopenharmony_ci mbedtls_test_thread_create(&threads[i], thread_use_and_destroy_key, 2000a8e1175bSopenharmony_ci (void *) &skc), 0); 2001a8e1175bSopenharmony_ci } 2002a8e1175bSopenharmony_ci 2003a8e1175bSopenharmony_ci /* Join threads. */ 2004a8e1175bSopenharmony_ci for (size_t i = 0; i < thread_count; i++) { 2005a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_test_thread_join(&threads[i]), 0); 2006a8e1175bSopenharmony_ci } 2007a8e1175bSopenharmony_ci /* Ensure that one thread succeeded in destroying the key. */ 2008a8e1175bSopenharmony_ci TEST_ASSERT(!skc.key_loaded); 2009a8e1175bSopenharmony_ciexit: 2010a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2011a8e1175bSopenharmony_ci mbedtls_mutex_free(&skc.key_loaded_mutex); 2012a8e1175bSopenharmony_ci mbedtls_free(threads); 2013a8e1175bSopenharmony_ci PSA_DONE(); 2014a8e1175bSopenharmony_ci} 2015a8e1175bSopenharmony_ci/* END_CASE */ 2016a8e1175bSopenharmony_ci#endif 2017a8e1175bSopenharmony_ci 2018a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2019a8e1175bSopenharmony_civoid import_and_exercise_key(data_t *data, 2020a8e1175bSopenharmony_ci int type_arg, 2021a8e1175bSopenharmony_ci int bits_arg, 2022a8e1175bSopenharmony_ci int alg_arg) 2023a8e1175bSopenharmony_ci{ 2024a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2025a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 2026a8e1175bSopenharmony_ci size_t bits = bits_arg; 2027a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 2028a8e1175bSopenharmony_ci psa_key_usage_t usage = mbedtls_test_psa_usage_to_exercise(type, alg); 2029a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2030a8e1175bSopenharmony_ci psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 2031a8e1175bSopenharmony_ci 2032a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2033a8e1175bSopenharmony_ci 2034a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage); 2035a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 2036a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 2037a8e1175bSopenharmony_ci 2038a8e1175bSopenharmony_ci /* Import the key */ 2039a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, &key)); 2040a8e1175bSopenharmony_ci 2041a8e1175bSopenharmony_ci /* Test the key information */ 2042a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); 2043a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&got_attributes), type); 2044a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&got_attributes), bits); 2045a8e1175bSopenharmony_ci 2046a8e1175bSopenharmony_ci /* Do something with the key according to its type and permitted usage. */ 2047a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(key, usage, alg, 0)) { 2048a8e1175bSopenharmony_ci goto exit; 2049a8e1175bSopenharmony_ci } 2050a8e1175bSopenharmony_ci 2051a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 2052a8e1175bSopenharmony_ci test_operations_on_invalid_key(key); 2053a8e1175bSopenharmony_ci 2054a8e1175bSopenharmony_ciexit: 2055a8e1175bSopenharmony_ci /* 2056a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 2057a8e1175bSopenharmony_ci * thus reset them as required. 2058a8e1175bSopenharmony_ci */ 2059a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 2060a8e1175bSopenharmony_ci 2061a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2062a8e1175bSopenharmony_ci psa_destroy_key(key); 2063a8e1175bSopenharmony_ci PSA_DONE(); 2064a8e1175bSopenharmony_ci} 2065a8e1175bSopenharmony_ci/* END_CASE */ 2066a8e1175bSopenharmony_ci 2067a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2068a8e1175bSopenharmony_civoid effective_key_attributes(int type_arg, int expected_type_arg, 2069a8e1175bSopenharmony_ci int bits_arg, int expected_bits_arg, 2070a8e1175bSopenharmony_ci int usage_arg, int expected_usage_arg, 2071a8e1175bSopenharmony_ci int alg_arg, int expected_alg_arg) 2072a8e1175bSopenharmony_ci{ 2073a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2074a8e1175bSopenharmony_ci psa_key_type_t key_type = type_arg; 2075a8e1175bSopenharmony_ci psa_key_type_t expected_key_type = expected_type_arg; 2076a8e1175bSopenharmony_ci size_t bits = bits_arg; 2077a8e1175bSopenharmony_ci size_t expected_bits = expected_bits_arg; 2078a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 2079a8e1175bSopenharmony_ci psa_algorithm_t expected_alg = expected_alg_arg; 2080a8e1175bSopenharmony_ci psa_key_usage_t usage = usage_arg; 2081a8e1175bSopenharmony_ci psa_key_usage_t expected_usage = expected_usage_arg; 2082a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2083a8e1175bSopenharmony_ci 2084a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2085a8e1175bSopenharmony_ci 2086a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage); 2087a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 2088a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 2089a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, bits); 2090a8e1175bSopenharmony_ci 2091a8e1175bSopenharmony_ci PSA_ASSERT(psa_generate_key(&attributes, &key)); 2092a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2093a8e1175bSopenharmony_ci 2094a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2095a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&attributes), expected_key_type); 2096a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&attributes), expected_bits); 2097a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); 2098a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); 2099a8e1175bSopenharmony_ci 2100a8e1175bSopenharmony_ciexit: 2101a8e1175bSopenharmony_ci /* 2102a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 2103a8e1175bSopenharmony_ci * thus reset them as required. 2104a8e1175bSopenharmony_ci */ 2105a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2106a8e1175bSopenharmony_ci 2107a8e1175bSopenharmony_ci psa_destroy_key(key); 2108a8e1175bSopenharmony_ci PSA_DONE(); 2109a8e1175bSopenharmony_ci} 2110a8e1175bSopenharmony_ci/* END_CASE */ 2111a8e1175bSopenharmony_ci 2112a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2113a8e1175bSopenharmony_civoid check_key_policy(int type_arg, int bits_arg, 2114a8e1175bSopenharmony_ci int usage_arg, int alg_arg) 2115a8e1175bSopenharmony_ci{ 2116a8e1175bSopenharmony_ci test_effective_key_attributes(type_arg, type_arg, bits_arg, bits_arg, 2117a8e1175bSopenharmony_ci usage_arg, 2118a8e1175bSopenharmony_ci mbedtls_test_update_key_usage_flags(usage_arg), 2119a8e1175bSopenharmony_ci alg_arg, alg_arg); 2120a8e1175bSopenharmony_ci goto exit; 2121a8e1175bSopenharmony_ci} 2122a8e1175bSopenharmony_ci/* END_CASE */ 2123a8e1175bSopenharmony_ci 2124a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2125a8e1175bSopenharmony_civoid key_attributes_init() 2126a8e1175bSopenharmony_ci{ 2127a8e1175bSopenharmony_ci /* Test each valid way of initializing the object, except for `= {0}`, as 2128a8e1175bSopenharmony_ci * Clang 5 complains when `-Wmissing-field-initializers` is used, even 2129a8e1175bSopenharmony_ci * though it's OK by the C standard. We could test for this, but we'd need 2130a8e1175bSopenharmony_ci * to suppress the Clang warning for the test. */ 2131a8e1175bSopenharmony_ci psa_key_attributes_t func = psa_key_attributes_init(); 2132a8e1175bSopenharmony_ci psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT; 2133a8e1175bSopenharmony_ci psa_key_attributes_t zero; 2134a8e1175bSopenharmony_ci 2135a8e1175bSopenharmony_ci memset(&zero, 0, sizeof(zero)); 2136a8e1175bSopenharmony_ci 2137a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&func), PSA_KEY_LIFETIME_VOLATILE); 2138a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&init), PSA_KEY_LIFETIME_VOLATILE); 2139a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&zero), PSA_KEY_LIFETIME_VOLATILE); 2140a8e1175bSopenharmony_ci 2141a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&func), 0); 2142a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&init), 0); 2143a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&zero), 0); 2144a8e1175bSopenharmony_ci 2145a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&func), 0); 2146a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&init), 0); 2147a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&zero), 0); 2148a8e1175bSopenharmony_ci 2149a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&func), 0); 2150a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&init), 0); 2151a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&zero), 0); 2152a8e1175bSopenharmony_ci 2153a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&func), 0); 2154a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&init), 0); 2155a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&zero), 0); 2156a8e1175bSopenharmony_ci} 2157a8e1175bSopenharmony_ci/* END_CASE */ 2158a8e1175bSopenharmony_ci 2159a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2160a8e1175bSopenharmony_civoid mac_key_policy(int policy_usage_arg, 2161a8e1175bSopenharmony_ci int policy_alg_arg, 2162a8e1175bSopenharmony_ci int key_type_arg, 2163a8e1175bSopenharmony_ci data_t *key_data, 2164a8e1175bSopenharmony_ci int exercise_alg_arg, 2165a8e1175bSopenharmony_ci int expected_status_sign_arg, 2166a8e1175bSopenharmony_ci int expected_status_verify_arg) 2167a8e1175bSopenharmony_ci{ 2168a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2169a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2170a8e1175bSopenharmony_ci psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2171a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 2172a8e1175bSopenharmony_ci psa_algorithm_t policy_alg = policy_alg_arg; 2173a8e1175bSopenharmony_ci psa_algorithm_t exercise_alg = exercise_alg_arg; 2174a8e1175bSopenharmony_ci psa_key_usage_t policy_usage = policy_usage_arg; 2175a8e1175bSopenharmony_ci psa_status_t status; 2176a8e1175bSopenharmony_ci psa_status_t expected_status_sign = expected_status_sign_arg; 2177a8e1175bSopenharmony_ci psa_status_t expected_status_verify = expected_status_verify_arg; 2178a8e1175bSopenharmony_ci unsigned char mac[PSA_MAC_MAX_SIZE]; 2179a8e1175bSopenharmony_ci 2180a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2181a8e1175bSopenharmony_ci 2182a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, policy_usage); 2183a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, policy_alg); 2184a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 2185a8e1175bSopenharmony_ci 2186a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2187a8e1175bSopenharmony_ci &key)); 2188a8e1175bSopenharmony_ci 2189a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&attributes), 2190a8e1175bSopenharmony_ci mbedtls_test_update_key_usage_flags(policy_usage)); 2191a8e1175bSopenharmony_ci 2192a8e1175bSopenharmony_ci status = psa_mac_sign_setup(&operation, key, exercise_alg); 2193a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status_sign); 2194a8e1175bSopenharmony_ci 2195a8e1175bSopenharmony_ci /* Calculate the MAC, one-shot case. */ 2196a8e1175bSopenharmony_ci uint8_t input[128] = { 0 }; 2197a8e1175bSopenharmony_ci size_t mac_len; 2198a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_compute(key, exercise_alg, 2199a8e1175bSopenharmony_ci input, 128, 2200a8e1175bSopenharmony_ci mac, PSA_MAC_MAX_SIZE, &mac_len), 2201a8e1175bSopenharmony_ci expected_status_sign); 2202a8e1175bSopenharmony_ci 2203a8e1175bSopenharmony_ci /* Calculate the MAC, multi-part case. */ 2204a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 2205a8e1175bSopenharmony_ci status = psa_mac_sign_setup(&operation, key, exercise_alg); 2206a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 2207a8e1175bSopenharmony_ci status = psa_mac_update(&operation, input, 128); 2208a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 2209a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_sign_finish(&operation, mac, PSA_MAC_MAX_SIZE, 2210a8e1175bSopenharmony_ci &mac_len), 2211a8e1175bSopenharmony_ci expected_status_sign); 2212a8e1175bSopenharmony_ci } else { 2213a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status_sign); 2214a8e1175bSopenharmony_ci } 2215a8e1175bSopenharmony_ci } else { 2216a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status_sign); 2217a8e1175bSopenharmony_ci } 2218a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 2219a8e1175bSopenharmony_ci 2220a8e1175bSopenharmony_ci /* Verify correct MAC, one-shot case. */ 2221a8e1175bSopenharmony_ci status = psa_mac_verify(key, exercise_alg, input, 128, 2222a8e1175bSopenharmony_ci mac, mac_len); 2223a8e1175bSopenharmony_ci 2224a8e1175bSopenharmony_ci if (expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS) { 2225a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_INVALID_SIGNATURE); 2226a8e1175bSopenharmony_ci } else { 2227a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status_verify); 2228a8e1175bSopenharmony_ci } 2229a8e1175bSopenharmony_ci 2230a8e1175bSopenharmony_ci /* Verify correct MAC, multi-part case. */ 2231a8e1175bSopenharmony_ci status = psa_mac_verify_setup(&operation, key, exercise_alg); 2232a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 2233a8e1175bSopenharmony_ci status = psa_mac_update(&operation, input, 128); 2234a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 2235a8e1175bSopenharmony_ci status = psa_mac_verify_finish(&operation, mac, mac_len); 2236a8e1175bSopenharmony_ci if (expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS) { 2237a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_INVALID_SIGNATURE); 2238a8e1175bSopenharmony_ci } else { 2239a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status_verify); 2240a8e1175bSopenharmony_ci } 2241a8e1175bSopenharmony_ci } else { 2242a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status_verify); 2243a8e1175bSopenharmony_ci } 2244a8e1175bSopenharmony_ci } else { 2245a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status_verify); 2246a8e1175bSopenharmony_ci } 2247a8e1175bSopenharmony_ci 2248a8e1175bSopenharmony_ci psa_mac_abort(&operation); 2249a8e1175bSopenharmony_ci 2250a8e1175bSopenharmony_ci memset(mac, 0, sizeof(mac)); 2251a8e1175bSopenharmony_ci status = psa_mac_verify_setup(&operation, key, exercise_alg); 2252a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status_verify); 2253a8e1175bSopenharmony_ci 2254a8e1175bSopenharmony_ciexit: 2255a8e1175bSopenharmony_ci psa_mac_abort(&operation); 2256a8e1175bSopenharmony_ci psa_destroy_key(key); 2257a8e1175bSopenharmony_ci PSA_DONE(); 2258a8e1175bSopenharmony_ci} 2259a8e1175bSopenharmony_ci/* END_CASE */ 2260a8e1175bSopenharmony_ci 2261a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2262a8e1175bSopenharmony_civoid cipher_key_policy(int policy_usage_arg, 2263a8e1175bSopenharmony_ci int policy_alg, 2264a8e1175bSopenharmony_ci int key_type, 2265a8e1175bSopenharmony_ci data_t *key_data, 2266a8e1175bSopenharmony_ci int exercise_alg) 2267a8e1175bSopenharmony_ci{ 2268a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2269a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2270a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 2271a8e1175bSopenharmony_ci psa_key_usage_t policy_usage = policy_usage_arg; 2272a8e1175bSopenharmony_ci size_t output_buffer_size = 0; 2273a8e1175bSopenharmony_ci size_t input_buffer_size = 0; 2274a8e1175bSopenharmony_ci size_t output_length = 0; 2275a8e1175bSopenharmony_ci uint8_t *output = NULL; 2276a8e1175bSopenharmony_ci uint8_t *input = NULL; 2277a8e1175bSopenharmony_ci psa_status_t status; 2278a8e1175bSopenharmony_ci 2279a8e1175bSopenharmony_ci input_buffer_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(exercise_alg); 2280a8e1175bSopenharmony_ci output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, exercise_alg, 2281a8e1175bSopenharmony_ci input_buffer_size); 2282a8e1175bSopenharmony_ci 2283a8e1175bSopenharmony_ci TEST_CALLOC(input, input_buffer_size); 2284a8e1175bSopenharmony_ci TEST_CALLOC(output, output_buffer_size); 2285a8e1175bSopenharmony_ci 2286a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2287a8e1175bSopenharmony_ci 2288a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, policy_usage); 2289a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, policy_alg); 2290a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 2291a8e1175bSopenharmony_ci 2292a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2293a8e1175bSopenharmony_ci &key)); 2294a8e1175bSopenharmony_ci 2295a8e1175bSopenharmony_ci /* Check if no key usage flag implication is done */ 2296a8e1175bSopenharmony_ci TEST_EQUAL(policy_usage, 2297a8e1175bSopenharmony_ci mbedtls_test_update_key_usage_flags(policy_usage)); 2298a8e1175bSopenharmony_ci 2299a8e1175bSopenharmony_ci /* Encrypt check, one-shot */ 2300a8e1175bSopenharmony_ci status = psa_cipher_encrypt(key, exercise_alg, input, input_buffer_size, 2301a8e1175bSopenharmony_ci output, output_buffer_size, 2302a8e1175bSopenharmony_ci &output_length); 2303a8e1175bSopenharmony_ci if (policy_alg == exercise_alg && 2304a8e1175bSopenharmony_ci (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { 2305a8e1175bSopenharmony_ci PSA_ASSERT(status); 2306a8e1175bSopenharmony_ci } else { 2307a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2308a8e1175bSopenharmony_ci } 2309a8e1175bSopenharmony_ci 2310a8e1175bSopenharmony_ci /* Encrypt check, multi-part */ 2311a8e1175bSopenharmony_ci status = psa_cipher_encrypt_setup(&operation, key, exercise_alg); 2312a8e1175bSopenharmony_ci if (policy_alg == exercise_alg && 2313a8e1175bSopenharmony_ci (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { 2314a8e1175bSopenharmony_ci PSA_ASSERT(status); 2315a8e1175bSopenharmony_ci } else { 2316a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2317a8e1175bSopenharmony_ci } 2318a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 2319a8e1175bSopenharmony_ci 2320a8e1175bSopenharmony_ci /* Decrypt check, one-shot */ 2321a8e1175bSopenharmony_ci status = psa_cipher_decrypt(key, exercise_alg, output, output_buffer_size, 2322a8e1175bSopenharmony_ci input, input_buffer_size, 2323a8e1175bSopenharmony_ci &output_length); 2324a8e1175bSopenharmony_ci if (policy_alg == exercise_alg && 2325a8e1175bSopenharmony_ci (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { 2326a8e1175bSopenharmony_ci PSA_ASSERT(status); 2327a8e1175bSopenharmony_ci } else { 2328a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2329a8e1175bSopenharmony_ci } 2330a8e1175bSopenharmony_ci 2331a8e1175bSopenharmony_ci /* Decrypt check, multi-part */ 2332a8e1175bSopenharmony_ci status = psa_cipher_decrypt_setup(&operation, key, exercise_alg); 2333a8e1175bSopenharmony_ci if (policy_alg == exercise_alg && 2334a8e1175bSopenharmony_ci (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { 2335a8e1175bSopenharmony_ci PSA_ASSERT(status); 2336a8e1175bSopenharmony_ci } else { 2337a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2338a8e1175bSopenharmony_ci } 2339a8e1175bSopenharmony_ci 2340a8e1175bSopenharmony_ciexit: 2341a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 2342a8e1175bSopenharmony_ci mbedtls_free(input); 2343a8e1175bSopenharmony_ci mbedtls_free(output); 2344a8e1175bSopenharmony_ci psa_destroy_key(key); 2345a8e1175bSopenharmony_ci PSA_DONE(); 2346a8e1175bSopenharmony_ci} 2347a8e1175bSopenharmony_ci/* END_CASE */ 2348a8e1175bSopenharmony_ci 2349a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2350a8e1175bSopenharmony_civoid aead_key_policy(int policy_usage_arg, 2351a8e1175bSopenharmony_ci int policy_alg, 2352a8e1175bSopenharmony_ci int key_type, 2353a8e1175bSopenharmony_ci data_t *key_data, 2354a8e1175bSopenharmony_ci int nonce_length_arg, 2355a8e1175bSopenharmony_ci int tag_length_arg, 2356a8e1175bSopenharmony_ci int exercise_alg, 2357a8e1175bSopenharmony_ci int expected_status_arg) 2358a8e1175bSopenharmony_ci{ 2359a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2360a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2361a8e1175bSopenharmony_ci psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 2362a8e1175bSopenharmony_ci psa_key_usage_t policy_usage = policy_usage_arg; 2363a8e1175bSopenharmony_ci psa_status_t status; 2364a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 2365a8e1175bSopenharmony_ci unsigned char nonce[16] = { 0 }; 2366a8e1175bSopenharmony_ci size_t nonce_length = nonce_length_arg; 2367a8e1175bSopenharmony_ci unsigned char tag[16]; 2368a8e1175bSopenharmony_ci size_t tag_length = tag_length_arg; 2369a8e1175bSopenharmony_ci size_t output_length; 2370a8e1175bSopenharmony_ci 2371a8e1175bSopenharmony_ci TEST_LE_U(nonce_length, sizeof(nonce)); 2372a8e1175bSopenharmony_ci TEST_LE_U(tag_length, sizeof(tag)); 2373a8e1175bSopenharmony_ci 2374a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2375a8e1175bSopenharmony_ci 2376a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, policy_usage); 2377a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, policy_alg); 2378a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 2379a8e1175bSopenharmony_ci 2380a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2381a8e1175bSopenharmony_ci &key)); 2382a8e1175bSopenharmony_ci 2383a8e1175bSopenharmony_ci /* Check if no key usage implication is done */ 2384a8e1175bSopenharmony_ci TEST_EQUAL(policy_usage, 2385a8e1175bSopenharmony_ci mbedtls_test_update_key_usage_flags(policy_usage)); 2386a8e1175bSopenharmony_ci 2387a8e1175bSopenharmony_ci /* Encrypt check, one-shot */ 2388a8e1175bSopenharmony_ci status = psa_aead_encrypt(key, exercise_alg, 2389a8e1175bSopenharmony_ci nonce, nonce_length, 2390a8e1175bSopenharmony_ci NULL, 0, 2391a8e1175bSopenharmony_ci NULL, 0, 2392a8e1175bSopenharmony_ci tag, tag_length, 2393a8e1175bSopenharmony_ci &output_length); 2394a8e1175bSopenharmony_ci if ((policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { 2395a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 2396a8e1175bSopenharmony_ci } else { 2397a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2398a8e1175bSopenharmony_ci } 2399a8e1175bSopenharmony_ci 2400a8e1175bSopenharmony_ci /* Encrypt check, multi-part */ 2401a8e1175bSopenharmony_ci status = psa_aead_encrypt_setup(&operation, key, exercise_alg); 2402a8e1175bSopenharmony_ci if ((policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { 2403a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 2404a8e1175bSopenharmony_ci } else { 2405a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2406a8e1175bSopenharmony_ci } 2407a8e1175bSopenharmony_ci 2408a8e1175bSopenharmony_ci /* Decrypt check, one-shot */ 2409a8e1175bSopenharmony_ci memset(tag, 0, sizeof(tag)); 2410a8e1175bSopenharmony_ci status = psa_aead_decrypt(key, exercise_alg, 2411a8e1175bSopenharmony_ci nonce, nonce_length, 2412a8e1175bSopenharmony_ci NULL, 0, 2413a8e1175bSopenharmony_ci tag, tag_length, 2414a8e1175bSopenharmony_ci NULL, 0, 2415a8e1175bSopenharmony_ci &output_length); 2416a8e1175bSopenharmony_ci if ((policy_usage & PSA_KEY_USAGE_DECRYPT) == 0) { 2417a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2418a8e1175bSopenharmony_ci } else if (expected_status == PSA_SUCCESS) { 2419a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_INVALID_SIGNATURE); 2420a8e1175bSopenharmony_ci } else { 2421a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 2422a8e1175bSopenharmony_ci } 2423a8e1175bSopenharmony_ci 2424a8e1175bSopenharmony_ci /* Decrypt check, multi-part */ 2425a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_abort(&operation)); 2426a8e1175bSopenharmony_ci status = psa_aead_decrypt_setup(&operation, key, exercise_alg); 2427a8e1175bSopenharmony_ci if ((policy_usage & PSA_KEY_USAGE_DECRYPT) == 0) { 2428a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2429a8e1175bSopenharmony_ci } else { 2430a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 2431a8e1175bSopenharmony_ci } 2432a8e1175bSopenharmony_ci 2433a8e1175bSopenharmony_ciexit: 2434a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_abort(&operation)); 2435a8e1175bSopenharmony_ci psa_destroy_key(key); 2436a8e1175bSopenharmony_ci PSA_DONE(); 2437a8e1175bSopenharmony_ci} 2438a8e1175bSopenharmony_ci/* END_CASE */ 2439a8e1175bSopenharmony_ci 2440a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2441a8e1175bSopenharmony_civoid asymmetric_encryption_key_policy(int policy_usage_arg, 2442a8e1175bSopenharmony_ci int policy_alg, 2443a8e1175bSopenharmony_ci int key_type, 2444a8e1175bSopenharmony_ci data_t *key_data, 2445a8e1175bSopenharmony_ci int exercise_alg, 2446a8e1175bSopenharmony_ci int use_opaque_key) 2447a8e1175bSopenharmony_ci{ 2448a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2449a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2450a8e1175bSopenharmony_ci psa_key_usage_t policy_usage = policy_usage_arg; 2451a8e1175bSopenharmony_ci psa_status_t status; 2452a8e1175bSopenharmony_ci size_t key_bits; 2453a8e1175bSopenharmony_ci size_t buffer_length; 2454a8e1175bSopenharmony_ci unsigned char *buffer = NULL; 2455a8e1175bSopenharmony_ci size_t output_length; 2456a8e1175bSopenharmony_ci 2457a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2458a8e1175bSopenharmony_ci 2459a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, policy_usage); 2460a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, policy_alg); 2461a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 2462a8e1175bSopenharmony_ci 2463a8e1175bSopenharmony_ci if (use_opaque_key) { 2464a8e1175bSopenharmony_ci psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( 2465a8e1175bSopenharmony_ci PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION)); 2466a8e1175bSopenharmony_ci } 2467a8e1175bSopenharmony_ci 2468a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2469a8e1175bSopenharmony_ci &key)); 2470a8e1175bSopenharmony_ci 2471a8e1175bSopenharmony_ci /* Check if no key usage implication is done */ 2472a8e1175bSopenharmony_ci TEST_EQUAL(policy_usage, 2473a8e1175bSopenharmony_ci mbedtls_test_update_key_usage_flags(policy_usage)); 2474a8e1175bSopenharmony_ci 2475a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2476a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 2477a8e1175bSopenharmony_ci buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, 2478a8e1175bSopenharmony_ci exercise_alg); 2479a8e1175bSopenharmony_ci TEST_CALLOC(buffer, buffer_length); 2480a8e1175bSopenharmony_ci 2481a8e1175bSopenharmony_ci status = psa_asymmetric_encrypt(key, exercise_alg, 2482a8e1175bSopenharmony_ci NULL, 0, 2483a8e1175bSopenharmony_ci NULL, 0, 2484a8e1175bSopenharmony_ci buffer, buffer_length, 2485a8e1175bSopenharmony_ci &output_length); 2486a8e1175bSopenharmony_ci if (policy_alg == exercise_alg && 2487a8e1175bSopenharmony_ci (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { 2488a8e1175bSopenharmony_ci PSA_ASSERT(status); 2489a8e1175bSopenharmony_ci } else { 2490a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2491a8e1175bSopenharmony_ci } 2492a8e1175bSopenharmony_ci 2493a8e1175bSopenharmony_ci if (buffer_length != 0) { 2494a8e1175bSopenharmony_ci memset(buffer, 0, buffer_length); 2495a8e1175bSopenharmony_ci } 2496a8e1175bSopenharmony_ci status = psa_asymmetric_decrypt(key, exercise_alg, 2497a8e1175bSopenharmony_ci buffer, buffer_length, 2498a8e1175bSopenharmony_ci NULL, 0, 2499a8e1175bSopenharmony_ci buffer, buffer_length, 2500a8e1175bSopenharmony_ci &output_length); 2501a8e1175bSopenharmony_ci if (policy_alg == exercise_alg && 2502a8e1175bSopenharmony_ci (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { 2503a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_INVALID_PADDING); 2504a8e1175bSopenharmony_ci } else { 2505a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2506a8e1175bSopenharmony_ci } 2507a8e1175bSopenharmony_ci 2508a8e1175bSopenharmony_ciexit: 2509a8e1175bSopenharmony_ci /* 2510a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 2511a8e1175bSopenharmony_ci * thus reset them as required. 2512a8e1175bSopenharmony_ci */ 2513a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2514a8e1175bSopenharmony_ci 2515a8e1175bSopenharmony_ci psa_destroy_key(key); 2516a8e1175bSopenharmony_ci PSA_DONE(); 2517a8e1175bSopenharmony_ci mbedtls_free(buffer); 2518a8e1175bSopenharmony_ci} 2519a8e1175bSopenharmony_ci/* END_CASE */ 2520a8e1175bSopenharmony_ci 2521a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2522a8e1175bSopenharmony_civoid asymmetric_signature_key_policy(int policy_usage_arg, 2523a8e1175bSopenharmony_ci int policy_alg, 2524a8e1175bSopenharmony_ci int key_type, 2525a8e1175bSopenharmony_ci data_t *key_data, 2526a8e1175bSopenharmony_ci int exercise_alg, 2527a8e1175bSopenharmony_ci int payload_length_arg, 2528a8e1175bSopenharmony_ci int expected_usage_arg) 2529a8e1175bSopenharmony_ci{ 2530a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2531a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2532a8e1175bSopenharmony_ci psa_key_usage_t policy_usage = policy_usage_arg; 2533a8e1175bSopenharmony_ci psa_key_usage_t expected_usage = expected_usage_arg; 2534a8e1175bSopenharmony_ci psa_status_t status; 2535a8e1175bSopenharmony_ci unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 }; 2536a8e1175bSopenharmony_ci /* If `payload_length_arg > 0`, `exercise_alg` is supposed to be 2537a8e1175bSopenharmony_ci * compatible with the policy and `payload_length_arg` is supposed to be 2538a8e1175bSopenharmony_ci * a valid input length to sign. If `payload_length_arg <= 0`, 2539a8e1175bSopenharmony_ci * `exercise_alg` is supposed to be forbidden by the policy. */ 2540a8e1175bSopenharmony_ci int compatible_alg = payload_length_arg > 0; 2541a8e1175bSopenharmony_ci size_t payload_length = compatible_alg ? payload_length_arg : 0; 2542a8e1175bSopenharmony_ci unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; 2543a8e1175bSopenharmony_ci size_t signature_length; 2544a8e1175bSopenharmony_ci 2545a8e1175bSopenharmony_ci /* Check if all implicit usage flags are deployed 2546a8e1175bSopenharmony_ci in the expected usage flags. */ 2547a8e1175bSopenharmony_ci TEST_EQUAL(expected_usage, 2548a8e1175bSopenharmony_ci mbedtls_test_update_key_usage_flags(policy_usage)); 2549a8e1175bSopenharmony_ci 2550a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2551a8e1175bSopenharmony_ci 2552a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, policy_usage); 2553a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, policy_alg); 2554a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 2555a8e1175bSopenharmony_ci 2556a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2557a8e1175bSopenharmony_ci &key)); 2558a8e1175bSopenharmony_ci 2559a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); 2560a8e1175bSopenharmony_ci 2561a8e1175bSopenharmony_ci status = psa_sign_hash(key, exercise_alg, 2562a8e1175bSopenharmony_ci payload, payload_length, 2563a8e1175bSopenharmony_ci signature, sizeof(signature), 2564a8e1175bSopenharmony_ci &signature_length); 2565a8e1175bSopenharmony_ci if (compatible_alg && (expected_usage & PSA_KEY_USAGE_SIGN_HASH) != 0) { 2566a8e1175bSopenharmony_ci PSA_ASSERT(status); 2567a8e1175bSopenharmony_ci } else { 2568a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2569a8e1175bSopenharmony_ci } 2570a8e1175bSopenharmony_ci 2571a8e1175bSopenharmony_ci memset(signature, 0, sizeof(signature)); 2572a8e1175bSopenharmony_ci status = psa_verify_hash(key, exercise_alg, 2573a8e1175bSopenharmony_ci payload, payload_length, 2574a8e1175bSopenharmony_ci signature, sizeof(signature)); 2575a8e1175bSopenharmony_ci if (compatible_alg && (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) != 0) { 2576a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_INVALID_SIGNATURE); 2577a8e1175bSopenharmony_ci } else { 2578a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2579a8e1175bSopenharmony_ci } 2580a8e1175bSopenharmony_ci 2581a8e1175bSopenharmony_ci if (PSA_ALG_IS_SIGN_HASH(exercise_alg) && 2582a8e1175bSopenharmony_ci PSA_ALG_IS_HASH(PSA_ALG_SIGN_GET_HASH(exercise_alg))) { 2583a8e1175bSopenharmony_ci status = psa_sign_message(key, exercise_alg, 2584a8e1175bSopenharmony_ci payload, payload_length, 2585a8e1175bSopenharmony_ci signature, sizeof(signature), 2586a8e1175bSopenharmony_ci &signature_length); 2587a8e1175bSopenharmony_ci if (compatible_alg && (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) != 0) { 2588a8e1175bSopenharmony_ci PSA_ASSERT(status); 2589a8e1175bSopenharmony_ci } else { 2590a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2591a8e1175bSopenharmony_ci } 2592a8e1175bSopenharmony_ci 2593a8e1175bSopenharmony_ci memset(signature, 0, sizeof(signature)); 2594a8e1175bSopenharmony_ci status = psa_verify_message(key, exercise_alg, 2595a8e1175bSopenharmony_ci payload, payload_length, 2596a8e1175bSopenharmony_ci signature, sizeof(signature)); 2597a8e1175bSopenharmony_ci if (compatible_alg && (expected_usage & PSA_KEY_USAGE_VERIFY_MESSAGE) != 0) { 2598a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_INVALID_SIGNATURE); 2599a8e1175bSopenharmony_ci } else { 2600a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2601a8e1175bSopenharmony_ci } 2602a8e1175bSopenharmony_ci } 2603a8e1175bSopenharmony_ci 2604a8e1175bSopenharmony_ciexit: 2605a8e1175bSopenharmony_ci psa_destroy_key(key); 2606a8e1175bSopenharmony_ci PSA_DONE(); 2607a8e1175bSopenharmony_ci} 2608a8e1175bSopenharmony_ci/* END_CASE */ 2609a8e1175bSopenharmony_ci 2610a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2611a8e1175bSopenharmony_civoid derive_key_policy(int policy_usage, 2612a8e1175bSopenharmony_ci int policy_alg, 2613a8e1175bSopenharmony_ci int key_type, 2614a8e1175bSopenharmony_ci data_t *key_data, 2615a8e1175bSopenharmony_ci int exercise_alg) 2616a8e1175bSopenharmony_ci{ 2617a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2618a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2619a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 2620a8e1175bSopenharmony_ci psa_status_t status; 2621a8e1175bSopenharmony_ci 2622a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2623a8e1175bSopenharmony_ci 2624a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, policy_usage); 2625a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, policy_alg); 2626a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 2627a8e1175bSopenharmony_ci 2628a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2629a8e1175bSopenharmony_ci &key)); 2630a8e1175bSopenharmony_ci 2631a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&operation, exercise_alg)); 2632a8e1175bSopenharmony_ci 2633a8e1175bSopenharmony_ci if (PSA_ALG_IS_TLS12_PRF(exercise_alg) || 2634a8e1175bSopenharmony_ci PSA_ALG_IS_TLS12_PSK_TO_MS(exercise_alg)) { 2635a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_input_bytes( 2636a8e1175bSopenharmony_ci &operation, 2637a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_SEED, 2638a8e1175bSopenharmony_ci (const uint8_t *) "", 0)); 2639a8e1175bSopenharmony_ci } 2640a8e1175bSopenharmony_ci 2641a8e1175bSopenharmony_ci status = psa_key_derivation_input_key(&operation, 2642a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_SECRET, 2643a8e1175bSopenharmony_ci key); 2644a8e1175bSopenharmony_ci 2645a8e1175bSopenharmony_ci if (policy_alg == exercise_alg && 2646a8e1175bSopenharmony_ci (policy_usage & PSA_KEY_USAGE_DERIVE) != 0) { 2647a8e1175bSopenharmony_ci PSA_ASSERT(status); 2648a8e1175bSopenharmony_ci } else { 2649a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); 2650a8e1175bSopenharmony_ci } 2651a8e1175bSopenharmony_ci 2652a8e1175bSopenharmony_ciexit: 2653a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 2654a8e1175bSopenharmony_ci psa_destroy_key(key); 2655a8e1175bSopenharmony_ci PSA_DONE(); 2656a8e1175bSopenharmony_ci} 2657a8e1175bSopenharmony_ci/* END_CASE */ 2658a8e1175bSopenharmony_ci 2659a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2660a8e1175bSopenharmony_civoid agreement_key_policy(int policy_usage, 2661a8e1175bSopenharmony_ci int policy_alg, 2662a8e1175bSopenharmony_ci int key_type_arg, 2663a8e1175bSopenharmony_ci data_t *key_data, 2664a8e1175bSopenharmony_ci int exercise_alg, 2665a8e1175bSopenharmony_ci int expected_status_arg) 2666a8e1175bSopenharmony_ci{ 2667a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2668a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2669a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 2670a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 2671a8e1175bSopenharmony_ci psa_status_t status; 2672a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 2673a8e1175bSopenharmony_ci 2674a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2675a8e1175bSopenharmony_ci 2676a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, policy_usage); 2677a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, policy_alg); 2678a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 2679a8e1175bSopenharmony_ci 2680a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2681a8e1175bSopenharmony_ci &key)); 2682a8e1175bSopenharmony_ci 2683a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&operation, exercise_alg)); 2684a8e1175bSopenharmony_ci status = mbedtls_test_psa_key_agreement_with_self(&operation, key, 0); 2685a8e1175bSopenharmony_ci 2686a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 2687a8e1175bSopenharmony_ci 2688a8e1175bSopenharmony_ciexit: 2689a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 2690a8e1175bSopenharmony_ci psa_destroy_key(key); 2691a8e1175bSopenharmony_ci PSA_DONE(); 2692a8e1175bSopenharmony_ci} 2693a8e1175bSopenharmony_ci/* END_CASE */ 2694a8e1175bSopenharmony_ci 2695a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2696a8e1175bSopenharmony_civoid key_policy_alg2(int key_type_arg, data_t *key_data, 2697a8e1175bSopenharmony_ci int usage_arg, int alg_arg, int alg2_arg) 2698a8e1175bSopenharmony_ci{ 2699a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2700a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 2701a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2702a8e1175bSopenharmony_ci psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 2703a8e1175bSopenharmony_ci psa_key_usage_t usage = usage_arg; 2704a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 2705a8e1175bSopenharmony_ci psa_algorithm_t alg2 = alg2_arg; 2706a8e1175bSopenharmony_ci 2707a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2708a8e1175bSopenharmony_ci 2709a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage); 2710a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 2711a8e1175bSopenharmony_ci psa_set_key_enrollment_algorithm(&attributes, alg2); 2712a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 2713a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2714a8e1175bSopenharmony_ci &key)); 2715a8e1175bSopenharmony_ci 2716a8e1175bSopenharmony_ci /* Update the usage flags to obtain implicit usage flags */ 2717a8e1175bSopenharmony_ci usage = mbedtls_test_update_key_usage_flags(usage); 2718a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); 2719a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&got_attributes), usage); 2720a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&got_attributes), alg); 2721a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_enrollment_algorithm(&got_attributes), alg2); 2722a8e1175bSopenharmony_ci 2723a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(key, usage, alg, 0)) { 2724a8e1175bSopenharmony_ci goto exit; 2725a8e1175bSopenharmony_ci } 2726a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(key, usage, alg2, 0)) { 2727a8e1175bSopenharmony_ci goto exit; 2728a8e1175bSopenharmony_ci } 2729a8e1175bSopenharmony_ci 2730a8e1175bSopenharmony_ciexit: 2731a8e1175bSopenharmony_ci /* 2732a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 2733a8e1175bSopenharmony_ci * thus reset them as required. 2734a8e1175bSopenharmony_ci */ 2735a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 2736a8e1175bSopenharmony_ci 2737a8e1175bSopenharmony_ci psa_destroy_key(key); 2738a8e1175bSopenharmony_ci PSA_DONE(); 2739a8e1175bSopenharmony_ci} 2740a8e1175bSopenharmony_ci/* END_CASE */ 2741a8e1175bSopenharmony_ci 2742a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2743a8e1175bSopenharmony_civoid raw_agreement_key_policy(int policy_usage, 2744a8e1175bSopenharmony_ci int policy_alg, 2745a8e1175bSopenharmony_ci int key_type_arg, 2746a8e1175bSopenharmony_ci data_t *key_data, 2747a8e1175bSopenharmony_ci int exercise_alg, 2748a8e1175bSopenharmony_ci int expected_status_arg) 2749a8e1175bSopenharmony_ci{ 2750a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2751a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2752a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 2753a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 2754a8e1175bSopenharmony_ci psa_status_t status; 2755a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 2756a8e1175bSopenharmony_ci 2757a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2758a8e1175bSopenharmony_ci 2759a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, policy_usage); 2760a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, policy_alg); 2761a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 2762a8e1175bSopenharmony_ci 2763a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2764a8e1175bSopenharmony_ci &key)); 2765a8e1175bSopenharmony_ci 2766a8e1175bSopenharmony_ci status = mbedtls_test_psa_raw_key_agreement_with_self(exercise_alg, key, 0); 2767a8e1175bSopenharmony_ci 2768a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 2769a8e1175bSopenharmony_ci 2770a8e1175bSopenharmony_ciexit: 2771a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 2772a8e1175bSopenharmony_ci psa_destroy_key(key); 2773a8e1175bSopenharmony_ci PSA_DONE(); 2774a8e1175bSopenharmony_ci} 2775a8e1175bSopenharmony_ci/* END_CASE */ 2776a8e1175bSopenharmony_ci 2777a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2778a8e1175bSopenharmony_civoid copy_success(int source_usage_arg, 2779a8e1175bSopenharmony_ci int source_alg_arg, int source_alg2_arg, 2780a8e1175bSopenharmony_ci int source_lifetime_arg, 2781a8e1175bSopenharmony_ci int type_arg, data_t *material, 2782a8e1175bSopenharmony_ci int copy_attributes, 2783a8e1175bSopenharmony_ci int target_usage_arg, 2784a8e1175bSopenharmony_ci int target_alg_arg, int target_alg2_arg, 2785a8e1175bSopenharmony_ci int target_lifetime_arg, 2786a8e1175bSopenharmony_ci int expected_usage_arg, 2787a8e1175bSopenharmony_ci int expected_alg_arg, int expected_alg2_arg) 2788a8e1175bSopenharmony_ci{ 2789a8e1175bSopenharmony_ci psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; 2790a8e1175bSopenharmony_ci psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; 2791a8e1175bSopenharmony_ci psa_key_usage_t expected_usage = expected_usage_arg; 2792a8e1175bSopenharmony_ci psa_algorithm_t expected_alg = expected_alg_arg; 2793a8e1175bSopenharmony_ci psa_algorithm_t expected_alg2 = expected_alg2_arg; 2794a8e1175bSopenharmony_ci psa_key_lifetime_t source_lifetime = source_lifetime_arg; 2795a8e1175bSopenharmony_ci psa_key_lifetime_t target_lifetime = target_lifetime_arg; 2796a8e1175bSopenharmony_ci mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; 2797a8e1175bSopenharmony_ci mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; 2798a8e1175bSopenharmony_ci uint8_t *export_buffer = NULL; 2799a8e1175bSopenharmony_ci 2800a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2801a8e1175bSopenharmony_ci 2802a8e1175bSopenharmony_ci /* Prepare the source key. */ 2803a8e1175bSopenharmony_ci psa_set_key_usage_flags(&source_attributes, source_usage_arg); 2804a8e1175bSopenharmony_ci psa_set_key_algorithm(&source_attributes, source_alg_arg); 2805a8e1175bSopenharmony_ci psa_set_key_enrollment_algorithm(&source_attributes, source_alg2_arg); 2806a8e1175bSopenharmony_ci psa_set_key_type(&source_attributes, type_arg); 2807a8e1175bSopenharmony_ci psa_set_key_lifetime(&source_attributes, source_lifetime); 2808a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&source_attributes, 2809a8e1175bSopenharmony_ci material->x, material->len, 2810a8e1175bSopenharmony_ci &source_key)); 2811a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(source_key, &source_attributes)); 2812a8e1175bSopenharmony_ci 2813a8e1175bSopenharmony_ci /* Prepare the target attributes. */ 2814a8e1175bSopenharmony_ci if (copy_attributes) { 2815a8e1175bSopenharmony_ci target_attributes = source_attributes; 2816a8e1175bSopenharmony_ci } 2817a8e1175bSopenharmony_ci psa_set_key_lifetime(&target_attributes, target_lifetime); 2818a8e1175bSopenharmony_ci 2819a8e1175bSopenharmony_ci if (target_usage_arg != -1) { 2820a8e1175bSopenharmony_ci psa_set_key_usage_flags(&target_attributes, target_usage_arg); 2821a8e1175bSopenharmony_ci } 2822a8e1175bSopenharmony_ci if (target_alg_arg != -1) { 2823a8e1175bSopenharmony_ci psa_set_key_algorithm(&target_attributes, target_alg_arg); 2824a8e1175bSopenharmony_ci } 2825a8e1175bSopenharmony_ci if (target_alg2_arg != -1) { 2826a8e1175bSopenharmony_ci psa_set_key_enrollment_algorithm(&target_attributes, target_alg2_arg); 2827a8e1175bSopenharmony_ci } 2828a8e1175bSopenharmony_ci 2829a8e1175bSopenharmony_ci 2830a8e1175bSopenharmony_ci /* Copy the key. */ 2831a8e1175bSopenharmony_ci PSA_ASSERT(psa_copy_key(source_key, 2832a8e1175bSopenharmony_ci &target_attributes, &target_key)); 2833a8e1175bSopenharmony_ci 2834a8e1175bSopenharmony_ci /* Destroy the source to ensure that this doesn't affect the target. */ 2835a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(source_key)); 2836a8e1175bSopenharmony_ci 2837a8e1175bSopenharmony_ci /* Test that the target slot has the expected content and policy. */ 2838a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(target_key, &target_attributes)); 2839a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&source_attributes), 2840a8e1175bSopenharmony_ci psa_get_key_type(&target_attributes)); 2841a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&source_attributes), 2842a8e1175bSopenharmony_ci psa_get_key_bits(&target_attributes)); 2843a8e1175bSopenharmony_ci TEST_EQUAL(expected_usage, psa_get_key_usage_flags(&target_attributes)); 2844a8e1175bSopenharmony_ci TEST_EQUAL(expected_alg, psa_get_key_algorithm(&target_attributes)); 2845a8e1175bSopenharmony_ci TEST_EQUAL(expected_alg2, 2846a8e1175bSopenharmony_ci psa_get_key_enrollment_algorithm(&target_attributes)); 2847a8e1175bSopenharmony_ci if (expected_usage & PSA_KEY_USAGE_EXPORT) { 2848a8e1175bSopenharmony_ci size_t length; 2849a8e1175bSopenharmony_ci TEST_CALLOC(export_buffer, material->len); 2850a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_key(target_key, export_buffer, 2851a8e1175bSopenharmony_ci material->len, &length)); 2852a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(material->x, material->len, 2853a8e1175bSopenharmony_ci export_buffer, length); 2854a8e1175bSopenharmony_ci } 2855a8e1175bSopenharmony_ci 2856a8e1175bSopenharmony_ci if (!psa_key_lifetime_is_external(target_lifetime)) { 2857a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(target_key, expected_usage, expected_alg, 0)) { 2858a8e1175bSopenharmony_ci goto exit; 2859a8e1175bSopenharmony_ci } 2860a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(target_key, expected_usage, expected_alg2, 0)) { 2861a8e1175bSopenharmony_ci goto exit; 2862a8e1175bSopenharmony_ci } 2863a8e1175bSopenharmony_ci } 2864a8e1175bSopenharmony_ci 2865a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(target_key)); 2866a8e1175bSopenharmony_ci 2867a8e1175bSopenharmony_ciexit: 2868a8e1175bSopenharmony_ci /* 2869a8e1175bSopenharmony_ci * Source and target key attributes may have been returned by 2870a8e1175bSopenharmony_ci * psa_get_key_attributes() thus reset them as required. 2871a8e1175bSopenharmony_ci */ 2872a8e1175bSopenharmony_ci psa_reset_key_attributes(&source_attributes); 2873a8e1175bSopenharmony_ci psa_reset_key_attributes(&target_attributes); 2874a8e1175bSopenharmony_ci 2875a8e1175bSopenharmony_ci PSA_DONE(); 2876a8e1175bSopenharmony_ci mbedtls_free(export_buffer); 2877a8e1175bSopenharmony_ci} 2878a8e1175bSopenharmony_ci/* END_CASE */ 2879a8e1175bSopenharmony_ci 2880a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2881a8e1175bSopenharmony_civoid copy_fail(int source_usage_arg, 2882a8e1175bSopenharmony_ci int source_alg_arg, int source_alg2_arg, 2883a8e1175bSopenharmony_ci int source_lifetime_arg, 2884a8e1175bSopenharmony_ci int type_arg, data_t *material, 2885a8e1175bSopenharmony_ci int target_type_arg, int target_bits_arg, 2886a8e1175bSopenharmony_ci int target_usage_arg, 2887a8e1175bSopenharmony_ci int target_alg_arg, int target_alg2_arg, 2888a8e1175bSopenharmony_ci int target_id_arg, int target_lifetime_arg, 2889a8e1175bSopenharmony_ci int expected_status_arg) 2890a8e1175bSopenharmony_ci{ 2891a8e1175bSopenharmony_ci psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; 2892a8e1175bSopenharmony_ci psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; 2893a8e1175bSopenharmony_ci mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; 2894a8e1175bSopenharmony_ci mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; 2895a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(1, target_id_arg); 2896a8e1175bSopenharmony_ci 2897a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2898a8e1175bSopenharmony_ci 2899a8e1175bSopenharmony_ci /* Prepare the source key. */ 2900a8e1175bSopenharmony_ci psa_set_key_usage_flags(&source_attributes, source_usage_arg); 2901a8e1175bSopenharmony_ci psa_set_key_algorithm(&source_attributes, source_alg_arg); 2902a8e1175bSopenharmony_ci psa_set_key_enrollment_algorithm(&source_attributes, source_alg2_arg); 2903a8e1175bSopenharmony_ci psa_set_key_type(&source_attributes, type_arg); 2904a8e1175bSopenharmony_ci psa_set_key_lifetime(&source_attributes, source_lifetime_arg); 2905a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&source_attributes, 2906a8e1175bSopenharmony_ci material->x, material->len, 2907a8e1175bSopenharmony_ci &source_key)); 2908a8e1175bSopenharmony_ci 2909a8e1175bSopenharmony_ci /* Prepare the target attributes. */ 2910a8e1175bSopenharmony_ci psa_set_key_id(&target_attributes, key_id); 2911a8e1175bSopenharmony_ci psa_set_key_lifetime(&target_attributes, target_lifetime_arg); 2912a8e1175bSopenharmony_ci psa_set_key_type(&target_attributes, target_type_arg); 2913a8e1175bSopenharmony_ci psa_set_key_bits(&target_attributes, target_bits_arg); 2914a8e1175bSopenharmony_ci psa_set_key_usage_flags(&target_attributes, target_usage_arg); 2915a8e1175bSopenharmony_ci psa_set_key_algorithm(&target_attributes, target_alg_arg); 2916a8e1175bSopenharmony_ci psa_set_key_enrollment_algorithm(&target_attributes, target_alg2_arg); 2917a8e1175bSopenharmony_ci 2918a8e1175bSopenharmony_ci /* Try to copy the key. */ 2919a8e1175bSopenharmony_ci TEST_EQUAL(psa_copy_key(source_key, 2920a8e1175bSopenharmony_ci &target_attributes, &target_key), 2921a8e1175bSopenharmony_ci expected_status_arg); 2922a8e1175bSopenharmony_ci 2923a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(source_key)); 2924a8e1175bSopenharmony_ci 2925a8e1175bSopenharmony_ciexit: 2926a8e1175bSopenharmony_ci psa_reset_key_attributes(&source_attributes); 2927a8e1175bSopenharmony_ci psa_reset_key_attributes(&target_attributes); 2928a8e1175bSopenharmony_ci PSA_DONE(); 2929a8e1175bSopenharmony_ci} 2930a8e1175bSopenharmony_ci/* END_CASE */ 2931a8e1175bSopenharmony_ci 2932a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2933a8e1175bSopenharmony_civoid hash_operation_init() 2934a8e1175bSopenharmony_ci{ 2935a8e1175bSopenharmony_ci const uint8_t input[1] = { 0 }; 2936a8e1175bSopenharmony_ci /* Test each valid way of initializing the object, except for `= {0}`, as 2937a8e1175bSopenharmony_ci * Clang 5 complains when `-Wmissing-field-initializers` is used, even 2938a8e1175bSopenharmony_ci * though it's OK by the C standard. We could test for this, but we'd need 2939a8e1175bSopenharmony_ci * to suppress the Clang warning for the test. */ 2940a8e1175bSopenharmony_ci psa_hash_operation_t func = psa_hash_operation_init(); 2941a8e1175bSopenharmony_ci psa_hash_operation_t init = PSA_HASH_OPERATION_INIT; 2942a8e1175bSopenharmony_ci psa_hash_operation_t zero; 2943a8e1175bSopenharmony_ci 2944a8e1175bSopenharmony_ci memset(&zero, 0, sizeof(zero)); 2945a8e1175bSopenharmony_ci 2946a8e1175bSopenharmony_ci /* A freshly-initialized hash operation should not be usable. */ 2947a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_update(&func, input, sizeof(input)), 2948a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 2949a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_update(&init, input, sizeof(input)), 2950a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 2951a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_update(&zero, input, sizeof(input)), 2952a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 2953a8e1175bSopenharmony_ci 2954a8e1175bSopenharmony_ci /* A default hash operation should be abortable without error. */ 2955a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&func)); 2956a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&init)); 2957a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&zero)); 2958a8e1175bSopenharmony_ci} 2959a8e1175bSopenharmony_ci/* END_CASE */ 2960a8e1175bSopenharmony_ci 2961a8e1175bSopenharmony_ci/* BEGIN_CASE */ 2962a8e1175bSopenharmony_civoid hash_setup(int alg_arg, 2963a8e1175bSopenharmony_ci int expected_status_arg) 2964a8e1175bSopenharmony_ci{ 2965a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 2966a8e1175bSopenharmony_ci uint8_t *output = NULL; 2967a8e1175bSopenharmony_ci size_t output_size = 0; 2968a8e1175bSopenharmony_ci size_t output_length = 0; 2969a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 2970a8e1175bSopenharmony_ci psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2971a8e1175bSopenharmony_ci psa_status_t status; 2972a8e1175bSopenharmony_ci 2973a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 2974a8e1175bSopenharmony_ci 2975a8e1175bSopenharmony_ci /* Hash Setup, one-shot */ 2976a8e1175bSopenharmony_ci output_size = PSA_HASH_LENGTH(alg); 2977a8e1175bSopenharmony_ci TEST_CALLOC(output, output_size); 2978a8e1175bSopenharmony_ci 2979a8e1175bSopenharmony_ci status = psa_hash_compute(alg, NULL, 0, 2980a8e1175bSopenharmony_ci output, output_size, &output_length); 2981a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 2982a8e1175bSopenharmony_ci 2983a8e1175bSopenharmony_ci /* Hash Setup, multi-part */ 2984a8e1175bSopenharmony_ci status = psa_hash_setup(&operation, alg); 2985a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 2986a8e1175bSopenharmony_ci 2987a8e1175bSopenharmony_ci /* Whether setup succeeded or failed, abort must succeed. */ 2988a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 2989a8e1175bSopenharmony_ci 2990a8e1175bSopenharmony_ci /* If setup failed, reproduce the failure, so as to 2991a8e1175bSopenharmony_ci * test the resulting state of the operation object. */ 2992a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 2993a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_setup(&operation, alg), status); 2994a8e1175bSopenharmony_ci } 2995a8e1175bSopenharmony_ci 2996a8e1175bSopenharmony_ci /* Now the operation object should be reusable. */ 2997a8e1175bSopenharmony_ci#if defined(KNOWN_SUPPORTED_HASH_ALG) 2998a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, KNOWN_SUPPORTED_HASH_ALG)); 2999a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3000a8e1175bSopenharmony_ci#endif 3001a8e1175bSopenharmony_ci 3002a8e1175bSopenharmony_ciexit: 3003a8e1175bSopenharmony_ci mbedtls_free(output); 3004a8e1175bSopenharmony_ci PSA_DONE(); 3005a8e1175bSopenharmony_ci} 3006a8e1175bSopenharmony_ci/* END_CASE */ 3007a8e1175bSopenharmony_ci 3008a8e1175bSopenharmony_ci/* BEGIN_CASE */ 3009a8e1175bSopenharmony_civoid hash_compute_fail(int alg_arg, data_t *input, 3010a8e1175bSopenharmony_ci int output_size_arg, int expected_status_arg) 3011a8e1175bSopenharmony_ci{ 3012a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 3013a8e1175bSopenharmony_ci uint8_t *output = NULL; 3014a8e1175bSopenharmony_ci size_t output_size = output_size_arg; 3015a8e1175bSopenharmony_ci size_t output_length = INVALID_EXPORT_LENGTH; 3016a8e1175bSopenharmony_ci psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 3017a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 3018a8e1175bSopenharmony_ci psa_status_t status; 3019a8e1175bSopenharmony_ci 3020a8e1175bSopenharmony_ci TEST_CALLOC(output, output_size); 3021a8e1175bSopenharmony_ci 3022a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3023a8e1175bSopenharmony_ci 3024a8e1175bSopenharmony_ci /* Hash Compute, one-shot */ 3025a8e1175bSopenharmony_ci status = psa_hash_compute(alg, input->x, input->len, 3026a8e1175bSopenharmony_ci output, output_size, &output_length); 3027a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 3028a8e1175bSopenharmony_ci TEST_LE_U(output_length, output_size); 3029a8e1175bSopenharmony_ci 3030a8e1175bSopenharmony_ci /* Hash Compute, multi-part */ 3031a8e1175bSopenharmony_ci status = psa_hash_setup(&operation, alg); 3032a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 3033a8e1175bSopenharmony_ci status = psa_hash_update(&operation, input->x, input->len); 3034a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 3035a8e1175bSopenharmony_ci status = psa_hash_finish(&operation, output, output_size, 3036a8e1175bSopenharmony_ci &output_length); 3037a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 3038a8e1175bSopenharmony_ci TEST_LE_U(output_length, output_size); 3039a8e1175bSopenharmony_ci } else { 3040a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 3041a8e1175bSopenharmony_ci } 3042a8e1175bSopenharmony_ci } else { 3043a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 3044a8e1175bSopenharmony_ci } 3045a8e1175bSopenharmony_ci } else { 3046a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 3047a8e1175bSopenharmony_ci } 3048a8e1175bSopenharmony_ci 3049a8e1175bSopenharmony_ciexit: 3050a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3051a8e1175bSopenharmony_ci mbedtls_free(output); 3052a8e1175bSopenharmony_ci PSA_DONE(); 3053a8e1175bSopenharmony_ci} 3054a8e1175bSopenharmony_ci/* END_CASE */ 3055a8e1175bSopenharmony_ci 3056a8e1175bSopenharmony_ci/* BEGIN_CASE */ 3057a8e1175bSopenharmony_civoid hash_compare_fail(int alg_arg, data_t *input, 3058a8e1175bSopenharmony_ci data_t *reference_hash, 3059a8e1175bSopenharmony_ci int expected_status_arg) 3060a8e1175bSopenharmony_ci{ 3061a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 3062a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 3063a8e1175bSopenharmony_ci psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 3064a8e1175bSopenharmony_ci psa_status_t status; 3065a8e1175bSopenharmony_ci 3066a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3067a8e1175bSopenharmony_ci 3068a8e1175bSopenharmony_ci /* Hash Compare, one-shot */ 3069a8e1175bSopenharmony_ci status = psa_hash_compare(alg, input->x, input->len, 3070a8e1175bSopenharmony_ci reference_hash->x, reference_hash->len); 3071a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 3072a8e1175bSopenharmony_ci 3073a8e1175bSopenharmony_ci /* Hash Compare, multi-part */ 3074a8e1175bSopenharmony_ci status = psa_hash_setup(&operation, alg); 3075a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 3076a8e1175bSopenharmony_ci status = psa_hash_update(&operation, input->x, input->len); 3077a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 3078a8e1175bSopenharmony_ci status = psa_hash_verify(&operation, reference_hash->x, 3079a8e1175bSopenharmony_ci reference_hash->len); 3080a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 3081a8e1175bSopenharmony_ci } else { 3082a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 3083a8e1175bSopenharmony_ci } 3084a8e1175bSopenharmony_ci } else { 3085a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 3086a8e1175bSopenharmony_ci } 3087a8e1175bSopenharmony_ci 3088a8e1175bSopenharmony_ciexit: 3089a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3090a8e1175bSopenharmony_ci PSA_DONE(); 3091a8e1175bSopenharmony_ci} 3092a8e1175bSopenharmony_ci/* END_CASE */ 3093a8e1175bSopenharmony_ci 3094a8e1175bSopenharmony_ci/* BEGIN_CASE */ 3095a8e1175bSopenharmony_civoid hash_compute_compare(int alg_arg, data_t *input, 3096a8e1175bSopenharmony_ci data_t *expected_output) 3097a8e1175bSopenharmony_ci{ 3098a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 3099a8e1175bSopenharmony_ci uint8_t output[PSA_HASH_MAX_SIZE + 1]; 3100a8e1175bSopenharmony_ci size_t output_length = INVALID_EXPORT_LENGTH; 3101a8e1175bSopenharmony_ci psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 3102a8e1175bSopenharmony_ci size_t i; 3103a8e1175bSopenharmony_ci 3104a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3105a8e1175bSopenharmony_ci 3106a8e1175bSopenharmony_ci /* Compute with tight buffer, one-shot */ 3107a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_compute(alg, input->x, input->len, 3108a8e1175bSopenharmony_ci output, PSA_HASH_LENGTH(alg), 3109a8e1175bSopenharmony_ci &output_length)); 3110a8e1175bSopenharmony_ci TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); 3111a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, output_length, 3112a8e1175bSopenharmony_ci expected_output->x, expected_output->len); 3113a8e1175bSopenharmony_ci 3114a8e1175bSopenharmony_ci /* Compute with tight buffer, multi-part */ 3115a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3116a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 3117a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&operation, output, 3118a8e1175bSopenharmony_ci PSA_HASH_LENGTH(alg), 3119a8e1175bSopenharmony_ci &output_length)); 3120a8e1175bSopenharmony_ci TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); 3121a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, output_length, 3122a8e1175bSopenharmony_ci expected_output->x, expected_output->len); 3123a8e1175bSopenharmony_ci 3124a8e1175bSopenharmony_ci /* Compute with larger buffer, one-shot */ 3125a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_compute(alg, input->x, input->len, 3126a8e1175bSopenharmony_ci output, sizeof(output), 3127a8e1175bSopenharmony_ci &output_length)); 3128a8e1175bSopenharmony_ci TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); 3129a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, output_length, 3130a8e1175bSopenharmony_ci expected_output->x, expected_output->len); 3131a8e1175bSopenharmony_ci 3132a8e1175bSopenharmony_ci /* Compute with larger buffer, multi-part */ 3133a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3134a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 3135a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&operation, output, 3136a8e1175bSopenharmony_ci sizeof(output), &output_length)); 3137a8e1175bSopenharmony_ci TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg)); 3138a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, output_length, 3139a8e1175bSopenharmony_ci expected_output->x, expected_output->len); 3140a8e1175bSopenharmony_ci 3141a8e1175bSopenharmony_ci /* Compare with correct hash, one-shot */ 3142a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_compare(alg, input->x, input->len, 3143a8e1175bSopenharmony_ci output, output_length)); 3144a8e1175bSopenharmony_ci 3145a8e1175bSopenharmony_ci /* Compare with correct hash, multi-part */ 3146a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3147a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 3148a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_verify(&operation, output, 3149a8e1175bSopenharmony_ci output_length)); 3150a8e1175bSopenharmony_ci 3151a8e1175bSopenharmony_ci /* Compare with trailing garbage, one-shot */ 3152a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_compare(alg, input->x, input->len, 3153a8e1175bSopenharmony_ci output, output_length + 1), 3154a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3155a8e1175bSopenharmony_ci 3156a8e1175bSopenharmony_ci /* Compare with trailing garbage, multi-part */ 3157a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3158a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 3159a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_verify(&operation, output, output_length + 1), 3160a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3161a8e1175bSopenharmony_ci 3162a8e1175bSopenharmony_ci /* Compare with truncated hash, one-shot */ 3163a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_compare(alg, input->x, input->len, 3164a8e1175bSopenharmony_ci output, output_length - 1), 3165a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3166a8e1175bSopenharmony_ci 3167a8e1175bSopenharmony_ci /* Compare with truncated hash, multi-part */ 3168a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3169a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 3170a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_verify(&operation, output, output_length - 1), 3171a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3172a8e1175bSopenharmony_ci 3173a8e1175bSopenharmony_ci /* Compare with corrupted value */ 3174a8e1175bSopenharmony_ci for (i = 0; i < output_length; i++) { 3175a8e1175bSopenharmony_ci mbedtls_test_set_step(i); 3176a8e1175bSopenharmony_ci output[i] ^= 1; 3177a8e1175bSopenharmony_ci 3178a8e1175bSopenharmony_ci /* One-shot */ 3179a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_compare(alg, input->x, input->len, 3180a8e1175bSopenharmony_ci output, output_length), 3181a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3182a8e1175bSopenharmony_ci 3183a8e1175bSopenharmony_ci /* Multi-Part */ 3184a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3185a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 3186a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_verify(&operation, output, output_length), 3187a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3188a8e1175bSopenharmony_ci 3189a8e1175bSopenharmony_ci output[i] ^= 1; 3190a8e1175bSopenharmony_ci } 3191a8e1175bSopenharmony_ci 3192a8e1175bSopenharmony_ciexit: 3193a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3194a8e1175bSopenharmony_ci PSA_DONE(); 3195a8e1175bSopenharmony_ci} 3196a8e1175bSopenharmony_ci/* END_CASE */ 3197a8e1175bSopenharmony_ci 3198a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 3199a8e1175bSopenharmony_civoid hash_bad_order() 3200a8e1175bSopenharmony_ci{ 3201a8e1175bSopenharmony_ci psa_algorithm_t alg = PSA_ALG_SHA_256; 3202a8e1175bSopenharmony_ci unsigned char input[] = ""; 3203a8e1175bSopenharmony_ci /* SHA-256 hash of an empty string */ 3204a8e1175bSopenharmony_ci const unsigned char valid_hash[] = { 3205a8e1175bSopenharmony_ci 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 3206a8e1175bSopenharmony_ci 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 3207a8e1175bSopenharmony_ci 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 3208a8e1175bSopenharmony_ci }; 3209a8e1175bSopenharmony_ci unsigned char hash[sizeof(valid_hash)] = { 0 }; 3210a8e1175bSopenharmony_ci size_t hash_len; 3211a8e1175bSopenharmony_ci psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 3212a8e1175bSopenharmony_ci 3213a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3214a8e1175bSopenharmony_ci 3215a8e1175bSopenharmony_ci /* Call setup twice in a row. */ 3216a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3217a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 3218a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_setup(&operation, alg), 3219a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3220a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3221a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3222a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3223a8e1175bSopenharmony_ci 3224a8e1175bSopenharmony_ci /* Call update without calling setup beforehand. */ 3225a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_update(&operation, input, sizeof(input)), 3226a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3227a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3228a8e1175bSopenharmony_ci 3229a8e1175bSopenharmony_ci /* Check that update calls abort on error. */ 3230a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3231a8e1175bSopenharmony_ci operation.id = UINT_MAX; 3232a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 3233a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_update(&operation, input, sizeof(input)), 3234a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3235a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3236a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3237a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3238a8e1175bSopenharmony_ci 3239a8e1175bSopenharmony_ci /* Call update after finish. */ 3240a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3241a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&operation, 3242a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len)); 3243a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_update(&operation, input, sizeof(input)), 3244a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3245a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3246a8e1175bSopenharmony_ci 3247a8e1175bSopenharmony_ci /* Call verify without calling setup beforehand. */ 3248a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_verify(&operation, 3249a8e1175bSopenharmony_ci valid_hash, sizeof(valid_hash)), 3250a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3251a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3252a8e1175bSopenharmony_ci 3253a8e1175bSopenharmony_ci /* Call verify after finish. */ 3254a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3255a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&operation, 3256a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len)); 3257a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_verify(&operation, 3258a8e1175bSopenharmony_ci valid_hash, sizeof(valid_hash)), 3259a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3260a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3261a8e1175bSopenharmony_ci 3262a8e1175bSopenharmony_ci /* Call verify twice in a row. */ 3263a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3264a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 3265a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_verify(&operation, 3266a8e1175bSopenharmony_ci valid_hash, sizeof(valid_hash))); 3267a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3268a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_verify(&operation, 3269a8e1175bSopenharmony_ci valid_hash, sizeof(valid_hash)), 3270a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3271a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3272a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3273a8e1175bSopenharmony_ci 3274a8e1175bSopenharmony_ci /* Call finish without calling setup beforehand. */ 3275a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_finish(&operation, 3276a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len), 3277a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3278a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3279a8e1175bSopenharmony_ci 3280a8e1175bSopenharmony_ci /* Call finish twice in a row. */ 3281a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3282a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&operation, 3283a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len)); 3284a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_finish(&operation, 3285a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len), 3286a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3287a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3288a8e1175bSopenharmony_ci 3289a8e1175bSopenharmony_ci /* Call finish after calling verify. */ 3290a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3291a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_verify(&operation, 3292a8e1175bSopenharmony_ci valid_hash, sizeof(valid_hash))); 3293a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_finish(&operation, 3294a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len), 3295a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3296a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3297a8e1175bSopenharmony_ci 3298a8e1175bSopenharmony_ciexit: 3299a8e1175bSopenharmony_ci PSA_DONE(); 3300a8e1175bSopenharmony_ci} 3301a8e1175bSopenharmony_ci/* END_CASE */ 3302a8e1175bSopenharmony_ci 3303a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 3304a8e1175bSopenharmony_civoid hash_verify_bad_args() 3305a8e1175bSopenharmony_ci{ 3306a8e1175bSopenharmony_ci psa_algorithm_t alg = PSA_ALG_SHA_256; 3307a8e1175bSopenharmony_ci /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb) 3308a8e1175bSopenharmony_ci * appended to it */ 3309a8e1175bSopenharmony_ci unsigned char hash[] = { 3310a8e1175bSopenharmony_ci 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 3311a8e1175bSopenharmony_ci 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 3312a8e1175bSopenharmony_ci 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb 3313a8e1175bSopenharmony_ci }; 3314a8e1175bSopenharmony_ci size_t expected_size = PSA_HASH_LENGTH(alg); 3315a8e1175bSopenharmony_ci psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 3316a8e1175bSopenharmony_ci 3317a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3318a8e1175bSopenharmony_ci 3319a8e1175bSopenharmony_ci /* psa_hash_verify with a smaller hash than expected */ 3320a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3321a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 3322a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_verify(&operation, hash, expected_size - 1), 3323a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3324a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3325a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&operation)); 3326a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3327a8e1175bSopenharmony_ci 3328a8e1175bSopenharmony_ci /* psa_hash_verify with a non-matching hash */ 3329a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3330a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_verify(&operation, hash + 1, expected_size), 3331a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3332a8e1175bSopenharmony_ci 3333a8e1175bSopenharmony_ci /* psa_hash_verify with a hash longer than expected */ 3334a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3335a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_verify(&operation, hash, sizeof(hash)), 3336a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3337a8e1175bSopenharmony_ci 3338a8e1175bSopenharmony_ciexit: 3339a8e1175bSopenharmony_ci PSA_DONE(); 3340a8e1175bSopenharmony_ci} 3341a8e1175bSopenharmony_ci/* END_CASE */ 3342a8e1175bSopenharmony_ci 3343a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 3344a8e1175bSopenharmony_civoid hash_finish_bad_args() 3345a8e1175bSopenharmony_ci{ 3346a8e1175bSopenharmony_ci psa_algorithm_t alg = PSA_ALG_SHA_256; 3347a8e1175bSopenharmony_ci unsigned char hash[PSA_HASH_MAX_SIZE]; 3348a8e1175bSopenharmony_ci size_t expected_size = PSA_HASH_LENGTH(alg); 3349a8e1175bSopenharmony_ci psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 3350a8e1175bSopenharmony_ci size_t hash_len; 3351a8e1175bSopenharmony_ci 3352a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3353a8e1175bSopenharmony_ci 3354a8e1175bSopenharmony_ci /* psa_hash_finish with a smaller hash buffer than expected */ 3355a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&operation, alg)); 3356a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_finish(&operation, 3357a8e1175bSopenharmony_ci hash, expected_size - 1, &hash_len), 3358a8e1175bSopenharmony_ci PSA_ERROR_BUFFER_TOO_SMALL); 3359a8e1175bSopenharmony_ci 3360a8e1175bSopenharmony_ciexit: 3361a8e1175bSopenharmony_ci PSA_DONE(); 3362a8e1175bSopenharmony_ci} 3363a8e1175bSopenharmony_ci/* END_CASE */ 3364a8e1175bSopenharmony_ci 3365a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 3366a8e1175bSopenharmony_civoid hash_clone_source_state() 3367a8e1175bSopenharmony_ci{ 3368a8e1175bSopenharmony_ci psa_algorithm_t alg = PSA_ALG_SHA_256; 3369a8e1175bSopenharmony_ci unsigned char hash[PSA_HASH_MAX_SIZE]; 3370a8e1175bSopenharmony_ci psa_hash_operation_t op_source = PSA_HASH_OPERATION_INIT; 3371a8e1175bSopenharmony_ci psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT; 3372a8e1175bSopenharmony_ci psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT; 3373a8e1175bSopenharmony_ci psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT; 3374a8e1175bSopenharmony_ci psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT; 3375a8e1175bSopenharmony_ci size_t hash_len; 3376a8e1175bSopenharmony_ci 3377a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3378a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&op_source, alg)); 3379a8e1175bSopenharmony_ci 3380a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&op_setup, alg)); 3381a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&op_finished, alg)); 3382a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&op_finished, 3383a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len)); 3384a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&op_aborted, alg)); 3385a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&op_aborted)); 3386a8e1175bSopenharmony_ci 3387a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_clone(&op_source, &op_setup), 3388a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3389a8e1175bSopenharmony_ci 3390a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_clone(&op_source, &op_init)); 3391a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&op_init, 3392a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len)); 3393a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_clone(&op_source, &op_finished)); 3394a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&op_finished, 3395a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len)); 3396a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_clone(&op_source, &op_aborted)); 3397a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&op_aborted, 3398a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len)); 3399a8e1175bSopenharmony_ci 3400a8e1175bSopenharmony_ciexit: 3401a8e1175bSopenharmony_ci psa_hash_abort(&op_source); 3402a8e1175bSopenharmony_ci psa_hash_abort(&op_init); 3403a8e1175bSopenharmony_ci psa_hash_abort(&op_setup); 3404a8e1175bSopenharmony_ci psa_hash_abort(&op_finished); 3405a8e1175bSopenharmony_ci psa_hash_abort(&op_aborted); 3406a8e1175bSopenharmony_ci PSA_DONE(); 3407a8e1175bSopenharmony_ci} 3408a8e1175bSopenharmony_ci/* END_CASE */ 3409a8e1175bSopenharmony_ci 3410a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */ 3411a8e1175bSopenharmony_civoid hash_clone_target_state() 3412a8e1175bSopenharmony_ci{ 3413a8e1175bSopenharmony_ci psa_algorithm_t alg = PSA_ALG_SHA_256; 3414a8e1175bSopenharmony_ci unsigned char hash[PSA_HASH_MAX_SIZE]; 3415a8e1175bSopenharmony_ci psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT; 3416a8e1175bSopenharmony_ci psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT; 3417a8e1175bSopenharmony_ci psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT; 3418a8e1175bSopenharmony_ci psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT; 3419a8e1175bSopenharmony_ci psa_hash_operation_t op_target = PSA_HASH_OPERATION_INIT; 3420a8e1175bSopenharmony_ci size_t hash_len; 3421a8e1175bSopenharmony_ci 3422a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3423a8e1175bSopenharmony_ci 3424a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&op_setup, alg)); 3425a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&op_finished, alg)); 3426a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&op_finished, 3427a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len)); 3428a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_setup(&op_aborted, alg)); 3429a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_abort(&op_aborted)); 3430a8e1175bSopenharmony_ci 3431a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_clone(&op_setup, &op_target)); 3432a8e1175bSopenharmony_ci PSA_ASSERT(psa_hash_finish(&op_target, 3433a8e1175bSopenharmony_ci hash, sizeof(hash), &hash_len)); 3434a8e1175bSopenharmony_ci 3435a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_clone(&op_init, &op_target), PSA_ERROR_BAD_STATE); 3436a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_clone(&op_finished, &op_target), 3437a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3438a8e1175bSopenharmony_ci TEST_EQUAL(psa_hash_clone(&op_aborted, &op_target), 3439a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3440a8e1175bSopenharmony_ci 3441a8e1175bSopenharmony_ciexit: 3442a8e1175bSopenharmony_ci psa_hash_abort(&op_target); 3443a8e1175bSopenharmony_ci psa_hash_abort(&op_init); 3444a8e1175bSopenharmony_ci psa_hash_abort(&op_setup); 3445a8e1175bSopenharmony_ci psa_hash_abort(&op_finished); 3446a8e1175bSopenharmony_ci psa_hash_abort(&op_aborted); 3447a8e1175bSopenharmony_ci PSA_DONE(); 3448a8e1175bSopenharmony_ci} 3449a8e1175bSopenharmony_ci/* END_CASE */ 3450a8e1175bSopenharmony_ci 3451a8e1175bSopenharmony_ci/* BEGIN_CASE */ 3452a8e1175bSopenharmony_civoid mac_operation_init() 3453a8e1175bSopenharmony_ci{ 3454a8e1175bSopenharmony_ci const uint8_t input[1] = { 0 }; 3455a8e1175bSopenharmony_ci 3456a8e1175bSopenharmony_ci /* Test each valid way of initializing the object, except for `= {0}`, as 3457a8e1175bSopenharmony_ci * Clang 5 complains when `-Wmissing-field-initializers` is used, even 3458a8e1175bSopenharmony_ci * though it's OK by the C standard. We could test for this, but we'd need 3459a8e1175bSopenharmony_ci * to suppress the Clang warning for the test. */ 3460a8e1175bSopenharmony_ci psa_mac_operation_t func = psa_mac_operation_init(); 3461a8e1175bSopenharmony_ci psa_mac_operation_t init = PSA_MAC_OPERATION_INIT; 3462a8e1175bSopenharmony_ci psa_mac_operation_t zero; 3463a8e1175bSopenharmony_ci 3464a8e1175bSopenharmony_ci memset(&zero, 0, sizeof(zero)); 3465a8e1175bSopenharmony_ci 3466a8e1175bSopenharmony_ci /* A freshly-initialized MAC operation should not be usable. */ 3467a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_update(&func, 3468a8e1175bSopenharmony_ci input, sizeof(input)), 3469a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3470a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_update(&init, 3471a8e1175bSopenharmony_ci input, sizeof(input)), 3472a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3473a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_update(&zero, 3474a8e1175bSopenharmony_ci input, sizeof(input)), 3475a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3476a8e1175bSopenharmony_ci 3477a8e1175bSopenharmony_ci /* A default MAC operation should be abortable without error. */ 3478a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&func)); 3479a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&init)); 3480a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&zero)); 3481a8e1175bSopenharmony_ci} 3482a8e1175bSopenharmony_ci/* END_CASE */ 3483a8e1175bSopenharmony_ci 3484a8e1175bSopenharmony_ci/* BEGIN_CASE */ 3485a8e1175bSopenharmony_civoid mac_setup(int key_type_arg, 3486a8e1175bSopenharmony_ci data_t *key, 3487a8e1175bSopenharmony_ci int alg_arg, 3488a8e1175bSopenharmony_ci int expected_status_arg) 3489a8e1175bSopenharmony_ci{ 3490a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 3491a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 3492a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 3493a8e1175bSopenharmony_ci psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 3494a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 3495a8e1175bSopenharmony_ci#if defined(KNOWN_SUPPORTED_MAC_ALG) 3496a8e1175bSopenharmony_ci const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk"; 3497a8e1175bSopenharmony_ci#endif 3498a8e1175bSopenharmony_ci 3499a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3500a8e1175bSopenharmony_ci 3501a8e1175bSopenharmony_ci if (!exercise_mac_setup(key_type, key->x, key->len, alg, 3502a8e1175bSopenharmony_ci &operation, &status)) { 3503a8e1175bSopenharmony_ci goto exit; 3504a8e1175bSopenharmony_ci } 3505a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 3506a8e1175bSopenharmony_ci 3507a8e1175bSopenharmony_ci /* The operation object should be reusable. */ 3508a8e1175bSopenharmony_ci#if defined(KNOWN_SUPPORTED_MAC_ALG) 3509a8e1175bSopenharmony_ci if (!exercise_mac_setup(KNOWN_SUPPORTED_MAC_KEY_TYPE, 3510a8e1175bSopenharmony_ci smoke_test_key_data, 3511a8e1175bSopenharmony_ci sizeof(smoke_test_key_data), 3512a8e1175bSopenharmony_ci KNOWN_SUPPORTED_MAC_ALG, 3513a8e1175bSopenharmony_ci &operation, &status)) { 3514a8e1175bSopenharmony_ci goto exit; 3515a8e1175bSopenharmony_ci } 3516a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 3517a8e1175bSopenharmony_ci#endif 3518a8e1175bSopenharmony_ci 3519a8e1175bSopenharmony_ciexit: 3520a8e1175bSopenharmony_ci PSA_DONE(); 3521a8e1175bSopenharmony_ci} 3522a8e1175bSopenharmony_ci/* END_CASE */ 3523a8e1175bSopenharmony_ci 3524a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_HMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256 */ 3525a8e1175bSopenharmony_civoid mac_bad_order() 3526a8e1175bSopenharmony_ci{ 3527a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3528a8e1175bSopenharmony_ci psa_key_type_t key_type = PSA_KEY_TYPE_HMAC; 3529a8e1175bSopenharmony_ci psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256); 3530a8e1175bSopenharmony_ci const uint8_t key_data[] = { 3531a8e1175bSopenharmony_ci 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 3532a8e1175bSopenharmony_ci 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 3533a8e1175bSopenharmony_ci 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa 3534a8e1175bSopenharmony_ci }; 3535a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3536a8e1175bSopenharmony_ci psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 3537a8e1175bSopenharmony_ci uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 }; 3538a8e1175bSopenharmony_ci size_t sign_mac_length = 0; 3539a8e1175bSopenharmony_ci const uint8_t input[] = { 0xbb, 0xbb, 0xbb, 0xbb }; 3540a8e1175bSopenharmony_ci const uint8_t verify_mac[] = { 3541a8e1175bSopenharmony_ci 0x74, 0x65, 0x93, 0x8c, 0xeb, 0x1d, 0xb3, 0x76, 0x5a, 0x38, 0xe7, 0xdd, 3542a8e1175bSopenharmony_ci 0x85, 0xc5, 0xad, 0x4f, 0x07, 0xe7, 0xd5, 0xb2, 0x64, 0xf0, 0x1a, 0x1a, 3543a8e1175bSopenharmony_ci 0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 3544a8e1175bSopenharmony_ci }; 3545a8e1175bSopenharmony_ci 3546a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3547a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); 3548a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 3549a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 3550a8e1175bSopenharmony_ci 3551a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data, sizeof(key_data), 3552a8e1175bSopenharmony_ci &key)); 3553a8e1175bSopenharmony_ci 3554a8e1175bSopenharmony_ci /* Call update without calling setup beforehand. */ 3555a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_update(&operation, input, sizeof(input)), 3556a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3557a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3558a8e1175bSopenharmony_ci 3559a8e1175bSopenharmony_ci /* Call sign finish without calling setup beforehand. */ 3560a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_sign_finish(&operation, sign_mac, sizeof(sign_mac), 3561a8e1175bSopenharmony_ci &sign_mac_length), 3562a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3563a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3564a8e1175bSopenharmony_ci 3565a8e1175bSopenharmony_ci /* Call verify finish without calling setup beforehand. */ 3566a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_verify_finish(&operation, 3567a8e1175bSopenharmony_ci verify_mac, sizeof(verify_mac)), 3568a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3569a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3570a8e1175bSopenharmony_ci 3571a8e1175bSopenharmony_ci /* Call setup twice in a row. */ 3572a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg)); 3573a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 3574a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_sign_setup(&operation, key, alg), 3575a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3576a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3577a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3578a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3579a8e1175bSopenharmony_ci 3580a8e1175bSopenharmony_ci /* Call update after sign finish. */ 3581a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg)); 3582a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input))); 3583a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_sign_finish(&operation, 3584a8e1175bSopenharmony_ci sign_mac, sizeof(sign_mac), 3585a8e1175bSopenharmony_ci &sign_mac_length)); 3586a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_update(&operation, input, sizeof(input)), 3587a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3588a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3589a8e1175bSopenharmony_ci 3590a8e1175bSopenharmony_ci /* Call update after verify finish. */ 3591a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg)); 3592a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input))); 3593a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_finish(&operation, 3594a8e1175bSopenharmony_ci verify_mac, sizeof(verify_mac))); 3595a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_update(&operation, input, sizeof(input)), 3596a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3597a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3598a8e1175bSopenharmony_ci 3599a8e1175bSopenharmony_ci /* Call sign finish twice in a row. */ 3600a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg)); 3601a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input))); 3602a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_sign_finish(&operation, 3603a8e1175bSopenharmony_ci sign_mac, sizeof(sign_mac), 3604a8e1175bSopenharmony_ci &sign_mac_length)); 3605a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_sign_finish(&operation, 3606a8e1175bSopenharmony_ci sign_mac, sizeof(sign_mac), 3607a8e1175bSopenharmony_ci &sign_mac_length), 3608a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3609a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3610a8e1175bSopenharmony_ci 3611a8e1175bSopenharmony_ci /* Call verify finish twice in a row. */ 3612a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg)); 3613a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input))); 3614a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_finish(&operation, 3615a8e1175bSopenharmony_ci verify_mac, sizeof(verify_mac))); 3616a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_verify_finish(&operation, 3617a8e1175bSopenharmony_ci verify_mac, sizeof(verify_mac)), 3618a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3619a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3620a8e1175bSopenharmony_ci 3621a8e1175bSopenharmony_ci /* Setup sign but try verify. */ 3622a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg)); 3623a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input))); 3624a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 3625a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_verify_finish(&operation, 3626a8e1175bSopenharmony_ci verify_mac, sizeof(verify_mac)), 3627a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3628a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3629a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3630a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3631a8e1175bSopenharmony_ci 3632a8e1175bSopenharmony_ci /* Setup verify but try sign. */ 3633a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg)); 3634a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input))); 3635a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 3636a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_sign_finish(&operation, 3637a8e1175bSopenharmony_ci sign_mac, sizeof(sign_mac), 3638a8e1175bSopenharmony_ci &sign_mac_length), 3639a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3640a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3641a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3642a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3643a8e1175bSopenharmony_ci 3644a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 3645a8e1175bSopenharmony_ci 3646a8e1175bSopenharmony_ciexit: 3647a8e1175bSopenharmony_ci PSA_DONE(); 3648a8e1175bSopenharmony_ci} 3649a8e1175bSopenharmony_ci/* END_CASE */ 3650a8e1175bSopenharmony_ci 3651a8e1175bSopenharmony_ci/* BEGIN_CASE */ 3652a8e1175bSopenharmony_civoid mac_sign_verify_multi(int key_type_arg, 3653a8e1175bSopenharmony_ci data_t *key_data, 3654a8e1175bSopenharmony_ci int alg_arg, 3655a8e1175bSopenharmony_ci data_t *input, 3656a8e1175bSopenharmony_ci int is_verify, 3657a8e1175bSopenharmony_ci data_t *expected_mac) 3658a8e1175bSopenharmony_ci{ 3659a8e1175bSopenharmony_ci size_t data_part_len = 0; 3660a8e1175bSopenharmony_ci 3661a8e1175bSopenharmony_ci for (data_part_len = 1; data_part_len <= input->len; data_part_len++) { 3662a8e1175bSopenharmony_ci /* Split data into length(data_part_len) parts. */ 3663a8e1175bSopenharmony_ci mbedtls_test_set_step(2000 + data_part_len); 3664a8e1175bSopenharmony_ci 3665a8e1175bSopenharmony_ci if (mac_multipart_internal_func(key_type_arg, key_data, 3666a8e1175bSopenharmony_ci alg_arg, 3667a8e1175bSopenharmony_ci input, data_part_len, 3668a8e1175bSopenharmony_ci expected_mac, 3669a8e1175bSopenharmony_ci is_verify, 0) == 0) { 3670a8e1175bSopenharmony_ci break; 3671a8e1175bSopenharmony_ci } 3672a8e1175bSopenharmony_ci 3673a8e1175bSopenharmony_ci /* length(0) part, length(data_part_len) part, length(0) part... */ 3674a8e1175bSopenharmony_ci mbedtls_test_set_step(3000 + data_part_len); 3675a8e1175bSopenharmony_ci 3676a8e1175bSopenharmony_ci if (mac_multipart_internal_func(key_type_arg, key_data, 3677a8e1175bSopenharmony_ci alg_arg, 3678a8e1175bSopenharmony_ci input, data_part_len, 3679a8e1175bSopenharmony_ci expected_mac, 3680a8e1175bSopenharmony_ci is_verify, 1) == 0) { 3681a8e1175bSopenharmony_ci break; 3682a8e1175bSopenharmony_ci } 3683a8e1175bSopenharmony_ci } 3684a8e1175bSopenharmony_ci 3685a8e1175bSopenharmony_ci /* Goto is required to silence warnings about unused labels, as we 3686a8e1175bSopenharmony_ci * don't actually do any test assertions in this function. */ 3687a8e1175bSopenharmony_ci goto exit; 3688a8e1175bSopenharmony_ci} 3689a8e1175bSopenharmony_ci/* END_CASE */ 3690a8e1175bSopenharmony_ci 3691a8e1175bSopenharmony_ci/* BEGIN_CASE */ 3692a8e1175bSopenharmony_civoid mac_sign(int key_type_arg, 3693a8e1175bSopenharmony_ci data_t *key_data, 3694a8e1175bSopenharmony_ci int alg_arg, 3695a8e1175bSopenharmony_ci data_t *input, 3696a8e1175bSopenharmony_ci data_t *expected_mac) 3697a8e1175bSopenharmony_ci{ 3698a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3699a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 3700a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 3701a8e1175bSopenharmony_ci psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 3702a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3703a8e1175bSopenharmony_ci uint8_t *actual_mac = NULL; 3704a8e1175bSopenharmony_ci size_t mac_buffer_size = 3705a8e1175bSopenharmony_ci PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 3706a8e1175bSopenharmony_ci size_t mac_length = 0; 3707a8e1175bSopenharmony_ci const size_t output_sizes_to_test[] = { 3708a8e1175bSopenharmony_ci 0, 3709a8e1175bSopenharmony_ci 1, 3710a8e1175bSopenharmony_ci expected_mac->len - 1, 3711a8e1175bSopenharmony_ci expected_mac->len, 3712a8e1175bSopenharmony_ci expected_mac->len + 1, 3713a8e1175bSopenharmony_ci }; 3714a8e1175bSopenharmony_ci 3715a8e1175bSopenharmony_ci TEST_LE_U(mac_buffer_size, PSA_MAC_MAX_SIZE); 3716a8e1175bSopenharmony_ci /* We expect PSA_MAC_LENGTH to be exact. */ 3717a8e1175bSopenharmony_ci TEST_ASSERT(expected_mac->len == mac_buffer_size); 3718a8e1175bSopenharmony_ci 3719a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3720a8e1175bSopenharmony_ci 3721a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 3722a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 3723a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 3724a8e1175bSopenharmony_ci 3725a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 3726a8e1175bSopenharmony_ci &key)); 3727a8e1175bSopenharmony_ci 3728a8e1175bSopenharmony_ci for (size_t i = 0; i < ARRAY_LENGTH(output_sizes_to_test); i++) { 3729a8e1175bSopenharmony_ci const size_t output_size = output_sizes_to_test[i]; 3730a8e1175bSopenharmony_ci psa_status_t expected_status = 3731a8e1175bSopenharmony_ci (output_size >= expected_mac->len ? PSA_SUCCESS : 3732a8e1175bSopenharmony_ci PSA_ERROR_BUFFER_TOO_SMALL); 3733a8e1175bSopenharmony_ci 3734a8e1175bSopenharmony_ci mbedtls_test_set_step(output_size); 3735a8e1175bSopenharmony_ci TEST_CALLOC(actual_mac, output_size); 3736a8e1175bSopenharmony_ci 3737a8e1175bSopenharmony_ci /* Calculate the MAC, one-shot case. */ 3738a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_compute(key, alg, 3739a8e1175bSopenharmony_ci input->x, input->len, 3740a8e1175bSopenharmony_ci actual_mac, output_size, &mac_length), 3741a8e1175bSopenharmony_ci expected_status); 3742a8e1175bSopenharmony_ci if (expected_status == PSA_SUCCESS) { 3743a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, 3744a8e1175bSopenharmony_ci actual_mac, mac_length); 3745a8e1175bSopenharmony_ci } 3746a8e1175bSopenharmony_ci 3747a8e1175bSopenharmony_ci if (output_size > 0) { 3748a8e1175bSopenharmony_ci memset(actual_mac, 0, output_size); 3749a8e1175bSopenharmony_ci } 3750a8e1175bSopenharmony_ci 3751a8e1175bSopenharmony_ci /* Calculate the MAC, multi-part case. */ 3752a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg)); 3753a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, 3754a8e1175bSopenharmony_ci input->x, input->len)); 3755a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_sign_finish(&operation, 3756a8e1175bSopenharmony_ci actual_mac, output_size, 3757a8e1175bSopenharmony_ci &mac_length), 3758a8e1175bSopenharmony_ci expected_status); 3759a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_abort(&operation)); 3760a8e1175bSopenharmony_ci 3761a8e1175bSopenharmony_ci if (expected_status == PSA_SUCCESS) { 3762a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, 3763a8e1175bSopenharmony_ci actual_mac, mac_length); 3764a8e1175bSopenharmony_ci } 3765a8e1175bSopenharmony_ci mbedtls_free(actual_mac); 3766a8e1175bSopenharmony_ci actual_mac = NULL; 3767a8e1175bSopenharmony_ci } 3768a8e1175bSopenharmony_ci 3769a8e1175bSopenharmony_ciexit: 3770a8e1175bSopenharmony_ci psa_mac_abort(&operation); 3771a8e1175bSopenharmony_ci psa_destroy_key(key); 3772a8e1175bSopenharmony_ci PSA_DONE(); 3773a8e1175bSopenharmony_ci mbedtls_free(actual_mac); 3774a8e1175bSopenharmony_ci} 3775a8e1175bSopenharmony_ci/* END_CASE */ 3776a8e1175bSopenharmony_ci 3777a8e1175bSopenharmony_ci/* BEGIN_CASE */ 3778a8e1175bSopenharmony_civoid mac_verify(int key_type_arg, 3779a8e1175bSopenharmony_ci data_t *key_data, 3780a8e1175bSopenharmony_ci int alg_arg, 3781a8e1175bSopenharmony_ci data_t *input, 3782a8e1175bSopenharmony_ci data_t *expected_mac) 3783a8e1175bSopenharmony_ci{ 3784a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3785a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 3786a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 3787a8e1175bSopenharmony_ci psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 3788a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3789a8e1175bSopenharmony_ci uint8_t *perturbed_mac = NULL; 3790a8e1175bSopenharmony_ci 3791a8e1175bSopenharmony_ci TEST_LE_U(expected_mac->len, PSA_MAC_MAX_SIZE); 3792a8e1175bSopenharmony_ci 3793a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3794a8e1175bSopenharmony_ci 3795a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 3796a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 3797a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 3798a8e1175bSopenharmony_ci 3799a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 3800a8e1175bSopenharmony_ci &key)); 3801a8e1175bSopenharmony_ci 3802a8e1175bSopenharmony_ci /* Verify correct MAC, one-shot case. */ 3803a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify(key, alg, input->x, input->len, 3804a8e1175bSopenharmony_ci expected_mac->x, expected_mac->len)); 3805a8e1175bSopenharmony_ci 3806a8e1175bSopenharmony_ci /* Verify correct MAC, multi-part case. */ 3807a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg)); 3808a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, 3809a8e1175bSopenharmony_ci input->x, input->len)); 3810a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_finish(&operation, 3811a8e1175bSopenharmony_ci expected_mac->x, 3812a8e1175bSopenharmony_ci expected_mac->len)); 3813a8e1175bSopenharmony_ci 3814a8e1175bSopenharmony_ci /* Test a MAC that's too short, one-shot case. */ 3815a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_verify(key, alg, 3816a8e1175bSopenharmony_ci input->x, input->len, 3817a8e1175bSopenharmony_ci expected_mac->x, 3818a8e1175bSopenharmony_ci expected_mac->len - 1), 3819a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3820a8e1175bSopenharmony_ci 3821a8e1175bSopenharmony_ci /* Test a MAC that's too short, multi-part case. */ 3822a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg)); 3823a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, 3824a8e1175bSopenharmony_ci input->x, input->len)); 3825a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_verify_finish(&operation, 3826a8e1175bSopenharmony_ci expected_mac->x, 3827a8e1175bSopenharmony_ci expected_mac->len - 1), 3828a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3829a8e1175bSopenharmony_ci 3830a8e1175bSopenharmony_ci /* Test a MAC that's too long, one-shot case. */ 3831a8e1175bSopenharmony_ci TEST_CALLOC(perturbed_mac, expected_mac->len + 1); 3832a8e1175bSopenharmony_ci memcpy(perturbed_mac, expected_mac->x, expected_mac->len); 3833a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_verify(key, alg, 3834a8e1175bSopenharmony_ci input->x, input->len, 3835a8e1175bSopenharmony_ci perturbed_mac, expected_mac->len + 1), 3836a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3837a8e1175bSopenharmony_ci 3838a8e1175bSopenharmony_ci /* Test a MAC that's too long, multi-part case. */ 3839a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg)); 3840a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, 3841a8e1175bSopenharmony_ci input->x, input->len)); 3842a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_verify_finish(&operation, 3843a8e1175bSopenharmony_ci perturbed_mac, 3844a8e1175bSopenharmony_ci expected_mac->len + 1), 3845a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3846a8e1175bSopenharmony_ci 3847a8e1175bSopenharmony_ci /* Test changing one byte. */ 3848a8e1175bSopenharmony_ci for (size_t i = 0; i < expected_mac->len; i++) { 3849a8e1175bSopenharmony_ci mbedtls_test_set_step(i); 3850a8e1175bSopenharmony_ci perturbed_mac[i] ^= 1; 3851a8e1175bSopenharmony_ci 3852a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_verify(key, alg, 3853a8e1175bSopenharmony_ci input->x, input->len, 3854a8e1175bSopenharmony_ci perturbed_mac, expected_mac->len), 3855a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3856a8e1175bSopenharmony_ci 3857a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg)); 3858a8e1175bSopenharmony_ci PSA_ASSERT(psa_mac_update(&operation, 3859a8e1175bSopenharmony_ci input->x, input->len)); 3860a8e1175bSopenharmony_ci TEST_EQUAL(psa_mac_verify_finish(&operation, 3861a8e1175bSopenharmony_ci perturbed_mac, 3862a8e1175bSopenharmony_ci expected_mac->len), 3863a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 3864a8e1175bSopenharmony_ci perturbed_mac[i] ^= 1; 3865a8e1175bSopenharmony_ci } 3866a8e1175bSopenharmony_ci 3867a8e1175bSopenharmony_ciexit: 3868a8e1175bSopenharmony_ci psa_mac_abort(&operation); 3869a8e1175bSopenharmony_ci psa_destroy_key(key); 3870a8e1175bSopenharmony_ci PSA_DONE(); 3871a8e1175bSopenharmony_ci mbedtls_free(perturbed_mac); 3872a8e1175bSopenharmony_ci} 3873a8e1175bSopenharmony_ci/* END_CASE */ 3874a8e1175bSopenharmony_ci 3875a8e1175bSopenharmony_ci/* BEGIN_CASE */ 3876a8e1175bSopenharmony_civoid cipher_operation_init() 3877a8e1175bSopenharmony_ci{ 3878a8e1175bSopenharmony_ci const uint8_t input[1] = { 0 }; 3879a8e1175bSopenharmony_ci unsigned char output[1] = { 0 }; 3880a8e1175bSopenharmony_ci size_t output_length; 3881a8e1175bSopenharmony_ci /* Test each valid way of initializing the object, except for `= {0}`, as 3882a8e1175bSopenharmony_ci * Clang 5 complains when `-Wmissing-field-initializers` is used, even 3883a8e1175bSopenharmony_ci * though it's OK by the C standard. We could test for this, but we'd need 3884a8e1175bSopenharmony_ci * to suppress the Clang warning for the test. */ 3885a8e1175bSopenharmony_ci psa_cipher_operation_t func = psa_cipher_operation_init(); 3886a8e1175bSopenharmony_ci psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT; 3887a8e1175bSopenharmony_ci psa_cipher_operation_t zero; 3888a8e1175bSopenharmony_ci 3889a8e1175bSopenharmony_ci memset(&zero, 0, sizeof(zero)); 3890a8e1175bSopenharmony_ci 3891a8e1175bSopenharmony_ci /* A freshly-initialized cipher operation should not be usable. */ 3892a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_update(&func, 3893a8e1175bSopenharmony_ci input, sizeof(input), 3894a8e1175bSopenharmony_ci output, sizeof(output), 3895a8e1175bSopenharmony_ci &output_length), 3896a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3897a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_update(&init, 3898a8e1175bSopenharmony_ci input, sizeof(input), 3899a8e1175bSopenharmony_ci output, sizeof(output), 3900a8e1175bSopenharmony_ci &output_length), 3901a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3902a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_update(&zero, 3903a8e1175bSopenharmony_ci input, sizeof(input), 3904a8e1175bSopenharmony_ci output, sizeof(output), 3905a8e1175bSopenharmony_ci &output_length), 3906a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3907a8e1175bSopenharmony_ci 3908a8e1175bSopenharmony_ci /* A default cipher operation should be abortable without error. */ 3909a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&func)); 3910a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&init)); 3911a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&zero)); 3912a8e1175bSopenharmony_ci} 3913a8e1175bSopenharmony_ci/* END_CASE */ 3914a8e1175bSopenharmony_ci 3915a8e1175bSopenharmony_ci/* BEGIN_CASE */ 3916a8e1175bSopenharmony_civoid cipher_setup(int key_type_arg, 3917a8e1175bSopenharmony_ci data_t *key, 3918a8e1175bSopenharmony_ci int alg_arg, 3919a8e1175bSopenharmony_ci int expected_status_arg) 3920a8e1175bSopenharmony_ci{ 3921a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 3922a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 3923a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 3924a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 3925a8e1175bSopenharmony_ci psa_status_t status; 3926a8e1175bSopenharmony_ci#if defined(KNOWN_SUPPORTED_CIPHER_ALG) 3927a8e1175bSopenharmony_ci const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk"; 3928a8e1175bSopenharmony_ci#endif 3929a8e1175bSopenharmony_ci 3930a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3931a8e1175bSopenharmony_ci 3932a8e1175bSopenharmony_ci if (!exercise_cipher_setup(key_type, key->x, key->len, alg, 3933a8e1175bSopenharmony_ci &operation, &status)) { 3934a8e1175bSopenharmony_ci goto exit; 3935a8e1175bSopenharmony_ci } 3936a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 3937a8e1175bSopenharmony_ci 3938a8e1175bSopenharmony_ci /* The operation object should be reusable. */ 3939a8e1175bSopenharmony_ci#if defined(KNOWN_SUPPORTED_CIPHER_ALG) 3940a8e1175bSopenharmony_ci if (!exercise_cipher_setup(KNOWN_SUPPORTED_CIPHER_KEY_TYPE, 3941a8e1175bSopenharmony_ci smoke_test_key_data, 3942a8e1175bSopenharmony_ci sizeof(smoke_test_key_data), 3943a8e1175bSopenharmony_ci KNOWN_SUPPORTED_CIPHER_ALG, 3944a8e1175bSopenharmony_ci &operation, &status)) { 3945a8e1175bSopenharmony_ci goto exit; 3946a8e1175bSopenharmony_ci } 3947a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); 3948a8e1175bSopenharmony_ci#endif 3949a8e1175bSopenharmony_ci 3950a8e1175bSopenharmony_ciexit: 3951a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 3952a8e1175bSopenharmony_ci PSA_DONE(); 3953a8e1175bSopenharmony_ci} 3954a8e1175bSopenharmony_ci/* END_CASE */ 3955a8e1175bSopenharmony_ci 3956a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_PKCS7 */ 3957a8e1175bSopenharmony_civoid cipher_bad_order() 3958a8e1175bSopenharmony_ci{ 3959a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3960a8e1175bSopenharmony_ci psa_key_type_t key_type = PSA_KEY_TYPE_AES; 3961a8e1175bSopenharmony_ci psa_algorithm_t alg = PSA_ALG_CBC_PKCS7; 3962a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3963a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 3964a8e1175bSopenharmony_ci unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 }; 3965a8e1175bSopenharmony_ci const uint8_t key_data[] = { 3966a8e1175bSopenharmony_ci 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 3967a8e1175bSopenharmony_ci 0xaa, 0xaa, 0xaa, 0xaa 3968a8e1175bSopenharmony_ci }; 3969a8e1175bSopenharmony_ci const uint8_t text[] = { 3970a8e1175bSopenharmony_ci 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 3971a8e1175bSopenharmony_ci 0xbb, 0xbb, 0xbb, 0xbb 3972a8e1175bSopenharmony_ci }; 3973a8e1175bSopenharmony_ci uint8_t buffer[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 }; 3974a8e1175bSopenharmony_ci size_t length = 0; 3975a8e1175bSopenharmony_ci 3976a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 3977a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 3978a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 3979a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 3980a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data, sizeof(key_data), 3981a8e1175bSopenharmony_ci &key)); 3982a8e1175bSopenharmony_ci 3983a8e1175bSopenharmony_ci /* Call encrypt setup twice in a row. */ 3984a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 3985a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 3986a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_encrypt_setup(&operation, key, alg), 3987a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3988a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3989a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 3990a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3991a8e1175bSopenharmony_ci 3992a8e1175bSopenharmony_ci /* Call decrypt setup twice in a row. */ 3993a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); 3994a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 3995a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_decrypt_setup(&operation, key, alg), 3996a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 3997a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 3998a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 3999a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 4000a8e1175bSopenharmony_ci 4001a8e1175bSopenharmony_ci /* Generate an IV without calling setup beforehand. */ 4002a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_generate_iv(&operation, 4003a8e1175bSopenharmony_ci buffer, sizeof(buffer), 4004a8e1175bSopenharmony_ci &length), 4005a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4006a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4007a8e1175bSopenharmony_ci 4008a8e1175bSopenharmony_ci /* Generate an IV twice in a row. */ 4009a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4010a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_generate_iv(&operation, 4011a8e1175bSopenharmony_ci buffer, sizeof(buffer), 4012a8e1175bSopenharmony_ci &length)); 4013a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 4014a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_generate_iv(&operation, 4015a8e1175bSopenharmony_ci buffer, sizeof(buffer), 4016a8e1175bSopenharmony_ci &length), 4017a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4018a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 4019a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4020a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 4021a8e1175bSopenharmony_ci 4022a8e1175bSopenharmony_ci /* Generate an IV after it's already set. */ 4023a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4024a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_set_iv(&operation, 4025a8e1175bSopenharmony_ci iv, sizeof(iv))); 4026a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_generate_iv(&operation, 4027a8e1175bSopenharmony_ci buffer, sizeof(buffer), 4028a8e1175bSopenharmony_ci &length), 4029a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4030a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4031a8e1175bSopenharmony_ci 4032a8e1175bSopenharmony_ci /* Set an IV without calling setup beforehand. */ 4033a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_set_iv(&operation, 4034a8e1175bSopenharmony_ci iv, sizeof(iv)), 4035a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4036a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4037a8e1175bSopenharmony_ci 4038a8e1175bSopenharmony_ci /* Set an IV after it's already set. */ 4039a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4040a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_set_iv(&operation, 4041a8e1175bSopenharmony_ci iv, sizeof(iv))); 4042a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 4043a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_set_iv(&operation, 4044a8e1175bSopenharmony_ci iv, sizeof(iv)), 4045a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4046a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 4047a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4048a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 4049a8e1175bSopenharmony_ci 4050a8e1175bSopenharmony_ci /* Set an IV after it's already generated. */ 4051a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4052a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_generate_iv(&operation, 4053a8e1175bSopenharmony_ci buffer, sizeof(buffer), 4054a8e1175bSopenharmony_ci &length)); 4055a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_set_iv(&operation, 4056a8e1175bSopenharmony_ci iv, sizeof(iv)), 4057a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4058a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4059a8e1175bSopenharmony_ci 4060a8e1175bSopenharmony_ci /* Call update without calling setup beforehand. */ 4061a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_update(&operation, 4062a8e1175bSopenharmony_ci text, sizeof(text), 4063a8e1175bSopenharmony_ci buffer, sizeof(buffer), 4064a8e1175bSopenharmony_ci &length), 4065a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4066a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4067a8e1175bSopenharmony_ci 4068a8e1175bSopenharmony_ci /* Call update without an IV where an IV is required. */ 4069a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4070a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 4071a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_update(&operation, 4072a8e1175bSopenharmony_ci text, sizeof(text), 4073a8e1175bSopenharmony_ci buffer, sizeof(buffer), 4074a8e1175bSopenharmony_ci &length), 4075a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4076a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 4077a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4078a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 4079a8e1175bSopenharmony_ci 4080a8e1175bSopenharmony_ci /* Call update after finish. */ 4081a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4082a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_set_iv(&operation, 4083a8e1175bSopenharmony_ci iv, sizeof(iv))); 4084a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_finish(&operation, 4085a8e1175bSopenharmony_ci buffer, sizeof(buffer), &length)); 4086a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_update(&operation, 4087a8e1175bSopenharmony_ci text, sizeof(text), 4088a8e1175bSopenharmony_ci buffer, sizeof(buffer), 4089a8e1175bSopenharmony_ci &length), 4090a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4091a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4092a8e1175bSopenharmony_ci 4093a8e1175bSopenharmony_ci /* Call finish without calling setup beforehand. */ 4094a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_finish(&operation, 4095a8e1175bSopenharmony_ci buffer, sizeof(buffer), &length), 4096a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4097a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4098a8e1175bSopenharmony_ci 4099a8e1175bSopenharmony_ci /* Call finish without an IV where an IV is required. */ 4100a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4101a8e1175bSopenharmony_ci /* Not calling update means we are encrypting an empty buffer, which is OK 4102a8e1175bSopenharmony_ci * for cipher modes with padding. */ 4103a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_ACTIVE(operation); 4104a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_finish(&operation, 4105a8e1175bSopenharmony_ci buffer, sizeof(buffer), &length), 4106a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4107a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 4108a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4109a8e1175bSopenharmony_ci ASSERT_OPERATION_IS_INACTIVE(operation); 4110a8e1175bSopenharmony_ci 4111a8e1175bSopenharmony_ci /* Call finish twice in a row. */ 4112a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4113a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_set_iv(&operation, 4114a8e1175bSopenharmony_ci iv, sizeof(iv))); 4115a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_finish(&operation, 4116a8e1175bSopenharmony_ci buffer, sizeof(buffer), &length)); 4117a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_finish(&operation, 4118a8e1175bSopenharmony_ci buffer, sizeof(buffer), &length), 4119a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4120a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4121a8e1175bSopenharmony_ci 4122a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 4123a8e1175bSopenharmony_ci 4124a8e1175bSopenharmony_ciexit: 4125a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 4126a8e1175bSopenharmony_ci PSA_DONE(); 4127a8e1175bSopenharmony_ci} 4128a8e1175bSopenharmony_ci/* END_CASE */ 4129a8e1175bSopenharmony_ci 4130a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4131a8e1175bSopenharmony_civoid cipher_encrypt_fail(int alg_arg, 4132a8e1175bSopenharmony_ci int key_type_arg, 4133a8e1175bSopenharmony_ci data_t *key_data, 4134a8e1175bSopenharmony_ci data_t *input, 4135a8e1175bSopenharmony_ci int expected_status_arg) 4136a8e1175bSopenharmony_ci{ 4137a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4138a8e1175bSopenharmony_ci psa_status_t status; 4139a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 4140a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 4141a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 4142a8e1175bSopenharmony_ci unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = { 0 }; 4143a8e1175bSopenharmony_ci size_t iv_size = PSA_CIPHER_IV_MAX_SIZE; 4144a8e1175bSopenharmony_ci size_t iv_length = 0; 4145a8e1175bSopenharmony_ci unsigned char *output = NULL; 4146a8e1175bSopenharmony_ci size_t output_buffer_size = 0; 4147a8e1175bSopenharmony_ci size_t output_length = 0; 4148a8e1175bSopenharmony_ci size_t function_output_length; 4149a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 4150a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4151a8e1175bSopenharmony_ci 4152a8e1175bSopenharmony_ci if (PSA_ERROR_BAD_STATE != expected_status) { 4153a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4154a8e1175bSopenharmony_ci 4155a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 4156a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4157a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4158a8e1175bSopenharmony_ci 4159a8e1175bSopenharmony_ci output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, 4160a8e1175bSopenharmony_ci input->len); 4161a8e1175bSopenharmony_ci TEST_CALLOC(output, output_buffer_size); 4162a8e1175bSopenharmony_ci 4163a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4164a8e1175bSopenharmony_ci &key)); 4165a8e1175bSopenharmony_ci } 4166a8e1175bSopenharmony_ci 4167a8e1175bSopenharmony_ci /* Encrypt, one-shot */ 4168a8e1175bSopenharmony_ci status = psa_cipher_encrypt(key, alg, input->x, input->len, output, 4169a8e1175bSopenharmony_ci output_buffer_size, &output_length); 4170a8e1175bSopenharmony_ci 4171a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4172a8e1175bSopenharmony_ci 4173a8e1175bSopenharmony_ci /* Encrypt, multi-part */ 4174a8e1175bSopenharmony_ci status = psa_cipher_encrypt_setup(&operation, key, alg); 4175a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 4176a8e1175bSopenharmony_ci if (alg != PSA_ALG_ECB_NO_PADDING) { 4177a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_generate_iv(&operation, 4178a8e1175bSopenharmony_ci iv, iv_size, 4179a8e1175bSopenharmony_ci &iv_length)); 4180a8e1175bSopenharmony_ci } 4181a8e1175bSopenharmony_ci 4182a8e1175bSopenharmony_ci status = psa_cipher_update(&operation, input->x, input->len, 4183a8e1175bSopenharmony_ci output, output_buffer_size, 4184a8e1175bSopenharmony_ci &function_output_length); 4185a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 4186a8e1175bSopenharmony_ci output_length += function_output_length; 4187a8e1175bSopenharmony_ci 4188a8e1175bSopenharmony_ci status = psa_cipher_finish(&operation, output + output_length, 4189a8e1175bSopenharmony_ci output_buffer_size - output_length, 4190a8e1175bSopenharmony_ci &function_output_length); 4191a8e1175bSopenharmony_ci 4192a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4193a8e1175bSopenharmony_ci } else { 4194a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4195a8e1175bSopenharmony_ci } 4196a8e1175bSopenharmony_ci } else { 4197a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4198a8e1175bSopenharmony_ci } 4199a8e1175bSopenharmony_ci 4200a8e1175bSopenharmony_ciexit: 4201a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 4202a8e1175bSopenharmony_ci mbedtls_free(output); 4203a8e1175bSopenharmony_ci psa_destroy_key(key); 4204a8e1175bSopenharmony_ci PSA_DONE(); 4205a8e1175bSopenharmony_ci} 4206a8e1175bSopenharmony_ci/* END_CASE */ 4207a8e1175bSopenharmony_ci 4208a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4209a8e1175bSopenharmony_civoid cipher_encrypt_validate_iv_length(int alg, int key_type, data_t *key_data, 4210a8e1175bSopenharmony_ci data_t *input, int iv_length, 4211a8e1175bSopenharmony_ci int expected_result) 4212a8e1175bSopenharmony_ci{ 4213a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4214a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 4215a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4216a8e1175bSopenharmony_ci size_t output_buffer_size = 0; 4217a8e1175bSopenharmony_ci unsigned char *output = NULL; 4218a8e1175bSopenharmony_ci 4219a8e1175bSopenharmony_ci output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); 4220a8e1175bSopenharmony_ci TEST_CALLOC(output, output_buffer_size); 4221a8e1175bSopenharmony_ci 4222a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4223a8e1175bSopenharmony_ci 4224a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 4225a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4226a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4227a8e1175bSopenharmony_ci 4228a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4229a8e1175bSopenharmony_ci &key)); 4230a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4231a8e1175bSopenharmony_ci TEST_EQUAL(expected_result, psa_cipher_set_iv(&operation, output, 4232a8e1175bSopenharmony_ci iv_length)); 4233a8e1175bSopenharmony_ci 4234a8e1175bSopenharmony_ciexit: 4235a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 4236a8e1175bSopenharmony_ci mbedtls_free(output); 4237a8e1175bSopenharmony_ci psa_destroy_key(key); 4238a8e1175bSopenharmony_ci PSA_DONE(); 4239a8e1175bSopenharmony_ci} 4240a8e1175bSopenharmony_ci/* END_CASE */ 4241a8e1175bSopenharmony_ci 4242a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4243a8e1175bSopenharmony_civoid cipher_alg_without_iv(int alg_arg, int key_type_arg, data_t *key_data, 4244a8e1175bSopenharmony_ci data_t *plaintext, data_t *ciphertext) 4245a8e1175bSopenharmony_ci{ 4246a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4247a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 4248a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 4249a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 4250a8e1175bSopenharmony_ci uint8_t iv[1] = { 0x5a }; 4251a8e1175bSopenharmony_ci unsigned char *output = NULL; 4252a8e1175bSopenharmony_ci size_t output_buffer_size = 0; 4253a8e1175bSopenharmony_ci size_t output_length, length; 4254a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4255a8e1175bSopenharmony_ci 4256a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4257a8e1175bSopenharmony_ci 4258a8e1175bSopenharmony_ci /* Validate size macros */ 4259a8e1175bSopenharmony_ci TEST_LE_U(ciphertext->len, 4260a8e1175bSopenharmony_ci PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext->len)); 4261a8e1175bSopenharmony_ci TEST_LE_U(PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext->len), 4262a8e1175bSopenharmony_ci PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(plaintext->len)); 4263a8e1175bSopenharmony_ci TEST_LE_U(plaintext->len, 4264a8e1175bSopenharmony_ci PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext->len)); 4265a8e1175bSopenharmony_ci TEST_LE_U(PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext->len), 4266a8e1175bSopenharmony_ci PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(ciphertext->len)); 4267a8e1175bSopenharmony_ci 4268a8e1175bSopenharmony_ci 4269a8e1175bSopenharmony_ci /* Set up key and output buffer */ 4270a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, 4271a8e1175bSopenharmony_ci PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 4272a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4273a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4274a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4275a8e1175bSopenharmony_ci &key)); 4276a8e1175bSopenharmony_ci output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, 4277a8e1175bSopenharmony_ci plaintext->len); 4278a8e1175bSopenharmony_ci TEST_CALLOC(output, output_buffer_size); 4279a8e1175bSopenharmony_ci 4280a8e1175bSopenharmony_ci /* set_iv() is not allowed */ 4281a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4282a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_set_iv(&operation, iv, sizeof(iv)), 4283a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4284a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); 4285a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_set_iv(&operation, iv, sizeof(iv)), 4286a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4287a8e1175bSopenharmony_ci 4288a8e1175bSopenharmony_ci /* generate_iv() is not allowed */ 4289a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4290a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_generate_iv(&operation, iv, sizeof(iv), 4291a8e1175bSopenharmony_ci &length), 4292a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4293a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); 4294a8e1175bSopenharmony_ci TEST_EQUAL(psa_cipher_generate_iv(&operation, iv, sizeof(iv), 4295a8e1175bSopenharmony_ci &length), 4296a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 4297a8e1175bSopenharmony_ci 4298a8e1175bSopenharmony_ci /* Multipart encryption */ 4299a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4300a8e1175bSopenharmony_ci output_length = 0; 4301a8e1175bSopenharmony_ci length = ~0; 4302a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation, 4303a8e1175bSopenharmony_ci plaintext->x, plaintext->len, 4304a8e1175bSopenharmony_ci output, output_buffer_size, 4305a8e1175bSopenharmony_ci &length)); 4306a8e1175bSopenharmony_ci TEST_LE_U(length, output_buffer_size); 4307a8e1175bSopenharmony_ci output_length += length; 4308a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_finish(&operation, 4309a8e1175bSopenharmony_ci mbedtls_buffer_offset(output, output_length), 4310a8e1175bSopenharmony_ci output_buffer_size - output_length, 4311a8e1175bSopenharmony_ci &length)); 4312a8e1175bSopenharmony_ci output_length += length; 4313a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(ciphertext->x, ciphertext->len, 4314a8e1175bSopenharmony_ci output, output_length); 4315a8e1175bSopenharmony_ci 4316a8e1175bSopenharmony_ci /* Multipart encryption */ 4317a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); 4318a8e1175bSopenharmony_ci output_length = 0; 4319a8e1175bSopenharmony_ci length = ~0; 4320a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation, 4321a8e1175bSopenharmony_ci ciphertext->x, ciphertext->len, 4322a8e1175bSopenharmony_ci output, output_buffer_size, 4323a8e1175bSopenharmony_ci &length)); 4324a8e1175bSopenharmony_ci TEST_LE_U(length, output_buffer_size); 4325a8e1175bSopenharmony_ci output_length += length; 4326a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_finish(&operation, 4327a8e1175bSopenharmony_ci mbedtls_buffer_offset(output, output_length), 4328a8e1175bSopenharmony_ci output_buffer_size - output_length, 4329a8e1175bSopenharmony_ci &length)); 4330a8e1175bSopenharmony_ci output_length += length; 4331a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(plaintext->x, plaintext->len, 4332a8e1175bSopenharmony_ci output, output_length); 4333a8e1175bSopenharmony_ci 4334a8e1175bSopenharmony_ci /* One-shot encryption */ 4335a8e1175bSopenharmony_ci output_length = ~0; 4336a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt(key, alg, plaintext->x, plaintext->len, 4337a8e1175bSopenharmony_ci output, output_buffer_size, 4338a8e1175bSopenharmony_ci &output_length)); 4339a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(ciphertext->x, ciphertext->len, 4340a8e1175bSopenharmony_ci output, output_length); 4341a8e1175bSopenharmony_ci 4342a8e1175bSopenharmony_ci /* One-shot decryption */ 4343a8e1175bSopenharmony_ci output_length = ~0; 4344a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_decrypt(key, alg, ciphertext->x, ciphertext->len, 4345a8e1175bSopenharmony_ci output, output_buffer_size, 4346a8e1175bSopenharmony_ci &output_length)); 4347a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(plaintext->x, plaintext->len, 4348a8e1175bSopenharmony_ci output, output_length); 4349a8e1175bSopenharmony_ci 4350a8e1175bSopenharmony_ciexit: 4351a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4352a8e1175bSopenharmony_ci mbedtls_free(output); 4353a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 4354a8e1175bSopenharmony_ci psa_destroy_key(key); 4355a8e1175bSopenharmony_ci PSA_DONE(); 4356a8e1175bSopenharmony_ci} 4357a8e1175bSopenharmony_ci/* END_CASE */ 4358a8e1175bSopenharmony_ci 4359a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4360a8e1175bSopenharmony_civoid cipher_bad_key(int alg_arg, int key_type_arg, data_t *key_data) 4361a8e1175bSopenharmony_ci{ 4362a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4363a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 4364a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 4365a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4366a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 4367a8e1175bSopenharmony_ci psa_status_t status; 4368a8e1175bSopenharmony_ci 4369a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4370a8e1175bSopenharmony_ci 4371a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 4372a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4373a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4374a8e1175bSopenharmony_ci 4375a8e1175bSopenharmony_ci /* Usage of either of these two size macros would cause divide by zero 4376a8e1175bSopenharmony_ci * with incorrect key types previously. Input length should be irrelevant 4377a8e1175bSopenharmony_ci * here. */ 4378a8e1175bSopenharmony_ci TEST_EQUAL(PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, 16), 4379a8e1175bSopenharmony_ci 0); 4380a8e1175bSopenharmony_ci TEST_EQUAL(PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, 16), 0); 4381a8e1175bSopenharmony_ci 4382a8e1175bSopenharmony_ci 4383a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4384a8e1175bSopenharmony_ci &key)); 4385a8e1175bSopenharmony_ci 4386a8e1175bSopenharmony_ci /* Should fail due to invalid alg type (to support invalid key type). 4387a8e1175bSopenharmony_ci * Encrypt or decrypt will end up in the same place. */ 4388a8e1175bSopenharmony_ci status = psa_cipher_encrypt_setup(&operation, key, alg); 4389a8e1175bSopenharmony_ci 4390a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT); 4391a8e1175bSopenharmony_ci 4392a8e1175bSopenharmony_ciexit: 4393a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 4394a8e1175bSopenharmony_ci psa_destroy_key(key); 4395a8e1175bSopenharmony_ci PSA_DONE(); 4396a8e1175bSopenharmony_ci} 4397a8e1175bSopenharmony_ci/* END_CASE */ 4398a8e1175bSopenharmony_ci 4399a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4400a8e1175bSopenharmony_civoid cipher_encrypt_validation(int alg_arg, 4401a8e1175bSopenharmony_ci int key_type_arg, 4402a8e1175bSopenharmony_ci data_t *key_data, 4403a8e1175bSopenharmony_ci data_t *input) 4404a8e1175bSopenharmony_ci{ 4405a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4406a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 4407a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 4408a8e1175bSopenharmony_ci size_t iv_size = PSA_CIPHER_IV_LENGTH(key_type, alg); 4409a8e1175bSopenharmony_ci unsigned char *output1 = NULL; 4410a8e1175bSopenharmony_ci size_t output1_buffer_size = 0; 4411a8e1175bSopenharmony_ci size_t output1_length = 0; 4412a8e1175bSopenharmony_ci unsigned char *output2 = NULL; 4413a8e1175bSopenharmony_ci size_t output2_buffer_size = 0; 4414a8e1175bSopenharmony_ci size_t output2_length = 0; 4415a8e1175bSopenharmony_ci size_t function_output_length = 0; 4416a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 4417a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4418a8e1175bSopenharmony_ci 4419a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4420a8e1175bSopenharmony_ci 4421a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 4422a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4423a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4424a8e1175bSopenharmony_ci 4425a8e1175bSopenharmony_ci output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); 4426a8e1175bSopenharmony_ci output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + 4427a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); 4428a8e1175bSopenharmony_ci TEST_CALLOC(output1, output1_buffer_size); 4429a8e1175bSopenharmony_ci TEST_CALLOC(output2, output2_buffer_size); 4430a8e1175bSopenharmony_ci 4431a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4432a8e1175bSopenharmony_ci &key)); 4433a8e1175bSopenharmony_ci 4434a8e1175bSopenharmony_ci /* The one-shot cipher encryption uses generated iv so validating 4435a8e1175bSopenharmony_ci the output is not possible. Validating with multipart encryption. */ 4436a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, 4437a8e1175bSopenharmony_ci output1_buffer_size, &output1_length)); 4438a8e1175bSopenharmony_ci TEST_LE_U(output1_length, 4439a8e1175bSopenharmony_ci PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len)); 4440a8e1175bSopenharmony_ci TEST_LE_U(output1_length, 4441a8e1175bSopenharmony_ci PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len)); 4442a8e1175bSopenharmony_ci 4443a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4444a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_set_iv(&operation, output1, iv_size)); 4445a8e1175bSopenharmony_ci 4446a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation, 4447a8e1175bSopenharmony_ci input->x, input->len, 4448a8e1175bSopenharmony_ci output2, output2_buffer_size, 4449a8e1175bSopenharmony_ci &function_output_length)); 4450a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4451a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len)); 4452a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4453a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input->len)); 4454a8e1175bSopenharmony_ci output2_length += function_output_length; 4455a8e1175bSopenharmony_ci 4456a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_finish(&operation, 4457a8e1175bSopenharmony_ci output2 + output2_length, 4458a8e1175bSopenharmony_ci output2_buffer_size - output2_length, 4459a8e1175bSopenharmony_ci &function_output_length)); 4460a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4461a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg)); 4462a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4463a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE); 4464a8e1175bSopenharmony_ci output2_length += function_output_length; 4465a8e1175bSopenharmony_ci 4466a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4467a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size, 4468a8e1175bSopenharmony_ci output2, output2_length); 4469a8e1175bSopenharmony_ci 4470a8e1175bSopenharmony_ciexit: 4471a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 4472a8e1175bSopenharmony_ci mbedtls_free(output1); 4473a8e1175bSopenharmony_ci mbedtls_free(output2); 4474a8e1175bSopenharmony_ci psa_destroy_key(key); 4475a8e1175bSopenharmony_ci PSA_DONE(); 4476a8e1175bSopenharmony_ci} 4477a8e1175bSopenharmony_ci/* END_CASE */ 4478a8e1175bSopenharmony_ci 4479a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4480a8e1175bSopenharmony_civoid cipher_encrypt_multipart(int alg_arg, int key_type_arg, 4481a8e1175bSopenharmony_ci data_t *key_data, data_t *iv, 4482a8e1175bSopenharmony_ci data_t *input, 4483a8e1175bSopenharmony_ci int first_part_size_arg, 4484a8e1175bSopenharmony_ci int output1_length_arg, int output2_length_arg, 4485a8e1175bSopenharmony_ci data_t *expected_output, 4486a8e1175bSopenharmony_ci int expected_status_arg) 4487a8e1175bSopenharmony_ci{ 4488a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4489a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 4490a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 4491a8e1175bSopenharmony_ci psa_status_t status; 4492a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 4493a8e1175bSopenharmony_ci size_t first_part_size = first_part_size_arg; 4494a8e1175bSopenharmony_ci size_t output1_length = output1_length_arg; 4495a8e1175bSopenharmony_ci size_t output2_length = output2_length_arg; 4496a8e1175bSopenharmony_ci unsigned char *output = NULL; 4497a8e1175bSopenharmony_ci size_t output_buffer_size = 0; 4498a8e1175bSopenharmony_ci size_t function_output_length = 0; 4499a8e1175bSopenharmony_ci size_t total_output_length = 0; 4500a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 4501a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4502a8e1175bSopenharmony_ci 4503a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4504a8e1175bSopenharmony_ci 4505a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 4506a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4507a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4508a8e1175bSopenharmony_ci 4509a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4510a8e1175bSopenharmony_ci &key)); 4511a8e1175bSopenharmony_ci 4512a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 4513a8e1175bSopenharmony_ci 4514a8e1175bSopenharmony_ci if (iv->len > 0) { 4515a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 4516a8e1175bSopenharmony_ci } 4517a8e1175bSopenharmony_ci 4518a8e1175bSopenharmony_ci output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + 4519a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); 4520a8e1175bSopenharmony_ci TEST_CALLOC(output, output_buffer_size); 4521a8e1175bSopenharmony_ci 4522a8e1175bSopenharmony_ci TEST_LE_U(first_part_size, input->len); 4523a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size, 4524a8e1175bSopenharmony_ci output, output_buffer_size, 4525a8e1175bSopenharmony_ci &function_output_length)); 4526a8e1175bSopenharmony_ci TEST_ASSERT(function_output_length == output1_length); 4527a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4528a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, first_part_size)); 4529a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4530a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(first_part_size)); 4531a8e1175bSopenharmony_ci total_output_length += function_output_length; 4532a8e1175bSopenharmony_ci 4533a8e1175bSopenharmony_ci if (first_part_size < input->len) { 4534a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation, 4535a8e1175bSopenharmony_ci input->x + first_part_size, 4536a8e1175bSopenharmony_ci input->len - first_part_size, 4537a8e1175bSopenharmony_ci (output_buffer_size == 0 ? NULL : 4538a8e1175bSopenharmony_ci output + total_output_length), 4539a8e1175bSopenharmony_ci output_buffer_size - total_output_length, 4540a8e1175bSopenharmony_ci &function_output_length)); 4541a8e1175bSopenharmony_ci TEST_ASSERT(function_output_length == output2_length); 4542a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4543a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, 4544a8e1175bSopenharmony_ci alg, 4545a8e1175bSopenharmony_ci input->len - first_part_size)); 4546a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4547a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input->len)); 4548a8e1175bSopenharmony_ci total_output_length += function_output_length; 4549a8e1175bSopenharmony_ci } 4550a8e1175bSopenharmony_ci 4551a8e1175bSopenharmony_ci status = psa_cipher_finish(&operation, 4552a8e1175bSopenharmony_ci (output_buffer_size == 0 ? NULL : 4553a8e1175bSopenharmony_ci output + total_output_length), 4554a8e1175bSopenharmony_ci output_buffer_size - total_output_length, 4555a8e1175bSopenharmony_ci &function_output_length); 4556a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4557a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg)); 4558a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4559a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE); 4560a8e1175bSopenharmony_ci total_output_length += function_output_length; 4561a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4562a8e1175bSopenharmony_ci 4563a8e1175bSopenharmony_ci if (expected_status == PSA_SUCCESS) { 4564a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4565a8e1175bSopenharmony_ci 4566a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 4567a8e1175bSopenharmony_ci output, total_output_length); 4568a8e1175bSopenharmony_ci } 4569a8e1175bSopenharmony_ci 4570a8e1175bSopenharmony_ciexit: 4571a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 4572a8e1175bSopenharmony_ci mbedtls_free(output); 4573a8e1175bSopenharmony_ci psa_destroy_key(key); 4574a8e1175bSopenharmony_ci PSA_DONE(); 4575a8e1175bSopenharmony_ci} 4576a8e1175bSopenharmony_ci/* END_CASE */ 4577a8e1175bSopenharmony_ci 4578a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4579a8e1175bSopenharmony_civoid cipher_decrypt_multipart(int alg_arg, int key_type_arg, 4580a8e1175bSopenharmony_ci data_t *key_data, data_t *iv, 4581a8e1175bSopenharmony_ci data_t *input, 4582a8e1175bSopenharmony_ci int first_part_size_arg, 4583a8e1175bSopenharmony_ci int output1_length_arg, int output2_length_arg, 4584a8e1175bSopenharmony_ci data_t *expected_output, 4585a8e1175bSopenharmony_ci int expected_status_arg) 4586a8e1175bSopenharmony_ci{ 4587a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4588a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 4589a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 4590a8e1175bSopenharmony_ci psa_status_t status; 4591a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 4592a8e1175bSopenharmony_ci size_t first_part_size = first_part_size_arg; 4593a8e1175bSopenharmony_ci size_t output1_length = output1_length_arg; 4594a8e1175bSopenharmony_ci size_t output2_length = output2_length_arg; 4595a8e1175bSopenharmony_ci unsigned char *output = NULL; 4596a8e1175bSopenharmony_ci size_t output_buffer_size = 0; 4597a8e1175bSopenharmony_ci size_t function_output_length = 0; 4598a8e1175bSopenharmony_ci size_t total_output_length = 0; 4599a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 4600a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4601a8e1175bSopenharmony_ci 4602a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4603a8e1175bSopenharmony_ci 4604a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 4605a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4606a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4607a8e1175bSopenharmony_ci 4608a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4609a8e1175bSopenharmony_ci &key)); 4610a8e1175bSopenharmony_ci 4611a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); 4612a8e1175bSopenharmony_ci 4613a8e1175bSopenharmony_ci if (iv->len > 0) { 4614a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 4615a8e1175bSopenharmony_ci } 4616a8e1175bSopenharmony_ci 4617a8e1175bSopenharmony_ci output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + 4618a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); 4619a8e1175bSopenharmony_ci TEST_CALLOC(output, output_buffer_size); 4620a8e1175bSopenharmony_ci 4621a8e1175bSopenharmony_ci TEST_LE_U(first_part_size, input->len); 4622a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation, 4623a8e1175bSopenharmony_ci input->x, first_part_size, 4624a8e1175bSopenharmony_ci output, output_buffer_size, 4625a8e1175bSopenharmony_ci &function_output_length)); 4626a8e1175bSopenharmony_ci TEST_ASSERT(function_output_length == output1_length); 4627a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4628a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, first_part_size)); 4629a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4630a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(first_part_size)); 4631a8e1175bSopenharmony_ci total_output_length += function_output_length; 4632a8e1175bSopenharmony_ci 4633a8e1175bSopenharmony_ci if (first_part_size < input->len) { 4634a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation, 4635a8e1175bSopenharmony_ci input->x + first_part_size, 4636a8e1175bSopenharmony_ci input->len - first_part_size, 4637a8e1175bSopenharmony_ci (output_buffer_size == 0 ? NULL : 4638a8e1175bSopenharmony_ci output + total_output_length), 4639a8e1175bSopenharmony_ci output_buffer_size - total_output_length, 4640a8e1175bSopenharmony_ci &function_output_length)); 4641a8e1175bSopenharmony_ci TEST_ASSERT(function_output_length == output2_length); 4642a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4643a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, 4644a8e1175bSopenharmony_ci alg, 4645a8e1175bSopenharmony_ci input->len - first_part_size)); 4646a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4647a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input->len)); 4648a8e1175bSopenharmony_ci total_output_length += function_output_length; 4649a8e1175bSopenharmony_ci } 4650a8e1175bSopenharmony_ci 4651a8e1175bSopenharmony_ci status = psa_cipher_finish(&operation, 4652a8e1175bSopenharmony_ci (output_buffer_size == 0 ? NULL : 4653a8e1175bSopenharmony_ci output + total_output_length), 4654a8e1175bSopenharmony_ci output_buffer_size - total_output_length, 4655a8e1175bSopenharmony_ci &function_output_length); 4656a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4657a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg)); 4658a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4659a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE); 4660a8e1175bSopenharmony_ci total_output_length += function_output_length; 4661a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4662a8e1175bSopenharmony_ci 4663a8e1175bSopenharmony_ci if (expected_status == PSA_SUCCESS) { 4664a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation)); 4665a8e1175bSopenharmony_ci 4666a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 4667a8e1175bSopenharmony_ci output, total_output_length); 4668a8e1175bSopenharmony_ci } 4669a8e1175bSopenharmony_ci 4670a8e1175bSopenharmony_ciexit: 4671a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 4672a8e1175bSopenharmony_ci mbedtls_free(output); 4673a8e1175bSopenharmony_ci psa_destroy_key(key); 4674a8e1175bSopenharmony_ci PSA_DONE(); 4675a8e1175bSopenharmony_ci} 4676a8e1175bSopenharmony_ci/* END_CASE */ 4677a8e1175bSopenharmony_ci 4678a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4679a8e1175bSopenharmony_civoid cipher_decrypt_fail(int alg_arg, 4680a8e1175bSopenharmony_ci int key_type_arg, 4681a8e1175bSopenharmony_ci data_t *key_data, 4682a8e1175bSopenharmony_ci data_t *iv, 4683a8e1175bSopenharmony_ci data_t *input_arg, 4684a8e1175bSopenharmony_ci int expected_status_arg) 4685a8e1175bSopenharmony_ci{ 4686a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4687a8e1175bSopenharmony_ci psa_status_t status; 4688a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 4689a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 4690a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 4691a8e1175bSopenharmony_ci unsigned char *input = NULL; 4692a8e1175bSopenharmony_ci size_t input_buffer_size = 0; 4693a8e1175bSopenharmony_ci unsigned char *output = NULL; 4694a8e1175bSopenharmony_ci unsigned char *output_multi = NULL; 4695a8e1175bSopenharmony_ci size_t output_buffer_size = 0; 4696a8e1175bSopenharmony_ci size_t output_length = 0; 4697a8e1175bSopenharmony_ci size_t function_output_length; 4698a8e1175bSopenharmony_ci psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 4699a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4700a8e1175bSopenharmony_ci 4701a8e1175bSopenharmony_ci if (PSA_ERROR_BAD_STATE != expected_status) { 4702a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4703a8e1175bSopenharmony_ci 4704a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 4705a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4706a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4707a8e1175bSopenharmony_ci 4708a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4709a8e1175bSopenharmony_ci &key)); 4710a8e1175bSopenharmony_ci } 4711a8e1175bSopenharmony_ci 4712a8e1175bSopenharmony_ci /* Allocate input buffer and copy the iv and the plaintext */ 4713a8e1175bSopenharmony_ci input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); 4714a8e1175bSopenharmony_ci if (input_buffer_size > 0) { 4715a8e1175bSopenharmony_ci TEST_CALLOC(input, input_buffer_size); 4716a8e1175bSopenharmony_ci memcpy(input, iv->x, iv->len); 4717a8e1175bSopenharmony_ci memcpy(input + iv->len, input_arg->x, input_arg->len); 4718a8e1175bSopenharmony_ci } 4719a8e1175bSopenharmony_ci 4720a8e1175bSopenharmony_ci output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); 4721a8e1175bSopenharmony_ci TEST_CALLOC(output, output_buffer_size); 4722a8e1175bSopenharmony_ci 4723a8e1175bSopenharmony_ci /* Decrypt, one-short */ 4724a8e1175bSopenharmony_ci status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, 4725a8e1175bSopenharmony_ci output_buffer_size, &output_length); 4726a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4727a8e1175bSopenharmony_ci 4728a8e1175bSopenharmony_ci /* Decrypt, multi-part */ 4729a8e1175bSopenharmony_ci status = psa_cipher_decrypt_setup(&operation, key, alg); 4730a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 4731a8e1175bSopenharmony_ci output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, 4732a8e1175bSopenharmony_ci input_arg->len) + 4733a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); 4734a8e1175bSopenharmony_ci TEST_CALLOC(output_multi, output_buffer_size); 4735a8e1175bSopenharmony_ci 4736a8e1175bSopenharmony_ci if (iv->len > 0) { 4737a8e1175bSopenharmony_ci status = psa_cipher_set_iv(&operation, iv->x, iv->len); 4738a8e1175bSopenharmony_ci 4739a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 4740a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4741a8e1175bSopenharmony_ci } 4742a8e1175bSopenharmony_ci } 4743a8e1175bSopenharmony_ci 4744a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 4745a8e1175bSopenharmony_ci status = psa_cipher_update(&operation, 4746a8e1175bSopenharmony_ci input_arg->x, input_arg->len, 4747a8e1175bSopenharmony_ci output_multi, output_buffer_size, 4748a8e1175bSopenharmony_ci &function_output_length); 4749a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 4750a8e1175bSopenharmony_ci output_length = function_output_length; 4751a8e1175bSopenharmony_ci 4752a8e1175bSopenharmony_ci status = psa_cipher_finish(&operation, 4753a8e1175bSopenharmony_ci output_multi + output_length, 4754a8e1175bSopenharmony_ci output_buffer_size - output_length, 4755a8e1175bSopenharmony_ci &function_output_length); 4756a8e1175bSopenharmony_ci 4757a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4758a8e1175bSopenharmony_ci } else { 4759a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4760a8e1175bSopenharmony_ci } 4761a8e1175bSopenharmony_ci } else { 4762a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4763a8e1175bSopenharmony_ci } 4764a8e1175bSopenharmony_ci } else { 4765a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 4766a8e1175bSopenharmony_ci } 4767a8e1175bSopenharmony_ci 4768a8e1175bSopenharmony_ciexit: 4769a8e1175bSopenharmony_ci psa_cipher_abort(&operation); 4770a8e1175bSopenharmony_ci mbedtls_free(input); 4771a8e1175bSopenharmony_ci mbedtls_free(output); 4772a8e1175bSopenharmony_ci mbedtls_free(output_multi); 4773a8e1175bSopenharmony_ci psa_destroy_key(key); 4774a8e1175bSopenharmony_ci PSA_DONE(); 4775a8e1175bSopenharmony_ci} 4776a8e1175bSopenharmony_ci/* END_CASE */ 4777a8e1175bSopenharmony_ci 4778a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4779a8e1175bSopenharmony_civoid cipher_decrypt(int alg_arg, 4780a8e1175bSopenharmony_ci int key_type_arg, 4781a8e1175bSopenharmony_ci data_t *key_data, 4782a8e1175bSopenharmony_ci data_t *iv, 4783a8e1175bSopenharmony_ci data_t *input_arg, 4784a8e1175bSopenharmony_ci data_t *expected_output) 4785a8e1175bSopenharmony_ci{ 4786a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4787a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 4788a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 4789a8e1175bSopenharmony_ci unsigned char *input = NULL; 4790a8e1175bSopenharmony_ci size_t input_buffer_size = 0; 4791a8e1175bSopenharmony_ci unsigned char *output = NULL; 4792a8e1175bSopenharmony_ci size_t output_buffer_size = 0; 4793a8e1175bSopenharmony_ci size_t output_length = 0; 4794a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4795a8e1175bSopenharmony_ci 4796a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4797a8e1175bSopenharmony_ci 4798a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 4799a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4800a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4801a8e1175bSopenharmony_ci 4802a8e1175bSopenharmony_ci /* Allocate input buffer and copy the iv and the plaintext */ 4803a8e1175bSopenharmony_ci input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); 4804a8e1175bSopenharmony_ci if (input_buffer_size > 0) { 4805a8e1175bSopenharmony_ci TEST_CALLOC(input, input_buffer_size); 4806a8e1175bSopenharmony_ci memcpy(input, iv->x, iv->len); 4807a8e1175bSopenharmony_ci memcpy(input + iv->len, input_arg->x, input_arg->len); 4808a8e1175bSopenharmony_ci } 4809a8e1175bSopenharmony_ci 4810a8e1175bSopenharmony_ci output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); 4811a8e1175bSopenharmony_ci TEST_CALLOC(output, output_buffer_size); 4812a8e1175bSopenharmony_ci 4813a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4814a8e1175bSopenharmony_ci &key)); 4815a8e1175bSopenharmony_ci 4816a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_decrypt(key, alg, input, input_buffer_size, output, 4817a8e1175bSopenharmony_ci output_buffer_size, &output_length)); 4818a8e1175bSopenharmony_ci TEST_LE_U(output_length, 4819a8e1175bSopenharmony_ci PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size)); 4820a8e1175bSopenharmony_ci TEST_LE_U(output_length, 4821a8e1175bSopenharmony_ci PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_buffer_size)); 4822a8e1175bSopenharmony_ci 4823a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 4824a8e1175bSopenharmony_ci output, output_length); 4825a8e1175bSopenharmony_ciexit: 4826a8e1175bSopenharmony_ci mbedtls_free(input); 4827a8e1175bSopenharmony_ci mbedtls_free(output); 4828a8e1175bSopenharmony_ci psa_destroy_key(key); 4829a8e1175bSopenharmony_ci PSA_DONE(); 4830a8e1175bSopenharmony_ci} 4831a8e1175bSopenharmony_ci/* END_CASE */ 4832a8e1175bSopenharmony_ci 4833a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4834a8e1175bSopenharmony_civoid cipher_verify_output(int alg_arg, 4835a8e1175bSopenharmony_ci int key_type_arg, 4836a8e1175bSopenharmony_ci data_t *key_data, 4837a8e1175bSopenharmony_ci data_t *input) 4838a8e1175bSopenharmony_ci{ 4839a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4840a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 4841a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 4842a8e1175bSopenharmony_ci unsigned char *output1 = NULL; 4843a8e1175bSopenharmony_ci size_t output1_size = 0; 4844a8e1175bSopenharmony_ci size_t output1_length = 0; 4845a8e1175bSopenharmony_ci unsigned char *output2 = NULL; 4846a8e1175bSopenharmony_ci size_t output2_size = 0; 4847a8e1175bSopenharmony_ci size_t output2_length = 0; 4848a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4849a8e1175bSopenharmony_ci 4850a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4851a8e1175bSopenharmony_ci 4852a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 4853a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4854a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4855a8e1175bSopenharmony_ci 4856a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4857a8e1175bSopenharmony_ci &key)); 4858a8e1175bSopenharmony_ci output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); 4859a8e1175bSopenharmony_ci TEST_CALLOC(output1, output1_size); 4860a8e1175bSopenharmony_ci 4861a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, 4862a8e1175bSopenharmony_ci output1, output1_size, 4863a8e1175bSopenharmony_ci &output1_length)); 4864a8e1175bSopenharmony_ci TEST_LE_U(output1_length, 4865a8e1175bSopenharmony_ci PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len)); 4866a8e1175bSopenharmony_ci TEST_LE_U(output1_length, 4867a8e1175bSopenharmony_ci PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len)); 4868a8e1175bSopenharmony_ci 4869a8e1175bSopenharmony_ci output2_size = output1_length; 4870a8e1175bSopenharmony_ci TEST_CALLOC(output2, output2_size); 4871a8e1175bSopenharmony_ci 4872a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_decrypt(key, alg, output1, output1_length, 4873a8e1175bSopenharmony_ci output2, output2_size, 4874a8e1175bSopenharmony_ci &output2_length)); 4875a8e1175bSopenharmony_ci TEST_LE_U(output2_length, 4876a8e1175bSopenharmony_ci PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, output1_length)); 4877a8e1175bSopenharmony_ci TEST_LE_U(output2_length, 4878a8e1175bSopenharmony_ci PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(output1_length)); 4879a8e1175bSopenharmony_ci 4880a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(input->x, input->len, output2, output2_length); 4881a8e1175bSopenharmony_ci 4882a8e1175bSopenharmony_ciexit: 4883a8e1175bSopenharmony_ci mbedtls_free(output1); 4884a8e1175bSopenharmony_ci mbedtls_free(output2); 4885a8e1175bSopenharmony_ci psa_destroy_key(key); 4886a8e1175bSopenharmony_ci PSA_DONE(); 4887a8e1175bSopenharmony_ci} 4888a8e1175bSopenharmony_ci/* END_CASE */ 4889a8e1175bSopenharmony_ci 4890a8e1175bSopenharmony_ci/* BEGIN_CASE */ 4891a8e1175bSopenharmony_civoid cipher_verify_output_multipart(int alg_arg, 4892a8e1175bSopenharmony_ci int key_type_arg, 4893a8e1175bSopenharmony_ci data_t *key_data, 4894a8e1175bSopenharmony_ci data_t *input, 4895a8e1175bSopenharmony_ci int first_part_size_arg) 4896a8e1175bSopenharmony_ci{ 4897a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 4898a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 4899a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 4900a8e1175bSopenharmony_ci size_t first_part_size = first_part_size_arg; 4901a8e1175bSopenharmony_ci unsigned char iv[16] = { 0 }; 4902a8e1175bSopenharmony_ci size_t iv_size = 16; 4903a8e1175bSopenharmony_ci size_t iv_length = 0; 4904a8e1175bSopenharmony_ci unsigned char *output1 = NULL; 4905a8e1175bSopenharmony_ci size_t output1_buffer_size = 0; 4906a8e1175bSopenharmony_ci size_t output1_length = 0; 4907a8e1175bSopenharmony_ci unsigned char *output2 = NULL; 4908a8e1175bSopenharmony_ci size_t output2_buffer_size = 0; 4909a8e1175bSopenharmony_ci size_t output2_length = 0; 4910a8e1175bSopenharmony_ci size_t function_output_length; 4911a8e1175bSopenharmony_ci psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT; 4912a8e1175bSopenharmony_ci psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT; 4913a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 4914a8e1175bSopenharmony_ci 4915a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 4916a8e1175bSopenharmony_ci 4917a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 4918a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 4919a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 4920a8e1175bSopenharmony_ci 4921a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 4922a8e1175bSopenharmony_ci &key)); 4923a8e1175bSopenharmony_ci 4924a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_encrypt_setup(&operation1, key, alg)); 4925a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_decrypt_setup(&operation2, key, alg)); 4926a8e1175bSopenharmony_ci 4927a8e1175bSopenharmony_ci if (alg != PSA_ALG_ECB_NO_PADDING) { 4928a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_generate_iv(&operation1, 4929a8e1175bSopenharmony_ci iv, iv_size, 4930a8e1175bSopenharmony_ci &iv_length)); 4931a8e1175bSopenharmony_ci } 4932a8e1175bSopenharmony_ci 4933a8e1175bSopenharmony_ci output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); 4934a8e1175bSopenharmony_ci TEST_LE_U(output1_buffer_size, 4935a8e1175bSopenharmony_ci PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len)); 4936a8e1175bSopenharmony_ci TEST_CALLOC(output1, output1_buffer_size); 4937a8e1175bSopenharmony_ci 4938a8e1175bSopenharmony_ci TEST_LE_U(first_part_size, input->len); 4939a8e1175bSopenharmony_ci 4940a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation1, input->x, first_part_size, 4941a8e1175bSopenharmony_ci output1, output1_buffer_size, 4942a8e1175bSopenharmony_ci &function_output_length)); 4943a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4944a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, first_part_size)); 4945a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4946a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(first_part_size)); 4947a8e1175bSopenharmony_ci output1_length += function_output_length; 4948a8e1175bSopenharmony_ci 4949a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation1, 4950a8e1175bSopenharmony_ci input->x + first_part_size, 4951a8e1175bSopenharmony_ci input->len - first_part_size, 4952a8e1175bSopenharmony_ci output1 + output1_length, 4953a8e1175bSopenharmony_ci output1_buffer_size - output1_length, 4954a8e1175bSopenharmony_ci &function_output_length)); 4955a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4956a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, 4957a8e1175bSopenharmony_ci alg, 4958a8e1175bSopenharmony_ci input->len - first_part_size)); 4959a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4960a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input->len - first_part_size)); 4961a8e1175bSopenharmony_ci output1_length += function_output_length; 4962a8e1175bSopenharmony_ci 4963a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_finish(&operation1, 4964a8e1175bSopenharmony_ci output1 + output1_length, 4965a8e1175bSopenharmony_ci output1_buffer_size - output1_length, 4966a8e1175bSopenharmony_ci &function_output_length)); 4967a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4968a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg)); 4969a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4970a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE); 4971a8e1175bSopenharmony_ci output1_length += function_output_length; 4972a8e1175bSopenharmony_ci 4973a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation1)); 4974a8e1175bSopenharmony_ci 4975a8e1175bSopenharmony_ci output2_buffer_size = output1_length; 4976a8e1175bSopenharmony_ci TEST_LE_U(output2_buffer_size, 4977a8e1175bSopenharmony_ci PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, output1_length)); 4978a8e1175bSopenharmony_ci TEST_LE_U(output2_buffer_size, 4979a8e1175bSopenharmony_ci PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(output1_length)); 4980a8e1175bSopenharmony_ci TEST_CALLOC(output2, output2_buffer_size); 4981a8e1175bSopenharmony_ci 4982a8e1175bSopenharmony_ci if (iv_length > 0) { 4983a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_set_iv(&operation2, 4984a8e1175bSopenharmony_ci iv, iv_length)); 4985a8e1175bSopenharmony_ci } 4986a8e1175bSopenharmony_ci 4987a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation2, output1, first_part_size, 4988a8e1175bSopenharmony_ci output2, output2_buffer_size, 4989a8e1175bSopenharmony_ci &function_output_length)); 4990a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4991a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, first_part_size)); 4992a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 4993a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(first_part_size)); 4994a8e1175bSopenharmony_ci output2_length += function_output_length; 4995a8e1175bSopenharmony_ci 4996a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_update(&operation2, 4997a8e1175bSopenharmony_ci output1 + first_part_size, 4998a8e1175bSopenharmony_ci output1_length - first_part_size, 4999a8e1175bSopenharmony_ci output2 + output2_length, 5000a8e1175bSopenharmony_ci output2_buffer_size - output2_length, 5001a8e1175bSopenharmony_ci &function_output_length)); 5002a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 5003a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, 5004a8e1175bSopenharmony_ci alg, 5005a8e1175bSopenharmony_ci output1_length - first_part_size)); 5006a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 5007a8e1175bSopenharmony_ci PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(output1_length - first_part_size)); 5008a8e1175bSopenharmony_ci output2_length += function_output_length; 5009a8e1175bSopenharmony_ci 5010a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_finish(&operation2, 5011a8e1175bSopenharmony_ci output2 + output2_length, 5012a8e1175bSopenharmony_ci output2_buffer_size - output2_length, 5013a8e1175bSopenharmony_ci &function_output_length)); 5014a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 5015a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg)); 5016a8e1175bSopenharmony_ci TEST_LE_U(function_output_length, 5017a8e1175bSopenharmony_ci PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE); 5018a8e1175bSopenharmony_ci output2_length += function_output_length; 5019a8e1175bSopenharmony_ci 5020a8e1175bSopenharmony_ci PSA_ASSERT(psa_cipher_abort(&operation2)); 5021a8e1175bSopenharmony_ci 5022a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(input->x, input->len, output2, output2_length); 5023a8e1175bSopenharmony_ci 5024a8e1175bSopenharmony_ciexit: 5025a8e1175bSopenharmony_ci psa_cipher_abort(&operation1); 5026a8e1175bSopenharmony_ci psa_cipher_abort(&operation2); 5027a8e1175bSopenharmony_ci mbedtls_free(output1); 5028a8e1175bSopenharmony_ci mbedtls_free(output2); 5029a8e1175bSopenharmony_ci psa_destroy_key(key); 5030a8e1175bSopenharmony_ci PSA_DONE(); 5031a8e1175bSopenharmony_ci} 5032a8e1175bSopenharmony_ci/* END_CASE */ 5033a8e1175bSopenharmony_ci 5034a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5035a8e1175bSopenharmony_civoid aead_encrypt_decrypt(int key_type_arg, data_t *key_data, 5036a8e1175bSopenharmony_ci int alg_arg, 5037a8e1175bSopenharmony_ci data_t *nonce, 5038a8e1175bSopenharmony_ci data_t *additional_data, 5039a8e1175bSopenharmony_ci data_t *input_data, 5040a8e1175bSopenharmony_ci int expected_result_arg) 5041a8e1175bSopenharmony_ci{ 5042a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5043a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 5044a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 5045a8e1175bSopenharmony_ci size_t key_bits; 5046a8e1175bSopenharmony_ci unsigned char *output_data = NULL; 5047a8e1175bSopenharmony_ci size_t output_size = 0; 5048a8e1175bSopenharmony_ci size_t output_length = 0; 5049a8e1175bSopenharmony_ci unsigned char *output_data2 = NULL; 5050a8e1175bSopenharmony_ci size_t output_length2 = 0; 5051a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 5052a8e1175bSopenharmony_ci psa_status_t expected_result = expected_result_arg; 5053a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5054a8e1175bSopenharmony_ci 5055a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 5056a8e1175bSopenharmony_ci 5057a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 5058a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 5059a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 5060a8e1175bSopenharmony_ci 5061a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 5062a8e1175bSopenharmony_ci &key)); 5063a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 5064a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 5065a8e1175bSopenharmony_ci 5066a8e1175bSopenharmony_ci output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 5067a8e1175bSopenharmony_ci alg); 5068a8e1175bSopenharmony_ci /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 5069a8e1175bSopenharmony_ci * should be exact. */ 5070a8e1175bSopenharmony_ci if (expected_result != PSA_ERROR_INVALID_ARGUMENT && 5071a8e1175bSopenharmony_ci expected_result != PSA_ERROR_NOT_SUPPORTED) { 5072a8e1175bSopenharmony_ci TEST_EQUAL(output_size, 5073a8e1175bSopenharmony_ci PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 5074a8e1175bSopenharmony_ci TEST_LE_U(output_size, 5075a8e1175bSopenharmony_ci PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 5076a8e1175bSopenharmony_ci } 5077a8e1175bSopenharmony_ci TEST_CALLOC(output_data, output_size); 5078a8e1175bSopenharmony_ci 5079a8e1175bSopenharmony_ci status = psa_aead_encrypt(key, alg, 5080a8e1175bSopenharmony_ci nonce->x, nonce->len, 5081a8e1175bSopenharmony_ci additional_data->x, 5082a8e1175bSopenharmony_ci additional_data->len, 5083a8e1175bSopenharmony_ci input_data->x, input_data->len, 5084a8e1175bSopenharmony_ci output_data, output_size, 5085a8e1175bSopenharmony_ci &output_length); 5086a8e1175bSopenharmony_ci 5087a8e1175bSopenharmony_ci /* If the operation is not supported, just skip and not fail in case the 5088a8e1175bSopenharmony_ci * encryption involves a common limitation of cryptography hardwares and 5089a8e1175bSopenharmony_ci * an alternative implementation. */ 5090a8e1175bSopenharmony_ci if (status == PSA_ERROR_NOT_SUPPORTED) { 5091a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8); 5092a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce->len); 5093a8e1175bSopenharmony_ci } 5094a8e1175bSopenharmony_ci 5095a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_result); 5096a8e1175bSopenharmony_ci 5097a8e1175bSopenharmony_ci if (PSA_SUCCESS == expected_result) { 5098a8e1175bSopenharmony_ci TEST_CALLOC(output_data2, output_length); 5099a8e1175bSopenharmony_ci 5100a8e1175bSopenharmony_ci /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE 5101a8e1175bSopenharmony_ci * should be exact. */ 5102a8e1175bSopenharmony_ci TEST_EQUAL(input_data->len, 5103a8e1175bSopenharmony_ci PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, output_length)); 5104a8e1175bSopenharmony_ci 5105a8e1175bSopenharmony_ci TEST_LE_U(input_data->len, 5106a8e1175bSopenharmony_ci PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(output_length)); 5107a8e1175bSopenharmony_ci 5108a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_decrypt(key, alg, 5109a8e1175bSopenharmony_ci nonce->x, nonce->len, 5110a8e1175bSopenharmony_ci additional_data->x, 5111a8e1175bSopenharmony_ci additional_data->len, 5112a8e1175bSopenharmony_ci output_data, output_length, 5113a8e1175bSopenharmony_ci output_data2, output_length, 5114a8e1175bSopenharmony_ci &output_length2), 5115a8e1175bSopenharmony_ci expected_result); 5116a8e1175bSopenharmony_ci 5117a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(input_data->x, input_data->len, 5118a8e1175bSopenharmony_ci output_data2, output_length2); 5119a8e1175bSopenharmony_ci } 5120a8e1175bSopenharmony_ci 5121a8e1175bSopenharmony_ciexit: 5122a8e1175bSopenharmony_ci psa_destroy_key(key); 5123a8e1175bSopenharmony_ci mbedtls_free(output_data); 5124a8e1175bSopenharmony_ci mbedtls_free(output_data2); 5125a8e1175bSopenharmony_ci PSA_DONE(); 5126a8e1175bSopenharmony_ci} 5127a8e1175bSopenharmony_ci/* END_CASE */ 5128a8e1175bSopenharmony_ci 5129a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5130a8e1175bSopenharmony_civoid aead_encrypt(int key_type_arg, data_t *key_data, 5131a8e1175bSopenharmony_ci int alg_arg, 5132a8e1175bSopenharmony_ci data_t *nonce, 5133a8e1175bSopenharmony_ci data_t *additional_data, 5134a8e1175bSopenharmony_ci data_t *input_data, 5135a8e1175bSopenharmony_ci data_t *expected_result) 5136a8e1175bSopenharmony_ci{ 5137a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5138a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 5139a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 5140a8e1175bSopenharmony_ci size_t key_bits; 5141a8e1175bSopenharmony_ci unsigned char *output_data = NULL; 5142a8e1175bSopenharmony_ci size_t output_size = 0; 5143a8e1175bSopenharmony_ci size_t output_length = 0; 5144a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5145a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 5146a8e1175bSopenharmony_ci 5147a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 5148a8e1175bSopenharmony_ci 5149a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 5150a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 5151a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 5152a8e1175bSopenharmony_ci 5153a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 5154a8e1175bSopenharmony_ci &key)); 5155a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 5156a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 5157a8e1175bSopenharmony_ci 5158a8e1175bSopenharmony_ci output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 5159a8e1175bSopenharmony_ci alg); 5160a8e1175bSopenharmony_ci /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 5161a8e1175bSopenharmony_ci * should be exact. */ 5162a8e1175bSopenharmony_ci TEST_EQUAL(output_size, 5163a8e1175bSopenharmony_ci PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 5164a8e1175bSopenharmony_ci TEST_LE_U(output_size, 5165a8e1175bSopenharmony_ci PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 5166a8e1175bSopenharmony_ci TEST_CALLOC(output_data, output_size); 5167a8e1175bSopenharmony_ci 5168a8e1175bSopenharmony_ci status = psa_aead_encrypt(key, alg, 5169a8e1175bSopenharmony_ci nonce->x, nonce->len, 5170a8e1175bSopenharmony_ci additional_data->x, additional_data->len, 5171a8e1175bSopenharmony_ci input_data->x, input_data->len, 5172a8e1175bSopenharmony_ci output_data, output_size, 5173a8e1175bSopenharmony_ci &output_length); 5174a8e1175bSopenharmony_ci 5175a8e1175bSopenharmony_ci /* If the operation is not supported, just skip and not fail in case the 5176a8e1175bSopenharmony_ci * encryption involves a common limitation of cryptography hardwares and 5177a8e1175bSopenharmony_ci * an alternative implementation. */ 5178a8e1175bSopenharmony_ci if (status == PSA_ERROR_NOT_SUPPORTED) { 5179a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8); 5180a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce->len); 5181a8e1175bSopenharmony_ci } 5182a8e1175bSopenharmony_ci 5183a8e1175bSopenharmony_ci PSA_ASSERT(status); 5184a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, 5185a8e1175bSopenharmony_ci output_data, output_length); 5186a8e1175bSopenharmony_ci 5187a8e1175bSopenharmony_ciexit: 5188a8e1175bSopenharmony_ci psa_destroy_key(key); 5189a8e1175bSopenharmony_ci mbedtls_free(output_data); 5190a8e1175bSopenharmony_ci PSA_DONE(); 5191a8e1175bSopenharmony_ci} 5192a8e1175bSopenharmony_ci/* END_CASE */ 5193a8e1175bSopenharmony_ci 5194a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5195a8e1175bSopenharmony_civoid aead_decrypt(int key_type_arg, data_t *key_data, 5196a8e1175bSopenharmony_ci int alg_arg, 5197a8e1175bSopenharmony_ci data_t *nonce, 5198a8e1175bSopenharmony_ci data_t *additional_data, 5199a8e1175bSopenharmony_ci data_t *input_data, 5200a8e1175bSopenharmony_ci data_t *expected_data, 5201a8e1175bSopenharmony_ci int expected_result_arg) 5202a8e1175bSopenharmony_ci{ 5203a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5204a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 5205a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 5206a8e1175bSopenharmony_ci size_t key_bits; 5207a8e1175bSopenharmony_ci unsigned char *output_data = NULL; 5208a8e1175bSopenharmony_ci size_t output_size = 0; 5209a8e1175bSopenharmony_ci size_t output_length = 0; 5210a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5211a8e1175bSopenharmony_ci psa_status_t expected_result = expected_result_arg; 5212a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 5213a8e1175bSopenharmony_ci 5214a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 5215a8e1175bSopenharmony_ci 5216a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 5217a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 5218a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 5219a8e1175bSopenharmony_ci 5220a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 5221a8e1175bSopenharmony_ci &key)); 5222a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 5223a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 5224a8e1175bSopenharmony_ci 5225a8e1175bSopenharmony_ci output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits, 5226a8e1175bSopenharmony_ci alg); 5227a8e1175bSopenharmony_ci if (expected_result != PSA_ERROR_INVALID_ARGUMENT && 5228a8e1175bSopenharmony_ci expected_result != PSA_ERROR_NOT_SUPPORTED) { 5229a8e1175bSopenharmony_ci /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE 5230a8e1175bSopenharmony_ci * should be exact. */ 5231a8e1175bSopenharmony_ci TEST_EQUAL(output_size, 5232a8e1175bSopenharmony_ci PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 5233a8e1175bSopenharmony_ci TEST_LE_U(output_size, 5234a8e1175bSopenharmony_ci PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(input_data->len)); 5235a8e1175bSopenharmony_ci } 5236a8e1175bSopenharmony_ci TEST_CALLOC(output_data, output_size); 5237a8e1175bSopenharmony_ci 5238a8e1175bSopenharmony_ci status = psa_aead_decrypt(key, alg, 5239a8e1175bSopenharmony_ci nonce->x, nonce->len, 5240a8e1175bSopenharmony_ci additional_data->x, 5241a8e1175bSopenharmony_ci additional_data->len, 5242a8e1175bSopenharmony_ci input_data->x, input_data->len, 5243a8e1175bSopenharmony_ci output_data, output_size, 5244a8e1175bSopenharmony_ci &output_length); 5245a8e1175bSopenharmony_ci 5246a8e1175bSopenharmony_ci /* If the operation is not supported, just skip and not fail in case the 5247a8e1175bSopenharmony_ci * decryption involves a common limitation of cryptography hardwares and 5248a8e1175bSopenharmony_ci * an alternative implementation. */ 5249a8e1175bSopenharmony_ci if (status == PSA_ERROR_NOT_SUPPORTED) { 5250a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8); 5251a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce->len); 5252a8e1175bSopenharmony_ci } 5253a8e1175bSopenharmony_ci 5254a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_result); 5255a8e1175bSopenharmony_ci 5256a8e1175bSopenharmony_ci if (expected_result == PSA_SUCCESS) { 5257a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, 5258a8e1175bSopenharmony_ci output_data, output_length); 5259a8e1175bSopenharmony_ci } 5260a8e1175bSopenharmony_ci 5261a8e1175bSopenharmony_ciexit: 5262a8e1175bSopenharmony_ci psa_destroy_key(key); 5263a8e1175bSopenharmony_ci mbedtls_free(output_data); 5264a8e1175bSopenharmony_ci PSA_DONE(); 5265a8e1175bSopenharmony_ci} 5266a8e1175bSopenharmony_ci/* END_CASE */ 5267a8e1175bSopenharmony_ci 5268a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5269a8e1175bSopenharmony_civoid aead_multipart_encrypt(int key_type_arg, data_t *key_data, 5270a8e1175bSopenharmony_ci int alg_arg, 5271a8e1175bSopenharmony_ci data_t *nonce, 5272a8e1175bSopenharmony_ci data_t *additional_data, 5273a8e1175bSopenharmony_ci data_t *input_data, 5274a8e1175bSopenharmony_ci int do_set_lengths, 5275a8e1175bSopenharmony_ci data_t *expected_output) 5276a8e1175bSopenharmony_ci{ 5277a8e1175bSopenharmony_ci size_t ad_part_len = 0; 5278a8e1175bSopenharmony_ci size_t data_part_len = 0; 5279a8e1175bSopenharmony_ci set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; 5280a8e1175bSopenharmony_ci 5281a8e1175bSopenharmony_ci for (ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++) { 5282a8e1175bSopenharmony_ci mbedtls_test_set_step(ad_part_len); 5283a8e1175bSopenharmony_ci 5284a8e1175bSopenharmony_ci if (do_set_lengths) { 5285a8e1175bSopenharmony_ci if (ad_part_len & 0x01) { 5286a8e1175bSopenharmony_ci set_lengths_method = SET_LENGTHS_AFTER_NONCE; 5287a8e1175bSopenharmony_ci } else { 5288a8e1175bSopenharmony_ci set_lengths_method = SET_LENGTHS_BEFORE_NONCE; 5289a8e1175bSopenharmony_ci } 5290a8e1175bSopenharmony_ci } 5291a8e1175bSopenharmony_ci 5292a8e1175bSopenharmony_ci /* Split ad into length(ad_part_len) parts. */ 5293a8e1175bSopenharmony_ci if (!aead_multipart_internal_func(key_type_arg, key_data, 5294a8e1175bSopenharmony_ci alg_arg, nonce, 5295a8e1175bSopenharmony_ci additional_data, 5296a8e1175bSopenharmony_ci ad_part_len, 5297a8e1175bSopenharmony_ci input_data, -1, 5298a8e1175bSopenharmony_ci set_lengths_method, 5299a8e1175bSopenharmony_ci expected_output, 5300a8e1175bSopenharmony_ci 1, 0)) { 5301a8e1175bSopenharmony_ci break; 5302a8e1175bSopenharmony_ci } 5303a8e1175bSopenharmony_ci 5304a8e1175bSopenharmony_ci /* length(0) part, length(ad_part_len) part, length(0) part... */ 5305a8e1175bSopenharmony_ci mbedtls_test_set_step(1000 + ad_part_len); 5306a8e1175bSopenharmony_ci 5307a8e1175bSopenharmony_ci if (!aead_multipart_internal_func(key_type_arg, key_data, 5308a8e1175bSopenharmony_ci alg_arg, nonce, 5309a8e1175bSopenharmony_ci additional_data, 5310a8e1175bSopenharmony_ci ad_part_len, 5311a8e1175bSopenharmony_ci input_data, -1, 5312a8e1175bSopenharmony_ci set_lengths_method, 5313a8e1175bSopenharmony_ci expected_output, 5314a8e1175bSopenharmony_ci 1, 1)) { 5315a8e1175bSopenharmony_ci break; 5316a8e1175bSopenharmony_ci } 5317a8e1175bSopenharmony_ci } 5318a8e1175bSopenharmony_ci 5319a8e1175bSopenharmony_ci for (data_part_len = 1; data_part_len <= input_data->len; data_part_len++) { 5320a8e1175bSopenharmony_ci /* Split data into length(data_part_len) parts. */ 5321a8e1175bSopenharmony_ci mbedtls_test_set_step(2000 + data_part_len); 5322a8e1175bSopenharmony_ci 5323a8e1175bSopenharmony_ci if (do_set_lengths) { 5324a8e1175bSopenharmony_ci if (data_part_len & 0x01) { 5325a8e1175bSopenharmony_ci set_lengths_method = SET_LENGTHS_AFTER_NONCE; 5326a8e1175bSopenharmony_ci } else { 5327a8e1175bSopenharmony_ci set_lengths_method = SET_LENGTHS_BEFORE_NONCE; 5328a8e1175bSopenharmony_ci } 5329a8e1175bSopenharmony_ci } 5330a8e1175bSopenharmony_ci 5331a8e1175bSopenharmony_ci if (!aead_multipart_internal_func(key_type_arg, key_data, 5332a8e1175bSopenharmony_ci alg_arg, nonce, 5333a8e1175bSopenharmony_ci additional_data, -1, 5334a8e1175bSopenharmony_ci input_data, data_part_len, 5335a8e1175bSopenharmony_ci set_lengths_method, 5336a8e1175bSopenharmony_ci expected_output, 5337a8e1175bSopenharmony_ci 1, 0)) { 5338a8e1175bSopenharmony_ci break; 5339a8e1175bSopenharmony_ci } 5340a8e1175bSopenharmony_ci 5341a8e1175bSopenharmony_ci /* length(0) part, length(data_part_len) part, length(0) part... */ 5342a8e1175bSopenharmony_ci mbedtls_test_set_step(3000 + data_part_len); 5343a8e1175bSopenharmony_ci 5344a8e1175bSopenharmony_ci if (!aead_multipart_internal_func(key_type_arg, key_data, 5345a8e1175bSopenharmony_ci alg_arg, nonce, 5346a8e1175bSopenharmony_ci additional_data, -1, 5347a8e1175bSopenharmony_ci input_data, data_part_len, 5348a8e1175bSopenharmony_ci set_lengths_method, 5349a8e1175bSopenharmony_ci expected_output, 5350a8e1175bSopenharmony_ci 1, 1)) { 5351a8e1175bSopenharmony_ci break; 5352a8e1175bSopenharmony_ci } 5353a8e1175bSopenharmony_ci } 5354a8e1175bSopenharmony_ci 5355a8e1175bSopenharmony_ci /* Goto is required to silence warnings about unused labels, as we 5356a8e1175bSopenharmony_ci * don't actually do any test assertions in this function. */ 5357a8e1175bSopenharmony_ci goto exit; 5358a8e1175bSopenharmony_ci} 5359a8e1175bSopenharmony_ci/* END_CASE */ 5360a8e1175bSopenharmony_ci 5361a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5362a8e1175bSopenharmony_civoid aead_multipart_decrypt(int key_type_arg, data_t *key_data, 5363a8e1175bSopenharmony_ci int alg_arg, 5364a8e1175bSopenharmony_ci data_t *nonce, 5365a8e1175bSopenharmony_ci data_t *additional_data, 5366a8e1175bSopenharmony_ci data_t *input_data, 5367a8e1175bSopenharmony_ci int do_set_lengths, 5368a8e1175bSopenharmony_ci data_t *expected_output) 5369a8e1175bSopenharmony_ci{ 5370a8e1175bSopenharmony_ci size_t ad_part_len = 0; 5371a8e1175bSopenharmony_ci size_t data_part_len = 0; 5372a8e1175bSopenharmony_ci set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; 5373a8e1175bSopenharmony_ci 5374a8e1175bSopenharmony_ci for (ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++) { 5375a8e1175bSopenharmony_ci /* Split ad into length(ad_part_len) parts. */ 5376a8e1175bSopenharmony_ci mbedtls_test_set_step(ad_part_len); 5377a8e1175bSopenharmony_ci 5378a8e1175bSopenharmony_ci if (do_set_lengths) { 5379a8e1175bSopenharmony_ci if (ad_part_len & 0x01) { 5380a8e1175bSopenharmony_ci set_lengths_method = SET_LENGTHS_AFTER_NONCE; 5381a8e1175bSopenharmony_ci } else { 5382a8e1175bSopenharmony_ci set_lengths_method = SET_LENGTHS_BEFORE_NONCE; 5383a8e1175bSopenharmony_ci } 5384a8e1175bSopenharmony_ci } 5385a8e1175bSopenharmony_ci 5386a8e1175bSopenharmony_ci if (!aead_multipart_internal_func(key_type_arg, key_data, 5387a8e1175bSopenharmony_ci alg_arg, nonce, 5388a8e1175bSopenharmony_ci additional_data, 5389a8e1175bSopenharmony_ci ad_part_len, 5390a8e1175bSopenharmony_ci input_data, -1, 5391a8e1175bSopenharmony_ci set_lengths_method, 5392a8e1175bSopenharmony_ci expected_output, 5393a8e1175bSopenharmony_ci 0, 0)) { 5394a8e1175bSopenharmony_ci break; 5395a8e1175bSopenharmony_ci } 5396a8e1175bSopenharmony_ci 5397a8e1175bSopenharmony_ci /* length(0) part, length(ad_part_len) part, length(0) part... */ 5398a8e1175bSopenharmony_ci mbedtls_test_set_step(1000 + ad_part_len); 5399a8e1175bSopenharmony_ci 5400a8e1175bSopenharmony_ci if (!aead_multipart_internal_func(key_type_arg, key_data, 5401a8e1175bSopenharmony_ci alg_arg, nonce, 5402a8e1175bSopenharmony_ci additional_data, 5403a8e1175bSopenharmony_ci ad_part_len, 5404a8e1175bSopenharmony_ci input_data, -1, 5405a8e1175bSopenharmony_ci set_lengths_method, 5406a8e1175bSopenharmony_ci expected_output, 5407a8e1175bSopenharmony_ci 0, 1)) { 5408a8e1175bSopenharmony_ci break; 5409a8e1175bSopenharmony_ci } 5410a8e1175bSopenharmony_ci } 5411a8e1175bSopenharmony_ci 5412a8e1175bSopenharmony_ci for (data_part_len = 1; data_part_len <= input_data->len; data_part_len++) { 5413a8e1175bSopenharmony_ci /* Split data into length(data_part_len) parts. */ 5414a8e1175bSopenharmony_ci mbedtls_test_set_step(2000 + data_part_len); 5415a8e1175bSopenharmony_ci 5416a8e1175bSopenharmony_ci if (do_set_lengths) { 5417a8e1175bSopenharmony_ci if (data_part_len & 0x01) { 5418a8e1175bSopenharmony_ci set_lengths_method = SET_LENGTHS_AFTER_NONCE; 5419a8e1175bSopenharmony_ci } else { 5420a8e1175bSopenharmony_ci set_lengths_method = SET_LENGTHS_BEFORE_NONCE; 5421a8e1175bSopenharmony_ci } 5422a8e1175bSopenharmony_ci } 5423a8e1175bSopenharmony_ci 5424a8e1175bSopenharmony_ci if (!aead_multipart_internal_func(key_type_arg, key_data, 5425a8e1175bSopenharmony_ci alg_arg, nonce, 5426a8e1175bSopenharmony_ci additional_data, -1, 5427a8e1175bSopenharmony_ci input_data, data_part_len, 5428a8e1175bSopenharmony_ci set_lengths_method, 5429a8e1175bSopenharmony_ci expected_output, 5430a8e1175bSopenharmony_ci 0, 0)) { 5431a8e1175bSopenharmony_ci break; 5432a8e1175bSopenharmony_ci } 5433a8e1175bSopenharmony_ci 5434a8e1175bSopenharmony_ci /* length(0) part, length(data_part_len) part, length(0) part... */ 5435a8e1175bSopenharmony_ci mbedtls_test_set_step(3000 + data_part_len); 5436a8e1175bSopenharmony_ci 5437a8e1175bSopenharmony_ci if (!aead_multipart_internal_func(key_type_arg, key_data, 5438a8e1175bSopenharmony_ci alg_arg, nonce, 5439a8e1175bSopenharmony_ci additional_data, -1, 5440a8e1175bSopenharmony_ci input_data, data_part_len, 5441a8e1175bSopenharmony_ci set_lengths_method, 5442a8e1175bSopenharmony_ci expected_output, 5443a8e1175bSopenharmony_ci 0, 1)) { 5444a8e1175bSopenharmony_ci break; 5445a8e1175bSopenharmony_ci } 5446a8e1175bSopenharmony_ci } 5447a8e1175bSopenharmony_ci 5448a8e1175bSopenharmony_ci /* Goto is required to silence warnings about unused labels, as we 5449a8e1175bSopenharmony_ci * don't actually do any test assertions in this function. */ 5450a8e1175bSopenharmony_ci goto exit; 5451a8e1175bSopenharmony_ci} 5452a8e1175bSopenharmony_ci/* END_CASE */ 5453a8e1175bSopenharmony_ci 5454a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5455a8e1175bSopenharmony_civoid aead_multipart_generate_nonce(int key_type_arg, data_t *key_data, 5456a8e1175bSopenharmony_ci int alg_arg, 5457a8e1175bSopenharmony_ci int nonce_length, 5458a8e1175bSopenharmony_ci int expected_nonce_length_arg, 5459a8e1175bSopenharmony_ci data_t *additional_data, 5460a8e1175bSopenharmony_ci data_t *input_data, 5461a8e1175bSopenharmony_ci int expected_status_arg) 5462a8e1175bSopenharmony_ci{ 5463a8e1175bSopenharmony_ci 5464a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5465a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 5466a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 5467a8e1175bSopenharmony_ci psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 5468a8e1175bSopenharmony_ci /* Some tests try to get more than the maximum nonce length, 5469a8e1175bSopenharmony_ci * so allocate double. */ 5470a8e1175bSopenharmony_ci uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE * 2]; 5471a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5472a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 5473a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 5474a8e1175bSopenharmony_ci size_t actual_nonce_length = 0; 5475a8e1175bSopenharmony_ci size_t expected_nonce_length = expected_nonce_length_arg; 5476a8e1175bSopenharmony_ci unsigned char *output = NULL; 5477a8e1175bSopenharmony_ci unsigned char *ciphertext = NULL; 5478a8e1175bSopenharmony_ci size_t output_size = 0; 5479a8e1175bSopenharmony_ci size_t ciphertext_size = 0; 5480a8e1175bSopenharmony_ci size_t ciphertext_length = 0; 5481a8e1175bSopenharmony_ci size_t tag_length = 0; 5482a8e1175bSopenharmony_ci uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 5483a8e1175bSopenharmony_ci 5484a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 5485a8e1175bSopenharmony_ci 5486a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 5487a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 5488a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 5489a8e1175bSopenharmony_ci 5490a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 5491a8e1175bSopenharmony_ci &key)); 5492a8e1175bSopenharmony_ci 5493a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 5494a8e1175bSopenharmony_ci 5495a8e1175bSopenharmony_ci output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); 5496a8e1175bSopenharmony_ci 5497a8e1175bSopenharmony_ci TEST_CALLOC(output, output_size); 5498a8e1175bSopenharmony_ci 5499a8e1175bSopenharmony_ci ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); 5500a8e1175bSopenharmony_ci 5501a8e1175bSopenharmony_ci TEST_LE_U(ciphertext_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE); 5502a8e1175bSopenharmony_ci 5503a8e1175bSopenharmony_ci TEST_CALLOC(ciphertext, ciphertext_size); 5504a8e1175bSopenharmony_ci 5505a8e1175bSopenharmony_ci status = psa_aead_encrypt_setup(&operation, key, alg); 5506a8e1175bSopenharmony_ci 5507a8e1175bSopenharmony_ci /* If the operation is not supported, just skip and not fail in case the 5508a8e1175bSopenharmony_ci * encryption involves a common limitation of cryptography hardwares and 5509a8e1175bSopenharmony_ci * an alternative implementation. */ 5510a8e1175bSopenharmony_ci if (status == PSA_ERROR_NOT_SUPPORTED) { 5511a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8); 5512a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce_length); 5513a8e1175bSopenharmony_ci } 5514a8e1175bSopenharmony_ci 5515a8e1175bSopenharmony_ci PSA_ASSERT(status); 5516a8e1175bSopenharmony_ci 5517a8e1175bSopenharmony_ci status = psa_aead_generate_nonce(&operation, nonce_buffer, 5518a8e1175bSopenharmony_ci nonce_length, 5519a8e1175bSopenharmony_ci &actual_nonce_length); 5520a8e1175bSopenharmony_ci 5521a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 5522a8e1175bSopenharmony_ci 5523a8e1175bSopenharmony_ci TEST_EQUAL(actual_nonce_length, expected_nonce_length); 5524a8e1175bSopenharmony_ci 5525a8e1175bSopenharmony_ci if (expected_status == PSA_SUCCESS) { 5526a8e1175bSopenharmony_ci TEST_EQUAL(actual_nonce_length, PSA_AEAD_NONCE_LENGTH(key_type, 5527a8e1175bSopenharmony_ci alg)); 5528a8e1175bSopenharmony_ci } 5529a8e1175bSopenharmony_ci 5530a8e1175bSopenharmony_ci TEST_LE_U(actual_nonce_length, PSA_AEAD_NONCE_MAX_SIZE); 5531a8e1175bSopenharmony_ci 5532a8e1175bSopenharmony_ci if (expected_status == PSA_SUCCESS) { 5533a8e1175bSopenharmony_ci /* Ensure we can still complete operation. */ 5534a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 5535a8e1175bSopenharmony_ci input_data->len)); 5536a8e1175bSopenharmony_ci 5537a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 5538a8e1175bSopenharmony_ci additional_data->len)); 5539a8e1175bSopenharmony_ci 5540a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update(&operation, input_data->x, input_data->len, 5541a8e1175bSopenharmony_ci output, output_size, 5542a8e1175bSopenharmony_ci &ciphertext_length)); 5543a8e1175bSopenharmony_ci 5544a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_finish(&operation, ciphertext, ciphertext_size, 5545a8e1175bSopenharmony_ci &ciphertext_length, tag_buffer, 5546a8e1175bSopenharmony_ci PSA_AEAD_TAG_MAX_SIZE, &tag_length)); 5547a8e1175bSopenharmony_ci } 5548a8e1175bSopenharmony_ci 5549a8e1175bSopenharmony_ciexit: 5550a8e1175bSopenharmony_ci psa_destroy_key(key); 5551a8e1175bSopenharmony_ci mbedtls_free(output); 5552a8e1175bSopenharmony_ci mbedtls_free(ciphertext); 5553a8e1175bSopenharmony_ci psa_aead_abort(&operation); 5554a8e1175bSopenharmony_ci PSA_DONE(); 5555a8e1175bSopenharmony_ci} 5556a8e1175bSopenharmony_ci/* END_CASE */ 5557a8e1175bSopenharmony_ci 5558a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5559a8e1175bSopenharmony_civoid aead_multipart_set_nonce(int key_type_arg, data_t *key_data, 5560a8e1175bSopenharmony_ci int alg_arg, 5561a8e1175bSopenharmony_ci int nonce_length_arg, 5562a8e1175bSopenharmony_ci int set_lengths_method_arg, 5563a8e1175bSopenharmony_ci data_t *additional_data, 5564a8e1175bSopenharmony_ci data_t *input_data, 5565a8e1175bSopenharmony_ci int expected_status_arg) 5566a8e1175bSopenharmony_ci{ 5567a8e1175bSopenharmony_ci 5568a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5569a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 5570a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 5571a8e1175bSopenharmony_ci psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 5572a8e1175bSopenharmony_ci uint8_t *nonce_buffer = NULL; 5573a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5574a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 5575a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 5576a8e1175bSopenharmony_ci unsigned char *output = NULL; 5577a8e1175bSopenharmony_ci unsigned char *ciphertext = NULL; 5578a8e1175bSopenharmony_ci size_t nonce_length; 5579a8e1175bSopenharmony_ci size_t output_size = 0; 5580a8e1175bSopenharmony_ci size_t ciphertext_size = 0; 5581a8e1175bSopenharmony_ci size_t ciphertext_length = 0; 5582a8e1175bSopenharmony_ci size_t tag_length = 0; 5583a8e1175bSopenharmony_ci uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 5584a8e1175bSopenharmony_ci size_t index = 0; 5585a8e1175bSopenharmony_ci set_lengths_method_t set_lengths_method = set_lengths_method_arg; 5586a8e1175bSopenharmony_ci 5587a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 5588a8e1175bSopenharmony_ci 5589a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 5590a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 5591a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 5592a8e1175bSopenharmony_ci 5593a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 5594a8e1175bSopenharmony_ci &key)); 5595a8e1175bSopenharmony_ci 5596a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 5597a8e1175bSopenharmony_ci 5598a8e1175bSopenharmony_ci output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); 5599a8e1175bSopenharmony_ci 5600a8e1175bSopenharmony_ci TEST_CALLOC(output, output_size); 5601a8e1175bSopenharmony_ci 5602a8e1175bSopenharmony_ci ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); 5603a8e1175bSopenharmony_ci 5604a8e1175bSopenharmony_ci TEST_LE_U(ciphertext_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE); 5605a8e1175bSopenharmony_ci 5606a8e1175bSopenharmony_ci TEST_CALLOC(ciphertext, ciphertext_size); 5607a8e1175bSopenharmony_ci 5608a8e1175bSopenharmony_ci status = psa_aead_encrypt_setup(&operation, key, alg); 5609a8e1175bSopenharmony_ci 5610a8e1175bSopenharmony_ci /* If the operation is not supported, just skip and not fail in case the 5611a8e1175bSopenharmony_ci * encryption involves a common limitation of cryptography hardwares and 5612a8e1175bSopenharmony_ci * an alternative implementation. */ 5613a8e1175bSopenharmony_ci if (status == PSA_ERROR_NOT_SUPPORTED) { 5614a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8); 5615a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce_length_arg); 5616a8e1175bSopenharmony_ci } 5617a8e1175bSopenharmony_ci 5618a8e1175bSopenharmony_ci PSA_ASSERT(status); 5619a8e1175bSopenharmony_ci 5620a8e1175bSopenharmony_ci /* -1 == zero length and valid buffer, 0 = zero length and NULL buffer. */ 5621a8e1175bSopenharmony_ci if (nonce_length_arg == -1) { 5622a8e1175bSopenharmony_ci /* Arbitrary size buffer, to test zero length valid buffer. */ 5623a8e1175bSopenharmony_ci TEST_CALLOC(nonce_buffer, 4); 5624a8e1175bSopenharmony_ci nonce_length = 0; 5625a8e1175bSopenharmony_ci } else { 5626a8e1175bSopenharmony_ci /* If length is zero, then this will return NULL. */ 5627a8e1175bSopenharmony_ci nonce_length = (size_t) nonce_length_arg; 5628a8e1175bSopenharmony_ci TEST_CALLOC(nonce_buffer, nonce_length); 5629a8e1175bSopenharmony_ci 5630a8e1175bSopenharmony_ci if (nonce_buffer) { 5631a8e1175bSopenharmony_ci for (index = 0; index < nonce_length - 1; ++index) { 5632a8e1175bSopenharmony_ci nonce_buffer[index] = 'a' + index; 5633a8e1175bSopenharmony_ci } 5634a8e1175bSopenharmony_ci } 5635a8e1175bSopenharmony_ci } 5636a8e1175bSopenharmony_ci 5637a8e1175bSopenharmony_ci if (set_lengths_method == SET_LENGTHS_BEFORE_NONCE) { 5638a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 5639a8e1175bSopenharmony_ci input_data->len)); 5640a8e1175bSopenharmony_ci } 5641a8e1175bSopenharmony_ci 5642a8e1175bSopenharmony_ci status = psa_aead_set_nonce(&operation, nonce_buffer, nonce_length); 5643a8e1175bSopenharmony_ci 5644a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 5645a8e1175bSopenharmony_ci 5646a8e1175bSopenharmony_ci if (expected_status == PSA_SUCCESS) { 5647a8e1175bSopenharmony_ci if (set_lengths_method == SET_LENGTHS_AFTER_NONCE) { 5648a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 5649a8e1175bSopenharmony_ci input_data->len)); 5650a8e1175bSopenharmony_ci } 5651a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM && set_lengths_method == DO_NOT_SET_LENGTHS) { 5652a8e1175bSopenharmony_ci expected_status = PSA_ERROR_BAD_STATE; 5653a8e1175bSopenharmony_ci } 5654a8e1175bSopenharmony_ci 5655a8e1175bSopenharmony_ci /* Ensure we can still complete operation, unless it's CCM and we didn't set lengths. */ 5656a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update_ad(&operation, additional_data->x, 5657a8e1175bSopenharmony_ci additional_data->len), 5658a8e1175bSopenharmony_ci expected_status); 5659a8e1175bSopenharmony_ci 5660a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update(&operation, input_data->x, input_data->len, 5661a8e1175bSopenharmony_ci output, output_size, 5662a8e1175bSopenharmony_ci &ciphertext_length), 5663a8e1175bSopenharmony_ci expected_status); 5664a8e1175bSopenharmony_ci 5665a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_finish(&operation, ciphertext, ciphertext_size, 5666a8e1175bSopenharmony_ci &ciphertext_length, tag_buffer, 5667a8e1175bSopenharmony_ci PSA_AEAD_TAG_MAX_SIZE, &tag_length), 5668a8e1175bSopenharmony_ci expected_status); 5669a8e1175bSopenharmony_ci } 5670a8e1175bSopenharmony_ci 5671a8e1175bSopenharmony_ciexit: 5672a8e1175bSopenharmony_ci psa_destroy_key(key); 5673a8e1175bSopenharmony_ci mbedtls_free(output); 5674a8e1175bSopenharmony_ci mbedtls_free(ciphertext); 5675a8e1175bSopenharmony_ci mbedtls_free(nonce_buffer); 5676a8e1175bSopenharmony_ci psa_aead_abort(&operation); 5677a8e1175bSopenharmony_ci PSA_DONE(); 5678a8e1175bSopenharmony_ci} 5679a8e1175bSopenharmony_ci/* END_CASE */ 5680a8e1175bSopenharmony_ci 5681a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5682a8e1175bSopenharmony_civoid aead_multipart_update_buffer_test(int key_type_arg, data_t *key_data, 5683a8e1175bSopenharmony_ci int alg_arg, 5684a8e1175bSopenharmony_ci int output_size_arg, 5685a8e1175bSopenharmony_ci data_t *nonce, 5686a8e1175bSopenharmony_ci data_t *additional_data, 5687a8e1175bSopenharmony_ci data_t *input_data, 5688a8e1175bSopenharmony_ci int expected_status_arg) 5689a8e1175bSopenharmony_ci{ 5690a8e1175bSopenharmony_ci 5691a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5692a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 5693a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 5694a8e1175bSopenharmony_ci psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 5695a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5696a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 5697a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 5698a8e1175bSopenharmony_ci unsigned char *output = NULL; 5699a8e1175bSopenharmony_ci unsigned char *ciphertext = NULL; 5700a8e1175bSopenharmony_ci size_t output_size = output_size_arg; 5701a8e1175bSopenharmony_ci size_t ciphertext_size = 0; 5702a8e1175bSopenharmony_ci size_t ciphertext_length = 0; 5703a8e1175bSopenharmony_ci size_t tag_length = 0; 5704a8e1175bSopenharmony_ci uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 5705a8e1175bSopenharmony_ci 5706a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 5707a8e1175bSopenharmony_ci 5708a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 5709a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 5710a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 5711a8e1175bSopenharmony_ci 5712a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 5713a8e1175bSopenharmony_ci &key)); 5714a8e1175bSopenharmony_ci 5715a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 5716a8e1175bSopenharmony_ci 5717a8e1175bSopenharmony_ci TEST_CALLOC(output, output_size); 5718a8e1175bSopenharmony_ci 5719a8e1175bSopenharmony_ci ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); 5720a8e1175bSopenharmony_ci 5721a8e1175bSopenharmony_ci TEST_CALLOC(ciphertext, ciphertext_size); 5722a8e1175bSopenharmony_ci 5723a8e1175bSopenharmony_ci status = psa_aead_encrypt_setup(&operation, key, alg); 5724a8e1175bSopenharmony_ci 5725a8e1175bSopenharmony_ci /* If the operation is not supported, just skip and not fail in case the 5726a8e1175bSopenharmony_ci * encryption involves a common limitation of cryptography hardwares and 5727a8e1175bSopenharmony_ci * an alternative implementation. */ 5728a8e1175bSopenharmony_ci if (status == PSA_ERROR_NOT_SUPPORTED) { 5729a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8); 5730a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce->len); 5731a8e1175bSopenharmony_ci } 5732a8e1175bSopenharmony_ci 5733a8e1175bSopenharmony_ci PSA_ASSERT(status); 5734a8e1175bSopenharmony_ci 5735a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 5736a8e1175bSopenharmony_ci input_data->len)); 5737a8e1175bSopenharmony_ci 5738a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 5739a8e1175bSopenharmony_ci 5740a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 5741a8e1175bSopenharmony_ci additional_data->len)); 5742a8e1175bSopenharmony_ci 5743a8e1175bSopenharmony_ci status = psa_aead_update(&operation, input_data->x, input_data->len, 5744a8e1175bSopenharmony_ci output, output_size, &ciphertext_length); 5745a8e1175bSopenharmony_ci 5746a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 5747a8e1175bSopenharmony_ci 5748a8e1175bSopenharmony_ci if (expected_status == PSA_SUCCESS) { 5749a8e1175bSopenharmony_ci /* Ensure we can still complete operation. */ 5750a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_finish(&operation, ciphertext, ciphertext_size, 5751a8e1175bSopenharmony_ci &ciphertext_length, tag_buffer, 5752a8e1175bSopenharmony_ci PSA_AEAD_TAG_MAX_SIZE, &tag_length)); 5753a8e1175bSopenharmony_ci } 5754a8e1175bSopenharmony_ci 5755a8e1175bSopenharmony_ciexit: 5756a8e1175bSopenharmony_ci psa_destroy_key(key); 5757a8e1175bSopenharmony_ci mbedtls_free(output); 5758a8e1175bSopenharmony_ci mbedtls_free(ciphertext); 5759a8e1175bSopenharmony_ci psa_aead_abort(&operation); 5760a8e1175bSopenharmony_ci PSA_DONE(); 5761a8e1175bSopenharmony_ci} 5762a8e1175bSopenharmony_ci/* END_CASE */ 5763a8e1175bSopenharmony_ci 5764a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5765a8e1175bSopenharmony_civoid aead_multipart_finish_buffer_test(int key_type_arg, data_t *key_data, 5766a8e1175bSopenharmony_ci int alg_arg, 5767a8e1175bSopenharmony_ci int finish_ciphertext_size_arg, 5768a8e1175bSopenharmony_ci int tag_size_arg, 5769a8e1175bSopenharmony_ci data_t *nonce, 5770a8e1175bSopenharmony_ci data_t *additional_data, 5771a8e1175bSopenharmony_ci data_t *input_data, 5772a8e1175bSopenharmony_ci int expected_status_arg) 5773a8e1175bSopenharmony_ci{ 5774a8e1175bSopenharmony_ci 5775a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5776a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 5777a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 5778a8e1175bSopenharmony_ci psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 5779a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5780a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 5781a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 5782a8e1175bSopenharmony_ci unsigned char *ciphertext = NULL; 5783a8e1175bSopenharmony_ci unsigned char *finish_ciphertext = NULL; 5784a8e1175bSopenharmony_ci unsigned char *tag_buffer = NULL; 5785a8e1175bSopenharmony_ci size_t ciphertext_size = 0; 5786a8e1175bSopenharmony_ci size_t ciphertext_length = 0; 5787a8e1175bSopenharmony_ci size_t finish_ciphertext_size = (size_t) finish_ciphertext_size_arg; 5788a8e1175bSopenharmony_ci size_t tag_size = (size_t) tag_size_arg; 5789a8e1175bSopenharmony_ci size_t tag_length = 0; 5790a8e1175bSopenharmony_ci 5791a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 5792a8e1175bSopenharmony_ci 5793a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 5794a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 5795a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 5796a8e1175bSopenharmony_ci 5797a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 5798a8e1175bSopenharmony_ci &key)); 5799a8e1175bSopenharmony_ci 5800a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 5801a8e1175bSopenharmony_ci 5802a8e1175bSopenharmony_ci ciphertext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); 5803a8e1175bSopenharmony_ci 5804a8e1175bSopenharmony_ci TEST_CALLOC(ciphertext, ciphertext_size); 5805a8e1175bSopenharmony_ci 5806a8e1175bSopenharmony_ci TEST_CALLOC(finish_ciphertext, finish_ciphertext_size); 5807a8e1175bSopenharmony_ci 5808a8e1175bSopenharmony_ci TEST_CALLOC(tag_buffer, tag_size); 5809a8e1175bSopenharmony_ci 5810a8e1175bSopenharmony_ci status = psa_aead_encrypt_setup(&operation, key, alg); 5811a8e1175bSopenharmony_ci 5812a8e1175bSopenharmony_ci /* If the operation is not supported, just skip and not fail in case the 5813a8e1175bSopenharmony_ci * encryption involves a common limitation of cryptography hardwares and 5814a8e1175bSopenharmony_ci * an alternative implementation. */ 5815a8e1175bSopenharmony_ci if (status == PSA_ERROR_NOT_SUPPORTED) { 5816a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8); 5817a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce->len); 5818a8e1175bSopenharmony_ci } 5819a8e1175bSopenharmony_ci 5820a8e1175bSopenharmony_ci PSA_ASSERT(status); 5821a8e1175bSopenharmony_ci 5822a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 5823a8e1175bSopenharmony_ci 5824a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 5825a8e1175bSopenharmony_ci input_data->len)); 5826a8e1175bSopenharmony_ci 5827a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 5828a8e1175bSopenharmony_ci additional_data->len)); 5829a8e1175bSopenharmony_ci 5830a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update(&operation, input_data->x, input_data->len, 5831a8e1175bSopenharmony_ci ciphertext, ciphertext_size, &ciphertext_length)); 5832a8e1175bSopenharmony_ci 5833a8e1175bSopenharmony_ci /* Ensure we can still complete operation. */ 5834a8e1175bSopenharmony_ci status = psa_aead_finish(&operation, finish_ciphertext, 5835a8e1175bSopenharmony_ci finish_ciphertext_size, 5836a8e1175bSopenharmony_ci &ciphertext_length, tag_buffer, 5837a8e1175bSopenharmony_ci tag_size, &tag_length); 5838a8e1175bSopenharmony_ci 5839a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 5840a8e1175bSopenharmony_ci 5841a8e1175bSopenharmony_ciexit: 5842a8e1175bSopenharmony_ci psa_destroy_key(key); 5843a8e1175bSopenharmony_ci mbedtls_free(ciphertext); 5844a8e1175bSopenharmony_ci mbedtls_free(finish_ciphertext); 5845a8e1175bSopenharmony_ci mbedtls_free(tag_buffer); 5846a8e1175bSopenharmony_ci psa_aead_abort(&operation); 5847a8e1175bSopenharmony_ci PSA_DONE(); 5848a8e1175bSopenharmony_ci} 5849a8e1175bSopenharmony_ci/* END_CASE */ 5850a8e1175bSopenharmony_ci 5851a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5852a8e1175bSopenharmony_civoid aead_multipart_verify(int key_type_arg, data_t *key_data, 5853a8e1175bSopenharmony_ci int alg_arg, 5854a8e1175bSopenharmony_ci data_t *nonce, 5855a8e1175bSopenharmony_ci data_t *additional_data, 5856a8e1175bSopenharmony_ci data_t *input_data, 5857a8e1175bSopenharmony_ci data_t *tag, 5858a8e1175bSopenharmony_ci int tag_usage_arg, 5859a8e1175bSopenharmony_ci int expected_setup_status_arg, 5860a8e1175bSopenharmony_ci int expected_status_arg) 5861a8e1175bSopenharmony_ci{ 5862a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5863a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 5864a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 5865a8e1175bSopenharmony_ci psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 5866a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5867a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 5868a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 5869a8e1175bSopenharmony_ci psa_status_t expected_setup_status = expected_setup_status_arg; 5870a8e1175bSopenharmony_ci unsigned char *plaintext = NULL; 5871a8e1175bSopenharmony_ci unsigned char *finish_plaintext = NULL; 5872a8e1175bSopenharmony_ci size_t plaintext_size = 0; 5873a8e1175bSopenharmony_ci size_t plaintext_length = 0; 5874a8e1175bSopenharmony_ci size_t verify_plaintext_size = 0; 5875a8e1175bSopenharmony_ci tag_usage_method_t tag_usage = tag_usage_arg; 5876a8e1175bSopenharmony_ci unsigned char *tag_buffer = NULL; 5877a8e1175bSopenharmony_ci size_t tag_size = 0; 5878a8e1175bSopenharmony_ci 5879a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 5880a8e1175bSopenharmony_ci 5881a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 5882a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 5883a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 5884a8e1175bSopenharmony_ci 5885a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 5886a8e1175bSopenharmony_ci &key)); 5887a8e1175bSopenharmony_ci 5888a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 5889a8e1175bSopenharmony_ci 5890a8e1175bSopenharmony_ci plaintext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, 5891a8e1175bSopenharmony_ci input_data->len); 5892a8e1175bSopenharmony_ci 5893a8e1175bSopenharmony_ci TEST_CALLOC(plaintext, plaintext_size); 5894a8e1175bSopenharmony_ci 5895a8e1175bSopenharmony_ci verify_plaintext_size = PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg); 5896a8e1175bSopenharmony_ci 5897a8e1175bSopenharmony_ci TEST_CALLOC(finish_plaintext, verify_plaintext_size); 5898a8e1175bSopenharmony_ci 5899a8e1175bSopenharmony_ci status = psa_aead_decrypt_setup(&operation, key, alg); 5900a8e1175bSopenharmony_ci 5901a8e1175bSopenharmony_ci /* If the operation is not supported, just skip and not fail in case the 5902a8e1175bSopenharmony_ci * encryption involves a common limitation of cryptography hardwares and 5903a8e1175bSopenharmony_ci * an alternative implementation. */ 5904a8e1175bSopenharmony_ci if (status == PSA_ERROR_NOT_SUPPORTED) { 5905a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_data->len * 8); 5906a8e1175bSopenharmony_ci MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, nonce->len); 5907a8e1175bSopenharmony_ci } 5908a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_setup_status); 5909a8e1175bSopenharmony_ci 5910a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 5911a8e1175bSopenharmony_ci goto exit; 5912a8e1175bSopenharmony_ci } 5913a8e1175bSopenharmony_ci 5914a8e1175bSopenharmony_ci PSA_ASSERT(status); 5915a8e1175bSopenharmony_ci 5916a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 5917a8e1175bSopenharmony_ci 5918a8e1175bSopenharmony_ci status = psa_aead_set_lengths(&operation, additional_data->len, 5919a8e1175bSopenharmony_ci input_data->len); 5920a8e1175bSopenharmony_ci PSA_ASSERT(status); 5921a8e1175bSopenharmony_ci 5922a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 5923a8e1175bSopenharmony_ci additional_data->len)); 5924a8e1175bSopenharmony_ci 5925a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update(&operation, input_data->x, 5926a8e1175bSopenharmony_ci input_data->len, 5927a8e1175bSopenharmony_ci plaintext, plaintext_size, 5928a8e1175bSopenharmony_ci &plaintext_length)); 5929a8e1175bSopenharmony_ci 5930a8e1175bSopenharmony_ci if (tag_usage == USE_GIVEN_TAG) { 5931a8e1175bSopenharmony_ci tag_buffer = tag->x; 5932a8e1175bSopenharmony_ci tag_size = tag->len; 5933a8e1175bSopenharmony_ci } 5934a8e1175bSopenharmony_ci 5935a8e1175bSopenharmony_ci status = psa_aead_verify(&operation, finish_plaintext, 5936a8e1175bSopenharmony_ci verify_plaintext_size, 5937a8e1175bSopenharmony_ci &plaintext_length, 5938a8e1175bSopenharmony_ci tag_buffer, tag_size); 5939a8e1175bSopenharmony_ci 5940a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 5941a8e1175bSopenharmony_ci 5942a8e1175bSopenharmony_ciexit: 5943a8e1175bSopenharmony_ci psa_destroy_key(key); 5944a8e1175bSopenharmony_ci mbedtls_free(plaintext); 5945a8e1175bSopenharmony_ci mbedtls_free(finish_plaintext); 5946a8e1175bSopenharmony_ci psa_aead_abort(&operation); 5947a8e1175bSopenharmony_ci PSA_DONE(); 5948a8e1175bSopenharmony_ci} 5949a8e1175bSopenharmony_ci/* END_CASE */ 5950a8e1175bSopenharmony_ci 5951a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5952a8e1175bSopenharmony_civoid aead_multipart_setup(int key_type_arg, data_t *key_data, 5953a8e1175bSopenharmony_ci int alg_arg, int expected_status_arg) 5954a8e1175bSopenharmony_ci{ 5955a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5956a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 5957a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 5958a8e1175bSopenharmony_ci psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 5959a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 5960a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_GENERIC_ERROR; 5961a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 5962a8e1175bSopenharmony_ci 5963a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 5964a8e1175bSopenharmony_ci 5965a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, 5966a8e1175bSopenharmony_ci PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 5967a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 5968a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 5969a8e1175bSopenharmony_ci 5970a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 5971a8e1175bSopenharmony_ci &key)); 5972a8e1175bSopenharmony_ci 5973a8e1175bSopenharmony_ci status = psa_aead_encrypt_setup(&operation, key, alg); 5974a8e1175bSopenharmony_ci 5975a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 5976a8e1175bSopenharmony_ci 5977a8e1175bSopenharmony_ci psa_aead_abort(&operation); 5978a8e1175bSopenharmony_ci 5979a8e1175bSopenharmony_ci status = psa_aead_decrypt_setup(&operation, key, alg); 5980a8e1175bSopenharmony_ci 5981a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 5982a8e1175bSopenharmony_ci 5983a8e1175bSopenharmony_ciexit: 5984a8e1175bSopenharmony_ci psa_destroy_key(key); 5985a8e1175bSopenharmony_ci psa_aead_abort(&operation); 5986a8e1175bSopenharmony_ci PSA_DONE(); 5987a8e1175bSopenharmony_ci} 5988a8e1175bSopenharmony_ci/* END_CASE */ 5989a8e1175bSopenharmony_ci 5990a8e1175bSopenharmony_ci/* BEGIN_CASE */ 5991a8e1175bSopenharmony_civoid aead_multipart_state_test(int key_type_arg, data_t *key_data, 5992a8e1175bSopenharmony_ci int alg_arg, 5993a8e1175bSopenharmony_ci data_t *nonce, 5994a8e1175bSopenharmony_ci data_t *additional_data, 5995a8e1175bSopenharmony_ci data_t *input_data) 5996a8e1175bSopenharmony_ci{ 5997a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 5998a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 5999a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 6000a8e1175bSopenharmony_ci psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; 6001a8e1175bSopenharmony_ci unsigned char *output_data = NULL; 6002a8e1175bSopenharmony_ci unsigned char *final_data = NULL; 6003a8e1175bSopenharmony_ci size_t output_size = 0; 6004a8e1175bSopenharmony_ci size_t finish_output_size = 0; 6005a8e1175bSopenharmony_ci size_t output_length = 0; 6006a8e1175bSopenharmony_ci size_t key_bits = 0; 6007a8e1175bSopenharmony_ci size_t tag_length = 0; 6008a8e1175bSopenharmony_ci size_t tag_size = 0; 6009a8e1175bSopenharmony_ci size_t nonce_length = 0; 6010a8e1175bSopenharmony_ci uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; 6011a8e1175bSopenharmony_ci uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 6012a8e1175bSopenharmony_ci size_t output_part_length = 0; 6013a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6014a8e1175bSopenharmony_ci 6015a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 6016a8e1175bSopenharmony_ci 6017a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, 6018a8e1175bSopenharmony_ci PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 6019a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 6020a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 6021a8e1175bSopenharmony_ci 6022a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 6023a8e1175bSopenharmony_ci &key)); 6024a8e1175bSopenharmony_ci 6025a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 6026a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 6027a8e1175bSopenharmony_ci 6028a8e1175bSopenharmony_ci tag_length = PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); 6029a8e1175bSopenharmony_ci 6030a8e1175bSopenharmony_ci TEST_LE_U(tag_length, PSA_AEAD_TAG_MAX_SIZE); 6031a8e1175bSopenharmony_ci 6032a8e1175bSopenharmony_ci output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_data->len); 6033a8e1175bSopenharmony_ci 6034a8e1175bSopenharmony_ci TEST_CALLOC(output_data, output_size); 6035a8e1175bSopenharmony_ci 6036a8e1175bSopenharmony_ci finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg); 6037a8e1175bSopenharmony_ci 6038a8e1175bSopenharmony_ci TEST_LE_U(finish_output_size, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE); 6039a8e1175bSopenharmony_ci 6040a8e1175bSopenharmony_ci TEST_CALLOC(final_data, finish_output_size); 6041a8e1175bSopenharmony_ci 6042a8e1175bSopenharmony_ci /* Test all operations error without calling setup first. */ 6043a8e1175bSopenharmony_ci 6044a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_nonce(&operation, nonce->x, nonce->len), 6045a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6046a8e1175bSopenharmony_ci 6047a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6048a8e1175bSopenharmony_ci 6049a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_generate_nonce(&operation, nonce_buffer, 6050a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6051a8e1175bSopenharmony_ci &nonce_length), 6052a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6053a8e1175bSopenharmony_ci 6054a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6055a8e1175bSopenharmony_ci 6056a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6057a8e1175bSopenharmony_ci 6058a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, additional_data->len, 6059a8e1175bSopenharmony_ci input_data->len), 6060a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6061a8e1175bSopenharmony_ci 6062a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6063a8e1175bSopenharmony_ci 6064a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6065a8e1175bSopenharmony_ci 6066a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update_ad(&operation, additional_data->x, 6067a8e1175bSopenharmony_ci additional_data->len), 6068a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6069a8e1175bSopenharmony_ci 6070a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6071a8e1175bSopenharmony_ci 6072a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6073a8e1175bSopenharmony_ci 6074a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update(&operation, input_data->x, 6075a8e1175bSopenharmony_ci input_data->len, output_data, 6076a8e1175bSopenharmony_ci output_size, &output_length), 6077a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6078a8e1175bSopenharmony_ci 6079a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6080a8e1175bSopenharmony_ci 6081a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6082a8e1175bSopenharmony_ci 6083a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_finish(&operation, final_data, 6084a8e1175bSopenharmony_ci finish_output_size, 6085a8e1175bSopenharmony_ci &output_part_length, 6086a8e1175bSopenharmony_ci tag_buffer, tag_length, 6087a8e1175bSopenharmony_ci &tag_size), 6088a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6089a8e1175bSopenharmony_ci 6090a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6091a8e1175bSopenharmony_ci 6092a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6093a8e1175bSopenharmony_ci 6094a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_verify(&operation, final_data, 6095a8e1175bSopenharmony_ci finish_output_size, 6096a8e1175bSopenharmony_ci &output_part_length, 6097a8e1175bSopenharmony_ci tag_buffer, 6098a8e1175bSopenharmony_ci tag_length), 6099a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6100a8e1175bSopenharmony_ci 6101a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6102a8e1175bSopenharmony_ci 6103a8e1175bSopenharmony_ci /* Test for double setups. */ 6104a8e1175bSopenharmony_ci 6105a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6106a8e1175bSopenharmony_ci 6107a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_encrypt_setup(&operation, key, alg), 6108a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6109a8e1175bSopenharmony_ci 6110a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6111a8e1175bSopenharmony_ci 6112a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6113a8e1175bSopenharmony_ci 6114a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_decrypt_setup(&operation, key, alg)); 6115a8e1175bSopenharmony_ci 6116a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_decrypt_setup(&operation, key, alg), 6117a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6118a8e1175bSopenharmony_ci 6119a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6120a8e1175bSopenharmony_ci 6121a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6122a8e1175bSopenharmony_ci 6123a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6124a8e1175bSopenharmony_ci 6125a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_decrypt_setup(&operation, key, alg), 6126a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6127a8e1175bSopenharmony_ci 6128a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6129a8e1175bSopenharmony_ci 6130a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6131a8e1175bSopenharmony_ci 6132a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_decrypt_setup(&operation, key, alg)); 6133a8e1175bSopenharmony_ci 6134a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_encrypt_setup(&operation, key, alg), 6135a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6136a8e1175bSopenharmony_ci 6137a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6138a8e1175bSopenharmony_ci 6139a8e1175bSopenharmony_ci /* Test for not setting a nonce. */ 6140a8e1175bSopenharmony_ci 6141a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6142a8e1175bSopenharmony_ci 6143a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update_ad(&operation, additional_data->x, 6144a8e1175bSopenharmony_ci additional_data->len), 6145a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6146a8e1175bSopenharmony_ci 6147a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6148a8e1175bSopenharmony_ci 6149a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6150a8e1175bSopenharmony_ci 6151a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6152a8e1175bSopenharmony_ci 6153a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update(&operation, input_data->x, 6154a8e1175bSopenharmony_ci input_data->len, output_data, 6155a8e1175bSopenharmony_ci output_size, &output_length), 6156a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6157a8e1175bSopenharmony_ci 6158a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6159a8e1175bSopenharmony_ci 6160a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6161a8e1175bSopenharmony_ci 6162a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6163a8e1175bSopenharmony_ci 6164a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_finish(&operation, final_data, 6165a8e1175bSopenharmony_ci finish_output_size, 6166a8e1175bSopenharmony_ci &output_part_length, 6167a8e1175bSopenharmony_ci tag_buffer, tag_length, 6168a8e1175bSopenharmony_ci &tag_size), 6169a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6170a8e1175bSopenharmony_ci 6171a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6172a8e1175bSopenharmony_ci 6173a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6174a8e1175bSopenharmony_ci 6175a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_decrypt_setup(&operation, key, alg)); 6176a8e1175bSopenharmony_ci 6177a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_verify(&operation, final_data, 6178a8e1175bSopenharmony_ci finish_output_size, 6179a8e1175bSopenharmony_ci &output_part_length, 6180a8e1175bSopenharmony_ci tag_buffer, 6181a8e1175bSopenharmony_ci tag_length), 6182a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6183a8e1175bSopenharmony_ci 6184a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6185a8e1175bSopenharmony_ci 6186a8e1175bSopenharmony_ci /* Test for double setting nonce. */ 6187a8e1175bSopenharmony_ci 6188a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6189a8e1175bSopenharmony_ci 6190a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6191a8e1175bSopenharmony_ci 6192a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_nonce(&operation, nonce->x, nonce->len), 6193a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6194a8e1175bSopenharmony_ci 6195a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6196a8e1175bSopenharmony_ci 6197a8e1175bSopenharmony_ci /* Test for double generating nonce. */ 6198a8e1175bSopenharmony_ci 6199a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6200a8e1175bSopenharmony_ci 6201a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_generate_nonce(&operation, nonce_buffer, 6202a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6203a8e1175bSopenharmony_ci &nonce_length)); 6204a8e1175bSopenharmony_ci 6205a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_generate_nonce(&operation, nonce_buffer, 6206a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6207a8e1175bSopenharmony_ci &nonce_length), 6208a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6209a8e1175bSopenharmony_ci 6210a8e1175bSopenharmony_ci 6211a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6212a8e1175bSopenharmony_ci 6213a8e1175bSopenharmony_ci /* Test for generate nonce then set and vice versa */ 6214a8e1175bSopenharmony_ci 6215a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6216a8e1175bSopenharmony_ci 6217a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_generate_nonce(&operation, nonce_buffer, 6218a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6219a8e1175bSopenharmony_ci &nonce_length)); 6220a8e1175bSopenharmony_ci 6221a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_nonce(&operation, nonce->x, nonce->len), 6222a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6223a8e1175bSopenharmony_ci 6224a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6225a8e1175bSopenharmony_ci 6226a8e1175bSopenharmony_ci /* Test for generating nonce after calling set lengths */ 6227a8e1175bSopenharmony_ci 6228a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6229a8e1175bSopenharmony_ci 6230a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6231a8e1175bSopenharmony_ci input_data->len)); 6232a8e1175bSopenharmony_ci 6233a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_generate_nonce(&operation, nonce_buffer, 6234a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6235a8e1175bSopenharmony_ci &nonce_length)); 6236a8e1175bSopenharmony_ci 6237a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6238a8e1175bSopenharmony_ci 6239a8e1175bSopenharmony_ci /* Test for generating nonce after calling set lengths with UINT32_MAX ad_data length */ 6240a8e1175bSopenharmony_ci 6241a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6242a8e1175bSopenharmony_ci 6243a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM) { 6244a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, UINT32_MAX, 6245a8e1175bSopenharmony_ci input_data->len), 6246a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6247a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_generate_nonce(&operation, nonce_buffer, 6248a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6249a8e1175bSopenharmony_ci &nonce_length), 6250a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6251a8e1175bSopenharmony_ci } else { 6252a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, UINT32_MAX, 6253a8e1175bSopenharmony_ci input_data->len)); 6254a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_generate_nonce(&operation, nonce_buffer, 6255a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6256a8e1175bSopenharmony_ci &nonce_length)); 6257a8e1175bSopenharmony_ci } 6258a8e1175bSopenharmony_ci 6259a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6260a8e1175bSopenharmony_ci 6261a8e1175bSopenharmony_ci /* Test for generating nonce after calling set lengths with SIZE_MAX ad_data length */ 6262a8e1175bSopenharmony_ci#if SIZE_MAX > UINT32_MAX 6263a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6264a8e1175bSopenharmony_ci 6265a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM || operation.alg == PSA_ALG_GCM) { 6266a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, SIZE_MAX, 6267a8e1175bSopenharmony_ci input_data->len), 6268a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6269a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_generate_nonce(&operation, nonce_buffer, 6270a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6271a8e1175bSopenharmony_ci &nonce_length), 6272a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6273a8e1175bSopenharmony_ci } else { 6274a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, SIZE_MAX, 6275a8e1175bSopenharmony_ci input_data->len)); 6276a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_generate_nonce(&operation, nonce_buffer, 6277a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6278a8e1175bSopenharmony_ci &nonce_length)); 6279a8e1175bSopenharmony_ci } 6280a8e1175bSopenharmony_ci 6281a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6282a8e1175bSopenharmony_ci#endif 6283a8e1175bSopenharmony_ci 6284a8e1175bSopenharmony_ci /* Test for calling set lengths with a UINT32_MAX ad_data length, after generating nonce */ 6285a8e1175bSopenharmony_ci 6286a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6287a8e1175bSopenharmony_ci 6288a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_generate_nonce(&operation, nonce_buffer, 6289a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6290a8e1175bSopenharmony_ci &nonce_length)); 6291a8e1175bSopenharmony_ci 6292a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM) { 6293a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, UINT32_MAX, 6294a8e1175bSopenharmony_ci input_data->len), 6295a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6296a8e1175bSopenharmony_ci } else { 6297a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, UINT32_MAX, 6298a8e1175bSopenharmony_ci input_data->len)); 6299a8e1175bSopenharmony_ci } 6300a8e1175bSopenharmony_ci 6301a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6302a8e1175bSopenharmony_ci 6303a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6304a8e1175bSopenharmony_ci /* Test for setting nonce after calling set lengths */ 6305a8e1175bSopenharmony_ci 6306a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6307a8e1175bSopenharmony_ci 6308a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6309a8e1175bSopenharmony_ci input_data->len)); 6310a8e1175bSopenharmony_ci 6311a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6312a8e1175bSopenharmony_ci 6313a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6314a8e1175bSopenharmony_ci 6315a8e1175bSopenharmony_ci /* Test for setting nonce after calling set lengths with UINT32_MAX ad_data length */ 6316a8e1175bSopenharmony_ci 6317a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6318a8e1175bSopenharmony_ci 6319a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM) { 6320a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, UINT32_MAX, 6321a8e1175bSopenharmony_ci input_data->len), 6322a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6323a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_nonce(&operation, nonce->x, nonce->len), 6324a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6325a8e1175bSopenharmony_ci } else { 6326a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, UINT32_MAX, 6327a8e1175bSopenharmony_ci input_data->len)); 6328a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6329a8e1175bSopenharmony_ci } 6330a8e1175bSopenharmony_ci 6331a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6332a8e1175bSopenharmony_ci 6333a8e1175bSopenharmony_ci /* Test for setting nonce after calling set lengths with SIZE_MAX ad_data length */ 6334a8e1175bSopenharmony_ci#if SIZE_MAX > UINT32_MAX 6335a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6336a8e1175bSopenharmony_ci 6337a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM || operation.alg == PSA_ALG_GCM) { 6338a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, SIZE_MAX, 6339a8e1175bSopenharmony_ci input_data->len), 6340a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6341a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_nonce(&operation, nonce->x, nonce->len), 6342a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6343a8e1175bSopenharmony_ci } else { 6344a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, SIZE_MAX, 6345a8e1175bSopenharmony_ci input_data->len)); 6346a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6347a8e1175bSopenharmony_ci } 6348a8e1175bSopenharmony_ci 6349a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6350a8e1175bSopenharmony_ci#endif 6351a8e1175bSopenharmony_ci 6352a8e1175bSopenharmony_ci /* Test for calling set lengths with an ad_data length of UINT32_MAX, after setting nonce */ 6353a8e1175bSopenharmony_ci 6354a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6355a8e1175bSopenharmony_ci 6356a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6357a8e1175bSopenharmony_ci 6358a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM) { 6359a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, UINT32_MAX, 6360a8e1175bSopenharmony_ci input_data->len), 6361a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6362a8e1175bSopenharmony_ci } else { 6363a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, UINT32_MAX, 6364a8e1175bSopenharmony_ci input_data->len)); 6365a8e1175bSopenharmony_ci } 6366a8e1175bSopenharmony_ci 6367a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6368a8e1175bSopenharmony_ci 6369a8e1175bSopenharmony_ci /* Test for setting nonce after calling set lengths with plaintext length of SIZE_MAX */ 6370a8e1175bSopenharmony_ci#if SIZE_MAX > UINT32_MAX 6371a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6372a8e1175bSopenharmony_ci 6373a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_GCM) { 6374a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, additional_data->len, 6375a8e1175bSopenharmony_ci SIZE_MAX), 6376a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6377a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_nonce(&operation, nonce->x, nonce->len), 6378a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6379a8e1175bSopenharmony_ci } else if (operation.alg != PSA_ALG_CCM) { 6380a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6381a8e1175bSopenharmony_ci SIZE_MAX)); 6382a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6383a8e1175bSopenharmony_ci } 6384a8e1175bSopenharmony_ci 6385a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6386a8e1175bSopenharmony_ci#endif 6387a8e1175bSopenharmony_ci 6388a8e1175bSopenharmony_ci /* Test for calling set lengths with a plaintext length of SIZE_MAX, after setting nonce */ 6389a8e1175bSopenharmony_ci#if SIZE_MAX > UINT32_MAX 6390a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6391a8e1175bSopenharmony_ci 6392a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6393a8e1175bSopenharmony_ci 6394a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_GCM) { 6395a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, additional_data->len, 6396a8e1175bSopenharmony_ci SIZE_MAX), 6397a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6398a8e1175bSopenharmony_ci } else if (operation.alg != PSA_ALG_CCM) { 6399a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6400a8e1175bSopenharmony_ci SIZE_MAX)); 6401a8e1175bSopenharmony_ci } 6402a8e1175bSopenharmony_ci 6403a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6404a8e1175bSopenharmony_ci#endif 6405a8e1175bSopenharmony_ci 6406a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6407a8e1175bSopenharmony_ci 6408a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6409a8e1175bSopenharmony_ci 6410a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6411a8e1175bSopenharmony_ci 6412a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_generate_nonce(&operation, nonce_buffer, 6413a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6414a8e1175bSopenharmony_ci &nonce_length), 6415a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6416a8e1175bSopenharmony_ci 6417a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6418a8e1175bSopenharmony_ci 6419a8e1175bSopenharmony_ci /* Test for generating nonce in decrypt setup. */ 6420a8e1175bSopenharmony_ci 6421a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_decrypt_setup(&operation, key, alg)); 6422a8e1175bSopenharmony_ci 6423a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_generate_nonce(&operation, nonce_buffer, 6424a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6425a8e1175bSopenharmony_ci &nonce_length), 6426a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6427a8e1175bSopenharmony_ci 6428a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6429a8e1175bSopenharmony_ci 6430a8e1175bSopenharmony_ci /* Test for setting lengths twice. */ 6431a8e1175bSopenharmony_ci 6432a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6433a8e1175bSopenharmony_ci 6434a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6435a8e1175bSopenharmony_ci 6436a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6437a8e1175bSopenharmony_ci input_data->len)); 6438a8e1175bSopenharmony_ci 6439a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, additional_data->len, 6440a8e1175bSopenharmony_ci input_data->len), 6441a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6442a8e1175bSopenharmony_ci 6443a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6444a8e1175bSopenharmony_ci 6445a8e1175bSopenharmony_ci /* Test for setting lengths after setting nonce + already starting data. */ 6446a8e1175bSopenharmony_ci 6447a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6448a8e1175bSopenharmony_ci 6449a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6450a8e1175bSopenharmony_ci 6451a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM) { 6452a8e1175bSopenharmony_ci 6453a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update_ad(&operation, additional_data->x, 6454a8e1175bSopenharmony_ci additional_data->len), 6455a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6456a8e1175bSopenharmony_ci } else { 6457a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 6458a8e1175bSopenharmony_ci additional_data->len)); 6459a8e1175bSopenharmony_ci 6460a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, additional_data->len, 6461a8e1175bSopenharmony_ci input_data->len), 6462a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6463a8e1175bSopenharmony_ci } 6464a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6465a8e1175bSopenharmony_ci 6466a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6467a8e1175bSopenharmony_ci 6468a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6469a8e1175bSopenharmony_ci 6470a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6471a8e1175bSopenharmony_ci 6472a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM) { 6473a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update(&operation, input_data->x, 6474a8e1175bSopenharmony_ci input_data->len, output_data, 6475a8e1175bSopenharmony_ci output_size, &output_length), 6476a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6477a8e1175bSopenharmony_ci 6478a8e1175bSopenharmony_ci } else { 6479a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update(&operation, input_data->x, 6480a8e1175bSopenharmony_ci input_data->len, output_data, 6481a8e1175bSopenharmony_ci output_size, &output_length)); 6482a8e1175bSopenharmony_ci 6483a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, additional_data->len, 6484a8e1175bSopenharmony_ci input_data->len), 6485a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6486a8e1175bSopenharmony_ci } 6487a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6488a8e1175bSopenharmony_ci 6489a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6490a8e1175bSopenharmony_ci 6491a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6492a8e1175bSopenharmony_ci 6493a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6494a8e1175bSopenharmony_ci 6495a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM) { 6496a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_finish(&operation, final_data, 6497a8e1175bSopenharmony_ci finish_output_size, 6498a8e1175bSopenharmony_ci &output_part_length, 6499a8e1175bSopenharmony_ci tag_buffer, tag_length, 6500a8e1175bSopenharmony_ci &tag_size)); 6501a8e1175bSopenharmony_ci } else { 6502a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_finish(&operation, final_data, 6503a8e1175bSopenharmony_ci finish_output_size, 6504a8e1175bSopenharmony_ci &output_part_length, 6505a8e1175bSopenharmony_ci tag_buffer, tag_length, 6506a8e1175bSopenharmony_ci &tag_size)); 6507a8e1175bSopenharmony_ci 6508a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, additional_data->len, 6509a8e1175bSopenharmony_ci input_data->len), 6510a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6511a8e1175bSopenharmony_ci } 6512a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6513a8e1175bSopenharmony_ci 6514a8e1175bSopenharmony_ci /* Test for setting lengths after generating nonce + already starting data. */ 6515a8e1175bSopenharmony_ci 6516a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6517a8e1175bSopenharmony_ci 6518a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_generate_nonce(&operation, nonce_buffer, 6519a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6520a8e1175bSopenharmony_ci &nonce_length)); 6521a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM) { 6522a8e1175bSopenharmony_ci 6523a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update_ad(&operation, additional_data->x, 6524a8e1175bSopenharmony_ci additional_data->len), 6525a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6526a8e1175bSopenharmony_ci } else { 6527a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 6528a8e1175bSopenharmony_ci additional_data->len)); 6529a8e1175bSopenharmony_ci 6530a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, additional_data->len, 6531a8e1175bSopenharmony_ci input_data->len), 6532a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6533a8e1175bSopenharmony_ci } 6534a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6535a8e1175bSopenharmony_ci 6536a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6537a8e1175bSopenharmony_ci 6538a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6539a8e1175bSopenharmony_ci 6540a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_generate_nonce(&operation, nonce_buffer, 6541a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6542a8e1175bSopenharmony_ci &nonce_length)); 6543a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM) { 6544a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update(&operation, input_data->x, 6545a8e1175bSopenharmony_ci input_data->len, output_data, 6546a8e1175bSopenharmony_ci output_size, &output_length), 6547a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6548a8e1175bSopenharmony_ci 6549a8e1175bSopenharmony_ci } else { 6550a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update(&operation, input_data->x, 6551a8e1175bSopenharmony_ci input_data->len, output_data, 6552a8e1175bSopenharmony_ci output_size, &output_length)); 6553a8e1175bSopenharmony_ci 6554a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, additional_data->len, 6555a8e1175bSopenharmony_ci input_data->len), 6556a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6557a8e1175bSopenharmony_ci } 6558a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6559a8e1175bSopenharmony_ci 6560a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6561a8e1175bSopenharmony_ci 6562a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6563a8e1175bSopenharmony_ci 6564a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_generate_nonce(&operation, nonce_buffer, 6565a8e1175bSopenharmony_ci PSA_AEAD_NONCE_MAX_SIZE, 6566a8e1175bSopenharmony_ci &nonce_length)); 6567a8e1175bSopenharmony_ci if (operation.alg == PSA_ALG_CCM) { 6568a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_finish(&operation, final_data, 6569a8e1175bSopenharmony_ci finish_output_size, 6570a8e1175bSopenharmony_ci &output_part_length, 6571a8e1175bSopenharmony_ci tag_buffer, tag_length, 6572a8e1175bSopenharmony_ci &tag_size)); 6573a8e1175bSopenharmony_ci } else { 6574a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_finish(&operation, final_data, 6575a8e1175bSopenharmony_ci finish_output_size, 6576a8e1175bSopenharmony_ci &output_part_length, 6577a8e1175bSopenharmony_ci tag_buffer, tag_length, 6578a8e1175bSopenharmony_ci &tag_size)); 6579a8e1175bSopenharmony_ci 6580a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_set_lengths(&operation, additional_data->len, 6581a8e1175bSopenharmony_ci input_data->len), 6582a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6583a8e1175bSopenharmony_ci } 6584a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6585a8e1175bSopenharmony_ci 6586a8e1175bSopenharmony_ci /* Test for not sending any additional data or data after setting non zero 6587a8e1175bSopenharmony_ci * lengths for them. (encrypt) */ 6588a8e1175bSopenharmony_ci 6589a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6590a8e1175bSopenharmony_ci 6591a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6592a8e1175bSopenharmony_ci 6593a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6594a8e1175bSopenharmony_ci input_data->len)); 6595a8e1175bSopenharmony_ci 6596a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_finish(&operation, final_data, 6597a8e1175bSopenharmony_ci finish_output_size, 6598a8e1175bSopenharmony_ci &output_part_length, 6599a8e1175bSopenharmony_ci tag_buffer, tag_length, 6600a8e1175bSopenharmony_ci &tag_size), 6601a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6602a8e1175bSopenharmony_ci 6603a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6604a8e1175bSopenharmony_ci 6605a8e1175bSopenharmony_ci /* Test for not sending any additional data or data after setting non-zero 6606a8e1175bSopenharmony_ci * lengths for them. (decrypt) */ 6607a8e1175bSopenharmony_ci 6608a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_decrypt_setup(&operation, key, alg)); 6609a8e1175bSopenharmony_ci 6610a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6611a8e1175bSopenharmony_ci 6612a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6613a8e1175bSopenharmony_ci input_data->len)); 6614a8e1175bSopenharmony_ci 6615a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_verify(&operation, final_data, 6616a8e1175bSopenharmony_ci finish_output_size, 6617a8e1175bSopenharmony_ci &output_part_length, 6618a8e1175bSopenharmony_ci tag_buffer, 6619a8e1175bSopenharmony_ci tag_length), 6620a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6621a8e1175bSopenharmony_ci 6622a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6623a8e1175bSopenharmony_ci 6624a8e1175bSopenharmony_ci /* Test for not sending any additional data after setting a non-zero length 6625a8e1175bSopenharmony_ci * for it. */ 6626a8e1175bSopenharmony_ci 6627a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6628a8e1175bSopenharmony_ci 6629a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6630a8e1175bSopenharmony_ci 6631a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6632a8e1175bSopenharmony_ci input_data->len)); 6633a8e1175bSopenharmony_ci 6634a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update(&operation, input_data->x, 6635a8e1175bSopenharmony_ci input_data->len, output_data, 6636a8e1175bSopenharmony_ci output_size, &output_length), 6637a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6638a8e1175bSopenharmony_ci 6639a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6640a8e1175bSopenharmony_ci 6641a8e1175bSopenharmony_ci /* Test for not sending any data after setting a non-zero length for it.*/ 6642a8e1175bSopenharmony_ci 6643a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6644a8e1175bSopenharmony_ci 6645a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6646a8e1175bSopenharmony_ci 6647a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6648a8e1175bSopenharmony_ci input_data->len)); 6649a8e1175bSopenharmony_ci 6650a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 6651a8e1175bSopenharmony_ci additional_data->len)); 6652a8e1175bSopenharmony_ci 6653a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_finish(&operation, final_data, 6654a8e1175bSopenharmony_ci finish_output_size, 6655a8e1175bSopenharmony_ci &output_part_length, 6656a8e1175bSopenharmony_ci tag_buffer, tag_length, 6657a8e1175bSopenharmony_ci &tag_size), 6658a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6659a8e1175bSopenharmony_ci 6660a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6661a8e1175bSopenharmony_ci 6662a8e1175bSopenharmony_ci /* Test for sending too much additional data after setting lengths. */ 6663a8e1175bSopenharmony_ci 6664a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6665a8e1175bSopenharmony_ci 6666a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6667a8e1175bSopenharmony_ci 6668a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, 0, 0)); 6669a8e1175bSopenharmony_ci 6670a8e1175bSopenharmony_ci 6671a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update_ad(&operation, additional_data->x, 6672a8e1175bSopenharmony_ci additional_data->len), 6673a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6674a8e1175bSopenharmony_ci 6675a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6676a8e1175bSopenharmony_ci 6677a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6678a8e1175bSopenharmony_ci 6679a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6680a8e1175bSopenharmony_ci 6681a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6682a8e1175bSopenharmony_ci 6683a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6684a8e1175bSopenharmony_ci input_data->len)); 6685a8e1175bSopenharmony_ci 6686a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 6687a8e1175bSopenharmony_ci additional_data->len)); 6688a8e1175bSopenharmony_ci 6689a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update_ad(&operation, additional_data->x, 6690a8e1175bSopenharmony_ci 1), 6691a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6692a8e1175bSopenharmony_ci 6693a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6694a8e1175bSopenharmony_ci 6695a8e1175bSopenharmony_ci /* Test for sending too much data after setting lengths. */ 6696a8e1175bSopenharmony_ci 6697a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6698a8e1175bSopenharmony_ci 6699a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6700a8e1175bSopenharmony_ci 6701a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, 0, 0)); 6702a8e1175bSopenharmony_ci 6703a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update(&operation, input_data->x, 6704a8e1175bSopenharmony_ci input_data->len, output_data, 6705a8e1175bSopenharmony_ci output_size, &output_length), 6706a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6707a8e1175bSopenharmony_ci 6708a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6709a8e1175bSopenharmony_ci 6710a8e1175bSopenharmony_ci /* ------------------------------------------------------- */ 6711a8e1175bSopenharmony_ci 6712a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6713a8e1175bSopenharmony_ci 6714a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6715a8e1175bSopenharmony_ci 6716a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 6717a8e1175bSopenharmony_ci input_data->len)); 6718a8e1175bSopenharmony_ci 6719a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 6720a8e1175bSopenharmony_ci additional_data->len)); 6721a8e1175bSopenharmony_ci 6722a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update(&operation, input_data->x, 6723a8e1175bSopenharmony_ci input_data->len, output_data, 6724a8e1175bSopenharmony_ci output_size, &output_length)); 6725a8e1175bSopenharmony_ci 6726a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update(&operation, input_data->x, 6727a8e1175bSopenharmony_ci 1, output_data, 6728a8e1175bSopenharmony_ci output_size, &output_length), 6729a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 6730a8e1175bSopenharmony_ci 6731a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6732a8e1175bSopenharmony_ci 6733a8e1175bSopenharmony_ci /* Test sending additional data after data. */ 6734a8e1175bSopenharmony_ci 6735a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6736a8e1175bSopenharmony_ci 6737a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6738a8e1175bSopenharmony_ci 6739a8e1175bSopenharmony_ci if (operation.alg != PSA_ALG_CCM) { 6740a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_update(&operation, input_data->x, 6741a8e1175bSopenharmony_ci input_data->len, output_data, 6742a8e1175bSopenharmony_ci output_size, &output_length)); 6743a8e1175bSopenharmony_ci 6744a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_update_ad(&operation, additional_data->x, 6745a8e1175bSopenharmony_ci additional_data->len), 6746a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6747a8e1175bSopenharmony_ci } 6748a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6749a8e1175bSopenharmony_ci 6750a8e1175bSopenharmony_ci /* Test calling finish on decryption. */ 6751a8e1175bSopenharmony_ci 6752a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_decrypt_setup(&operation, key, alg)); 6753a8e1175bSopenharmony_ci 6754a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6755a8e1175bSopenharmony_ci 6756a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_finish(&operation, final_data, 6757a8e1175bSopenharmony_ci finish_output_size, 6758a8e1175bSopenharmony_ci &output_part_length, 6759a8e1175bSopenharmony_ci tag_buffer, tag_length, 6760a8e1175bSopenharmony_ci &tag_size), 6761a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6762a8e1175bSopenharmony_ci 6763a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6764a8e1175bSopenharmony_ci 6765a8e1175bSopenharmony_ci /* Test calling verify on encryption. */ 6766a8e1175bSopenharmony_ci 6767a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_encrypt_setup(&operation, key, alg)); 6768a8e1175bSopenharmony_ci 6769a8e1175bSopenharmony_ci PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 6770a8e1175bSopenharmony_ci 6771a8e1175bSopenharmony_ci TEST_EQUAL(psa_aead_verify(&operation, final_data, 6772a8e1175bSopenharmony_ci finish_output_size, 6773a8e1175bSopenharmony_ci &output_part_length, 6774a8e1175bSopenharmony_ci tag_buffer, 6775a8e1175bSopenharmony_ci tag_length), 6776a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 6777a8e1175bSopenharmony_ci 6778a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6779a8e1175bSopenharmony_ci 6780a8e1175bSopenharmony_ci 6781a8e1175bSopenharmony_ciexit: 6782a8e1175bSopenharmony_ci psa_destroy_key(key); 6783a8e1175bSopenharmony_ci psa_aead_abort(&operation); 6784a8e1175bSopenharmony_ci mbedtls_free(output_data); 6785a8e1175bSopenharmony_ci mbedtls_free(final_data); 6786a8e1175bSopenharmony_ci PSA_DONE(); 6787a8e1175bSopenharmony_ci} 6788a8e1175bSopenharmony_ci/* END_CASE */ 6789a8e1175bSopenharmony_ci 6790a8e1175bSopenharmony_ci/* BEGIN_CASE */ 6791a8e1175bSopenharmony_civoid signature_size(int type_arg, 6792a8e1175bSopenharmony_ci int bits, 6793a8e1175bSopenharmony_ci int alg_arg, 6794a8e1175bSopenharmony_ci int expected_size_arg) 6795a8e1175bSopenharmony_ci{ 6796a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 6797a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 6798a8e1175bSopenharmony_ci size_t actual_size = PSA_SIGN_OUTPUT_SIZE(type, bits, alg); 6799a8e1175bSopenharmony_ci 6800a8e1175bSopenharmony_ci TEST_EQUAL(actual_size, (size_t) expected_size_arg); 6801a8e1175bSopenharmony_ci 6802a8e1175bSopenharmony_ciexit: 6803a8e1175bSopenharmony_ci ; 6804a8e1175bSopenharmony_ci} 6805a8e1175bSopenharmony_ci/* END_CASE */ 6806a8e1175bSopenharmony_ci 6807a8e1175bSopenharmony_ci/* BEGIN_CASE */ 6808a8e1175bSopenharmony_civoid sign_hash_deterministic(int key_type_arg, data_t *key_data, 6809a8e1175bSopenharmony_ci int alg_arg, data_t *input_data, 6810a8e1175bSopenharmony_ci data_t *output_data) 6811a8e1175bSopenharmony_ci{ 6812a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 6813a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 6814a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 6815a8e1175bSopenharmony_ci size_t key_bits; 6816a8e1175bSopenharmony_ci unsigned char *signature = NULL; 6817a8e1175bSopenharmony_ci size_t signature_size; 6818a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 6819a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6820a8e1175bSopenharmony_ci 6821a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 6822a8e1175bSopenharmony_ci 6823a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 6824a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 6825a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 6826a8e1175bSopenharmony_ci 6827a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 6828a8e1175bSopenharmony_ci &key)); 6829a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 6830a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 6831a8e1175bSopenharmony_ci 6832a8e1175bSopenharmony_ci /* Allocate a buffer which has the size advertised by the 6833a8e1175bSopenharmony_ci * library. */ 6834a8e1175bSopenharmony_ci signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, 6835a8e1175bSopenharmony_ci key_bits, alg); 6836a8e1175bSopenharmony_ci TEST_ASSERT(signature_size != 0); 6837a8e1175bSopenharmony_ci TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); 6838a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 6839a8e1175bSopenharmony_ci 6840a8e1175bSopenharmony_ci /* Perform the signature. */ 6841a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash(key, alg, 6842a8e1175bSopenharmony_ci input_data->x, input_data->len, 6843a8e1175bSopenharmony_ci signature, signature_size, 6844a8e1175bSopenharmony_ci &signature_length)); 6845a8e1175bSopenharmony_ci /* Verify that the signature is what is expected. */ 6846a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output_data->x, output_data->len, 6847a8e1175bSopenharmony_ci signature, signature_length); 6848a8e1175bSopenharmony_ci 6849a8e1175bSopenharmony_ciexit: 6850a8e1175bSopenharmony_ci /* 6851a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 6852a8e1175bSopenharmony_ci * thus reset them as required. 6853a8e1175bSopenharmony_ci */ 6854a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 6855a8e1175bSopenharmony_ci 6856a8e1175bSopenharmony_ci psa_destroy_key(key); 6857a8e1175bSopenharmony_ci mbedtls_free(signature); 6858a8e1175bSopenharmony_ci PSA_DONE(); 6859a8e1175bSopenharmony_ci} 6860a8e1175bSopenharmony_ci/* END_CASE */ 6861a8e1175bSopenharmony_ci 6862a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 6863a8e1175bSopenharmony_ci/** 6864a8e1175bSopenharmony_ci * sign_hash_interruptible() test intentions: 6865a8e1175bSopenharmony_ci * 6866a8e1175bSopenharmony_ci * Note: This test can currently only handle ECDSA. 6867a8e1175bSopenharmony_ci * 6868a8e1175bSopenharmony_ci * 1. Test interruptible sign hash with known outcomes (deterministic ECDSA 6869a8e1175bSopenharmony_ci * and private keys / keypairs only). 6870a8e1175bSopenharmony_ci * 6871a8e1175bSopenharmony_ci * 2. Test the number of calls to psa_sign_hash_complete() required are as 6872a8e1175bSopenharmony_ci * expected for different max_ops values. 6873a8e1175bSopenharmony_ci * 6874a8e1175bSopenharmony_ci * 3. Test that the number of ops done prior to start and after abort is zero 6875a8e1175bSopenharmony_ci * and that each successful stage completes some ops (this is not mandated by 6876a8e1175bSopenharmony_ci * the PSA specification, but is currently the case). 6877a8e1175bSopenharmony_ci * 6878a8e1175bSopenharmony_ci * 4. Test that calling psa_sign_hash_get_num_ops() multiple times between 6879a8e1175bSopenharmony_ci * complete() calls does not alter the number of ops returned. 6880a8e1175bSopenharmony_ci */ 6881a8e1175bSopenharmony_civoid sign_hash_interruptible(int key_type_arg, data_t *key_data, 6882a8e1175bSopenharmony_ci int alg_arg, data_t *input_data, 6883a8e1175bSopenharmony_ci data_t *output_data, int max_ops_arg) 6884a8e1175bSopenharmony_ci{ 6885a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 6886a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 6887a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 6888a8e1175bSopenharmony_ci size_t key_bits; 6889a8e1175bSopenharmony_ci unsigned char *signature = NULL; 6890a8e1175bSopenharmony_ci size_t signature_size; 6891a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 6892a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 6893a8e1175bSopenharmony_ci psa_status_t status = PSA_OPERATION_INCOMPLETE; 6894a8e1175bSopenharmony_ci uint32_t num_ops = 0; 6895a8e1175bSopenharmony_ci uint32_t max_ops = max_ops_arg; 6896a8e1175bSopenharmony_ci size_t num_ops_prior = 0; 6897a8e1175bSopenharmony_ci size_t num_completes = 0; 6898a8e1175bSopenharmony_ci size_t min_completes = 0; 6899a8e1175bSopenharmony_ci size_t max_completes = 0; 6900a8e1175bSopenharmony_ci 6901a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_t operation = 6902a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_init(); 6903a8e1175bSopenharmony_ci 6904a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 6905a8e1175bSopenharmony_ci 6906a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 6907a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 6908a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 6909a8e1175bSopenharmony_ci 6910a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 6911a8e1175bSopenharmony_ci &key)); 6912a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 6913a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 6914a8e1175bSopenharmony_ci 6915a8e1175bSopenharmony_ci /* Allocate a buffer which has the size advertised by the 6916a8e1175bSopenharmony_ci * library. */ 6917a8e1175bSopenharmony_ci signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, 6918a8e1175bSopenharmony_ci key_bits, alg); 6919a8e1175bSopenharmony_ci TEST_ASSERT(signature_size != 0); 6920a8e1175bSopenharmony_ci TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); 6921a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 6922a8e1175bSopenharmony_ci 6923a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(max_ops); 6924a8e1175bSopenharmony_ci 6925a8e1175bSopenharmony_ci interruptible_signverify_get_minmax_completes(max_ops, PSA_SUCCESS, 6926a8e1175bSopenharmony_ci &min_completes, &max_completes); 6927a8e1175bSopenharmony_ci 6928a8e1175bSopenharmony_ci num_ops_prior = psa_sign_hash_get_num_ops(&operation); 6929a8e1175bSopenharmony_ci TEST_ASSERT(num_ops_prior == 0); 6930a8e1175bSopenharmony_ci 6931a8e1175bSopenharmony_ci /* Start performing the signature. */ 6932a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&operation, key, alg, 6933a8e1175bSopenharmony_ci input_data->x, input_data->len)); 6934a8e1175bSopenharmony_ci 6935a8e1175bSopenharmony_ci num_ops_prior = psa_sign_hash_get_num_ops(&operation); 6936a8e1175bSopenharmony_ci TEST_ASSERT(num_ops_prior == 0); 6937a8e1175bSopenharmony_ci 6938a8e1175bSopenharmony_ci /* Continue performing the signature until complete. */ 6939a8e1175bSopenharmony_ci do { 6940a8e1175bSopenharmony_ci status = psa_sign_hash_complete(&operation, signature, signature_size, 6941a8e1175bSopenharmony_ci &signature_length); 6942a8e1175bSopenharmony_ci 6943a8e1175bSopenharmony_ci num_completes++; 6944a8e1175bSopenharmony_ci 6945a8e1175bSopenharmony_ci if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { 6946a8e1175bSopenharmony_ci num_ops = psa_sign_hash_get_num_ops(&operation); 6947a8e1175bSopenharmony_ci /* We are asserting here that every complete makes progress 6948a8e1175bSopenharmony_ci * (completes some ops), which is true of the internal 6949a8e1175bSopenharmony_ci * implementation and probably any implementation, however this is 6950a8e1175bSopenharmony_ci * not mandated by the PSA specification. */ 6951a8e1175bSopenharmony_ci TEST_ASSERT(num_ops > num_ops_prior); 6952a8e1175bSopenharmony_ci 6953a8e1175bSopenharmony_ci num_ops_prior = num_ops; 6954a8e1175bSopenharmony_ci 6955a8e1175bSopenharmony_ci /* Ensure calling get_num_ops() twice still returns the same 6956a8e1175bSopenharmony_ci * number of ops as previously reported. */ 6957a8e1175bSopenharmony_ci num_ops = psa_sign_hash_get_num_ops(&operation); 6958a8e1175bSopenharmony_ci 6959a8e1175bSopenharmony_ci TEST_EQUAL(num_ops, num_ops_prior); 6960a8e1175bSopenharmony_ci } 6961a8e1175bSopenharmony_ci } while (status == PSA_OPERATION_INCOMPLETE); 6962a8e1175bSopenharmony_ci 6963a8e1175bSopenharmony_ci TEST_ASSERT(status == PSA_SUCCESS); 6964a8e1175bSopenharmony_ci 6965a8e1175bSopenharmony_ci TEST_LE_U(min_completes, num_completes); 6966a8e1175bSopenharmony_ci TEST_LE_U(num_completes, max_completes); 6967a8e1175bSopenharmony_ci 6968a8e1175bSopenharmony_ci /* Verify that the signature is what is expected. */ 6969a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output_data->x, output_data->len, 6970a8e1175bSopenharmony_ci signature, signature_length); 6971a8e1175bSopenharmony_ci 6972a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&operation)); 6973a8e1175bSopenharmony_ci 6974a8e1175bSopenharmony_ci num_ops = psa_sign_hash_get_num_ops(&operation); 6975a8e1175bSopenharmony_ci TEST_ASSERT(num_ops == 0); 6976a8e1175bSopenharmony_ci 6977a8e1175bSopenharmony_ciexit: 6978a8e1175bSopenharmony_ci 6979a8e1175bSopenharmony_ci /* 6980a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 6981a8e1175bSopenharmony_ci * thus reset them as required. 6982a8e1175bSopenharmony_ci */ 6983a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 6984a8e1175bSopenharmony_ci 6985a8e1175bSopenharmony_ci psa_destroy_key(key); 6986a8e1175bSopenharmony_ci mbedtls_free(signature); 6987a8e1175bSopenharmony_ci PSA_DONE(); 6988a8e1175bSopenharmony_ci} 6989a8e1175bSopenharmony_ci/* END_CASE */ 6990a8e1175bSopenharmony_ci 6991a8e1175bSopenharmony_ci/* BEGIN_CASE */ 6992a8e1175bSopenharmony_civoid sign_hash_fail(int key_type_arg, data_t *key_data, 6993a8e1175bSopenharmony_ci int alg_arg, data_t *input_data, 6994a8e1175bSopenharmony_ci int signature_size_arg, int expected_status_arg) 6995a8e1175bSopenharmony_ci{ 6996a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 6997a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 6998a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 6999a8e1175bSopenharmony_ci size_t signature_size = signature_size_arg; 7000a8e1175bSopenharmony_ci psa_status_t actual_status; 7001a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 7002a8e1175bSopenharmony_ci unsigned char *signature = NULL; 7003a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 7004a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 7005a8e1175bSopenharmony_ci 7006a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 7007a8e1175bSopenharmony_ci 7008a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 7009a8e1175bSopenharmony_ci 7010a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 7011a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 7012a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 7013a8e1175bSopenharmony_ci 7014a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 7015a8e1175bSopenharmony_ci &key)); 7016a8e1175bSopenharmony_ci 7017a8e1175bSopenharmony_ci actual_status = psa_sign_hash(key, alg, 7018a8e1175bSopenharmony_ci input_data->x, input_data->len, 7019a8e1175bSopenharmony_ci signature, signature_size, 7020a8e1175bSopenharmony_ci &signature_length); 7021a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_status); 7022a8e1175bSopenharmony_ci /* The value of *signature_length is unspecified on error, but 7023a8e1175bSopenharmony_ci * whatever it is, it should be less than signature_size, so that 7024a8e1175bSopenharmony_ci * if the caller tries to read *signature_length bytes without 7025a8e1175bSopenharmony_ci * checking the error code then they don't overflow a buffer. */ 7026a8e1175bSopenharmony_ci TEST_LE_U(signature_length, signature_size); 7027a8e1175bSopenharmony_ci 7028a8e1175bSopenharmony_ciexit: 7029a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 7030a8e1175bSopenharmony_ci psa_destroy_key(key); 7031a8e1175bSopenharmony_ci mbedtls_free(signature); 7032a8e1175bSopenharmony_ci PSA_DONE(); 7033a8e1175bSopenharmony_ci} 7034a8e1175bSopenharmony_ci/* END_CASE */ 7035a8e1175bSopenharmony_ci 7036a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 7037a8e1175bSopenharmony_ci/** 7038a8e1175bSopenharmony_ci * sign_hash_fail_interruptible() test intentions: 7039a8e1175bSopenharmony_ci * 7040a8e1175bSopenharmony_ci * Note: This test can currently only handle ECDSA. 7041a8e1175bSopenharmony_ci * 7042a8e1175bSopenharmony_ci * 1. Test that various failure cases for interruptible sign hash fail with the 7043a8e1175bSopenharmony_ci * correct error codes, and at the correct point (at start or during 7044a8e1175bSopenharmony_ci * complete). 7045a8e1175bSopenharmony_ci * 7046a8e1175bSopenharmony_ci * 2. Test the number of calls to psa_sign_hash_complete() required are as 7047a8e1175bSopenharmony_ci * expected for different max_ops values. 7048a8e1175bSopenharmony_ci * 7049a8e1175bSopenharmony_ci * 3. Test that the number of ops done prior to start and after abort is zero 7050a8e1175bSopenharmony_ci * and that each successful stage completes some ops (this is not mandated by 7051a8e1175bSopenharmony_ci * the PSA specification, but is currently the case). 7052a8e1175bSopenharmony_ci * 7053a8e1175bSopenharmony_ci * 4. Check that calling complete() when start() fails and complete() 7054a8e1175bSopenharmony_ci * after completion results in a BAD_STATE error. 7055a8e1175bSopenharmony_ci * 7056a8e1175bSopenharmony_ci * 5. Check that calling start() again after start fails results in a BAD_STATE 7057a8e1175bSopenharmony_ci * error. 7058a8e1175bSopenharmony_ci */ 7059a8e1175bSopenharmony_civoid sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, 7060a8e1175bSopenharmony_ci int alg_arg, data_t *input_data, 7061a8e1175bSopenharmony_ci int signature_size_arg, 7062a8e1175bSopenharmony_ci int expected_start_status_arg, 7063a8e1175bSopenharmony_ci int expected_complete_status_arg, 7064a8e1175bSopenharmony_ci int max_ops_arg) 7065a8e1175bSopenharmony_ci{ 7066a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 7067a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 7068a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 7069a8e1175bSopenharmony_ci size_t signature_size = signature_size_arg; 7070a8e1175bSopenharmony_ci psa_status_t actual_status; 7071a8e1175bSopenharmony_ci psa_status_t expected_start_status = expected_start_status_arg; 7072a8e1175bSopenharmony_ci psa_status_t expected_complete_status = expected_complete_status_arg; 7073a8e1175bSopenharmony_ci unsigned char *signature = NULL; 7074a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 7075a8e1175bSopenharmony_ci uint32_t num_ops = 0; 7076a8e1175bSopenharmony_ci uint32_t max_ops = max_ops_arg; 7077a8e1175bSopenharmony_ci size_t num_ops_prior = 0; 7078a8e1175bSopenharmony_ci size_t num_completes = 0; 7079a8e1175bSopenharmony_ci size_t min_completes = 0; 7080a8e1175bSopenharmony_ci size_t max_completes = 0; 7081a8e1175bSopenharmony_ci 7082a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 7083a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_t operation = 7084a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_init(); 7085a8e1175bSopenharmony_ci 7086a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 7087a8e1175bSopenharmony_ci 7088a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 7089a8e1175bSopenharmony_ci 7090a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 7091a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 7092a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 7093a8e1175bSopenharmony_ci 7094a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 7095a8e1175bSopenharmony_ci &key)); 7096a8e1175bSopenharmony_ci 7097a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(max_ops); 7098a8e1175bSopenharmony_ci 7099a8e1175bSopenharmony_ci interruptible_signverify_get_minmax_completes(max_ops, 7100a8e1175bSopenharmony_ci expected_complete_status, 7101a8e1175bSopenharmony_ci &min_completes, 7102a8e1175bSopenharmony_ci &max_completes); 7103a8e1175bSopenharmony_ci 7104a8e1175bSopenharmony_ci num_ops_prior = psa_sign_hash_get_num_ops(&operation); 7105a8e1175bSopenharmony_ci TEST_ASSERT(num_ops_prior == 0); 7106a8e1175bSopenharmony_ci 7107a8e1175bSopenharmony_ci /* Start performing the signature. */ 7108a8e1175bSopenharmony_ci actual_status = psa_sign_hash_start(&operation, key, alg, 7109a8e1175bSopenharmony_ci input_data->x, input_data->len); 7110a8e1175bSopenharmony_ci 7111a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_start_status); 7112a8e1175bSopenharmony_ci 7113a8e1175bSopenharmony_ci if (expected_start_status != PSA_SUCCESS) { 7114a8e1175bSopenharmony_ci /* Emulate poor application code, and call complete anyway, even though 7115a8e1175bSopenharmony_ci * start failed. */ 7116a8e1175bSopenharmony_ci actual_status = psa_sign_hash_complete(&operation, signature, 7117a8e1175bSopenharmony_ci signature_size, 7118a8e1175bSopenharmony_ci &signature_length); 7119a8e1175bSopenharmony_ci 7120a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); 7121a8e1175bSopenharmony_ci 7122a8e1175bSopenharmony_ci /* Test that calling start again after failure also causes BAD_STATE. */ 7123a8e1175bSopenharmony_ci actual_status = psa_sign_hash_start(&operation, key, alg, 7124a8e1175bSopenharmony_ci input_data->x, input_data->len); 7125a8e1175bSopenharmony_ci 7126a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); 7127a8e1175bSopenharmony_ci } 7128a8e1175bSopenharmony_ci 7129a8e1175bSopenharmony_ci num_ops_prior = psa_sign_hash_get_num_ops(&operation); 7130a8e1175bSopenharmony_ci TEST_ASSERT(num_ops_prior == 0); 7131a8e1175bSopenharmony_ci 7132a8e1175bSopenharmony_ci /* Continue performing the signature until complete. */ 7133a8e1175bSopenharmony_ci do { 7134a8e1175bSopenharmony_ci actual_status = psa_sign_hash_complete(&operation, signature, 7135a8e1175bSopenharmony_ci signature_size, 7136a8e1175bSopenharmony_ci &signature_length); 7137a8e1175bSopenharmony_ci 7138a8e1175bSopenharmony_ci num_completes++; 7139a8e1175bSopenharmony_ci 7140a8e1175bSopenharmony_ci if (actual_status == PSA_SUCCESS || 7141a8e1175bSopenharmony_ci actual_status == PSA_OPERATION_INCOMPLETE) { 7142a8e1175bSopenharmony_ci num_ops = psa_sign_hash_get_num_ops(&operation); 7143a8e1175bSopenharmony_ci /* We are asserting here that every complete makes progress 7144a8e1175bSopenharmony_ci * (completes some ops), which is true of the internal 7145a8e1175bSopenharmony_ci * implementation and probably any implementation, however this is 7146a8e1175bSopenharmony_ci * not mandated by the PSA specification. */ 7147a8e1175bSopenharmony_ci TEST_ASSERT(num_ops > num_ops_prior); 7148a8e1175bSopenharmony_ci 7149a8e1175bSopenharmony_ci num_ops_prior = num_ops; 7150a8e1175bSopenharmony_ci } 7151a8e1175bSopenharmony_ci } while (actual_status == PSA_OPERATION_INCOMPLETE); 7152a8e1175bSopenharmony_ci 7153a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_complete_status); 7154a8e1175bSopenharmony_ci 7155a8e1175bSopenharmony_ci /* Check that another complete returns BAD_STATE. */ 7156a8e1175bSopenharmony_ci actual_status = psa_sign_hash_complete(&operation, signature, 7157a8e1175bSopenharmony_ci signature_size, 7158a8e1175bSopenharmony_ci &signature_length); 7159a8e1175bSopenharmony_ci 7160a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); 7161a8e1175bSopenharmony_ci 7162a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&operation)); 7163a8e1175bSopenharmony_ci 7164a8e1175bSopenharmony_ci num_ops = psa_sign_hash_get_num_ops(&operation); 7165a8e1175bSopenharmony_ci TEST_ASSERT(num_ops == 0); 7166a8e1175bSopenharmony_ci 7167a8e1175bSopenharmony_ci /* The value of *signature_length is unspecified on error, but 7168a8e1175bSopenharmony_ci * whatever it is, it should be less than signature_size, so that 7169a8e1175bSopenharmony_ci * if the caller tries to read *signature_length bytes without 7170a8e1175bSopenharmony_ci * checking the error code then they don't overflow a buffer. */ 7171a8e1175bSopenharmony_ci TEST_LE_U(signature_length, signature_size); 7172a8e1175bSopenharmony_ci 7173a8e1175bSopenharmony_ci TEST_LE_U(min_completes, num_completes); 7174a8e1175bSopenharmony_ci TEST_LE_U(num_completes, max_completes); 7175a8e1175bSopenharmony_ci 7176a8e1175bSopenharmony_ciexit: 7177a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 7178a8e1175bSopenharmony_ci psa_destroy_key(key); 7179a8e1175bSopenharmony_ci mbedtls_free(signature); 7180a8e1175bSopenharmony_ci PSA_DONE(); 7181a8e1175bSopenharmony_ci} 7182a8e1175bSopenharmony_ci/* END_CASE */ 7183a8e1175bSopenharmony_ci 7184a8e1175bSopenharmony_ci/* BEGIN_CASE */ 7185a8e1175bSopenharmony_civoid sign_verify_hash(int key_type_arg, data_t *key_data, 7186a8e1175bSopenharmony_ci int alg_arg, data_t *input_data) 7187a8e1175bSopenharmony_ci{ 7188a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 7189a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 7190a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 7191a8e1175bSopenharmony_ci size_t key_bits; 7192a8e1175bSopenharmony_ci unsigned char *signature = NULL; 7193a8e1175bSopenharmony_ci size_t signature_size; 7194a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 7195a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 7196a8e1175bSopenharmony_ci 7197a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 7198a8e1175bSopenharmony_ci 7199a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); 7200a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 7201a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 7202a8e1175bSopenharmony_ci 7203a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 7204a8e1175bSopenharmony_ci &key)); 7205a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 7206a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 7207a8e1175bSopenharmony_ci 7208a8e1175bSopenharmony_ci /* Allocate a buffer which has the size advertised by the 7209a8e1175bSopenharmony_ci * library. */ 7210a8e1175bSopenharmony_ci signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, 7211a8e1175bSopenharmony_ci key_bits, alg); 7212a8e1175bSopenharmony_ci TEST_ASSERT(signature_size != 0); 7213a8e1175bSopenharmony_ci TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); 7214a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 7215a8e1175bSopenharmony_ci 7216a8e1175bSopenharmony_ci /* Perform the signature. */ 7217a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash(key, alg, 7218a8e1175bSopenharmony_ci input_data->x, input_data->len, 7219a8e1175bSopenharmony_ci signature, signature_size, 7220a8e1175bSopenharmony_ci &signature_length)); 7221a8e1175bSopenharmony_ci /* Check that the signature length looks sensible. */ 7222a8e1175bSopenharmony_ci TEST_LE_U(signature_length, signature_size); 7223a8e1175bSopenharmony_ci TEST_ASSERT(signature_length > 0); 7224a8e1175bSopenharmony_ci 7225a8e1175bSopenharmony_ci /* Use the library to verify that the signature is correct. */ 7226a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash(key, alg, 7227a8e1175bSopenharmony_ci input_data->x, input_data->len, 7228a8e1175bSopenharmony_ci signature, signature_length)); 7229a8e1175bSopenharmony_ci 7230a8e1175bSopenharmony_ci if (input_data->len != 0) { 7231a8e1175bSopenharmony_ci /* Flip a bit in the input and verify that the signature is now 7232a8e1175bSopenharmony_ci * detected as invalid. Flip a bit at the beginning, not at the end, 7233a8e1175bSopenharmony_ci * because ECDSA may ignore the last few bits of the input. */ 7234a8e1175bSopenharmony_ci input_data->x[0] ^= 1; 7235a8e1175bSopenharmony_ci TEST_EQUAL(psa_verify_hash(key, alg, 7236a8e1175bSopenharmony_ci input_data->x, input_data->len, 7237a8e1175bSopenharmony_ci signature, signature_length), 7238a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 7239a8e1175bSopenharmony_ci } 7240a8e1175bSopenharmony_ci 7241a8e1175bSopenharmony_ciexit: 7242a8e1175bSopenharmony_ci /* 7243a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 7244a8e1175bSopenharmony_ci * thus reset them as required. 7245a8e1175bSopenharmony_ci */ 7246a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 7247a8e1175bSopenharmony_ci 7248a8e1175bSopenharmony_ci psa_destroy_key(key); 7249a8e1175bSopenharmony_ci mbedtls_free(signature); 7250a8e1175bSopenharmony_ci PSA_DONE(); 7251a8e1175bSopenharmony_ci} 7252a8e1175bSopenharmony_ci/* END_CASE */ 7253a8e1175bSopenharmony_ci 7254a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 7255a8e1175bSopenharmony_ci/** 7256a8e1175bSopenharmony_ci * sign_verify_hash_interruptible() test intentions: 7257a8e1175bSopenharmony_ci * 7258a8e1175bSopenharmony_ci * Note: This test can currently only handle ECDSA. 7259a8e1175bSopenharmony_ci * 7260a8e1175bSopenharmony_ci * 1. Test that we can sign an input hash with the given keypair and then 7261a8e1175bSopenharmony_ci * afterwards verify that signature. This is currently the only way to test 7262a8e1175bSopenharmony_ci * non deterministic ECDSA, but this test can also handle deterministic. 7263a8e1175bSopenharmony_ci * 7264a8e1175bSopenharmony_ci * 2. Test that after corrupting the hash, the verification detects an invalid 7265a8e1175bSopenharmony_ci * signature. 7266a8e1175bSopenharmony_ci * 7267a8e1175bSopenharmony_ci * 3. Test the number of calls to psa_sign_hash_complete() required are as 7268a8e1175bSopenharmony_ci * expected for different max_ops values. 7269a8e1175bSopenharmony_ci * 7270a8e1175bSopenharmony_ci * 4. Test that the number of ops done prior to starting signing and after abort 7271a8e1175bSopenharmony_ci * is zero and that each successful signing stage completes some ops (this is 7272a8e1175bSopenharmony_ci * not mandated by the PSA specification, but is currently the case). 7273a8e1175bSopenharmony_ci */ 7274a8e1175bSopenharmony_civoid sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, 7275a8e1175bSopenharmony_ci int alg_arg, data_t *input_data, 7276a8e1175bSopenharmony_ci int max_ops_arg) 7277a8e1175bSopenharmony_ci{ 7278a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 7279a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 7280a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 7281a8e1175bSopenharmony_ci size_t key_bits; 7282a8e1175bSopenharmony_ci unsigned char *signature = NULL; 7283a8e1175bSopenharmony_ci size_t signature_size; 7284a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 7285a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 7286a8e1175bSopenharmony_ci psa_status_t status = PSA_OPERATION_INCOMPLETE; 7287a8e1175bSopenharmony_ci uint32_t max_ops = max_ops_arg; 7288a8e1175bSopenharmony_ci uint32_t num_ops = 0; 7289a8e1175bSopenharmony_ci uint32_t num_ops_prior = 0; 7290a8e1175bSopenharmony_ci size_t num_completes = 0; 7291a8e1175bSopenharmony_ci size_t min_completes = 0; 7292a8e1175bSopenharmony_ci size_t max_completes = 0; 7293a8e1175bSopenharmony_ci 7294a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_t sign_operation = 7295a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_init(); 7296a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_t verify_operation = 7297a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_init(); 7298a8e1175bSopenharmony_ci 7299a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 7300a8e1175bSopenharmony_ci 7301a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | 7302a8e1175bSopenharmony_ci PSA_KEY_USAGE_VERIFY_HASH); 7303a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 7304a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 7305a8e1175bSopenharmony_ci 7306a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 7307a8e1175bSopenharmony_ci &key)); 7308a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 7309a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 7310a8e1175bSopenharmony_ci 7311a8e1175bSopenharmony_ci /* Allocate a buffer which has the size advertised by the 7312a8e1175bSopenharmony_ci * library. */ 7313a8e1175bSopenharmony_ci signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, 7314a8e1175bSopenharmony_ci key_bits, alg); 7315a8e1175bSopenharmony_ci TEST_ASSERT(signature_size != 0); 7316a8e1175bSopenharmony_ci TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); 7317a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 7318a8e1175bSopenharmony_ci 7319a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(max_ops); 7320a8e1175bSopenharmony_ci 7321a8e1175bSopenharmony_ci interruptible_signverify_get_minmax_completes(max_ops, PSA_SUCCESS, 7322a8e1175bSopenharmony_ci &min_completes, &max_completes); 7323a8e1175bSopenharmony_ci 7324a8e1175bSopenharmony_ci num_ops_prior = psa_sign_hash_get_num_ops(&sign_operation); 7325a8e1175bSopenharmony_ci TEST_ASSERT(num_ops_prior == 0); 7326a8e1175bSopenharmony_ci 7327a8e1175bSopenharmony_ci /* Start performing the signature. */ 7328a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 7329a8e1175bSopenharmony_ci input_data->x, input_data->len)); 7330a8e1175bSopenharmony_ci 7331a8e1175bSopenharmony_ci num_ops_prior = psa_sign_hash_get_num_ops(&sign_operation); 7332a8e1175bSopenharmony_ci TEST_ASSERT(num_ops_prior == 0); 7333a8e1175bSopenharmony_ci 7334a8e1175bSopenharmony_ci /* Continue performing the signature until complete. */ 7335a8e1175bSopenharmony_ci do { 7336a8e1175bSopenharmony_ci 7337a8e1175bSopenharmony_ci status = psa_sign_hash_complete(&sign_operation, signature, 7338a8e1175bSopenharmony_ci signature_size, 7339a8e1175bSopenharmony_ci &signature_length); 7340a8e1175bSopenharmony_ci 7341a8e1175bSopenharmony_ci num_completes++; 7342a8e1175bSopenharmony_ci 7343a8e1175bSopenharmony_ci if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { 7344a8e1175bSopenharmony_ci num_ops = psa_sign_hash_get_num_ops(&sign_operation); 7345a8e1175bSopenharmony_ci /* We are asserting here that every complete makes progress 7346a8e1175bSopenharmony_ci * (completes some ops), which is true of the internal 7347a8e1175bSopenharmony_ci * implementation and probably any implementation, however this is 7348a8e1175bSopenharmony_ci * not mandated by the PSA specification. */ 7349a8e1175bSopenharmony_ci TEST_ASSERT(num_ops > num_ops_prior); 7350a8e1175bSopenharmony_ci 7351a8e1175bSopenharmony_ci num_ops_prior = num_ops; 7352a8e1175bSopenharmony_ci } 7353a8e1175bSopenharmony_ci } while (status == PSA_OPERATION_INCOMPLETE); 7354a8e1175bSopenharmony_ci 7355a8e1175bSopenharmony_ci TEST_ASSERT(status == PSA_SUCCESS); 7356a8e1175bSopenharmony_ci 7357a8e1175bSopenharmony_ci TEST_LE_U(min_completes, num_completes); 7358a8e1175bSopenharmony_ci TEST_LE_U(num_completes, max_completes); 7359a8e1175bSopenharmony_ci 7360a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 7361a8e1175bSopenharmony_ci 7362a8e1175bSopenharmony_ci num_ops = psa_sign_hash_get_num_ops(&sign_operation); 7363a8e1175bSopenharmony_ci TEST_ASSERT(num_ops == 0); 7364a8e1175bSopenharmony_ci 7365a8e1175bSopenharmony_ci /* Check that the signature length looks sensible. */ 7366a8e1175bSopenharmony_ci TEST_LE_U(signature_length, signature_size); 7367a8e1175bSopenharmony_ci TEST_ASSERT(signature_length > 0); 7368a8e1175bSopenharmony_ci 7369a8e1175bSopenharmony_ci num_completes = 0; 7370a8e1175bSopenharmony_ci 7371a8e1175bSopenharmony_ci /* Start verification. */ 7372a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 7373a8e1175bSopenharmony_ci input_data->x, input_data->len, 7374a8e1175bSopenharmony_ci signature, signature_length)); 7375a8e1175bSopenharmony_ci 7376a8e1175bSopenharmony_ci /* Continue performing the signature until complete. */ 7377a8e1175bSopenharmony_ci do { 7378a8e1175bSopenharmony_ci status = psa_verify_hash_complete(&verify_operation); 7379a8e1175bSopenharmony_ci 7380a8e1175bSopenharmony_ci num_completes++; 7381a8e1175bSopenharmony_ci } while (status == PSA_OPERATION_INCOMPLETE); 7382a8e1175bSopenharmony_ci 7383a8e1175bSopenharmony_ci TEST_ASSERT(status == PSA_SUCCESS); 7384a8e1175bSopenharmony_ci 7385a8e1175bSopenharmony_ci TEST_LE_U(min_completes, num_completes); 7386a8e1175bSopenharmony_ci TEST_LE_U(num_completes, max_completes); 7387a8e1175bSopenharmony_ci 7388a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 7389a8e1175bSopenharmony_ci 7390a8e1175bSopenharmony_ci verify_operation = psa_verify_hash_interruptible_operation_init(); 7391a8e1175bSopenharmony_ci 7392a8e1175bSopenharmony_ci if (input_data->len != 0) { 7393a8e1175bSopenharmony_ci /* Flip a bit in the input and verify that the signature is now 7394a8e1175bSopenharmony_ci * detected as invalid. Flip a bit at the beginning, not at the end, 7395a8e1175bSopenharmony_ci * because ECDSA may ignore the last few bits of the input. */ 7396a8e1175bSopenharmony_ci input_data->x[0] ^= 1; 7397a8e1175bSopenharmony_ci 7398a8e1175bSopenharmony_ci /* Start verification. */ 7399a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 7400a8e1175bSopenharmony_ci input_data->x, input_data->len, 7401a8e1175bSopenharmony_ci signature, signature_length)); 7402a8e1175bSopenharmony_ci 7403a8e1175bSopenharmony_ci /* Continue performing the signature until complete. */ 7404a8e1175bSopenharmony_ci do { 7405a8e1175bSopenharmony_ci status = psa_verify_hash_complete(&verify_operation); 7406a8e1175bSopenharmony_ci } while (status == PSA_OPERATION_INCOMPLETE); 7407a8e1175bSopenharmony_ci 7408a8e1175bSopenharmony_ci TEST_ASSERT(status == PSA_ERROR_INVALID_SIGNATURE); 7409a8e1175bSopenharmony_ci } 7410a8e1175bSopenharmony_ci 7411a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 7412a8e1175bSopenharmony_ci 7413a8e1175bSopenharmony_ciexit: 7414a8e1175bSopenharmony_ci /* 7415a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 7416a8e1175bSopenharmony_ci * thus reset them as required. 7417a8e1175bSopenharmony_ci */ 7418a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 7419a8e1175bSopenharmony_ci 7420a8e1175bSopenharmony_ci psa_destroy_key(key); 7421a8e1175bSopenharmony_ci mbedtls_free(signature); 7422a8e1175bSopenharmony_ci PSA_DONE(); 7423a8e1175bSopenharmony_ci} 7424a8e1175bSopenharmony_ci/* END_CASE */ 7425a8e1175bSopenharmony_ci 7426a8e1175bSopenharmony_ci/* BEGIN_CASE */ 7427a8e1175bSopenharmony_civoid verify_hash(int key_type_arg, data_t *key_data, 7428a8e1175bSopenharmony_ci int alg_arg, data_t *hash_data, 7429a8e1175bSopenharmony_ci data_t *signature_data) 7430a8e1175bSopenharmony_ci{ 7431a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 7432a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 7433a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 7434a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 7435a8e1175bSopenharmony_ci 7436a8e1175bSopenharmony_ci TEST_LE_U(signature_data->len, PSA_SIGNATURE_MAX_SIZE); 7437a8e1175bSopenharmony_ci 7438a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 7439a8e1175bSopenharmony_ci 7440a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 7441a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 7442a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 7443a8e1175bSopenharmony_ci 7444a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 7445a8e1175bSopenharmony_ci &key)); 7446a8e1175bSopenharmony_ci 7447a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash(key, alg, 7448a8e1175bSopenharmony_ci hash_data->x, hash_data->len, 7449a8e1175bSopenharmony_ci signature_data->x, signature_data->len)); 7450a8e1175bSopenharmony_ci 7451a8e1175bSopenharmony_ciexit: 7452a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 7453a8e1175bSopenharmony_ci psa_destroy_key(key); 7454a8e1175bSopenharmony_ci PSA_DONE(); 7455a8e1175bSopenharmony_ci} 7456a8e1175bSopenharmony_ci/* END_CASE */ 7457a8e1175bSopenharmony_ci 7458a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 7459a8e1175bSopenharmony_ci/** 7460a8e1175bSopenharmony_ci * verify_hash_interruptible() test intentions: 7461a8e1175bSopenharmony_ci * 7462a8e1175bSopenharmony_ci * Note: This test can currently only handle ECDSA. 7463a8e1175bSopenharmony_ci * 7464a8e1175bSopenharmony_ci * 1. Test interruptible verify hash with known outcomes (deterministic ECDSA 7465a8e1175bSopenharmony_ci * only). Given this test only does verification it can accept public keys as 7466a8e1175bSopenharmony_ci * well as private keys / keypairs. 7467a8e1175bSopenharmony_ci * 7468a8e1175bSopenharmony_ci * 2. Test the number of calls to psa_verify_hash_complete() required are as 7469a8e1175bSopenharmony_ci * expected for different max_ops values. 7470a8e1175bSopenharmony_ci * 7471a8e1175bSopenharmony_ci * 3. Test that the number of ops done prior to start and after abort is zero 7472a8e1175bSopenharmony_ci * and that each successful stage completes some ops (this is not mandated by 7473a8e1175bSopenharmony_ci * the PSA specification, but is currently the case). 7474a8e1175bSopenharmony_ci * 7475a8e1175bSopenharmony_ci * 4. Test that calling psa_sign_hash_get_num_ops() multiple times between 7476a8e1175bSopenharmony_ci * complete() calls does not alter the number of ops returned. 7477a8e1175bSopenharmony_ci * 7478a8e1175bSopenharmony_ci * 5. Test that after corrupting the hash, the verification detects an invalid 7479a8e1175bSopenharmony_ci * signature. 7480a8e1175bSopenharmony_ci */ 7481a8e1175bSopenharmony_civoid verify_hash_interruptible(int key_type_arg, data_t *key_data, 7482a8e1175bSopenharmony_ci int alg_arg, data_t *hash_data, 7483a8e1175bSopenharmony_ci data_t *signature_data, int max_ops_arg) 7484a8e1175bSopenharmony_ci{ 7485a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 7486a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 7487a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 7488a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 7489a8e1175bSopenharmony_ci psa_status_t status = PSA_OPERATION_INCOMPLETE; 7490a8e1175bSopenharmony_ci uint32_t num_ops = 0; 7491a8e1175bSopenharmony_ci uint32_t max_ops = max_ops_arg; 7492a8e1175bSopenharmony_ci size_t num_ops_prior = 0; 7493a8e1175bSopenharmony_ci size_t num_completes = 0; 7494a8e1175bSopenharmony_ci size_t min_completes = 0; 7495a8e1175bSopenharmony_ci size_t max_completes = 0; 7496a8e1175bSopenharmony_ci 7497a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_t operation = 7498a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_init(); 7499a8e1175bSopenharmony_ci 7500a8e1175bSopenharmony_ci TEST_LE_U(signature_data->len, PSA_SIGNATURE_MAX_SIZE); 7501a8e1175bSopenharmony_ci 7502a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 7503a8e1175bSopenharmony_ci 7504a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 7505a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 7506a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 7507a8e1175bSopenharmony_ci 7508a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 7509a8e1175bSopenharmony_ci &key)); 7510a8e1175bSopenharmony_ci 7511a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(max_ops); 7512a8e1175bSopenharmony_ci 7513a8e1175bSopenharmony_ci interruptible_signverify_get_minmax_completes(max_ops, PSA_SUCCESS, 7514a8e1175bSopenharmony_ci &min_completes, &max_completes); 7515a8e1175bSopenharmony_ci 7516a8e1175bSopenharmony_ci num_ops_prior = psa_verify_hash_get_num_ops(&operation); 7517a8e1175bSopenharmony_ci 7518a8e1175bSopenharmony_ci TEST_ASSERT(num_ops_prior == 0); 7519a8e1175bSopenharmony_ci 7520a8e1175bSopenharmony_ci /* Start verification. */ 7521a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&operation, key, alg, 7522a8e1175bSopenharmony_ci hash_data->x, hash_data->len, 7523a8e1175bSopenharmony_ci signature_data->x, signature_data->len) 7524a8e1175bSopenharmony_ci ); 7525a8e1175bSopenharmony_ci 7526a8e1175bSopenharmony_ci num_ops_prior = psa_verify_hash_get_num_ops(&operation); 7527a8e1175bSopenharmony_ci 7528a8e1175bSopenharmony_ci TEST_ASSERT(num_ops_prior == 0); 7529a8e1175bSopenharmony_ci 7530a8e1175bSopenharmony_ci /* Continue performing the signature until complete. */ 7531a8e1175bSopenharmony_ci do { 7532a8e1175bSopenharmony_ci status = psa_verify_hash_complete(&operation); 7533a8e1175bSopenharmony_ci 7534a8e1175bSopenharmony_ci num_completes++; 7535a8e1175bSopenharmony_ci 7536a8e1175bSopenharmony_ci if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { 7537a8e1175bSopenharmony_ci num_ops = psa_verify_hash_get_num_ops(&operation); 7538a8e1175bSopenharmony_ci /* We are asserting here that every complete makes progress 7539a8e1175bSopenharmony_ci * (completes some ops), which is true of the internal 7540a8e1175bSopenharmony_ci * implementation and probably any implementation, however this is 7541a8e1175bSopenharmony_ci * not mandated by the PSA specification. */ 7542a8e1175bSopenharmony_ci TEST_ASSERT(num_ops > num_ops_prior); 7543a8e1175bSopenharmony_ci 7544a8e1175bSopenharmony_ci num_ops_prior = num_ops; 7545a8e1175bSopenharmony_ci 7546a8e1175bSopenharmony_ci /* Ensure calling get_num_ops() twice still returns the same 7547a8e1175bSopenharmony_ci * number of ops as previously reported. */ 7548a8e1175bSopenharmony_ci num_ops = psa_verify_hash_get_num_ops(&operation); 7549a8e1175bSopenharmony_ci 7550a8e1175bSopenharmony_ci TEST_EQUAL(num_ops, num_ops_prior); 7551a8e1175bSopenharmony_ci } 7552a8e1175bSopenharmony_ci } while (status == PSA_OPERATION_INCOMPLETE); 7553a8e1175bSopenharmony_ci 7554a8e1175bSopenharmony_ci TEST_ASSERT(status == PSA_SUCCESS); 7555a8e1175bSopenharmony_ci 7556a8e1175bSopenharmony_ci TEST_LE_U(min_completes, num_completes); 7557a8e1175bSopenharmony_ci TEST_LE_U(num_completes, max_completes); 7558a8e1175bSopenharmony_ci 7559a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&operation)); 7560a8e1175bSopenharmony_ci 7561a8e1175bSopenharmony_ci num_ops = psa_verify_hash_get_num_ops(&operation); 7562a8e1175bSopenharmony_ci TEST_ASSERT(num_ops == 0); 7563a8e1175bSopenharmony_ci 7564a8e1175bSopenharmony_ci if (hash_data->len != 0) { 7565a8e1175bSopenharmony_ci /* Flip a bit in the hash and verify that the signature is now detected 7566a8e1175bSopenharmony_ci * as invalid. Flip a bit at the beginning, not at the end, because 7567a8e1175bSopenharmony_ci * ECDSA may ignore the last few bits of the input. */ 7568a8e1175bSopenharmony_ci hash_data->x[0] ^= 1; 7569a8e1175bSopenharmony_ci 7570a8e1175bSopenharmony_ci /* Start verification. */ 7571a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&operation, key, alg, 7572a8e1175bSopenharmony_ci hash_data->x, hash_data->len, 7573a8e1175bSopenharmony_ci signature_data->x, signature_data->len)); 7574a8e1175bSopenharmony_ci 7575a8e1175bSopenharmony_ci /* Continue performing the signature until complete. */ 7576a8e1175bSopenharmony_ci do { 7577a8e1175bSopenharmony_ci status = psa_verify_hash_complete(&operation); 7578a8e1175bSopenharmony_ci } while (status == PSA_OPERATION_INCOMPLETE); 7579a8e1175bSopenharmony_ci 7580a8e1175bSopenharmony_ci TEST_ASSERT(status == PSA_ERROR_INVALID_SIGNATURE); 7581a8e1175bSopenharmony_ci } 7582a8e1175bSopenharmony_ci 7583a8e1175bSopenharmony_ciexit: 7584a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 7585a8e1175bSopenharmony_ci psa_destroy_key(key); 7586a8e1175bSopenharmony_ci PSA_DONE(); 7587a8e1175bSopenharmony_ci} 7588a8e1175bSopenharmony_ci/* END_CASE */ 7589a8e1175bSopenharmony_ci 7590a8e1175bSopenharmony_ci/* BEGIN_CASE */ 7591a8e1175bSopenharmony_civoid verify_hash_fail(int key_type_arg, data_t *key_data, 7592a8e1175bSopenharmony_ci int alg_arg, data_t *hash_data, 7593a8e1175bSopenharmony_ci data_t *signature_data, 7594a8e1175bSopenharmony_ci int expected_status_arg) 7595a8e1175bSopenharmony_ci{ 7596a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 7597a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 7598a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 7599a8e1175bSopenharmony_ci psa_status_t actual_status; 7600a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 7601a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 7602a8e1175bSopenharmony_ci 7603a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 7604a8e1175bSopenharmony_ci 7605a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 7606a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 7607a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 7608a8e1175bSopenharmony_ci 7609a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 7610a8e1175bSopenharmony_ci &key)); 7611a8e1175bSopenharmony_ci 7612a8e1175bSopenharmony_ci actual_status = psa_verify_hash(key, alg, 7613a8e1175bSopenharmony_ci hash_data->x, hash_data->len, 7614a8e1175bSopenharmony_ci signature_data->x, signature_data->len); 7615a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_status); 7616a8e1175bSopenharmony_ci 7617a8e1175bSopenharmony_ciexit: 7618a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 7619a8e1175bSopenharmony_ci psa_destroy_key(key); 7620a8e1175bSopenharmony_ci PSA_DONE(); 7621a8e1175bSopenharmony_ci} 7622a8e1175bSopenharmony_ci/* END_CASE */ 7623a8e1175bSopenharmony_ci 7624a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 7625a8e1175bSopenharmony_ci/** 7626a8e1175bSopenharmony_ci * verify_hash_fail_interruptible() test intentions: 7627a8e1175bSopenharmony_ci * 7628a8e1175bSopenharmony_ci * Note: This test can currently only handle ECDSA. 7629a8e1175bSopenharmony_ci * 7630a8e1175bSopenharmony_ci * 1. Test that various failure cases for interruptible verify hash fail with 7631a8e1175bSopenharmony_ci * the correct error codes, and at the correct point (at start or during 7632a8e1175bSopenharmony_ci * complete). 7633a8e1175bSopenharmony_ci * 7634a8e1175bSopenharmony_ci * 2. Test the number of calls to psa_verify_hash_complete() required are as 7635a8e1175bSopenharmony_ci * expected for different max_ops values. 7636a8e1175bSopenharmony_ci * 7637a8e1175bSopenharmony_ci * 3. Test that the number of ops done prior to start and after abort is zero 7638a8e1175bSopenharmony_ci * and that each successful stage completes some ops (this is not mandated by 7639a8e1175bSopenharmony_ci * the PSA specification, but is currently the case). 7640a8e1175bSopenharmony_ci * 7641a8e1175bSopenharmony_ci * 4. Check that calling complete() when start() fails and complete() 7642a8e1175bSopenharmony_ci * after completion results in a BAD_STATE error. 7643a8e1175bSopenharmony_ci * 7644a8e1175bSopenharmony_ci * 5. Check that calling start() again after start fails results in a BAD_STATE 7645a8e1175bSopenharmony_ci * error. 7646a8e1175bSopenharmony_ci */ 7647a8e1175bSopenharmony_civoid verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, 7648a8e1175bSopenharmony_ci int alg_arg, data_t *hash_data, 7649a8e1175bSopenharmony_ci data_t *signature_data, 7650a8e1175bSopenharmony_ci int expected_start_status_arg, 7651a8e1175bSopenharmony_ci int expected_complete_status_arg, 7652a8e1175bSopenharmony_ci int max_ops_arg) 7653a8e1175bSopenharmony_ci{ 7654a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 7655a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 7656a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 7657a8e1175bSopenharmony_ci psa_status_t actual_status; 7658a8e1175bSopenharmony_ci psa_status_t expected_start_status = expected_start_status_arg; 7659a8e1175bSopenharmony_ci psa_status_t expected_complete_status = expected_complete_status_arg; 7660a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 7661a8e1175bSopenharmony_ci uint32_t num_ops = 0; 7662a8e1175bSopenharmony_ci uint32_t max_ops = max_ops_arg; 7663a8e1175bSopenharmony_ci size_t num_ops_prior = 0; 7664a8e1175bSopenharmony_ci size_t num_completes = 0; 7665a8e1175bSopenharmony_ci size_t min_completes = 0; 7666a8e1175bSopenharmony_ci size_t max_completes = 0; 7667a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_t operation = 7668a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_init(); 7669a8e1175bSopenharmony_ci 7670a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 7671a8e1175bSopenharmony_ci 7672a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 7673a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 7674a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 7675a8e1175bSopenharmony_ci 7676a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 7677a8e1175bSopenharmony_ci &key)); 7678a8e1175bSopenharmony_ci 7679a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(max_ops); 7680a8e1175bSopenharmony_ci 7681a8e1175bSopenharmony_ci interruptible_signverify_get_minmax_completes(max_ops, 7682a8e1175bSopenharmony_ci expected_complete_status, 7683a8e1175bSopenharmony_ci &min_completes, 7684a8e1175bSopenharmony_ci &max_completes); 7685a8e1175bSopenharmony_ci 7686a8e1175bSopenharmony_ci num_ops_prior = psa_verify_hash_get_num_ops(&operation); 7687a8e1175bSopenharmony_ci TEST_ASSERT(num_ops_prior == 0); 7688a8e1175bSopenharmony_ci 7689a8e1175bSopenharmony_ci /* Start verification. */ 7690a8e1175bSopenharmony_ci actual_status = psa_verify_hash_start(&operation, key, alg, 7691a8e1175bSopenharmony_ci hash_data->x, hash_data->len, 7692a8e1175bSopenharmony_ci signature_data->x, 7693a8e1175bSopenharmony_ci signature_data->len); 7694a8e1175bSopenharmony_ci 7695a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_start_status); 7696a8e1175bSopenharmony_ci 7697a8e1175bSopenharmony_ci if (expected_start_status != PSA_SUCCESS) { 7698a8e1175bSopenharmony_ci /* Emulate poor application code, and call complete anyway, even though 7699a8e1175bSopenharmony_ci * start failed. */ 7700a8e1175bSopenharmony_ci actual_status = psa_verify_hash_complete(&operation); 7701a8e1175bSopenharmony_ci 7702a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); 7703a8e1175bSopenharmony_ci 7704a8e1175bSopenharmony_ci /* Test that calling start again after failure also causes BAD_STATE. */ 7705a8e1175bSopenharmony_ci actual_status = psa_verify_hash_start(&operation, key, alg, 7706a8e1175bSopenharmony_ci hash_data->x, hash_data->len, 7707a8e1175bSopenharmony_ci signature_data->x, 7708a8e1175bSopenharmony_ci signature_data->len); 7709a8e1175bSopenharmony_ci 7710a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); 7711a8e1175bSopenharmony_ci } 7712a8e1175bSopenharmony_ci 7713a8e1175bSopenharmony_ci num_ops_prior = psa_verify_hash_get_num_ops(&operation); 7714a8e1175bSopenharmony_ci TEST_ASSERT(num_ops_prior == 0); 7715a8e1175bSopenharmony_ci 7716a8e1175bSopenharmony_ci /* Continue performing the signature until complete. */ 7717a8e1175bSopenharmony_ci do { 7718a8e1175bSopenharmony_ci actual_status = psa_verify_hash_complete(&operation); 7719a8e1175bSopenharmony_ci 7720a8e1175bSopenharmony_ci num_completes++; 7721a8e1175bSopenharmony_ci 7722a8e1175bSopenharmony_ci if (actual_status == PSA_SUCCESS || 7723a8e1175bSopenharmony_ci actual_status == PSA_OPERATION_INCOMPLETE) { 7724a8e1175bSopenharmony_ci num_ops = psa_verify_hash_get_num_ops(&operation); 7725a8e1175bSopenharmony_ci /* We are asserting here that every complete makes progress 7726a8e1175bSopenharmony_ci * (completes some ops), which is true of the internal 7727a8e1175bSopenharmony_ci * implementation and probably any implementation, however this is 7728a8e1175bSopenharmony_ci * not mandated by the PSA specification. */ 7729a8e1175bSopenharmony_ci TEST_ASSERT(num_ops > num_ops_prior); 7730a8e1175bSopenharmony_ci 7731a8e1175bSopenharmony_ci num_ops_prior = num_ops; 7732a8e1175bSopenharmony_ci } 7733a8e1175bSopenharmony_ci } while (actual_status == PSA_OPERATION_INCOMPLETE); 7734a8e1175bSopenharmony_ci 7735a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_complete_status); 7736a8e1175bSopenharmony_ci 7737a8e1175bSopenharmony_ci /* Check that another complete returns BAD_STATE. */ 7738a8e1175bSopenharmony_ci actual_status = psa_verify_hash_complete(&operation); 7739a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); 7740a8e1175bSopenharmony_ci 7741a8e1175bSopenharmony_ci TEST_LE_U(min_completes, num_completes); 7742a8e1175bSopenharmony_ci TEST_LE_U(num_completes, max_completes); 7743a8e1175bSopenharmony_ci 7744a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&operation)); 7745a8e1175bSopenharmony_ci 7746a8e1175bSopenharmony_ci num_ops = psa_verify_hash_get_num_ops(&operation); 7747a8e1175bSopenharmony_ci TEST_ASSERT(num_ops == 0); 7748a8e1175bSopenharmony_ci 7749a8e1175bSopenharmony_ciexit: 7750a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 7751a8e1175bSopenharmony_ci psa_destroy_key(key); 7752a8e1175bSopenharmony_ci PSA_DONE(); 7753a8e1175bSopenharmony_ci} 7754a8e1175bSopenharmony_ci/* END_CASE */ 7755a8e1175bSopenharmony_ci 7756a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 7757a8e1175bSopenharmony_ci/** 7758a8e1175bSopenharmony_ci * interruptible_signverify_hash_state_test() test intentions: 7759a8e1175bSopenharmony_ci * 7760a8e1175bSopenharmony_ci * Note: This test can currently only handle ECDSA. 7761a8e1175bSopenharmony_ci * 7762a8e1175bSopenharmony_ci * 1. Test that calling the various interruptible sign and verify hash functions 7763a8e1175bSopenharmony_ci * in incorrect orders returns BAD_STATE errors. 7764a8e1175bSopenharmony_ci */ 7765a8e1175bSopenharmony_civoid interruptible_signverify_hash_state_test(int key_type_arg, 7766a8e1175bSopenharmony_ci data_t *key_data, int alg_arg, data_t *input_data) 7767a8e1175bSopenharmony_ci{ 7768a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 7769a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 7770a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 7771a8e1175bSopenharmony_ci size_t key_bits; 7772a8e1175bSopenharmony_ci unsigned char *signature = NULL; 7773a8e1175bSopenharmony_ci size_t signature_size; 7774a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 7775a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 7776a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_t sign_operation = 7777a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_init(); 7778a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_t verify_operation = 7779a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_init(); 7780a8e1175bSopenharmony_ci 7781a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 7782a8e1175bSopenharmony_ci 7783a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | 7784a8e1175bSopenharmony_ci PSA_KEY_USAGE_VERIFY_HASH); 7785a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 7786a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 7787a8e1175bSopenharmony_ci 7788a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 7789a8e1175bSopenharmony_ci &key)); 7790a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 7791a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 7792a8e1175bSopenharmony_ci 7793a8e1175bSopenharmony_ci /* Allocate a buffer which has the size advertised by the 7794a8e1175bSopenharmony_ci * library. */ 7795a8e1175bSopenharmony_ci signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, 7796a8e1175bSopenharmony_ci key_bits, alg); 7797a8e1175bSopenharmony_ci TEST_ASSERT(signature_size != 0); 7798a8e1175bSopenharmony_ci TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); 7799a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 7800a8e1175bSopenharmony_ci 7801a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); 7802a8e1175bSopenharmony_ci 7803a8e1175bSopenharmony_ci /* --- Attempt completes prior to starts --- */ 7804a8e1175bSopenharmony_ci TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, 7805a8e1175bSopenharmony_ci signature_size, 7806a8e1175bSopenharmony_ci &signature_length), 7807a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 7808a8e1175bSopenharmony_ci 7809a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 7810a8e1175bSopenharmony_ci 7811a8e1175bSopenharmony_ci TEST_EQUAL(psa_verify_hash_complete(&verify_operation), 7812a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 7813a8e1175bSopenharmony_ci 7814a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 7815a8e1175bSopenharmony_ci 7816a8e1175bSopenharmony_ci /* --- Aborts in all other places. --- */ 7817a8e1175bSopenharmony_ci psa_sign_hash_abort(&sign_operation); 7818a8e1175bSopenharmony_ci 7819a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 7820a8e1175bSopenharmony_ci input_data->x, input_data->len)); 7821a8e1175bSopenharmony_ci 7822a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 7823a8e1175bSopenharmony_ci 7824a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(1); 7825a8e1175bSopenharmony_ci 7826a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 7827a8e1175bSopenharmony_ci input_data->x, input_data->len)); 7828a8e1175bSopenharmony_ci 7829a8e1175bSopenharmony_ci TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, 7830a8e1175bSopenharmony_ci signature_size, 7831a8e1175bSopenharmony_ci &signature_length), 7832a8e1175bSopenharmony_ci PSA_OPERATION_INCOMPLETE); 7833a8e1175bSopenharmony_ci 7834a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 7835a8e1175bSopenharmony_ci 7836a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); 7837a8e1175bSopenharmony_ci 7838a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 7839a8e1175bSopenharmony_ci input_data->x, input_data->len)); 7840a8e1175bSopenharmony_ci 7841a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature, 7842a8e1175bSopenharmony_ci signature_size, 7843a8e1175bSopenharmony_ci &signature_length)); 7844a8e1175bSopenharmony_ci 7845a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 7846a8e1175bSopenharmony_ci 7847a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 7848a8e1175bSopenharmony_ci 7849a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 7850a8e1175bSopenharmony_ci input_data->x, input_data->len, 7851a8e1175bSopenharmony_ci signature, signature_length)); 7852a8e1175bSopenharmony_ci 7853a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 7854a8e1175bSopenharmony_ci 7855a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(1); 7856a8e1175bSopenharmony_ci 7857a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 7858a8e1175bSopenharmony_ci input_data->x, input_data->len, 7859a8e1175bSopenharmony_ci signature, signature_length)); 7860a8e1175bSopenharmony_ci 7861a8e1175bSopenharmony_ci TEST_EQUAL(psa_verify_hash_complete(&verify_operation), 7862a8e1175bSopenharmony_ci PSA_OPERATION_INCOMPLETE); 7863a8e1175bSopenharmony_ci 7864a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 7865a8e1175bSopenharmony_ci 7866a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); 7867a8e1175bSopenharmony_ci 7868a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 7869a8e1175bSopenharmony_ci input_data->x, input_data->len, 7870a8e1175bSopenharmony_ci signature, signature_length)); 7871a8e1175bSopenharmony_ci 7872a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_complete(&verify_operation)); 7873a8e1175bSopenharmony_ci 7874a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 7875a8e1175bSopenharmony_ci 7876a8e1175bSopenharmony_ci /* --- Attempt double starts. --- */ 7877a8e1175bSopenharmony_ci 7878a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 7879a8e1175bSopenharmony_ci input_data->x, input_data->len)); 7880a8e1175bSopenharmony_ci 7881a8e1175bSopenharmony_ci TEST_EQUAL(psa_sign_hash_start(&sign_operation, key, alg, 7882a8e1175bSopenharmony_ci input_data->x, input_data->len), 7883a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 7884a8e1175bSopenharmony_ci 7885a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 7886a8e1175bSopenharmony_ci 7887a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 7888a8e1175bSopenharmony_ci input_data->x, input_data->len, 7889a8e1175bSopenharmony_ci signature, signature_length)); 7890a8e1175bSopenharmony_ci 7891a8e1175bSopenharmony_ci TEST_EQUAL(psa_verify_hash_start(&verify_operation, key, alg, 7892a8e1175bSopenharmony_ci input_data->x, input_data->len, 7893a8e1175bSopenharmony_ci signature, signature_length), 7894a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 7895a8e1175bSopenharmony_ci 7896a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 7897a8e1175bSopenharmony_ci 7898a8e1175bSopenharmony_ciexit: 7899a8e1175bSopenharmony_ci /* 7900a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 7901a8e1175bSopenharmony_ci * thus reset them as required. 7902a8e1175bSopenharmony_ci */ 7903a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 7904a8e1175bSopenharmony_ci 7905a8e1175bSopenharmony_ci psa_destroy_key(key); 7906a8e1175bSopenharmony_ci mbedtls_free(signature); 7907a8e1175bSopenharmony_ci PSA_DONE(); 7908a8e1175bSopenharmony_ci} 7909a8e1175bSopenharmony_ci/* END_CASE */ 7910a8e1175bSopenharmony_ci 7911a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 7912a8e1175bSopenharmony_ci/** 7913a8e1175bSopenharmony_ci * interruptible_signverify_hash_edgecase_tests() test intentions: 7914a8e1175bSopenharmony_ci * 7915a8e1175bSopenharmony_ci * Note: This test can currently only handle ECDSA. 7916a8e1175bSopenharmony_ci * 7917a8e1175bSopenharmony_ci * 1. Test various edge cases in the interruptible sign and verify hash 7918a8e1175bSopenharmony_ci * interfaces. 7919a8e1175bSopenharmony_ci */ 7920a8e1175bSopenharmony_civoid interruptible_signverify_hash_edgecase_tests(int key_type_arg, 7921a8e1175bSopenharmony_ci data_t *key_data, int alg_arg, data_t *input_data) 7922a8e1175bSopenharmony_ci{ 7923a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 7924a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 7925a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 7926a8e1175bSopenharmony_ci size_t key_bits; 7927a8e1175bSopenharmony_ci unsigned char *signature = NULL; 7928a8e1175bSopenharmony_ci size_t signature_size; 7929a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 7930a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 7931a8e1175bSopenharmony_ci uint8_t *input_buffer = NULL; 7932a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_t sign_operation = 7933a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_init(); 7934a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_t verify_operation = 7935a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_init(); 7936a8e1175bSopenharmony_ci 7937a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 7938a8e1175bSopenharmony_ci 7939a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | 7940a8e1175bSopenharmony_ci PSA_KEY_USAGE_VERIFY_HASH); 7941a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 7942a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 7943a8e1175bSopenharmony_ci 7944a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 7945a8e1175bSopenharmony_ci &key)); 7946a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 7947a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 7948a8e1175bSopenharmony_ci 7949a8e1175bSopenharmony_ci /* Allocate a buffer which has the size advertised by the 7950a8e1175bSopenharmony_ci * library. */ 7951a8e1175bSopenharmony_ci signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, 7952a8e1175bSopenharmony_ci key_bits, alg); 7953a8e1175bSopenharmony_ci TEST_ASSERT(signature_size != 0); 7954a8e1175bSopenharmony_ci TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); 7955a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 7956a8e1175bSopenharmony_ci 7957a8e1175bSopenharmony_ci /* --- Change function inputs mid run, to cause an error (sign only, 7958a8e1175bSopenharmony_ci * verify passes all inputs to start. --- */ 7959a8e1175bSopenharmony_ci 7960a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(1); 7961a8e1175bSopenharmony_ci 7962a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 7963a8e1175bSopenharmony_ci input_data->x, input_data->len)); 7964a8e1175bSopenharmony_ci 7965a8e1175bSopenharmony_ci TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, 7966a8e1175bSopenharmony_ci signature_size, 7967a8e1175bSopenharmony_ci &signature_length), 7968a8e1175bSopenharmony_ci PSA_OPERATION_INCOMPLETE); 7969a8e1175bSopenharmony_ci 7970a8e1175bSopenharmony_ci TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, 7971a8e1175bSopenharmony_ci 0, 7972a8e1175bSopenharmony_ci &signature_length), 7973a8e1175bSopenharmony_ci PSA_ERROR_BUFFER_TOO_SMALL); 7974a8e1175bSopenharmony_ci 7975a8e1175bSopenharmony_ci /* And test that this invalidates the operation. */ 7976a8e1175bSopenharmony_ci TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, 7977a8e1175bSopenharmony_ci 0, 7978a8e1175bSopenharmony_ci &signature_length), 7979a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 7980a8e1175bSopenharmony_ci 7981a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 7982a8e1175bSopenharmony_ci 7983a8e1175bSopenharmony_ci /* Trash the hash buffer in between start and complete, to ensure 7984a8e1175bSopenharmony_ci * no reliance on external buffers. */ 7985a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); 7986a8e1175bSopenharmony_ci 7987a8e1175bSopenharmony_ci TEST_CALLOC(input_buffer, input_data->len); 7988a8e1175bSopenharmony_ci 7989a8e1175bSopenharmony_ci memcpy(input_buffer, input_data->x, input_data->len); 7990a8e1175bSopenharmony_ci 7991a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 7992a8e1175bSopenharmony_ci input_buffer, input_data->len)); 7993a8e1175bSopenharmony_ci 7994a8e1175bSopenharmony_ci memset(input_buffer, '!', input_data->len); 7995a8e1175bSopenharmony_ci mbedtls_free(input_buffer); 7996a8e1175bSopenharmony_ci input_buffer = NULL; 7997a8e1175bSopenharmony_ci 7998a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature, 7999a8e1175bSopenharmony_ci signature_size, 8000a8e1175bSopenharmony_ci &signature_length)); 8001a8e1175bSopenharmony_ci 8002a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 8003a8e1175bSopenharmony_ci 8004a8e1175bSopenharmony_ci TEST_CALLOC(input_buffer, input_data->len); 8005a8e1175bSopenharmony_ci 8006a8e1175bSopenharmony_ci memcpy(input_buffer, input_data->x, input_data->len); 8007a8e1175bSopenharmony_ci 8008a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 8009a8e1175bSopenharmony_ci input_buffer, input_data->len, 8010a8e1175bSopenharmony_ci signature, signature_length)); 8011a8e1175bSopenharmony_ci 8012a8e1175bSopenharmony_ci memset(input_buffer, '!', input_data->len); 8013a8e1175bSopenharmony_ci mbedtls_free(input_buffer); 8014a8e1175bSopenharmony_ci input_buffer = NULL; 8015a8e1175bSopenharmony_ci 8016a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_complete(&verify_operation)); 8017a8e1175bSopenharmony_ci 8018a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 8019a8e1175bSopenharmony_ci 8020a8e1175bSopenharmony_ciexit: 8021a8e1175bSopenharmony_ci /* 8022a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 8023a8e1175bSopenharmony_ci * thus reset them as required. 8024a8e1175bSopenharmony_ci */ 8025a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8026a8e1175bSopenharmony_ci 8027a8e1175bSopenharmony_ci psa_destroy_key(key); 8028a8e1175bSopenharmony_ci mbedtls_free(signature); 8029a8e1175bSopenharmony_ci mbedtls_free(input_buffer); 8030a8e1175bSopenharmony_ci PSA_DONE(); 8031a8e1175bSopenharmony_ci} 8032a8e1175bSopenharmony_ci/* END_CASE */ 8033a8e1175bSopenharmony_ci 8034a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ 8035a8e1175bSopenharmony_ci/** 8036a8e1175bSopenharmony_ci * interruptible_signverify_hash_ops_tests() test intentions: 8037a8e1175bSopenharmony_ci * 8038a8e1175bSopenharmony_ci * Note: This test can currently only handle ECDSA. 8039a8e1175bSopenharmony_ci * 8040a8e1175bSopenharmony_ci * 1. Test that setting max ops is reflected in both interruptible sign and 8041a8e1175bSopenharmony_ci * verify hash 8042a8e1175bSopenharmony_ci * 2. Test that changing the value of max_ops to unlimited during an operation 8043a8e1175bSopenharmony_ci * causes that operation to complete in the next call. 8044a8e1175bSopenharmony_ci * 8045a8e1175bSopenharmony_ci * 3. Test that calling get_num_ops() between complete calls gives the same 8046a8e1175bSopenharmony_ci * result as calling get_num_ops() once at the end of the operation. 8047a8e1175bSopenharmony_ci */ 8048a8e1175bSopenharmony_civoid interruptible_signverify_hash_ops_tests(int key_type_arg, 8049a8e1175bSopenharmony_ci data_t *key_data, int alg_arg, 8050a8e1175bSopenharmony_ci data_t *input_data) 8051a8e1175bSopenharmony_ci{ 8052a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8053a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 8054a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8055a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8056a8e1175bSopenharmony_ci size_t key_bits; 8057a8e1175bSopenharmony_ci unsigned char *signature = NULL; 8058a8e1175bSopenharmony_ci size_t signature_size; 8059a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 8060a8e1175bSopenharmony_ci uint32_t num_ops = 0; 8061a8e1175bSopenharmony_ci psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 8062a8e1175bSopenharmony_ci 8063a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_t sign_operation = 8064a8e1175bSopenharmony_ci psa_sign_hash_interruptible_operation_init(); 8065a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_t verify_operation = 8066a8e1175bSopenharmony_ci psa_verify_hash_interruptible_operation_init(); 8067a8e1175bSopenharmony_ci 8068a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8069a8e1175bSopenharmony_ci 8070a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | 8071a8e1175bSopenharmony_ci PSA_KEY_USAGE_VERIFY_HASH); 8072a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8073a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8074a8e1175bSopenharmony_ci 8075a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); 8076a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 8077a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 8078a8e1175bSopenharmony_ci 8079a8e1175bSopenharmony_ci /* Allocate a buffer which has the size advertised by the 8080a8e1175bSopenharmony_ci * library. */ 8081a8e1175bSopenharmony_ci signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 8082a8e1175bSopenharmony_ci 8083a8e1175bSopenharmony_ci TEST_ASSERT(signature_size != 0); 8084a8e1175bSopenharmony_ci TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); 8085a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 8086a8e1175bSopenharmony_ci 8087a8e1175bSopenharmony_ci /* Check that default max ops gets set if we don't set it. */ 8088a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 8089a8e1175bSopenharmony_ci input_data->x, input_data->len)); 8090a8e1175bSopenharmony_ci 8091a8e1175bSopenharmony_ci TEST_EQUAL(psa_interruptible_get_max_ops(), 8092a8e1175bSopenharmony_ci PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); 8093a8e1175bSopenharmony_ci 8094a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 8095a8e1175bSopenharmony_ci 8096a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 8097a8e1175bSopenharmony_ci input_data->x, input_data->len, 8098a8e1175bSopenharmony_ci signature, signature_size)); 8099a8e1175bSopenharmony_ci 8100a8e1175bSopenharmony_ci TEST_EQUAL(psa_interruptible_get_max_ops(), 8101a8e1175bSopenharmony_ci PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); 8102a8e1175bSopenharmony_ci 8103a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 8104a8e1175bSopenharmony_ci 8105a8e1175bSopenharmony_ci /* Check that max ops gets set properly. */ 8106a8e1175bSopenharmony_ci 8107a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(0xbeef); 8108a8e1175bSopenharmony_ci 8109a8e1175bSopenharmony_ci TEST_EQUAL(psa_interruptible_get_max_ops(), 0xbeef); 8110a8e1175bSopenharmony_ci 8111a8e1175bSopenharmony_ci /* --- Ensure changing the max ops mid operation works (operation should 8112a8e1175bSopenharmony_ci * complete successfully after setting max ops to unlimited --- */ 8113a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(1); 8114a8e1175bSopenharmony_ci 8115a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 8116a8e1175bSopenharmony_ci input_data->x, input_data->len)); 8117a8e1175bSopenharmony_ci 8118a8e1175bSopenharmony_ci TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, 8119a8e1175bSopenharmony_ci signature_size, 8120a8e1175bSopenharmony_ci &signature_length), 8121a8e1175bSopenharmony_ci PSA_OPERATION_INCOMPLETE); 8122a8e1175bSopenharmony_ci 8123a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); 8124a8e1175bSopenharmony_ci 8125a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature, 8126a8e1175bSopenharmony_ci signature_size, 8127a8e1175bSopenharmony_ci &signature_length)); 8128a8e1175bSopenharmony_ci 8129a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 8130a8e1175bSopenharmony_ci 8131a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(1); 8132a8e1175bSopenharmony_ci 8133a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 8134a8e1175bSopenharmony_ci input_data->x, input_data->len, 8135a8e1175bSopenharmony_ci signature, signature_length)); 8136a8e1175bSopenharmony_ci 8137a8e1175bSopenharmony_ci TEST_EQUAL(psa_verify_hash_complete(&verify_operation), 8138a8e1175bSopenharmony_ci PSA_OPERATION_INCOMPLETE); 8139a8e1175bSopenharmony_ci 8140a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); 8141a8e1175bSopenharmony_ci 8142a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_complete(&verify_operation)); 8143a8e1175bSopenharmony_ci 8144a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 8145a8e1175bSopenharmony_ci 8146a8e1175bSopenharmony_ci /* --- Test that not calling get_num_ops inbetween complete calls does not 8147a8e1175bSopenharmony_ci * result in lost ops. ---*/ 8148a8e1175bSopenharmony_ci 8149a8e1175bSopenharmony_ci psa_interruptible_set_max_ops(1); 8150a8e1175bSopenharmony_ci 8151a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 8152a8e1175bSopenharmony_ci input_data->x, input_data->len)); 8153a8e1175bSopenharmony_ci 8154a8e1175bSopenharmony_ci /* Continue performing the signature until complete. */ 8155a8e1175bSopenharmony_ci do { 8156a8e1175bSopenharmony_ci status = psa_sign_hash_complete(&sign_operation, signature, 8157a8e1175bSopenharmony_ci signature_size, 8158a8e1175bSopenharmony_ci &signature_length); 8159a8e1175bSopenharmony_ci 8160a8e1175bSopenharmony_ci num_ops = psa_sign_hash_get_num_ops(&sign_operation); 8161a8e1175bSopenharmony_ci 8162a8e1175bSopenharmony_ci } while (status == PSA_OPERATION_INCOMPLETE); 8163a8e1175bSopenharmony_ci 8164a8e1175bSopenharmony_ci PSA_ASSERT(status); 8165a8e1175bSopenharmony_ci 8166a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 8167a8e1175bSopenharmony_ci 8168a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, 8169a8e1175bSopenharmony_ci input_data->x, input_data->len)); 8170a8e1175bSopenharmony_ci 8171a8e1175bSopenharmony_ci /* Continue performing the signature until complete. */ 8172a8e1175bSopenharmony_ci do { 8173a8e1175bSopenharmony_ci status = psa_sign_hash_complete(&sign_operation, signature, 8174a8e1175bSopenharmony_ci signature_size, 8175a8e1175bSopenharmony_ci &signature_length); 8176a8e1175bSopenharmony_ci } while (status == PSA_OPERATION_INCOMPLETE); 8177a8e1175bSopenharmony_ci 8178a8e1175bSopenharmony_ci PSA_ASSERT(status); 8179a8e1175bSopenharmony_ci 8180a8e1175bSopenharmony_ci TEST_EQUAL(num_ops, psa_sign_hash_get_num_ops(&sign_operation)); 8181a8e1175bSopenharmony_ci 8182a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); 8183a8e1175bSopenharmony_ci 8184a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 8185a8e1175bSopenharmony_ci input_data->x, input_data->len, 8186a8e1175bSopenharmony_ci signature, signature_length)); 8187a8e1175bSopenharmony_ci 8188a8e1175bSopenharmony_ci /* Continue performing the verification until complete. */ 8189a8e1175bSopenharmony_ci do { 8190a8e1175bSopenharmony_ci status = psa_verify_hash_complete(&verify_operation); 8191a8e1175bSopenharmony_ci 8192a8e1175bSopenharmony_ci num_ops = psa_verify_hash_get_num_ops(&verify_operation); 8193a8e1175bSopenharmony_ci 8194a8e1175bSopenharmony_ci } while (status == PSA_OPERATION_INCOMPLETE); 8195a8e1175bSopenharmony_ci 8196a8e1175bSopenharmony_ci PSA_ASSERT(status); 8197a8e1175bSopenharmony_ci 8198a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 8199a8e1175bSopenharmony_ci 8200a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, 8201a8e1175bSopenharmony_ci input_data->x, input_data->len, 8202a8e1175bSopenharmony_ci signature, signature_length)); 8203a8e1175bSopenharmony_ci 8204a8e1175bSopenharmony_ci /* Continue performing the verification until complete. */ 8205a8e1175bSopenharmony_ci do { 8206a8e1175bSopenharmony_ci status = psa_verify_hash_complete(&verify_operation); 8207a8e1175bSopenharmony_ci 8208a8e1175bSopenharmony_ci } while (status == PSA_OPERATION_INCOMPLETE); 8209a8e1175bSopenharmony_ci 8210a8e1175bSopenharmony_ci PSA_ASSERT(status); 8211a8e1175bSopenharmony_ci 8212a8e1175bSopenharmony_ci TEST_EQUAL(num_ops, psa_verify_hash_get_num_ops(&verify_operation)); 8213a8e1175bSopenharmony_ci 8214a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); 8215a8e1175bSopenharmony_ci 8216a8e1175bSopenharmony_ciexit: 8217a8e1175bSopenharmony_ci /* 8218a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 8219a8e1175bSopenharmony_ci * thus reset them as required. 8220a8e1175bSopenharmony_ci */ 8221a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8222a8e1175bSopenharmony_ci 8223a8e1175bSopenharmony_ci psa_destroy_key(key); 8224a8e1175bSopenharmony_ci mbedtls_free(signature); 8225a8e1175bSopenharmony_ci PSA_DONE(); 8226a8e1175bSopenharmony_ci} 8227a8e1175bSopenharmony_ci/* END_CASE */ 8228a8e1175bSopenharmony_ci 8229a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8230a8e1175bSopenharmony_civoid sign_message_deterministic(int key_type_arg, 8231a8e1175bSopenharmony_ci data_t *key_data, 8232a8e1175bSopenharmony_ci int alg_arg, 8233a8e1175bSopenharmony_ci data_t *input_data, 8234a8e1175bSopenharmony_ci data_t *output_data) 8235a8e1175bSopenharmony_ci{ 8236a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8237a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 8238a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8239a8e1175bSopenharmony_ci size_t key_bits; 8240a8e1175bSopenharmony_ci unsigned char *signature = NULL; 8241a8e1175bSopenharmony_ci size_t signature_size; 8242a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 8243a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8244a8e1175bSopenharmony_ci 8245a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8246a8e1175bSopenharmony_ci 8247a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); 8248a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8249a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8250a8e1175bSopenharmony_ci 8251a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 8252a8e1175bSopenharmony_ci &key)); 8253a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 8254a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 8255a8e1175bSopenharmony_ci 8256a8e1175bSopenharmony_ci signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 8257a8e1175bSopenharmony_ci TEST_ASSERT(signature_size != 0); 8258a8e1175bSopenharmony_ci TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); 8259a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 8260a8e1175bSopenharmony_ci 8261a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_message(key, alg, 8262a8e1175bSopenharmony_ci input_data->x, input_data->len, 8263a8e1175bSopenharmony_ci signature, signature_size, 8264a8e1175bSopenharmony_ci &signature_length)); 8265a8e1175bSopenharmony_ci 8266a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output_data->x, output_data->len, 8267a8e1175bSopenharmony_ci signature, signature_length); 8268a8e1175bSopenharmony_ci 8269a8e1175bSopenharmony_ciexit: 8270a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8271a8e1175bSopenharmony_ci 8272a8e1175bSopenharmony_ci psa_destroy_key(key); 8273a8e1175bSopenharmony_ci mbedtls_free(signature); 8274a8e1175bSopenharmony_ci PSA_DONE(); 8275a8e1175bSopenharmony_ci 8276a8e1175bSopenharmony_ci} 8277a8e1175bSopenharmony_ci/* END_CASE */ 8278a8e1175bSopenharmony_ci 8279a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8280a8e1175bSopenharmony_civoid sign_message_fail(int key_type_arg, 8281a8e1175bSopenharmony_ci data_t *key_data, 8282a8e1175bSopenharmony_ci int alg_arg, 8283a8e1175bSopenharmony_ci data_t *input_data, 8284a8e1175bSopenharmony_ci int signature_size_arg, 8285a8e1175bSopenharmony_ci int expected_status_arg) 8286a8e1175bSopenharmony_ci{ 8287a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8288a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 8289a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8290a8e1175bSopenharmony_ci size_t signature_size = signature_size_arg; 8291a8e1175bSopenharmony_ci psa_status_t actual_status; 8292a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 8293a8e1175bSopenharmony_ci unsigned char *signature = NULL; 8294a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 8295a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8296a8e1175bSopenharmony_ci 8297a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 8298a8e1175bSopenharmony_ci 8299a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8300a8e1175bSopenharmony_ci 8301a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); 8302a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8303a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8304a8e1175bSopenharmony_ci 8305a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 8306a8e1175bSopenharmony_ci &key)); 8307a8e1175bSopenharmony_ci 8308a8e1175bSopenharmony_ci actual_status = psa_sign_message(key, alg, 8309a8e1175bSopenharmony_ci input_data->x, input_data->len, 8310a8e1175bSopenharmony_ci signature, signature_size, 8311a8e1175bSopenharmony_ci &signature_length); 8312a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_status); 8313a8e1175bSopenharmony_ci /* The value of *signature_length is unspecified on error, but 8314a8e1175bSopenharmony_ci * whatever it is, it should be less than signature_size, so that 8315a8e1175bSopenharmony_ci * if the caller tries to read *signature_length bytes without 8316a8e1175bSopenharmony_ci * checking the error code then they don't overflow a buffer. */ 8317a8e1175bSopenharmony_ci TEST_LE_U(signature_length, signature_size); 8318a8e1175bSopenharmony_ci 8319a8e1175bSopenharmony_ciexit: 8320a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8321a8e1175bSopenharmony_ci psa_destroy_key(key); 8322a8e1175bSopenharmony_ci mbedtls_free(signature); 8323a8e1175bSopenharmony_ci PSA_DONE(); 8324a8e1175bSopenharmony_ci} 8325a8e1175bSopenharmony_ci/* END_CASE */ 8326a8e1175bSopenharmony_ci 8327a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8328a8e1175bSopenharmony_civoid sign_verify_message(int key_type_arg, 8329a8e1175bSopenharmony_ci data_t *key_data, 8330a8e1175bSopenharmony_ci int alg_arg, 8331a8e1175bSopenharmony_ci data_t *input_data) 8332a8e1175bSopenharmony_ci{ 8333a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8334a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 8335a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8336a8e1175bSopenharmony_ci size_t key_bits; 8337a8e1175bSopenharmony_ci unsigned char *signature = NULL; 8338a8e1175bSopenharmony_ci size_t signature_size; 8339a8e1175bSopenharmony_ci size_t signature_length = 0xdeadbeef; 8340a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8341a8e1175bSopenharmony_ci 8342a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8343a8e1175bSopenharmony_ci 8344a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | 8345a8e1175bSopenharmony_ci PSA_KEY_USAGE_VERIFY_MESSAGE); 8346a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8347a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8348a8e1175bSopenharmony_ci 8349a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 8350a8e1175bSopenharmony_ci &key)); 8351a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 8352a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 8353a8e1175bSopenharmony_ci 8354a8e1175bSopenharmony_ci signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 8355a8e1175bSopenharmony_ci TEST_ASSERT(signature_size != 0); 8356a8e1175bSopenharmony_ci TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); 8357a8e1175bSopenharmony_ci TEST_CALLOC(signature, signature_size); 8358a8e1175bSopenharmony_ci 8359a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_message(key, alg, 8360a8e1175bSopenharmony_ci input_data->x, input_data->len, 8361a8e1175bSopenharmony_ci signature, signature_size, 8362a8e1175bSopenharmony_ci &signature_length)); 8363a8e1175bSopenharmony_ci TEST_LE_U(signature_length, signature_size); 8364a8e1175bSopenharmony_ci TEST_ASSERT(signature_length > 0); 8365a8e1175bSopenharmony_ci 8366a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_message(key, alg, 8367a8e1175bSopenharmony_ci input_data->x, input_data->len, 8368a8e1175bSopenharmony_ci signature, signature_length)); 8369a8e1175bSopenharmony_ci 8370a8e1175bSopenharmony_ci if (input_data->len != 0) { 8371a8e1175bSopenharmony_ci /* Flip a bit in the input and verify that the signature is now 8372a8e1175bSopenharmony_ci * detected as invalid. Flip a bit at the beginning, not at the end, 8373a8e1175bSopenharmony_ci * because ECDSA may ignore the last few bits of the input. */ 8374a8e1175bSopenharmony_ci input_data->x[0] ^= 1; 8375a8e1175bSopenharmony_ci TEST_EQUAL(psa_verify_message(key, alg, 8376a8e1175bSopenharmony_ci input_data->x, input_data->len, 8377a8e1175bSopenharmony_ci signature, signature_length), 8378a8e1175bSopenharmony_ci PSA_ERROR_INVALID_SIGNATURE); 8379a8e1175bSopenharmony_ci } 8380a8e1175bSopenharmony_ci 8381a8e1175bSopenharmony_ciexit: 8382a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8383a8e1175bSopenharmony_ci 8384a8e1175bSopenharmony_ci psa_destroy_key(key); 8385a8e1175bSopenharmony_ci mbedtls_free(signature); 8386a8e1175bSopenharmony_ci PSA_DONE(); 8387a8e1175bSopenharmony_ci} 8388a8e1175bSopenharmony_ci/* END_CASE */ 8389a8e1175bSopenharmony_ci 8390a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8391a8e1175bSopenharmony_civoid verify_message(int key_type_arg, 8392a8e1175bSopenharmony_ci data_t *key_data, 8393a8e1175bSopenharmony_ci int alg_arg, 8394a8e1175bSopenharmony_ci data_t *input_data, 8395a8e1175bSopenharmony_ci data_t *signature_data) 8396a8e1175bSopenharmony_ci{ 8397a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8398a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 8399a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8400a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8401a8e1175bSopenharmony_ci 8402a8e1175bSopenharmony_ci TEST_LE_U(signature_data->len, PSA_SIGNATURE_MAX_SIZE); 8403a8e1175bSopenharmony_ci 8404a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8405a8e1175bSopenharmony_ci 8406a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 8407a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8408a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8409a8e1175bSopenharmony_ci 8410a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 8411a8e1175bSopenharmony_ci &key)); 8412a8e1175bSopenharmony_ci 8413a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_message(key, alg, 8414a8e1175bSopenharmony_ci input_data->x, input_data->len, 8415a8e1175bSopenharmony_ci signature_data->x, signature_data->len)); 8416a8e1175bSopenharmony_ci 8417a8e1175bSopenharmony_ciexit: 8418a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8419a8e1175bSopenharmony_ci psa_destroy_key(key); 8420a8e1175bSopenharmony_ci PSA_DONE(); 8421a8e1175bSopenharmony_ci} 8422a8e1175bSopenharmony_ci/* END_CASE */ 8423a8e1175bSopenharmony_ci 8424a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8425a8e1175bSopenharmony_civoid verify_message_fail(int key_type_arg, 8426a8e1175bSopenharmony_ci data_t *key_data, 8427a8e1175bSopenharmony_ci int alg_arg, 8428a8e1175bSopenharmony_ci data_t *hash_data, 8429a8e1175bSopenharmony_ci data_t *signature_data, 8430a8e1175bSopenharmony_ci int expected_status_arg) 8431a8e1175bSopenharmony_ci{ 8432a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8433a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 8434a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8435a8e1175bSopenharmony_ci psa_status_t actual_status; 8436a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 8437a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8438a8e1175bSopenharmony_ci 8439a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8440a8e1175bSopenharmony_ci 8441a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 8442a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8443a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8444a8e1175bSopenharmony_ci 8445a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 8446a8e1175bSopenharmony_ci &key)); 8447a8e1175bSopenharmony_ci 8448a8e1175bSopenharmony_ci actual_status = psa_verify_message(key, alg, 8449a8e1175bSopenharmony_ci hash_data->x, hash_data->len, 8450a8e1175bSopenharmony_ci signature_data->x, 8451a8e1175bSopenharmony_ci signature_data->len); 8452a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_status); 8453a8e1175bSopenharmony_ci 8454a8e1175bSopenharmony_ciexit: 8455a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8456a8e1175bSopenharmony_ci psa_destroy_key(key); 8457a8e1175bSopenharmony_ci PSA_DONE(); 8458a8e1175bSopenharmony_ci} 8459a8e1175bSopenharmony_ci/* END_CASE */ 8460a8e1175bSopenharmony_ci 8461a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8462a8e1175bSopenharmony_civoid asymmetric_encrypt(int key_type_arg, 8463a8e1175bSopenharmony_ci data_t *key_data, 8464a8e1175bSopenharmony_ci int alg_arg, 8465a8e1175bSopenharmony_ci data_t *input_data, 8466a8e1175bSopenharmony_ci data_t *label, 8467a8e1175bSopenharmony_ci int expected_output_length_arg, 8468a8e1175bSopenharmony_ci int expected_status_arg) 8469a8e1175bSopenharmony_ci{ 8470a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8471a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 8472a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8473a8e1175bSopenharmony_ci size_t expected_output_length = expected_output_length_arg; 8474a8e1175bSopenharmony_ci size_t key_bits; 8475a8e1175bSopenharmony_ci unsigned char *output = NULL; 8476a8e1175bSopenharmony_ci size_t output_size; 8477a8e1175bSopenharmony_ci size_t output_length = ~0; 8478a8e1175bSopenharmony_ci psa_status_t actual_status; 8479a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 8480a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8481a8e1175bSopenharmony_ci 8482a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8483a8e1175bSopenharmony_ci 8484a8e1175bSopenharmony_ci /* Import the key */ 8485a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 8486a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8487a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8488a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 8489a8e1175bSopenharmony_ci &key)); 8490a8e1175bSopenharmony_ci 8491a8e1175bSopenharmony_ci /* Determine the maximum output length */ 8492a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 8493a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 8494a8e1175bSopenharmony_ci 8495a8e1175bSopenharmony_ci output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 8496a8e1175bSopenharmony_ci TEST_LE_U(output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); 8497a8e1175bSopenharmony_ci TEST_CALLOC(output, output_size); 8498a8e1175bSopenharmony_ci 8499a8e1175bSopenharmony_ci /* Encrypt the input */ 8500a8e1175bSopenharmony_ci actual_status = psa_asymmetric_encrypt(key, alg, 8501a8e1175bSopenharmony_ci input_data->x, input_data->len, 8502a8e1175bSopenharmony_ci label->x, label->len, 8503a8e1175bSopenharmony_ci output, output_size, 8504a8e1175bSopenharmony_ci &output_length); 8505a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_status); 8506a8e1175bSopenharmony_ci if (actual_status == PSA_SUCCESS) { 8507a8e1175bSopenharmony_ci TEST_EQUAL(output_length, expected_output_length); 8508a8e1175bSopenharmony_ci } else { 8509a8e1175bSopenharmony_ci TEST_LE_U(output_length, output_size); 8510a8e1175bSopenharmony_ci } 8511a8e1175bSopenharmony_ci 8512a8e1175bSopenharmony_ci /* If the label is empty, the test framework puts a non-null pointer 8513a8e1175bSopenharmony_ci * in label->x. Test that a null pointer works as well. */ 8514a8e1175bSopenharmony_ci if (label->len == 0) { 8515a8e1175bSopenharmony_ci output_length = ~0; 8516a8e1175bSopenharmony_ci if (output_size != 0) { 8517a8e1175bSopenharmony_ci memset(output, 0, output_size); 8518a8e1175bSopenharmony_ci } 8519a8e1175bSopenharmony_ci actual_status = psa_asymmetric_encrypt(key, alg, 8520a8e1175bSopenharmony_ci input_data->x, input_data->len, 8521a8e1175bSopenharmony_ci NULL, label->len, 8522a8e1175bSopenharmony_ci output, output_size, 8523a8e1175bSopenharmony_ci &output_length); 8524a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_status); 8525a8e1175bSopenharmony_ci if (actual_status == PSA_SUCCESS) { 8526a8e1175bSopenharmony_ci TEST_EQUAL(output_length, expected_output_length); 8527a8e1175bSopenharmony_ci } else { 8528a8e1175bSopenharmony_ci TEST_LE_U(output_length, output_size); 8529a8e1175bSopenharmony_ci } 8530a8e1175bSopenharmony_ci } 8531a8e1175bSopenharmony_ci 8532a8e1175bSopenharmony_ciexit: 8533a8e1175bSopenharmony_ci /* 8534a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 8535a8e1175bSopenharmony_ci * thus reset them as required. 8536a8e1175bSopenharmony_ci */ 8537a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8538a8e1175bSopenharmony_ci 8539a8e1175bSopenharmony_ci psa_destroy_key(key); 8540a8e1175bSopenharmony_ci mbedtls_free(output); 8541a8e1175bSopenharmony_ci PSA_DONE(); 8542a8e1175bSopenharmony_ci} 8543a8e1175bSopenharmony_ci/* END_CASE */ 8544a8e1175bSopenharmony_ci 8545a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8546a8e1175bSopenharmony_civoid asymmetric_encrypt_decrypt(int key_type_arg, 8547a8e1175bSopenharmony_ci data_t *key_data, 8548a8e1175bSopenharmony_ci int alg_arg, 8549a8e1175bSopenharmony_ci data_t *input_data, 8550a8e1175bSopenharmony_ci data_t *label) 8551a8e1175bSopenharmony_ci{ 8552a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8553a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 8554a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8555a8e1175bSopenharmony_ci size_t key_bits; 8556a8e1175bSopenharmony_ci unsigned char *output = NULL; 8557a8e1175bSopenharmony_ci size_t output_size; 8558a8e1175bSopenharmony_ci size_t output_length = ~0; 8559a8e1175bSopenharmony_ci unsigned char *output2 = NULL; 8560a8e1175bSopenharmony_ci size_t output2_size; 8561a8e1175bSopenharmony_ci size_t output2_length = ~0; 8562a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8563a8e1175bSopenharmony_ci 8564a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8565a8e1175bSopenharmony_ci 8566a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 8567a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8568a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8569a8e1175bSopenharmony_ci 8570a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 8571a8e1175bSopenharmony_ci &key)); 8572a8e1175bSopenharmony_ci 8573a8e1175bSopenharmony_ci /* Determine the maximum ciphertext length */ 8574a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 8575a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 8576a8e1175bSopenharmony_ci 8577a8e1175bSopenharmony_ci output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 8578a8e1175bSopenharmony_ci TEST_LE_U(output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); 8579a8e1175bSopenharmony_ci TEST_CALLOC(output, output_size); 8580a8e1175bSopenharmony_ci 8581a8e1175bSopenharmony_ci output2_size = input_data->len; 8582a8e1175bSopenharmony_ci TEST_LE_U(output2_size, 8583a8e1175bSopenharmony_ci PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); 8584a8e1175bSopenharmony_ci TEST_LE_U(output2_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); 8585a8e1175bSopenharmony_ci TEST_CALLOC(output2, output2_size); 8586a8e1175bSopenharmony_ci 8587a8e1175bSopenharmony_ci /* We test encryption by checking that encrypt-then-decrypt gives back 8588a8e1175bSopenharmony_ci * the original plaintext because of the non-optional random 8589a8e1175bSopenharmony_ci * part of encryption process which prevents using fixed vectors. */ 8590a8e1175bSopenharmony_ci PSA_ASSERT(psa_asymmetric_encrypt(key, alg, 8591a8e1175bSopenharmony_ci input_data->x, input_data->len, 8592a8e1175bSopenharmony_ci label->x, label->len, 8593a8e1175bSopenharmony_ci output, output_size, 8594a8e1175bSopenharmony_ci &output_length)); 8595a8e1175bSopenharmony_ci /* We don't know what ciphertext length to expect, but check that 8596a8e1175bSopenharmony_ci * it looks sensible. */ 8597a8e1175bSopenharmony_ci TEST_LE_U(output_length, output_size); 8598a8e1175bSopenharmony_ci 8599a8e1175bSopenharmony_ci PSA_ASSERT(psa_asymmetric_decrypt(key, alg, 8600a8e1175bSopenharmony_ci output, output_length, 8601a8e1175bSopenharmony_ci label->x, label->len, 8602a8e1175bSopenharmony_ci output2, output2_size, 8603a8e1175bSopenharmony_ci &output2_length)); 8604a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(input_data->x, input_data->len, 8605a8e1175bSopenharmony_ci output2, output2_length); 8606a8e1175bSopenharmony_ci 8607a8e1175bSopenharmony_ciexit: 8608a8e1175bSopenharmony_ci /* 8609a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 8610a8e1175bSopenharmony_ci * thus reset them as required. 8611a8e1175bSopenharmony_ci */ 8612a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8613a8e1175bSopenharmony_ci 8614a8e1175bSopenharmony_ci psa_destroy_key(key); 8615a8e1175bSopenharmony_ci mbedtls_free(output); 8616a8e1175bSopenharmony_ci mbedtls_free(output2); 8617a8e1175bSopenharmony_ci PSA_DONE(); 8618a8e1175bSopenharmony_ci} 8619a8e1175bSopenharmony_ci/* END_CASE */ 8620a8e1175bSopenharmony_ci 8621a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8622a8e1175bSopenharmony_civoid asymmetric_decrypt(int key_type_arg, 8623a8e1175bSopenharmony_ci data_t *key_data, 8624a8e1175bSopenharmony_ci int alg_arg, 8625a8e1175bSopenharmony_ci data_t *input_data, 8626a8e1175bSopenharmony_ci data_t *label, 8627a8e1175bSopenharmony_ci data_t *expected_data) 8628a8e1175bSopenharmony_ci{ 8629a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8630a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 8631a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8632a8e1175bSopenharmony_ci size_t key_bits; 8633a8e1175bSopenharmony_ci unsigned char *output = NULL; 8634a8e1175bSopenharmony_ci size_t output_size = 0; 8635a8e1175bSopenharmony_ci size_t output_length = ~0; 8636a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8637a8e1175bSopenharmony_ci 8638a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8639a8e1175bSopenharmony_ci 8640a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 8641a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8642a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8643a8e1175bSopenharmony_ci 8644a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 8645a8e1175bSopenharmony_ci &key)); 8646a8e1175bSopenharmony_ci 8647a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 8648a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 8649a8e1175bSopenharmony_ci 8650a8e1175bSopenharmony_ci /* Determine the maximum ciphertext length */ 8651a8e1175bSopenharmony_ci output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 8652a8e1175bSopenharmony_ci TEST_LE_U(output_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); 8653a8e1175bSopenharmony_ci TEST_CALLOC(output, output_size); 8654a8e1175bSopenharmony_ci 8655a8e1175bSopenharmony_ci PSA_ASSERT(psa_asymmetric_decrypt(key, alg, 8656a8e1175bSopenharmony_ci input_data->x, input_data->len, 8657a8e1175bSopenharmony_ci label->x, label->len, 8658a8e1175bSopenharmony_ci output, 8659a8e1175bSopenharmony_ci output_size, 8660a8e1175bSopenharmony_ci &output_length)); 8661a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, 8662a8e1175bSopenharmony_ci output, output_length); 8663a8e1175bSopenharmony_ci 8664a8e1175bSopenharmony_ci /* If the label is empty, the test framework puts a non-null pointer 8665a8e1175bSopenharmony_ci * in label->x. Test that a null pointer works as well. */ 8666a8e1175bSopenharmony_ci if (label->len == 0) { 8667a8e1175bSopenharmony_ci output_length = ~0; 8668a8e1175bSopenharmony_ci if (output_size != 0) { 8669a8e1175bSopenharmony_ci memset(output, 0, output_size); 8670a8e1175bSopenharmony_ci } 8671a8e1175bSopenharmony_ci PSA_ASSERT(psa_asymmetric_decrypt(key, alg, 8672a8e1175bSopenharmony_ci input_data->x, input_data->len, 8673a8e1175bSopenharmony_ci NULL, label->len, 8674a8e1175bSopenharmony_ci output, 8675a8e1175bSopenharmony_ci output_size, 8676a8e1175bSopenharmony_ci &output_length)); 8677a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, 8678a8e1175bSopenharmony_ci output, output_length); 8679a8e1175bSopenharmony_ci } 8680a8e1175bSopenharmony_ci 8681a8e1175bSopenharmony_ciexit: 8682a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8683a8e1175bSopenharmony_ci psa_destroy_key(key); 8684a8e1175bSopenharmony_ci mbedtls_free(output); 8685a8e1175bSopenharmony_ci PSA_DONE(); 8686a8e1175bSopenharmony_ci} 8687a8e1175bSopenharmony_ci/* END_CASE */ 8688a8e1175bSopenharmony_ci 8689a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8690a8e1175bSopenharmony_civoid asymmetric_decrypt_fail(int key_type_arg, 8691a8e1175bSopenharmony_ci data_t *key_data, 8692a8e1175bSopenharmony_ci int alg_arg, 8693a8e1175bSopenharmony_ci data_t *input_data, 8694a8e1175bSopenharmony_ci data_t *label, 8695a8e1175bSopenharmony_ci int output_size_arg, 8696a8e1175bSopenharmony_ci int expected_status_arg) 8697a8e1175bSopenharmony_ci{ 8698a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8699a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 8700a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8701a8e1175bSopenharmony_ci unsigned char *output = NULL; 8702a8e1175bSopenharmony_ci size_t output_size = output_size_arg; 8703a8e1175bSopenharmony_ci size_t output_length = ~0; 8704a8e1175bSopenharmony_ci psa_status_t actual_status; 8705a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 8706a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8707a8e1175bSopenharmony_ci 8708a8e1175bSopenharmony_ci TEST_CALLOC(output, output_size); 8709a8e1175bSopenharmony_ci 8710a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8711a8e1175bSopenharmony_ci 8712a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 8713a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8714a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8715a8e1175bSopenharmony_ci 8716a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 8717a8e1175bSopenharmony_ci &key)); 8718a8e1175bSopenharmony_ci 8719a8e1175bSopenharmony_ci actual_status = psa_asymmetric_decrypt(key, alg, 8720a8e1175bSopenharmony_ci input_data->x, input_data->len, 8721a8e1175bSopenharmony_ci label->x, label->len, 8722a8e1175bSopenharmony_ci output, output_size, 8723a8e1175bSopenharmony_ci &output_length); 8724a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_status); 8725a8e1175bSopenharmony_ci TEST_LE_U(output_length, output_size); 8726a8e1175bSopenharmony_ci 8727a8e1175bSopenharmony_ci /* If the label is empty, the test framework puts a non-null pointer 8728a8e1175bSopenharmony_ci * in label->x. Test that a null pointer works as well. */ 8729a8e1175bSopenharmony_ci if (label->len == 0) { 8730a8e1175bSopenharmony_ci output_length = ~0; 8731a8e1175bSopenharmony_ci if (output_size != 0) { 8732a8e1175bSopenharmony_ci memset(output, 0, output_size); 8733a8e1175bSopenharmony_ci } 8734a8e1175bSopenharmony_ci actual_status = psa_asymmetric_decrypt(key, alg, 8735a8e1175bSopenharmony_ci input_data->x, input_data->len, 8736a8e1175bSopenharmony_ci NULL, label->len, 8737a8e1175bSopenharmony_ci output, output_size, 8738a8e1175bSopenharmony_ci &output_length); 8739a8e1175bSopenharmony_ci TEST_EQUAL(actual_status, expected_status); 8740a8e1175bSopenharmony_ci TEST_LE_U(output_length, output_size); 8741a8e1175bSopenharmony_ci } 8742a8e1175bSopenharmony_ci 8743a8e1175bSopenharmony_ciexit: 8744a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8745a8e1175bSopenharmony_ci psa_destroy_key(key); 8746a8e1175bSopenharmony_ci mbedtls_free(output); 8747a8e1175bSopenharmony_ci PSA_DONE(); 8748a8e1175bSopenharmony_ci} 8749a8e1175bSopenharmony_ci/* END_CASE */ 8750a8e1175bSopenharmony_ci 8751a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8752a8e1175bSopenharmony_civoid key_derivation_init() 8753a8e1175bSopenharmony_ci{ 8754a8e1175bSopenharmony_ci /* Test each valid way of initializing the object, except for `= {0}`, as 8755a8e1175bSopenharmony_ci * Clang 5 complains when `-Wmissing-field-initializers` is used, even 8756a8e1175bSopenharmony_ci * though it's OK by the C standard. We could test for this, but we'd need 8757a8e1175bSopenharmony_ci * to suppress the Clang warning for the test. */ 8758a8e1175bSopenharmony_ci size_t capacity; 8759a8e1175bSopenharmony_ci psa_key_derivation_operation_t func = psa_key_derivation_operation_init(); 8760a8e1175bSopenharmony_ci psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT; 8761a8e1175bSopenharmony_ci psa_key_derivation_operation_t zero; 8762a8e1175bSopenharmony_ci 8763a8e1175bSopenharmony_ci memset(&zero, 0, sizeof(zero)); 8764a8e1175bSopenharmony_ci 8765a8e1175bSopenharmony_ci /* A default operation should not be able to report its capacity. */ 8766a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_get_capacity(&func, &capacity), 8767a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 8768a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_get_capacity(&init, &capacity), 8769a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 8770a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_get_capacity(&zero, &capacity), 8771a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 8772a8e1175bSopenharmony_ci 8773a8e1175bSopenharmony_ci /* A default operation should be abortable without error. */ 8774a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_abort(&func)); 8775a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_abort(&init)); 8776a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_abort(&zero)); 8777a8e1175bSopenharmony_ci} 8778a8e1175bSopenharmony_ci/* END_CASE */ 8779a8e1175bSopenharmony_ci 8780a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8781a8e1175bSopenharmony_civoid derive_setup(int alg_arg, int expected_status_arg) 8782a8e1175bSopenharmony_ci{ 8783a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8784a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 8785a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 8786a8e1175bSopenharmony_ci 8787a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8788a8e1175bSopenharmony_ci 8789a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_setup(&operation, alg), 8790a8e1175bSopenharmony_ci expected_status); 8791a8e1175bSopenharmony_ci 8792a8e1175bSopenharmony_ciexit: 8793a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 8794a8e1175bSopenharmony_ci PSA_DONE(); 8795a8e1175bSopenharmony_ci} 8796a8e1175bSopenharmony_ci/* END_CASE */ 8797a8e1175bSopenharmony_ci 8798a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8799a8e1175bSopenharmony_civoid derive_set_capacity(int alg_arg, int64_t capacity_arg, 8800a8e1175bSopenharmony_ci int expected_status_arg) 8801a8e1175bSopenharmony_ci{ 8802a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8803a8e1175bSopenharmony_ci size_t capacity = capacity_arg; 8804a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 8805a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 8806a8e1175bSopenharmony_ci 8807a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8808a8e1175bSopenharmony_ci 8809a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); 8810a8e1175bSopenharmony_ci 8811a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_set_capacity(&operation, capacity), 8812a8e1175bSopenharmony_ci expected_status); 8813a8e1175bSopenharmony_ci 8814a8e1175bSopenharmony_ciexit: 8815a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 8816a8e1175bSopenharmony_ci PSA_DONE(); 8817a8e1175bSopenharmony_ci} 8818a8e1175bSopenharmony_ci/* END_CASE */ 8819a8e1175bSopenharmony_ci 8820a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8821a8e1175bSopenharmony_civoid parse_binary_string_test(data_t *input, int output) 8822a8e1175bSopenharmony_ci{ 8823a8e1175bSopenharmony_ci uint64_t value; 8824a8e1175bSopenharmony_ci value = mbedtls_test_parse_binary_string(input); 8825a8e1175bSopenharmony_ci TEST_EQUAL(value, output); 8826a8e1175bSopenharmony_ci} 8827a8e1175bSopenharmony_ci/* END_CASE */ 8828a8e1175bSopenharmony_ci 8829a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8830a8e1175bSopenharmony_civoid derive_input(int alg_arg, 8831a8e1175bSopenharmony_ci int step_arg1, int key_type_arg1, data_t *input1, 8832a8e1175bSopenharmony_ci int expected_status_arg1, 8833a8e1175bSopenharmony_ci int step_arg2, int key_type_arg2, data_t *input2, 8834a8e1175bSopenharmony_ci int expected_status_arg2, 8835a8e1175bSopenharmony_ci int step_arg3, int key_type_arg3, data_t *input3, 8836a8e1175bSopenharmony_ci int expected_status_arg3, 8837a8e1175bSopenharmony_ci int output_key_type_arg, int expected_output_status_arg) 8838a8e1175bSopenharmony_ci{ 8839a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8840a8e1175bSopenharmony_ci psa_key_derivation_step_t steps[] = { step_arg1, step_arg2, step_arg3 }; 8841a8e1175bSopenharmony_ci uint32_t key_types[] = { key_type_arg1, key_type_arg2, key_type_arg3 }; 8842a8e1175bSopenharmony_ci psa_status_t expected_statuses[] = { expected_status_arg1, 8843a8e1175bSopenharmony_ci expected_status_arg2, 8844a8e1175bSopenharmony_ci expected_status_arg3 }; 8845a8e1175bSopenharmony_ci data_t *inputs[] = { input1, input2, input3 }; 8846a8e1175bSopenharmony_ci mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, 8847a8e1175bSopenharmony_ci MBEDTLS_SVC_KEY_ID_INIT, 8848a8e1175bSopenharmony_ci MBEDTLS_SVC_KEY_ID_INIT }; 8849a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 8850a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8851a8e1175bSopenharmony_ci size_t i; 8852a8e1175bSopenharmony_ci psa_key_type_t output_key_type = output_key_type_arg; 8853a8e1175bSopenharmony_ci mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT; 8854a8e1175bSopenharmony_ci psa_status_t expected_output_status = expected_output_status_arg; 8855a8e1175bSopenharmony_ci psa_status_t actual_output_status; 8856a8e1175bSopenharmony_ci 8857a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8858a8e1175bSopenharmony_ci 8859a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 8860a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8861a8e1175bSopenharmony_ci 8862a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); 8863a8e1175bSopenharmony_ci 8864a8e1175bSopenharmony_ci for (i = 0; i < ARRAY_LENGTH(steps); i++) { 8865a8e1175bSopenharmony_ci mbedtls_test_set_step(i); 8866a8e1175bSopenharmony_ci if (steps[i] == 0) { 8867a8e1175bSopenharmony_ci /* Skip this step */ 8868a8e1175bSopenharmony_ci } else if (((psa_key_type_t) key_types[i]) != PSA_KEY_TYPE_NONE && 8869a8e1175bSopenharmony_ci key_types[i] != INPUT_INTEGER) { 8870a8e1175bSopenharmony_ci psa_set_key_type(&attributes, ((psa_key_type_t) key_types[i])); 8871a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, 8872a8e1175bSopenharmony_ci inputs[i]->x, inputs[i]->len, 8873a8e1175bSopenharmony_ci &keys[i])); 8874a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_KEY_PAIR((psa_key_type_t) key_types[i]) && 8875a8e1175bSopenharmony_ci steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET) { 8876a8e1175bSopenharmony_ci // When taking a private key as secret input, use key agreement 8877a8e1175bSopenharmony_ci // to add the shared secret to the derivation 8878a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_test_psa_key_agreement_with_self( 8879a8e1175bSopenharmony_ci &operation, keys[i], 0), 8880a8e1175bSopenharmony_ci expected_statuses[i]); 8881a8e1175bSopenharmony_ci } else { 8882a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_key(&operation, steps[i], 8883a8e1175bSopenharmony_ci keys[i]), 8884a8e1175bSopenharmony_ci expected_statuses[i]); 8885a8e1175bSopenharmony_ci } 8886a8e1175bSopenharmony_ci } else { 8887a8e1175bSopenharmony_ci if (key_types[i] == INPUT_INTEGER) { 8888a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_integer( 8889a8e1175bSopenharmony_ci &operation, steps[i], 8890a8e1175bSopenharmony_ci mbedtls_test_parse_binary_string(inputs[i])), 8891a8e1175bSopenharmony_ci expected_statuses[i]); 8892a8e1175bSopenharmony_ci } else { 8893a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_bytes( 8894a8e1175bSopenharmony_ci &operation, steps[i], 8895a8e1175bSopenharmony_ci inputs[i]->x, inputs[i]->len), 8896a8e1175bSopenharmony_ci expected_statuses[i]); 8897a8e1175bSopenharmony_ci } 8898a8e1175bSopenharmony_ci } 8899a8e1175bSopenharmony_ci } 8900a8e1175bSopenharmony_ci 8901a8e1175bSopenharmony_ci if (output_key_type != PSA_KEY_TYPE_NONE) { 8902a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 8903a8e1175bSopenharmony_ci psa_set_key_type(&attributes, output_key_type); 8904a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, 8); 8905a8e1175bSopenharmony_ci actual_output_status = 8906a8e1175bSopenharmony_ci psa_key_derivation_output_key(&attributes, &operation, 8907a8e1175bSopenharmony_ci &output_key); 8908a8e1175bSopenharmony_ci } else { 8909a8e1175bSopenharmony_ci uint8_t buffer[1]; 8910a8e1175bSopenharmony_ci actual_output_status = 8911a8e1175bSopenharmony_ci psa_key_derivation_output_bytes(&operation, 8912a8e1175bSopenharmony_ci buffer, sizeof(buffer)); 8913a8e1175bSopenharmony_ci } 8914a8e1175bSopenharmony_ci TEST_EQUAL(actual_output_status, expected_output_status); 8915a8e1175bSopenharmony_ci 8916a8e1175bSopenharmony_ciexit: 8917a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 8918a8e1175bSopenharmony_ci for (i = 0; i < ARRAY_LENGTH(keys); i++) { 8919a8e1175bSopenharmony_ci psa_destroy_key(keys[i]); 8920a8e1175bSopenharmony_ci } 8921a8e1175bSopenharmony_ci psa_destroy_key(output_key); 8922a8e1175bSopenharmony_ci PSA_DONE(); 8923a8e1175bSopenharmony_ci} 8924a8e1175bSopenharmony_ci/* END_CASE */ 8925a8e1175bSopenharmony_ci 8926a8e1175bSopenharmony_ci/* BEGIN_CASE*/ 8927a8e1175bSopenharmony_civoid derive_input_invalid_cost(int alg_arg, int64_t cost) 8928a8e1175bSopenharmony_ci{ 8929a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8930a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 8931a8e1175bSopenharmony_ci 8932a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8933a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); 8934a8e1175bSopenharmony_ci 8935a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_integer(&operation, 8936a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_COST, 8937a8e1175bSopenharmony_ci cost), 8938a8e1175bSopenharmony_ci PSA_ERROR_NOT_SUPPORTED); 8939a8e1175bSopenharmony_ci 8940a8e1175bSopenharmony_ciexit: 8941a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 8942a8e1175bSopenharmony_ci PSA_DONE(); 8943a8e1175bSopenharmony_ci} 8944a8e1175bSopenharmony_ci/* END_CASE*/ 8945a8e1175bSopenharmony_ci 8946a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8947a8e1175bSopenharmony_civoid derive_over_capacity(int alg_arg) 8948a8e1175bSopenharmony_ci{ 8949a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 8950a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 8951a8e1175bSopenharmony_ci size_t key_type = PSA_KEY_TYPE_DERIVE; 8952a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 8953a8e1175bSopenharmony_ci unsigned char input1[] = "Input 1"; 8954a8e1175bSopenharmony_ci size_t input1_length = sizeof(input1); 8955a8e1175bSopenharmony_ci unsigned char input2[] = "Input 2"; 8956a8e1175bSopenharmony_ci size_t input2_length = sizeof(input2); 8957a8e1175bSopenharmony_ci uint8_t buffer[42]; 8958a8e1175bSopenharmony_ci size_t capacity = sizeof(buffer); 8959a8e1175bSopenharmony_ci const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 8960a8e1175bSopenharmony_ci 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 8961a8e1175bSopenharmony_ci 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; 8962a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 8963a8e1175bSopenharmony_ci 8964a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 8965a8e1175bSopenharmony_ci 8966a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 8967a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 8968a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 8969a8e1175bSopenharmony_ci 8970a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, 8971a8e1175bSopenharmony_ci key_data, sizeof(key_data), 8972a8e1175bSopenharmony_ci &key)); 8973a8e1175bSopenharmony_ci 8974a8e1175bSopenharmony_ci /* valid key derivation */ 8975a8e1175bSopenharmony_ci if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg, 8976a8e1175bSopenharmony_ci input1, input1_length, 8977a8e1175bSopenharmony_ci input2, input2_length, 8978a8e1175bSopenharmony_ci capacity, 0)) { 8979a8e1175bSopenharmony_ci goto exit; 8980a8e1175bSopenharmony_ci } 8981a8e1175bSopenharmony_ci 8982a8e1175bSopenharmony_ci /* state of operation shouldn't allow additional generation */ 8983a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_setup(&operation, alg), 8984a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 8985a8e1175bSopenharmony_ci 8986a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_bytes(&operation, buffer, capacity)); 8987a8e1175bSopenharmony_ci 8988a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_output_bytes(&operation, buffer, capacity), 8989a8e1175bSopenharmony_ci PSA_ERROR_INSUFFICIENT_DATA); 8990a8e1175bSopenharmony_ci 8991a8e1175bSopenharmony_ciexit: 8992a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 8993a8e1175bSopenharmony_ci psa_destroy_key(key); 8994a8e1175bSopenharmony_ci PSA_DONE(); 8995a8e1175bSopenharmony_ci} 8996a8e1175bSopenharmony_ci/* END_CASE */ 8997a8e1175bSopenharmony_ci 8998a8e1175bSopenharmony_ci/* BEGIN_CASE */ 8999a8e1175bSopenharmony_civoid derive_actions_without_setup() 9000a8e1175bSopenharmony_ci{ 9001a8e1175bSopenharmony_ci uint8_t output_buffer[16]; 9002a8e1175bSopenharmony_ci size_t buffer_size = 16; 9003a8e1175bSopenharmony_ci size_t capacity = 0; 9004a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9005a8e1175bSopenharmony_ci 9006a8e1175bSopenharmony_ci TEST_ASSERT(psa_key_derivation_output_bytes(&operation, 9007a8e1175bSopenharmony_ci output_buffer, buffer_size) 9008a8e1175bSopenharmony_ci == PSA_ERROR_BAD_STATE); 9009a8e1175bSopenharmony_ci 9010a8e1175bSopenharmony_ci TEST_ASSERT(psa_key_derivation_get_capacity(&operation, &capacity) 9011a8e1175bSopenharmony_ci == PSA_ERROR_BAD_STATE); 9012a8e1175bSopenharmony_ci 9013a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_abort(&operation)); 9014a8e1175bSopenharmony_ci 9015a8e1175bSopenharmony_ci TEST_ASSERT(psa_key_derivation_output_bytes(&operation, 9016a8e1175bSopenharmony_ci output_buffer, buffer_size) 9017a8e1175bSopenharmony_ci == PSA_ERROR_BAD_STATE); 9018a8e1175bSopenharmony_ci 9019a8e1175bSopenharmony_ci TEST_ASSERT(psa_key_derivation_get_capacity(&operation, &capacity) 9020a8e1175bSopenharmony_ci == PSA_ERROR_BAD_STATE); 9021a8e1175bSopenharmony_ci 9022a8e1175bSopenharmony_ciexit: 9023a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9024a8e1175bSopenharmony_ci} 9025a8e1175bSopenharmony_ci/* END_CASE */ 9026a8e1175bSopenharmony_ci 9027a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9028a8e1175bSopenharmony_civoid derive_output(int alg_arg, 9029a8e1175bSopenharmony_ci int step1_arg, data_t *input1, int expected_status_arg1, 9030a8e1175bSopenharmony_ci int step2_arg, data_t *input2, int expected_status_arg2, 9031a8e1175bSopenharmony_ci int step3_arg, data_t *input3, int expected_status_arg3, 9032a8e1175bSopenharmony_ci int step4_arg, data_t *input4, int expected_status_arg4, 9033a8e1175bSopenharmony_ci data_t *key_agreement_peer_key, 9034a8e1175bSopenharmony_ci int requested_capacity_arg, 9035a8e1175bSopenharmony_ci data_t *expected_output1, 9036a8e1175bSopenharmony_ci data_t *expected_output2, 9037a8e1175bSopenharmony_ci int other_key_input_type, 9038a8e1175bSopenharmony_ci int key_input_type, 9039a8e1175bSopenharmony_ci int derive_type) 9040a8e1175bSopenharmony_ci{ 9041a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 9042a8e1175bSopenharmony_ci psa_key_derivation_step_t steps[] = { step1_arg, step2_arg, step3_arg, step4_arg }; 9043a8e1175bSopenharmony_ci data_t *inputs[] = { input1, input2, input3, input4 }; 9044a8e1175bSopenharmony_ci mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, 9045a8e1175bSopenharmony_ci MBEDTLS_SVC_KEY_ID_INIT, 9046a8e1175bSopenharmony_ci MBEDTLS_SVC_KEY_ID_INIT, 9047a8e1175bSopenharmony_ci MBEDTLS_SVC_KEY_ID_INIT }; 9048a8e1175bSopenharmony_ci psa_status_t statuses[] = { expected_status_arg1, expected_status_arg2, 9049a8e1175bSopenharmony_ci expected_status_arg3, expected_status_arg4 }; 9050a8e1175bSopenharmony_ci size_t requested_capacity = requested_capacity_arg; 9051a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9052a8e1175bSopenharmony_ci uint8_t *expected_outputs[2] = 9053a8e1175bSopenharmony_ci { expected_output1->x, expected_output2->x }; 9054a8e1175bSopenharmony_ci size_t output_sizes[2] = 9055a8e1175bSopenharmony_ci { expected_output1->len, expected_output2->len }; 9056a8e1175bSopenharmony_ci size_t output_buffer_size = 0; 9057a8e1175bSopenharmony_ci uint8_t *output_buffer = NULL; 9058a8e1175bSopenharmony_ci size_t expected_capacity; 9059a8e1175bSopenharmony_ci size_t current_capacity; 9060a8e1175bSopenharmony_ci psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT; 9061a8e1175bSopenharmony_ci psa_key_attributes_t attributes2 = PSA_KEY_ATTRIBUTES_INIT; 9062a8e1175bSopenharmony_ci psa_key_attributes_t attributes3 = PSA_KEY_ATTRIBUTES_INIT; 9063a8e1175bSopenharmony_ci psa_key_attributes_t attributes4 = PSA_KEY_ATTRIBUTES_INIT; 9064a8e1175bSopenharmony_ci mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 9065a8e1175bSopenharmony_ci psa_status_t status; 9066a8e1175bSopenharmony_ci size_t i; 9067a8e1175bSopenharmony_ci 9068a8e1175bSopenharmony_ci for (i = 0; i < ARRAY_LENGTH(expected_outputs); i++) { 9069a8e1175bSopenharmony_ci if (output_sizes[i] > output_buffer_size) { 9070a8e1175bSopenharmony_ci output_buffer_size = output_sizes[i]; 9071a8e1175bSopenharmony_ci } 9072a8e1175bSopenharmony_ci if (output_sizes[i] == 0) { 9073a8e1175bSopenharmony_ci expected_outputs[i] = NULL; 9074a8e1175bSopenharmony_ci } 9075a8e1175bSopenharmony_ci } 9076a8e1175bSopenharmony_ci TEST_CALLOC(output_buffer, output_buffer_size); 9077a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9078a8e1175bSopenharmony_ci 9079a8e1175bSopenharmony_ci /* Extraction phase. */ 9080a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); 9081a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_set_capacity(&operation, 9082a8e1175bSopenharmony_ci requested_capacity)); 9083a8e1175bSopenharmony_ci for (i = 0; i < ARRAY_LENGTH(steps); i++) { 9084a8e1175bSopenharmony_ci switch (steps[i]) { 9085a8e1175bSopenharmony_ci case 0: 9086a8e1175bSopenharmony_ci break; 9087a8e1175bSopenharmony_ci case PSA_KEY_DERIVATION_INPUT_COST: 9088a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_integer( 9089a8e1175bSopenharmony_ci &operation, steps[i], 9090a8e1175bSopenharmony_ci mbedtls_test_parse_binary_string(inputs[i])), 9091a8e1175bSopenharmony_ci statuses[i]); 9092a8e1175bSopenharmony_ci if (statuses[i] != PSA_SUCCESS) { 9093a8e1175bSopenharmony_ci goto exit; 9094a8e1175bSopenharmony_ci } 9095a8e1175bSopenharmony_ci break; 9096a8e1175bSopenharmony_ci case PSA_KEY_DERIVATION_INPUT_PASSWORD: 9097a8e1175bSopenharmony_ci case PSA_KEY_DERIVATION_INPUT_SECRET: 9098a8e1175bSopenharmony_ci switch (key_input_type) { 9099a8e1175bSopenharmony_ci case 0: // input bytes 9100a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_bytes( 9101a8e1175bSopenharmony_ci &operation, steps[i], 9102a8e1175bSopenharmony_ci inputs[i]->x, inputs[i]->len), 9103a8e1175bSopenharmony_ci statuses[i]); 9104a8e1175bSopenharmony_ci 9105a8e1175bSopenharmony_ci if (statuses[i] != PSA_SUCCESS) { 9106a8e1175bSopenharmony_ci goto exit; 9107a8e1175bSopenharmony_ci } 9108a8e1175bSopenharmony_ci break; 9109a8e1175bSopenharmony_ci case 1: // input key 9110a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes1, PSA_KEY_USAGE_DERIVE); 9111a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes1, alg); 9112a8e1175bSopenharmony_ci psa_set_key_type(&attributes1, PSA_KEY_TYPE_DERIVE); 9113a8e1175bSopenharmony_ci 9114a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes1, 9115a8e1175bSopenharmony_ci inputs[i]->x, inputs[i]->len, 9116a8e1175bSopenharmony_ci &keys[i])); 9117a8e1175bSopenharmony_ci 9118a8e1175bSopenharmony_ci if (PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) { 9119a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(keys[i], &attributes1)); 9120a8e1175bSopenharmony_ci TEST_LE_U(PSA_BITS_TO_BYTES(psa_get_key_bits(&attributes1)), 9121a8e1175bSopenharmony_ci PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE); 9122a8e1175bSopenharmony_ci } 9123a8e1175bSopenharmony_ci 9124a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_key(&operation, 9125a8e1175bSopenharmony_ci steps[i], 9126a8e1175bSopenharmony_ci keys[i]), 9127a8e1175bSopenharmony_ci statuses[i]); 9128a8e1175bSopenharmony_ci 9129a8e1175bSopenharmony_ci if (statuses[i] != PSA_SUCCESS) { 9130a8e1175bSopenharmony_ci goto exit; 9131a8e1175bSopenharmony_ci } 9132a8e1175bSopenharmony_ci break; 9133a8e1175bSopenharmony_ci default: 9134a8e1175bSopenharmony_ci TEST_FAIL("default case not supported"); 9135a8e1175bSopenharmony_ci break; 9136a8e1175bSopenharmony_ci } 9137a8e1175bSopenharmony_ci break; 9138a8e1175bSopenharmony_ci case PSA_KEY_DERIVATION_INPUT_OTHER_SECRET: 9139a8e1175bSopenharmony_ci switch (other_key_input_type) { 9140a8e1175bSopenharmony_ci case 0: // input bytes 9141a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_bytes(&operation, 9142a8e1175bSopenharmony_ci steps[i], 9143a8e1175bSopenharmony_ci inputs[i]->x, 9144a8e1175bSopenharmony_ci inputs[i]->len), 9145a8e1175bSopenharmony_ci statuses[i]); 9146a8e1175bSopenharmony_ci break; 9147a8e1175bSopenharmony_ci case 1: // input key, type DERIVE 9148a8e1175bSopenharmony_ci case 11: // input key, type RAW 9149a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes2, PSA_KEY_USAGE_DERIVE); 9150a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes2, alg); 9151a8e1175bSopenharmony_ci psa_set_key_type(&attributes2, PSA_KEY_TYPE_DERIVE); 9152a8e1175bSopenharmony_ci 9153a8e1175bSopenharmony_ci // other secret of type RAW_DATA passed with input_key 9154a8e1175bSopenharmony_ci if (other_key_input_type == 11) { 9155a8e1175bSopenharmony_ci psa_set_key_type(&attributes2, PSA_KEY_TYPE_RAW_DATA); 9156a8e1175bSopenharmony_ci } 9157a8e1175bSopenharmony_ci 9158a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes2, 9159a8e1175bSopenharmony_ci inputs[i]->x, inputs[i]->len, 9160a8e1175bSopenharmony_ci &keys[i])); 9161a8e1175bSopenharmony_ci 9162a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_key(&operation, 9163a8e1175bSopenharmony_ci steps[i], 9164a8e1175bSopenharmony_ci keys[i]), 9165a8e1175bSopenharmony_ci statuses[i]); 9166a8e1175bSopenharmony_ci break; 9167a8e1175bSopenharmony_ci case 2: // key agreement 9168a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes3, PSA_KEY_USAGE_DERIVE); 9169a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes3, alg); 9170a8e1175bSopenharmony_ci psa_set_key_type(&attributes3, 9171a8e1175bSopenharmony_ci PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); 9172a8e1175bSopenharmony_ci 9173a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes3, 9174a8e1175bSopenharmony_ci inputs[i]->x, inputs[i]->len, 9175a8e1175bSopenharmony_ci &keys[i])); 9176a8e1175bSopenharmony_ci 9177a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_key_agreement( 9178a8e1175bSopenharmony_ci &operation, 9179a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_OTHER_SECRET, 9180a8e1175bSopenharmony_ci keys[i], key_agreement_peer_key->x, 9181a8e1175bSopenharmony_ci key_agreement_peer_key->len), statuses[i]); 9182a8e1175bSopenharmony_ci break; 9183a8e1175bSopenharmony_ci default: 9184a8e1175bSopenharmony_ci TEST_FAIL("default case not supported"); 9185a8e1175bSopenharmony_ci break; 9186a8e1175bSopenharmony_ci } 9187a8e1175bSopenharmony_ci 9188a8e1175bSopenharmony_ci if (statuses[i] != PSA_SUCCESS) { 9189a8e1175bSopenharmony_ci goto exit; 9190a8e1175bSopenharmony_ci } 9191a8e1175bSopenharmony_ci break; 9192a8e1175bSopenharmony_ci default: 9193a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_bytes( 9194a8e1175bSopenharmony_ci &operation, steps[i], 9195a8e1175bSopenharmony_ci inputs[i]->x, inputs[i]->len), statuses[i]); 9196a8e1175bSopenharmony_ci 9197a8e1175bSopenharmony_ci if (statuses[i] != PSA_SUCCESS) { 9198a8e1175bSopenharmony_ci goto exit; 9199a8e1175bSopenharmony_ci } 9200a8e1175bSopenharmony_ci break; 9201a8e1175bSopenharmony_ci } 9202a8e1175bSopenharmony_ci } 9203a8e1175bSopenharmony_ci 9204a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_get_capacity(&operation, 9205a8e1175bSopenharmony_ci ¤t_capacity)); 9206a8e1175bSopenharmony_ci TEST_EQUAL(current_capacity, requested_capacity); 9207a8e1175bSopenharmony_ci expected_capacity = requested_capacity; 9208a8e1175bSopenharmony_ci 9209a8e1175bSopenharmony_ci if (derive_type == 1) { // output key 9210a8e1175bSopenharmony_ci psa_status_t expected_status = PSA_ERROR_NOT_PERMITTED; 9211a8e1175bSopenharmony_ci 9212a8e1175bSopenharmony_ci /* For output key derivation secret must be provided using 9213a8e1175bSopenharmony_ci input key, otherwise operation is not permitted. */ 9214a8e1175bSopenharmony_ci if (key_input_type == 1) { 9215a8e1175bSopenharmony_ci expected_status = PSA_SUCCESS; 9216a8e1175bSopenharmony_ci } 9217a8e1175bSopenharmony_ci 9218a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes4, PSA_KEY_USAGE_EXPORT); 9219a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes4, alg); 9220a8e1175bSopenharmony_ci psa_set_key_type(&attributes4, PSA_KEY_TYPE_DERIVE); 9221a8e1175bSopenharmony_ci psa_set_key_bits(&attributes4, PSA_BYTES_TO_BITS(requested_capacity)); 9222a8e1175bSopenharmony_ci 9223a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_output_key(&attributes4, &operation, 9224a8e1175bSopenharmony_ci &derived_key), expected_status); 9225a8e1175bSopenharmony_ci } else { // output bytes 9226a8e1175bSopenharmony_ci /* Expansion phase. */ 9227a8e1175bSopenharmony_ci for (i = 0; i < ARRAY_LENGTH(expected_outputs); i++) { 9228a8e1175bSopenharmony_ci /* Read some bytes. */ 9229a8e1175bSopenharmony_ci status = psa_key_derivation_output_bytes(&operation, 9230a8e1175bSopenharmony_ci output_buffer, output_sizes[i]); 9231a8e1175bSopenharmony_ci if (expected_capacity == 0 && output_sizes[i] == 0) { 9232a8e1175bSopenharmony_ci /* Reading 0 bytes when 0 bytes are available can go either way. */ 9233a8e1175bSopenharmony_ci TEST_ASSERT(status == PSA_SUCCESS || 9234a8e1175bSopenharmony_ci status == PSA_ERROR_INSUFFICIENT_DATA); 9235a8e1175bSopenharmony_ci continue; 9236a8e1175bSopenharmony_ci } else if (expected_capacity == 0 || 9237a8e1175bSopenharmony_ci output_sizes[i] > expected_capacity) { 9238a8e1175bSopenharmony_ci /* Capacity exceeded. */ 9239a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_DATA); 9240a8e1175bSopenharmony_ci expected_capacity = 0; 9241a8e1175bSopenharmony_ci continue; 9242a8e1175bSopenharmony_ci } 9243a8e1175bSopenharmony_ci /* Success. Check the read data. */ 9244a8e1175bSopenharmony_ci PSA_ASSERT(status); 9245a8e1175bSopenharmony_ci if (output_sizes[i] != 0) { 9246a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output_buffer, output_sizes[i], 9247a8e1175bSopenharmony_ci expected_outputs[i], output_sizes[i]); 9248a8e1175bSopenharmony_ci } 9249a8e1175bSopenharmony_ci /* Check the operation status. */ 9250a8e1175bSopenharmony_ci expected_capacity -= output_sizes[i]; 9251a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_get_capacity(&operation, 9252a8e1175bSopenharmony_ci ¤t_capacity)); 9253a8e1175bSopenharmony_ci TEST_EQUAL(expected_capacity, current_capacity); 9254a8e1175bSopenharmony_ci } 9255a8e1175bSopenharmony_ci } 9256a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_abort(&operation)); 9257a8e1175bSopenharmony_ci 9258a8e1175bSopenharmony_ciexit: 9259a8e1175bSopenharmony_ci mbedtls_free(output_buffer); 9260a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9261a8e1175bSopenharmony_ci for (i = 0; i < ARRAY_LENGTH(keys); i++) { 9262a8e1175bSopenharmony_ci psa_destroy_key(keys[i]); 9263a8e1175bSopenharmony_ci } 9264a8e1175bSopenharmony_ci psa_destroy_key(derived_key); 9265a8e1175bSopenharmony_ci PSA_DONE(); 9266a8e1175bSopenharmony_ci} 9267a8e1175bSopenharmony_ci/* END_CASE */ 9268a8e1175bSopenharmony_ci 9269a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9270a8e1175bSopenharmony_civoid derive_full(int alg_arg, 9271a8e1175bSopenharmony_ci data_t *key_data, 9272a8e1175bSopenharmony_ci data_t *input1, 9273a8e1175bSopenharmony_ci data_t *input2, 9274a8e1175bSopenharmony_ci int requested_capacity_arg) 9275a8e1175bSopenharmony_ci{ 9276a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 9277a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 9278a8e1175bSopenharmony_ci size_t requested_capacity = requested_capacity_arg; 9279a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9280a8e1175bSopenharmony_ci unsigned char output_buffer[32]; 9281a8e1175bSopenharmony_ci size_t expected_capacity = requested_capacity; 9282a8e1175bSopenharmony_ci size_t current_capacity; 9283a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 9284a8e1175bSopenharmony_ci 9285a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9286a8e1175bSopenharmony_ci 9287a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 9288a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 9289a8e1175bSopenharmony_ci psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE); 9290a8e1175bSopenharmony_ci 9291a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 9292a8e1175bSopenharmony_ci &key)); 9293a8e1175bSopenharmony_ci 9294a8e1175bSopenharmony_ci if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg, 9295a8e1175bSopenharmony_ci input1->x, input1->len, 9296a8e1175bSopenharmony_ci input2->x, input2->len, 9297a8e1175bSopenharmony_ci requested_capacity, 0)) { 9298a8e1175bSopenharmony_ci goto exit; 9299a8e1175bSopenharmony_ci } 9300a8e1175bSopenharmony_ci 9301a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_get_capacity(&operation, 9302a8e1175bSopenharmony_ci ¤t_capacity)); 9303a8e1175bSopenharmony_ci TEST_EQUAL(current_capacity, expected_capacity); 9304a8e1175bSopenharmony_ci 9305a8e1175bSopenharmony_ci /* Expansion phase. */ 9306a8e1175bSopenharmony_ci while (current_capacity > 0) { 9307a8e1175bSopenharmony_ci size_t read_size = sizeof(output_buffer); 9308a8e1175bSopenharmony_ci if (read_size > current_capacity) { 9309a8e1175bSopenharmony_ci read_size = current_capacity; 9310a8e1175bSopenharmony_ci } 9311a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_bytes(&operation, 9312a8e1175bSopenharmony_ci output_buffer, 9313a8e1175bSopenharmony_ci read_size)); 9314a8e1175bSopenharmony_ci expected_capacity -= read_size; 9315a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_get_capacity(&operation, 9316a8e1175bSopenharmony_ci ¤t_capacity)); 9317a8e1175bSopenharmony_ci TEST_EQUAL(current_capacity, expected_capacity); 9318a8e1175bSopenharmony_ci } 9319a8e1175bSopenharmony_ci 9320a8e1175bSopenharmony_ci /* Check that the operation refuses to go over capacity. */ 9321a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_output_bytes(&operation, output_buffer, 1), 9322a8e1175bSopenharmony_ci PSA_ERROR_INSUFFICIENT_DATA); 9323a8e1175bSopenharmony_ci 9324a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_abort(&operation)); 9325a8e1175bSopenharmony_ci 9326a8e1175bSopenharmony_ciexit: 9327a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9328a8e1175bSopenharmony_ci psa_destroy_key(key); 9329a8e1175bSopenharmony_ci PSA_DONE(); 9330a8e1175bSopenharmony_ci} 9331a8e1175bSopenharmony_ci/* END_CASE */ 9332a8e1175bSopenharmony_ci 9333a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */ 9334a8e1175bSopenharmony_civoid derive_ecjpake_to_pms(data_t *input, int expected_input_status_arg, 9335a8e1175bSopenharmony_ci int derivation_step, 9336a8e1175bSopenharmony_ci int capacity, int expected_capacity_status_arg, 9337a8e1175bSopenharmony_ci data_t *expected_output, 9338a8e1175bSopenharmony_ci int expected_output_status_arg) 9339a8e1175bSopenharmony_ci{ 9340a8e1175bSopenharmony_ci psa_algorithm_t alg = PSA_ALG_TLS12_ECJPAKE_TO_PMS; 9341a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9342a8e1175bSopenharmony_ci psa_key_derivation_step_t step = (psa_key_derivation_step_t) derivation_step; 9343a8e1175bSopenharmony_ci uint8_t *output_buffer = NULL; 9344a8e1175bSopenharmony_ci psa_status_t status; 9345a8e1175bSopenharmony_ci psa_status_t expected_input_status = (psa_status_t) expected_input_status_arg; 9346a8e1175bSopenharmony_ci psa_status_t expected_capacity_status = (psa_status_t) expected_capacity_status_arg; 9347a8e1175bSopenharmony_ci psa_status_t expected_output_status = (psa_status_t) expected_output_status_arg; 9348a8e1175bSopenharmony_ci 9349a8e1175bSopenharmony_ci TEST_CALLOC(output_buffer, expected_output->len); 9350a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9351a8e1175bSopenharmony_ci 9352a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); 9353a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_set_capacity(&operation, capacity), 9354a8e1175bSopenharmony_ci expected_capacity_status); 9355a8e1175bSopenharmony_ci 9356a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_input_bytes(&operation, 9357a8e1175bSopenharmony_ci step, input->x, input->len), 9358a8e1175bSopenharmony_ci expected_input_status); 9359a8e1175bSopenharmony_ci 9360a8e1175bSopenharmony_ci if (((psa_status_t) expected_input_status) != PSA_SUCCESS) { 9361a8e1175bSopenharmony_ci goto exit; 9362a8e1175bSopenharmony_ci } 9363a8e1175bSopenharmony_ci 9364a8e1175bSopenharmony_ci status = psa_key_derivation_output_bytes(&operation, output_buffer, 9365a8e1175bSopenharmony_ci expected_output->len); 9366a8e1175bSopenharmony_ci 9367a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_output_status); 9368a8e1175bSopenharmony_ci if (expected_output->len != 0 && expected_output_status == PSA_SUCCESS) { 9369a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output_buffer, expected_output->len, expected_output->x, 9370a8e1175bSopenharmony_ci expected_output->len); 9371a8e1175bSopenharmony_ci } 9372a8e1175bSopenharmony_ci 9373a8e1175bSopenharmony_ciexit: 9374a8e1175bSopenharmony_ci mbedtls_free(output_buffer); 9375a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9376a8e1175bSopenharmony_ci PSA_DONE(); 9377a8e1175bSopenharmony_ci} 9378a8e1175bSopenharmony_ci/* END_CASE */ 9379a8e1175bSopenharmony_ci 9380a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9381a8e1175bSopenharmony_civoid derive_key_exercise(int alg_arg, 9382a8e1175bSopenharmony_ci data_t *key_data, 9383a8e1175bSopenharmony_ci data_t *input1, 9384a8e1175bSopenharmony_ci data_t *input2, 9385a8e1175bSopenharmony_ci int derived_type_arg, 9386a8e1175bSopenharmony_ci int derived_bits_arg, 9387a8e1175bSopenharmony_ci int derived_usage_arg, 9388a8e1175bSopenharmony_ci int derived_alg_arg) 9389a8e1175bSopenharmony_ci{ 9390a8e1175bSopenharmony_ci mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 9391a8e1175bSopenharmony_ci mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 9392a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 9393a8e1175bSopenharmony_ci psa_key_type_t derived_type = derived_type_arg; 9394a8e1175bSopenharmony_ci size_t derived_bits = derived_bits_arg; 9395a8e1175bSopenharmony_ci psa_key_usage_t derived_usage = derived_usage_arg; 9396a8e1175bSopenharmony_ci psa_algorithm_t derived_alg = derived_alg_arg; 9397a8e1175bSopenharmony_ci size_t capacity = PSA_BITS_TO_BYTES(derived_bits); 9398a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9399a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 9400a8e1175bSopenharmony_ci psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 9401a8e1175bSopenharmony_ci 9402a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9403a8e1175bSopenharmony_ci 9404a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 9405a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 9406a8e1175bSopenharmony_ci psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE); 9407a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 9408a8e1175bSopenharmony_ci &base_key)); 9409a8e1175bSopenharmony_ci 9410a8e1175bSopenharmony_ci /* Derive a key. */ 9411a8e1175bSopenharmony_ci if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg, 9412a8e1175bSopenharmony_ci input1->x, input1->len, 9413a8e1175bSopenharmony_ci input2->x, input2->len, 9414a8e1175bSopenharmony_ci capacity, 0)) { 9415a8e1175bSopenharmony_ci goto exit; 9416a8e1175bSopenharmony_ci } 9417a8e1175bSopenharmony_ci 9418a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, derived_usage); 9419a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, derived_alg); 9420a8e1175bSopenharmony_ci psa_set_key_type(&attributes, derived_type); 9421a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, derived_bits); 9422a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_key(&attributes, &operation, 9423a8e1175bSopenharmony_ci &derived_key)); 9424a8e1175bSopenharmony_ci 9425a8e1175bSopenharmony_ci /* Test the key information */ 9426a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(derived_key, &got_attributes)); 9427a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&got_attributes), derived_type); 9428a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&got_attributes), derived_bits); 9429a8e1175bSopenharmony_ci 9430a8e1175bSopenharmony_ci /* Exercise the derived key. */ 9431a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(derived_key, derived_usage, derived_alg, 0)) { 9432a8e1175bSopenharmony_ci goto exit; 9433a8e1175bSopenharmony_ci } 9434a8e1175bSopenharmony_ci 9435a8e1175bSopenharmony_ciexit: 9436a8e1175bSopenharmony_ci /* 9437a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 9438a8e1175bSopenharmony_ci * thus reset them as required. 9439a8e1175bSopenharmony_ci */ 9440a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 9441a8e1175bSopenharmony_ci 9442a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9443a8e1175bSopenharmony_ci psa_destroy_key(base_key); 9444a8e1175bSopenharmony_ci psa_destroy_key(derived_key); 9445a8e1175bSopenharmony_ci PSA_DONE(); 9446a8e1175bSopenharmony_ci} 9447a8e1175bSopenharmony_ci/* END_CASE */ 9448a8e1175bSopenharmony_ci 9449a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9450a8e1175bSopenharmony_civoid derive_key_export(int alg_arg, 9451a8e1175bSopenharmony_ci data_t *key_data, 9452a8e1175bSopenharmony_ci data_t *input1, 9453a8e1175bSopenharmony_ci data_t *input2, 9454a8e1175bSopenharmony_ci int bytes1_arg, 9455a8e1175bSopenharmony_ci int bytes2_arg) 9456a8e1175bSopenharmony_ci{ 9457a8e1175bSopenharmony_ci mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 9458a8e1175bSopenharmony_ci mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 9459a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 9460a8e1175bSopenharmony_ci size_t bytes1 = bytes1_arg; 9461a8e1175bSopenharmony_ci size_t bytes2 = bytes2_arg; 9462a8e1175bSopenharmony_ci size_t capacity = bytes1 + bytes2; 9463a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9464a8e1175bSopenharmony_ci uint8_t *output_buffer = NULL; 9465a8e1175bSopenharmony_ci uint8_t *export_buffer = NULL; 9466a8e1175bSopenharmony_ci psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 9467a8e1175bSopenharmony_ci psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; 9468a8e1175bSopenharmony_ci size_t length; 9469a8e1175bSopenharmony_ci 9470a8e1175bSopenharmony_ci TEST_CALLOC(output_buffer, capacity); 9471a8e1175bSopenharmony_ci TEST_CALLOC(export_buffer, capacity); 9472a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9473a8e1175bSopenharmony_ci 9474a8e1175bSopenharmony_ci psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE); 9475a8e1175bSopenharmony_ci psa_set_key_algorithm(&base_attributes, alg); 9476a8e1175bSopenharmony_ci psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE); 9477a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len, 9478a8e1175bSopenharmony_ci &base_key)); 9479a8e1175bSopenharmony_ci 9480a8e1175bSopenharmony_ci /* Derive some material and output it. */ 9481a8e1175bSopenharmony_ci if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg, 9482a8e1175bSopenharmony_ci input1->x, input1->len, 9483a8e1175bSopenharmony_ci input2->x, input2->len, 9484a8e1175bSopenharmony_ci capacity, 0)) { 9485a8e1175bSopenharmony_ci goto exit; 9486a8e1175bSopenharmony_ci } 9487a8e1175bSopenharmony_ci 9488a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_bytes(&operation, 9489a8e1175bSopenharmony_ci output_buffer, 9490a8e1175bSopenharmony_ci capacity)); 9491a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_abort(&operation)); 9492a8e1175bSopenharmony_ci 9493a8e1175bSopenharmony_ci /* Derive the same output again, but this time store it in key objects. */ 9494a8e1175bSopenharmony_ci if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg, 9495a8e1175bSopenharmony_ci input1->x, input1->len, 9496a8e1175bSopenharmony_ci input2->x, input2->len, 9497a8e1175bSopenharmony_ci capacity, 0)) { 9498a8e1175bSopenharmony_ci goto exit; 9499a8e1175bSopenharmony_ci } 9500a8e1175bSopenharmony_ci 9501a8e1175bSopenharmony_ci psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT); 9502a8e1175bSopenharmony_ci psa_set_key_algorithm(&derived_attributes, 0); 9503a8e1175bSopenharmony_ci psa_set_key_type(&derived_attributes, PSA_KEY_TYPE_RAW_DATA); 9504a8e1175bSopenharmony_ci psa_set_key_bits(&derived_attributes, PSA_BYTES_TO_BITS(bytes1)); 9505a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_key(&derived_attributes, &operation, 9506a8e1175bSopenharmony_ci &derived_key)); 9507a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_key(derived_key, 9508a8e1175bSopenharmony_ci export_buffer, bytes1, 9509a8e1175bSopenharmony_ci &length)); 9510a8e1175bSopenharmony_ci TEST_EQUAL(length, bytes1); 9511a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(derived_key)); 9512a8e1175bSopenharmony_ci psa_set_key_bits(&derived_attributes, PSA_BYTES_TO_BITS(bytes2)); 9513a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_key(&derived_attributes, &operation, 9514a8e1175bSopenharmony_ci &derived_key)); 9515a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_key(derived_key, 9516a8e1175bSopenharmony_ci export_buffer + bytes1, bytes2, 9517a8e1175bSopenharmony_ci &length)); 9518a8e1175bSopenharmony_ci TEST_EQUAL(length, bytes2); 9519a8e1175bSopenharmony_ci 9520a8e1175bSopenharmony_ci /* Compare the outputs from the two runs. */ 9521a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output_buffer, bytes1 + bytes2, 9522a8e1175bSopenharmony_ci export_buffer, capacity); 9523a8e1175bSopenharmony_ci 9524a8e1175bSopenharmony_ciexit: 9525a8e1175bSopenharmony_ci mbedtls_free(output_buffer); 9526a8e1175bSopenharmony_ci mbedtls_free(export_buffer); 9527a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9528a8e1175bSopenharmony_ci psa_destroy_key(base_key); 9529a8e1175bSopenharmony_ci psa_destroy_key(derived_key); 9530a8e1175bSopenharmony_ci PSA_DONE(); 9531a8e1175bSopenharmony_ci} 9532a8e1175bSopenharmony_ci/* END_CASE */ 9533a8e1175bSopenharmony_ci 9534a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9535a8e1175bSopenharmony_civoid derive_key_type(int alg_arg, 9536a8e1175bSopenharmony_ci data_t *key_data, 9537a8e1175bSopenharmony_ci data_t *input1, 9538a8e1175bSopenharmony_ci data_t *input2, 9539a8e1175bSopenharmony_ci int key_type_arg, int bits_arg, 9540a8e1175bSopenharmony_ci data_t *expected_export) 9541a8e1175bSopenharmony_ci{ 9542a8e1175bSopenharmony_ci mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 9543a8e1175bSopenharmony_ci mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 9544a8e1175bSopenharmony_ci const psa_algorithm_t alg = alg_arg; 9545a8e1175bSopenharmony_ci const psa_key_type_t key_type = key_type_arg; 9546a8e1175bSopenharmony_ci const size_t bits = bits_arg; 9547a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9548a8e1175bSopenharmony_ci const size_t export_buffer_size = 9549a8e1175bSopenharmony_ci PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits); 9550a8e1175bSopenharmony_ci uint8_t *export_buffer = NULL; 9551a8e1175bSopenharmony_ci psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 9552a8e1175bSopenharmony_ci psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; 9553a8e1175bSopenharmony_ci size_t export_length; 9554a8e1175bSopenharmony_ci 9555a8e1175bSopenharmony_ci TEST_CALLOC(export_buffer, export_buffer_size); 9556a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9557a8e1175bSopenharmony_ci 9558a8e1175bSopenharmony_ci psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE); 9559a8e1175bSopenharmony_ci psa_set_key_algorithm(&base_attributes, alg); 9560a8e1175bSopenharmony_ci psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE); 9561a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len, 9562a8e1175bSopenharmony_ci &base_key)); 9563a8e1175bSopenharmony_ci 9564a8e1175bSopenharmony_ci if (mbedtls_test_psa_setup_key_derivation_wrap( 9565a8e1175bSopenharmony_ci &operation, base_key, alg, 9566a8e1175bSopenharmony_ci input1->x, input1->len, 9567a8e1175bSopenharmony_ci input2->x, input2->len, 9568a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_UNLIMITED_CAPACITY, 0) == 0) { 9569a8e1175bSopenharmony_ci goto exit; 9570a8e1175bSopenharmony_ci } 9571a8e1175bSopenharmony_ci 9572a8e1175bSopenharmony_ci psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT); 9573a8e1175bSopenharmony_ci psa_set_key_algorithm(&derived_attributes, 0); 9574a8e1175bSopenharmony_ci psa_set_key_type(&derived_attributes, key_type); 9575a8e1175bSopenharmony_ci psa_set_key_bits(&derived_attributes, bits); 9576a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_key(&derived_attributes, &operation, 9577a8e1175bSopenharmony_ci &derived_key)); 9578a8e1175bSopenharmony_ci 9579a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_key(derived_key, 9580a8e1175bSopenharmony_ci export_buffer, export_buffer_size, 9581a8e1175bSopenharmony_ci &export_length)); 9582a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(export_buffer, export_length, 9583a8e1175bSopenharmony_ci expected_export->x, expected_export->len); 9584a8e1175bSopenharmony_ci 9585a8e1175bSopenharmony_ciexit: 9586a8e1175bSopenharmony_ci mbedtls_free(export_buffer); 9587a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9588a8e1175bSopenharmony_ci psa_destroy_key(base_key); 9589a8e1175bSopenharmony_ci psa_destroy_key(derived_key); 9590a8e1175bSopenharmony_ci PSA_DONE(); 9591a8e1175bSopenharmony_ci} 9592a8e1175bSopenharmony_ci/* END_CASE */ 9593a8e1175bSopenharmony_ci 9594a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9595a8e1175bSopenharmony_civoid derive_key_ext(int alg_arg, 9596a8e1175bSopenharmony_ci data_t *key_data, 9597a8e1175bSopenharmony_ci data_t *input1, 9598a8e1175bSopenharmony_ci data_t *input2, 9599a8e1175bSopenharmony_ci int key_type_arg, int bits_arg, 9600a8e1175bSopenharmony_ci int flags_arg, 9601a8e1175bSopenharmony_ci data_t *params_data, 9602a8e1175bSopenharmony_ci psa_status_t expected_status, 9603a8e1175bSopenharmony_ci data_t *expected_export) 9604a8e1175bSopenharmony_ci{ 9605a8e1175bSopenharmony_ci mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 9606a8e1175bSopenharmony_ci mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 9607a8e1175bSopenharmony_ci const psa_algorithm_t alg = alg_arg; 9608a8e1175bSopenharmony_ci const psa_key_type_t key_type = key_type_arg; 9609a8e1175bSopenharmony_ci const size_t bits = bits_arg; 9610a8e1175bSopenharmony_ci psa_key_production_parameters_t *params = NULL; 9611a8e1175bSopenharmony_ci size_t params_data_length = 0; 9612a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9613a8e1175bSopenharmony_ci const size_t export_buffer_size = 9614a8e1175bSopenharmony_ci PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits); 9615a8e1175bSopenharmony_ci uint8_t *export_buffer = NULL; 9616a8e1175bSopenharmony_ci psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 9617a8e1175bSopenharmony_ci psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; 9618a8e1175bSopenharmony_ci size_t export_length; 9619a8e1175bSopenharmony_ci 9620a8e1175bSopenharmony_ci TEST_CALLOC(export_buffer, export_buffer_size); 9621a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9622a8e1175bSopenharmony_ci 9623a8e1175bSopenharmony_ci psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE); 9624a8e1175bSopenharmony_ci psa_set_key_algorithm(&base_attributes, alg); 9625a8e1175bSopenharmony_ci psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE); 9626a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len, 9627a8e1175bSopenharmony_ci &base_key)); 9628a8e1175bSopenharmony_ci 9629a8e1175bSopenharmony_ci if (mbedtls_test_psa_setup_key_derivation_wrap( 9630a8e1175bSopenharmony_ci &operation, base_key, alg, 9631a8e1175bSopenharmony_ci input1->x, input1->len, 9632a8e1175bSopenharmony_ci input2->x, input2->len, 9633a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_UNLIMITED_CAPACITY, 0) == 0) { 9634a8e1175bSopenharmony_ci goto exit; 9635a8e1175bSopenharmony_ci } 9636a8e1175bSopenharmony_ci 9637a8e1175bSopenharmony_ci psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT); 9638a8e1175bSopenharmony_ci psa_set_key_algorithm(&derived_attributes, 0); 9639a8e1175bSopenharmony_ci psa_set_key_type(&derived_attributes, key_type); 9640a8e1175bSopenharmony_ci psa_set_key_bits(&derived_attributes, bits); 9641a8e1175bSopenharmony_ci if (!setup_key_production_parameters(¶ms, ¶ms_data_length, 9642a8e1175bSopenharmony_ci flags_arg, params_data)) { 9643a8e1175bSopenharmony_ci goto exit; 9644a8e1175bSopenharmony_ci } 9645a8e1175bSopenharmony_ci 9646a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_output_key_ext(&derived_attributes, &operation, 9647a8e1175bSopenharmony_ci params, params_data_length, 9648a8e1175bSopenharmony_ci &derived_key), 9649a8e1175bSopenharmony_ci expected_status); 9650a8e1175bSopenharmony_ci 9651a8e1175bSopenharmony_ci if (expected_status == PSA_SUCCESS) { 9652a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_key(derived_key, 9653a8e1175bSopenharmony_ci export_buffer, export_buffer_size, 9654a8e1175bSopenharmony_ci &export_length)); 9655a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(export_buffer, export_length, 9656a8e1175bSopenharmony_ci expected_export->x, expected_export->len); 9657a8e1175bSopenharmony_ci } 9658a8e1175bSopenharmony_ci 9659a8e1175bSopenharmony_ciexit: 9660a8e1175bSopenharmony_ci mbedtls_free(export_buffer); 9661a8e1175bSopenharmony_ci mbedtls_free(params); 9662a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9663a8e1175bSopenharmony_ci psa_destroy_key(base_key); 9664a8e1175bSopenharmony_ci psa_destroy_key(derived_key); 9665a8e1175bSopenharmony_ci PSA_DONE(); 9666a8e1175bSopenharmony_ci} 9667a8e1175bSopenharmony_ci/* END_CASE */ 9668a8e1175bSopenharmony_ci 9669a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9670a8e1175bSopenharmony_civoid derive_key(int alg_arg, 9671a8e1175bSopenharmony_ci data_t *key_data, data_t *input1, data_t *input2, 9672a8e1175bSopenharmony_ci int type_arg, int bits_arg, 9673a8e1175bSopenharmony_ci int expected_status_arg, 9674a8e1175bSopenharmony_ci int is_large_output) 9675a8e1175bSopenharmony_ci{ 9676a8e1175bSopenharmony_ci mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 9677a8e1175bSopenharmony_ci mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; 9678a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 9679a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 9680a8e1175bSopenharmony_ci size_t bits = bits_arg; 9681a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 9682a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9683a8e1175bSopenharmony_ci psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 9684a8e1175bSopenharmony_ci psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; 9685a8e1175bSopenharmony_ci 9686a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9687a8e1175bSopenharmony_ci 9688a8e1175bSopenharmony_ci psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE); 9689a8e1175bSopenharmony_ci psa_set_key_algorithm(&base_attributes, alg); 9690a8e1175bSopenharmony_ci psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE); 9691a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len, 9692a8e1175bSopenharmony_ci &base_key)); 9693a8e1175bSopenharmony_ci 9694a8e1175bSopenharmony_ci if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg, 9695a8e1175bSopenharmony_ci input1->x, input1->len, 9696a8e1175bSopenharmony_ci input2->x, input2->len, 9697a8e1175bSopenharmony_ci SIZE_MAX, 0)) { 9698a8e1175bSopenharmony_ci goto exit; 9699a8e1175bSopenharmony_ci } 9700a8e1175bSopenharmony_ci 9701a8e1175bSopenharmony_ci psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT); 9702a8e1175bSopenharmony_ci psa_set_key_algorithm(&derived_attributes, 0); 9703a8e1175bSopenharmony_ci psa_set_key_type(&derived_attributes, type); 9704a8e1175bSopenharmony_ci psa_set_key_bits(&derived_attributes, bits); 9705a8e1175bSopenharmony_ci 9706a8e1175bSopenharmony_ci psa_status_t status = 9707a8e1175bSopenharmony_ci psa_key_derivation_output_key(&derived_attributes, 9708a8e1175bSopenharmony_ci &operation, 9709a8e1175bSopenharmony_ci &derived_key); 9710a8e1175bSopenharmony_ci if (is_large_output > 0) { 9711a8e1175bSopenharmony_ci TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY); 9712a8e1175bSopenharmony_ci } 9713a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 9714a8e1175bSopenharmony_ci 9715a8e1175bSopenharmony_ciexit: 9716a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9717a8e1175bSopenharmony_ci psa_destroy_key(base_key); 9718a8e1175bSopenharmony_ci psa_destroy_key(derived_key); 9719a8e1175bSopenharmony_ci PSA_DONE(); 9720a8e1175bSopenharmony_ci} 9721a8e1175bSopenharmony_ci/* END_CASE */ 9722a8e1175bSopenharmony_ci 9723a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9724a8e1175bSopenharmony_civoid key_agreement_setup(int alg_arg, 9725a8e1175bSopenharmony_ci int our_key_type_arg, int our_key_alg_arg, 9726a8e1175bSopenharmony_ci data_t *our_key_data, data_t *peer_key_data, 9727a8e1175bSopenharmony_ci int expected_status_arg) 9728a8e1175bSopenharmony_ci{ 9729a8e1175bSopenharmony_ci mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 9730a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 9731a8e1175bSopenharmony_ci psa_algorithm_t our_key_alg = our_key_alg_arg; 9732a8e1175bSopenharmony_ci psa_key_type_t our_key_type = our_key_type_arg; 9733a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9734a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 9735a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 9736a8e1175bSopenharmony_ci psa_status_t status; 9737a8e1175bSopenharmony_ci 9738a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9739a8e1175bSopenharmony_ci 9740a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 9741a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, our_key_alg); 9742a8e1175bSopenharmony_ci psa_set_key_type(&attributes, our_key_type); 9743a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, 9744a8e1175bSopenharmony_ci our_key_data->x, our_key_data->len, 9745a8e1175bSopenharmony_ci &our_key)); 9746a8e1175bSopenharmony_ci 9747a8e1175bSopenharmony_ci /* The tests currently include inputs that should fail at either step. 9748a8e1175bSopenharmony_ci * Test cases that fail at the setup step should be changed to call 9749a8e1175bSopenharmony_ci * key_derivation_setup instead, and this function should be renamed 9750a8e1175bSopenharmony_ci * to key_agreement_fail. */ 9751a8e1175bSopenharmony_ci status = psa_key_derivation_setup(&operation, alg); 9752a8e1175bSopenharmony_ci if (status == PSA_SUCCESS) { 9753a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_key_agreement( 9754a8e1175bSopenharmony_ci &operation, PSA_KEY_DERIVATION_INPUT_SECRET, 9755a8e1175bSopenharmony_ci our_key, 9756a8e1175bSopenharmony_ci peer_key_data->x, peer_key_data->len), 9757a8e1175bSopenharmony_ci expected_status); 9758a8e1175bSopenharmony_ci } else { 9759a8e1175bSopenharmony_ci TEST_ASSERT(status == expected_status); 9760a8e1175bSopenharmony_ci } 9761a8e1175bSopenharmony_ci 9762a8e1175bSopenharmony_ciexit: 9763a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9764a8e1175bSopenharmony_ci psa_destroy_key(our_key); 9765a8e1175bSopenharmony_ci PSA_DONE(); 9766a8e1175bSopenharmony_ci} 9767a8e1175bSopenharmony_ci/* END_CASE */ 9768a8e1175bSopenharmony_ci 9769a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9770a8e1175bSopenharmony_civoid raw_key_agreement(int alg_arg, 9771a8e1175bSopenharmony_ci int our_key_type_arg, data_t *our_key_data, 9772a8e1175bSopenharmony_ci data_t *peer_key_data, 9773a8e1175bSopenharmony_ci data_t *expected_output) 9774a8e1175bSopenharmony_ci{ 9775a8e1175bSopenharmony_ci mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 9776a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 9777a8e1175bSopenharmony_ci psa_key_type_t our_key_type = our_key_type_arg; 9778a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 9779a8e1175bSopenharmony_ci unsigned char *output = NULL; 9780a8e1175bSopenharmony_ci size_t output_length = ~0; 9781a8e1175bSopenharmony_ci size_t key_bits; 9782a8e1175bSopenharmony_ci 9783a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9784a8e1175bSopenharmony_ci 9785a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 9786a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 9787a8e1175bSopenharmony_ci psa_set_key_type(&attributes, our_key_type); 9788a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, 9789a8e1175bSopenharmony_ci our_key_data->x, our_key_data->len, 9790a8e1175bSopenharmony_ci &our_key)); 9791a8e1175bSopenharmony_ci 9792a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(our_key, &attributes)); 9793a8e1175bSopenharmony_ci key_bits = psa_get_key_bits(&attributes); 9794a8e1175bSopenharmony_ci 9795a8e1175bSopenharmony_ci /* Validate size macros */ 9796a8e1175bSopenharmony_ci TEST_LE_U(expected_output->len, 9797a8e1175bSopenharmony_ci PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits)); 9798a8e1175bSopenharmony_ci TEST_LE_U(PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits), 9799a8e1175bSopenharmony_ci PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); 9800a8e1175bSopenharmony_ci 9801a8e1175bSopenharmony_ci /* Good case with exact output size */ 9802a8e1175bSopenharmony_ci TEST_CALLOC(output, expected_output->len); 9803a8e1175bSopenharmony_ci PSA_ASSERT(psa_raw_key_agreement(alg, our_key, 9804a8e1175bSopenharmony_ci peer_key_data->x, peer_key_data->len, 9805a8e1175bSopenharmony_ci output, expected_output->len, 9806a8e1175bSopenharmony_ci &output_length)); 9807a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, output_length, 9808a8e1175bSopenharmony_ci expected_output->x, expected_output->len); 9809a8e1175bSopenharmony_ci mbedtls_free(output); 9810a8e1175bSopenharmony_ci output = NULL; 9811a8e1175bSopenharmony_ci output_length = ~0; 9812a8e1175bSopenharmony_ci 9813a8e1175bSopenharmony_ci /* Larger buffer */ 9814a8e1175bSopenharmony_ci TEST_CALLOC(output, expected_output->len + 1); 9815a8e1175bSopenharmony_ci PSA_ASSERT(psa_raw_key_agreement(alg, our_key, 9816a8e1175bSopenharmony_ci peer_key_data->x, peer_key_data->len, 9817a8e1175bSopenharmony_ci output, expected_output->len + 1, 9818a8e1175bSopenharmony_ci &output_length)); 9819a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, output_length, 9820a8e1175bSopenharmony_ci expected_output->x, expected_output->len); 9821a8e1175bSopenharmony_ci mbedtls_free(output); 9822a8e1175bSopenharmony_ci output = NULL; 9823a8e1175bSopenharmony_ci output_length = ~0; 9824a8e1175bSopenharmony_ci 9825a8e1175bSopenharmony_ci /* Buffer too small */ 9826a8e1175bSopenharmony_ci TEST_CALLOC(output, expected_output->len - 1); 9827a8e1175bSopenharmony_ci TEST_EQUAL(psa_raw_key_agreement(alg, our_key, 9828a8e1175bSopenharmony_ci peer_key_data->x, peer_key_data->len, 9829a8e1175bSopenharmony_ci output, expected_output->len - 1, 9830a8e1175bSopenharmony_ci &output_length), 9831a8e1175bSopenharmony_ci PSA_ERROR_BUFFER_TOO_SMALL); 9832a8e1175bSopenharmony_ci /* Not required by the spec, but good robustness */ 9833a8e1175bSopenharmony_ci TEST_LE_U(output_length, expected_output->len - 1); 9834a8e1175bSopenharmony_ci mbedtls_free(output); 9835a8e1175bSopenharmony_ci output = NULL; 9836a8e1175bSopenharmony_ci 9837a8e1175bSopenharmony_ciexit: 9838a8e1175bSopenharmony_ci mbedtls_free(output); 9839a8e1175bSopenharmony_ci psa_destroy_key(our_key); 9840a8e1175bSopenharmony_ci PSA_DONE(); 9841a8e1175bSopenharmony_ci} 9842a8e1175bSopenharmony_ci/* END_CASE */ 9843a8e1175bSopenharmony_ci 9844a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9845a8e1175bSopenharmony_civoid key_agreement_capacity(int alg_arg, 9846a8e1175bSopenharmony_ci int our_key_type_arg, data_t *our_key_data, 9847a8e1175bSopenharmony_ci data_t *peer_key_data, 9848a8e1175bSopenharmony_ci int expected_capacity_arg) 9849a8e1175bSopenharmony_ci{ 9850a8e1175bSopenharmony_ci mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 9851a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 9852a8e1175bSopenharmony_ci psa_key_type_t our_key_type = our_key_type_arg; 9853a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9854a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 9855a8e1175bSopenharmony_ci size_t actual_capacity; 9856a8e1175bSopenharmony_ci unsigned char output[16]; 9857a8e1175bSopenharmony_ci 9858a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9859a8e1175bSopenharmony_ci 9860a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 9861a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 9862a8e1175bSopenharmony_ci psa_set_key_type(&attributes, our_key_type); 9863a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, 9864a8e1175bSopenharmony_ci our_key_data->x, our_key_data->len, 9865a8e1175bSopenharmony_ci &our_key)); 9866a8e1175bSopenharmony_ci 9867a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); 9868a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_key_agreement( 9869a8e1175bSopenharmony_ci &operation, 9870a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_SECRET, our_key, 9871a8e1175bSopenharmony_ci peer_key_data->x, peer_key_data->len)); 9872a8e1175bSopenharmony_ci if (PSA_ALG_IS_HKDF(PSA_ALG_KEY_AGREEMENT_GET_KDF(alg))) { 9873a8e1175bSopenharmony_ci /* The test data is for info="" */ 9874a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_input_bytes(&operation, 9875a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_INFO, 9876a8e1175bSopenharmony_ci NULL, 0)); 9877a8e1175bSopenharmony_ci } 9878a8e1175bSopenharmony_ci 9879a8e1175bSopenharmony_ci /* Test the advertised capacity. */ 9880a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_get_capacity( 9881a8e1175bSopenharmony_ci &operation, &actual_capacity)); 9882a8e1175bSopenharmony_ci TEST_EQUAL(actual_capacity, (size_t) expected_capacity_arg); 9883a8e1175bSopenharmony_ci 9884a8e1175bSopenharmony_ci /* Test the actual capacity by reading the output. */ 9885a8e1175bSopenharmony_ci while (actual_capacity > sizeof(output)) { 9886a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_bytes(&operation, 9887a8e1175bSopenharmony_ci output, sizeof(output))); 9888a8e1175bSopenharmony_ci actual_capacity -= sizeof(output); 9889a8e1175bSopenharmony_ci } 9890a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_bytes(&operation, 9891a8e1175bSopenharmony_ci output, actual_capacity)); 9892a8e1175bSopenharmony_ci TEST_EQUAL(psa_key_derivation_output_bytes(&operation, output, 1), 9893a8e1175bSopenharmony_ci PSA_ERROR_INSUFFICIENT_DATA); 9894a8e1175bSopenharmony_ci 9895a8e1175bSopenharmony_ciexit: 9896a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9897a8e1175bSopenharmony_ci psa_destroy_key(our_key); 9898a8e1175bSopenharmony_ci PSA_DONE(); 9899a8e1175bSopenharmony_ci} 9900a8e1175bSopenharmony_ci/* END_CASE */ 9901a8e1175bSopenharmony_ci 9902a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 9903a8e1175bSopenharmony_civoid ecc_conversion_functions(int grp_id_arg, int psa_family_arg, int bits_arg) 9904a8e1175bSopenharmony_ci{ 9905a8e1175bSopenharmony_ci mbedtls_ecp_group_id grp_id = grp_id_arg; 9906a8e1175bSopenharmony_ci psa_ecc_family_t ecc_family = psa_family_arg; 9907a8e1175bSopenharmony_ci size_t bits = bits_arg; 9908a8e1175bSopenharmony_ci size_t bits_tmp; 9909a8e1175bSopenharmony_ci 9910a8e1175bSopenharmony_ci TEST_EQUAL(ecc_family, mbedtls_ecc_group_to_psa(grp_id, &bits_tmp)); 9911a8e1175bSopenharmony_ci TEST_EQUAL(bits, bits_tmp); 9912a8e1175bSopenharmony_ci TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits)); 9913a8e1175bSopenharmony_ci} 9914a8e1175bSopenharmony_ci/* END_CASE */ 9915a8e1175bSopenharmony_ci 9916a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 9917a8e1175bSopenharmony_civoid ecc_conversion_functions_fail() 9918a8e1175bSopenharmony_ci{ 9919a8e1175bSopenharmony_ci size_t bits; 9920a8e1175bSopenharmony_ci 9921a8e1175bSopenharmony_ci /* Invalid legacy curve identifiers. */ 9922a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_MAX, &bits)); 9923a8e1175bSopenharmony_ci TEST_EQUAL(0, bits); 9924a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_NONE, &bits)); 9925a8e1175bSopenharmony_ci TEST_EQUAL(0, bits); 9926a8e1175bSopenharmony_ci 9927a8e1175bSopenharmony_ci /* Invalid PSA EC family. */ 9928a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(0, 192)); 9929a8e1175bSopenharmony_ci /* Invalid bit-size for a valid EC family. */ 9930a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_SECP_R1, 512)); 9931a8e1175bSopenharmony_ci 9932a8e1175bSopenharmony_ci /* Twisted-Edward curves are not supported yet. */ 9933a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ECP_DP_NONE, 9934a8e1175bSopenharmony_ci mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 255)); 9935a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ECP_DP_NONE, 9936a8e1175bSopenharmony_ci mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 448)); 9937a8e1175bSopenharmony_ci} 9938a8e1175bSopenharmony_ci/* END_CASE */ 9939a8e1175bSopenharmony_ci 9940a8e1175bSopenharmony_ci 9941a8e1175bSopenharmony_ci/* BEGIN_CASE */ 9942a8e1175bSopenharmony_civoid key_agreement_output(int alg_arg, 9943a8e1175bSopenharmony_ci int our_key_type_arg, data_t *our_key_data, 9944a8e1175bSopenharmony_ci data_t *peer_key_data, 9945a8e1175bSopenharmony_ci data_t *expected_output1, data_t *expected_output2) 9946a8e1175bSopenharmony_ci{ 9947a8e1175bSopenharmony_ci mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 9948a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 9949a8e1175bSopenharmony_ci psa_key_type_t our_key_type = our_key_type_arg; 9950a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 9951a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 9952a8e1175bSopenharmony_ci uint8_t *actual_output = NULL; 9953a8e1175bSopenharmony_ci 9954a8e1175bSopenharmony_ci TEST_CALLOC(actual_output, MAX(expected_output1->len, 9955a8e1175bSopenharmony_ci expected_output2->len)); 9956a8e1175bSopenharmony_ci 9957a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 9958a8e1175bSopenharmony_ci 9959a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 9960a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 9961a8e1175bSopenharmony_ci psa_set_key_type(&attributes, our_key_type); 9962a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, 9963a8e1175bSopenharmony_ci our_key_data->x, our_key_data->len, 9964a8e1175bSopenharmony_ci &our_key)); 9965a8e1175bSopenharmony_ci 9966a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); 9967a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_key_agreement( 9968a8e1175bSopenharmony_ci &operation, 9969a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_SECRET, our_key, 9970a8e1175bSopenharmony_ci peer_key_data->x, peer_key_data->len)); 9971a8e1175bSopenharmony_ci if (PSA_ALG_IS_HKDF(PSA_ALG_KEY_AGREEMENT_GET_KDF(alg))) { 9972a8e1175bSopenharmony_ci /* The test data is for info="" */ 9973a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_input_bytes(&operation, 9974a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_INFO, 9975a8e1175bSopenharmony_ci NULL, 0)); 9976a8e1175bSopenharmony_ci } 9977a8e1175bSopenharmony_ci 9978a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_bytes(&operation, 9979a8e1175bSopenharmony_ci actual_output, 9980a8e1175bSopenharmony_ci expected_output1->len)); 9981a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(actual_output, expected_output1->len, 9982a8e1175bSopenharmony_ci expected_output1->x, expected_output1->len); 9983a8e1175bSopenharmony_ci if (expected_output2->len != 0) { 9984a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_bytes(&operation, 9985a8e1175bSopenharmony_ci actual_output, 9986a8e1175bSopenharmony_ci expected_output2->len)); 9987a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(actual_output, expected_output2->len, 9988a8e1175bSopenharmony_ci expected_output2->x, expected_output2->len); 9989a8e1175bSopenharmony_ci } 9990a8e1175bSopenharmony_ci 9991a8e1175bSopenharmony_ciexit: 9992a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 9993a8e1175bSopenharmony_ci psa_destroy_key(our_key); 9994a8e1175bSopenharmony_ci PSA_DONE(); 9995a8e1175bSopenharmony_ci mbedtls_free(actual_output); 9996a8e1175bSopenharmony_ci} 9997a8e1175bSopenharmony_ci/* END_CASE */ 9998a8e1175bSopenharmony_ci 9999a8e1175bSopenharmony_ci/* BEGIN_CASE */ 10000a8e1175bSopenharmony_civoid generate_random(int bytes_arg) 10001a8e1175bSopenharmony_ci{ 10002a8e1175bSopenharmony_ci size_t bytes = bytes_arg; 10003a8e1175bSopenharmony_ci unsigned char *output = NULL; 10004a8e1175bSopenharmony_ci unsigned char *changed = NULL; 10005a8e1175bSopenharmony_ci size_t i; 10006a8e1175bSopenharmony_ci unsigned run; 10007a8e1175bSopenharmony_ci 10008a8e1175bSopenharmony_ci TEST_ASSERT(bytes_arg >= 0); 10009a8e1175bSopenharmony_ci 10010a8e1175bSopenharmony_ci TEST_CALLOC(output, bytes); 10011a8e1175bSopenharmony_ci TEST_CALLOC(changed, bytes); 10012a8e1175bSopenharmony_ci 10013a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 10014a8e1175bSopenharmony_ci 10015a8e1175bSopenharmony_ci /* Run several times, to ensure that every output byte will be 10016a8e1175bSopenharmony_ci * nonzero at least once with overwhelming probability 10017a8e1175bSopenharmony_ci * (2^(-8*number_of_runs)). */ 10018a8e1175bSopenharmony_ci for (run = 0; run < 10; run++) { 10019a8e1175bSopenharmony_ci if (bytes != 0) { 10020a8e1175bSopenharmony_ci memset(output, 0, bytes); 10021a8e1175bSopenharmony_ci } 10022a8e1175bSopenharmony_ci PSA_ASSERT(psa_generate_random(output, bytes)); 10023a8e1175bSopenharmony_ci 10024a8e1175bSopenharmony_ci for (i = 0; i < bytes; i++) { 10025a8e1175bSopenharmony_ci if (output[i] != 0) { 10026a8e1175bSopenharmony_ci ++changed[i]; 10027a8e1175bSopenharmony_ci } 10028a8e1175bSopenharmony_ci } 10029a8e1175bSopenharmony_ci } 10030a8e1175bSopenharmony_ci 10031a8e1175bSopenharmony_ci /* Check that every byte was changed to nonzero at least once. This 10032a8e1175bSopenharmony_ci * validates that psa_generate_random is overwriting every byte of 10033a8e1175bSopenharmony_ci * the output buffer. */ 10034a8e1175bSopenharmony_ci for (i = 0; i < bytes; i++) { 10035a8e1175bSopenharmony_ci TEST_ASSERT(changed[i] != 0); 10036a8e1175bSopenharmony_ci } 10037a8e1175bSopenharmony_ci 10038a8e1175bSopenharmony_ciexit: 10039a8e1175bSopenharmony_ci PSA_DONE(); 10040a8e1175bSopenharmony_ci mbedtls_free(output); 10041a8e1175bSopenharmony_ci mbedtls_free(changed); 10042a8e1175bSopenharmony_ci} 10043a8e1175bSopenharmony_ci/* END_CASE */ 10044a8e1175bSopenharmony_ci 10045a8e1175bSopenharmony_ci#if defined MBEDTLS_THREADING_PTHREAD 10046a8e1175bSopenharmony_ci 10047a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ 10048a8e1175bSopenharmony_civoid concurrently_generate_keys(int type_arg, 10049a8e1175bSopenharmony_ci int bits_arg, 10050a8e1175bSopenharmony_ci int usage_arg, 10051a8e1175bSopenharmony_ci int alg_arg, 10052a8e1175bSopenharmony_ci int expected_status_arg, 10053a8e1175bSopenharmony_ci int is_large_key_arg, 10054a8e1175bSopenharmony_ci int arg_thread_count, 10055a8e1175bSopenharmony_ci int reps_arg) 10056a8e1175bSopenharmony_ci{ 10057a8e1175bSopenharmony_ci size_t thread_count = (size_t) arg_thread_count; 10058a8e1175bSopenharmony_ci mbedtls_test_thread_t *threads = NULL; 10059a8e1175bSopenharmony_ci generate_key_context gkc; 10060a8e1175bSopenharmony_ci gkc.type = type_arg; 10061a8e1175bSopenharmony_ci gkc.usage = usage_arg; 10062a8e1175bSopenharmony_ci gkc.bits = bits_arg; 10063a8e1175bSopenharmony_ci gkc.alg = alg_arg; 10064a8e1175bSopenharmony_ci gkc.expected_status = expected_status_arg; 10065a8e1175bSopenharmony_ci gkc.is_large_key = is_large_key_arg; 10066a8e1175bSopenharmony_ci gkc.reps = reps_arg; 10067a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 10068a8e1175bSopenharmony_ci 10069a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 10070a8e1175bSopenharmony_ci 10071a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage_arg); 10072a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg_arg); 10073a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type_arg); 10074a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, bits_arg); 10075a8e1175bSopenharmony_ci gkc.attributes = &attributes; 10076a8e1175bSopenharmony_ci 10077a8e1175bSopenharmony_ci TEST_CALLOC(threads, sizeof(mbedtls_test_thread_t) * thread_count); 10078a8e1175bSopenharmony_ci 10079a8e1175bSopenharmony_ci /* Split threads to generate key then destroy key. */ 10080a8e1175bSopenharmony_ci for (size_t i = 0; i < thread_count; i++) { 10081a8e1175bSopenharmony_ci TEST_EQUAL( 10082a8e1175bSopenharmony_ci mbedtls_test_thread_create(&threads[i], thread_generate_key, 10083a8e1175bSopenharmony_ci (void *) &gkc), 0); 10084a8e1175bSopenharmony_ci } 10085a8e1175bSopenharmony_ci 10086a8e1175bSopenharmony_ci /* Join threads. */ 10087a8e1175bSopenharmony_ci for (size_t i = 0; i < thread_count; i++) { 10088a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_test_thread_join(&threads[i]), 0); 10089a8e1175bSopenharmony_ci } 10090a8e1175bSopenharmony_ci 10091a8e1175bSopenharmony_ciexit: 10092a8e1175bSopenharmony_ci mbedtls_free(threads); 10093a8e1175bSopenharmony_ci PSA_DONE(); 10094a8e1175bSopenharmony_ci} 10095a8e1175bSopenharmony_ci/* END_CASE */ 10096a8e1175bSopenharmony_ci#endif 10097a8e1175bSopenharmony_ci 10098a8e1175bSopenharmony_ci/* BEGIN_CASE */ 10099a8e1175bSopenharmony_civoid generate_key(int type_arg, 10100a8e1175bSopenharmony_ci int bits_arg, 10101a8e1175bSopenharmony_ci int usage_arg, 10102a8e1175bSopenharmony_ci int alg_arg, 10103a8e1175bSopenharmony_ci int expected_status_arg, 10104a8e1175bSopenharmony_ci int is_large_key) 10105a8e1175bSopenharmony_ci{ 10106a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 10107a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 10108a8e1175bSopenharmony_ci psa_key_usage_t usage = usage_arg; 10109a8e1175bSopenharmony_ci size_t bits = bits_arg; 10110a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 10111a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 10112a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 10113a8e1175bSopenharmony_ci psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 10114a8e1175bSopenharmony_ci 10115a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 10116a8e1175bSopenharmony_ci 10117a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage); 10118a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 10119a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 10120a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, bits); 10121a8e1175bSopenharmony_ci 10122a8e1175bSopenharmony_ci /* Generate a key */ 10123a8e1175bSopenharmony_ci psa_status_t status = psa_generate_key(&attributes, &key); 10124a8e1175bSopenharmony_ci 10125a8e1175bSopenharmony_ci if (is_large_key > 0) { 10126a8e1175bSopenharmony_ci TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY); 10127a8e1175bSopenharmony_ci } 10128a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 10129a8e1175bSopenharmony_ci if (expected_status != PSA_SUCCESS) { 10130a8e1175bSopenharmony_ci goto exit; 10131a8e1175bSopenharmony_ci } 10132a8e1175bSopenharmony_ci 10133a8e1175bSopenharmony_ci /* Test the key information */ 10134a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); 10135a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&got_attributes), type); 10136a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&got_attributes), bits); 10137a8e1175bSopenharmony_ci 10138a8e1175bSopenharmony_ci /* Do something with the key according to its type and permitted usage. */ 10139a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(key, usage, alg, 0)) { 10140a8e1175bSopenharmony_ci goto exit; 10141a8e1175bSopenharmony_ci } 10142a8e1175bSopenharmony_ci 10143a8e1175bSopenharmony_ciexit: 10144a8e1175bSopenharmony_ci /* 10145a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 10146a8e1175bSopenharmony_ci * thus reset them as required. 10147a8e1175bSopenharmony_ci */ 10148a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 10149a8e1175bSopenharmony_ci 10150a8e1175bSopenharmony_ci psa_destroy_key(key); 10151a8e1175bSopenharmony_ci PSA_DONE(); 10152a8e1175bSopenharmony_ci} 10153a8e1175bSopenharmony_ci/* END_CASE */ 10154a8e1175bSopenharmony_ci 10155a8e1175bSopenharmony_ci/* BEGIN_CASE */ 10156a8e1175bSopenharmony_civoid generate_key_ext(int type_arg, 10157a8e1175bSopenharmony_ci int bits_arg, 10158a8e1175bSopenharmony_ci int usage_arg, 10159a8e1175bSopenharmony_ci int alg_arg, 10160a8e1175bSopenharmony_ci int flags_arg, 10161a8e1175bSopenharmony_ci data_t *params_data, 10162a8e1175bSopenharmony_ci int expected_status_arg) 10163a8e1175bSopenharmony_ci{ 10164a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 10165a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 10166a8e1175bSopenharmony_ci psa_key_usage_t usage = usage_arg; 10167a8e1175bSopenharmony_ci size_t bits = bits_arg; 10168a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 10169a8e1175bSopenharmony_ci psa_status_t expected_status = expected_status_arg; 10170a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 10171a8e1175bSopenharmony_ci psa_key_production_parameters_t *params = NULL; 10172a8e1175bSopenharmony_ci size_t params_data_length = 0; 10173a8e1175bSopenharmony_ci psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; 10174a8e1175bSopenharmony_ci 10175a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 10176a8e1175bSopenharmony_ci 10177a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage); 10178a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 10179a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 10180a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, bits); 10181a8e1175bSopenharmony_ci 10182a8e1175bSopenharmony_ci if (!setup_key_production_parameters(¶ms, ¶ms_data_length, 10183a8e1175bSopenharmony_ci flags_arg, params_data)) { 10184a8e1175bSopenharmony_ci goto exit; 10185a8e1175bSopenharmony_ci } 10186a8e1175bSopenharmony_ci 10187a8e1175bSopenharmony_ci /* Generate a key */ 10188a8e1175bSopenharmony_ci psa_status_t status = psa_generate_key_ext(&attributes, 10189a8e1175bSopenharmony_ci params, params_data_length, 10190a8e1175bSopenharmony_ci &key); 10191a8e1175bSopenharmony_ci 10192a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_status); 10193a8e1175bSopenharmony_ci if (expected_status != PSA_SUCCESS) { 10194a8e1175bSopenharmony_ci goto exit; 10195a8e1175bSopenharmony_ci } 10196a8e1175bSopenharmony_ci 10197a8e1175bSopenharmony_ci /* Test the key information */ 10198a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); 10199a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&got_attributes), type); 10200a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&got_attributes), bits); 10201a8e1175bSopenharmony_ci 10202a8e1175bSopenharmony_ci#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) 10203a8e1175bSopenharmony_ci if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { 10204a8e1175bSopenharmony_ci TEST_ASSERT(rsa_test_e(key, bits, params_data)); 10205a8e1175bSopenharmony_ci } 10206a8e1175bSopenharmony_ci#endif 10207a8e1175bSopenharmony_ci 10208a8e1175bSopenharmony_ci /* Do something with the key according to its type and permitted usage. */ 10209a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(key, usage, alg, 0)) { 10210a8e1175bSopenharmony_ci goto exit; 10211a8e1175bSopenharmony_ci } 10212a8e1175bSopenharmony_ci 10213a8e1175bSopenharmony_ciexit: 10214a8e1175bSopenharmony_ci /* 10215a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 10216a8e1175bSopenharmony_ci * thus reset them as required. 10217a8e1175bSopenharmony_ci */ 10218a8e1175bSopenharmony_ci psa_reset_key_attributes(&got_attributes); 10219a8e1175bSopenharmony_ci mbedtls_free(params); 10220a8e1175bSopenharmony_ci psa_destroy_key(key); 10221a8e1175bSopenharmony_ci PSA_DONE(); 10222a8e1175bSopenharmony_ci} 10223a8e1175bSopenharmony_ci/* END_CASE */ 10224a8e1175bSopenharmony_ci 10225a8e1175bSopenharmony_ci/* BEGIN_CASE */ 10226a8e1175bSopenharmony_civoid key_production_parameters_init() 10227a8e1175bSopenharmony_ci{ 10228a8e1175bSopenharmony_ci psa_key_production_parameters_t init = PSA_KEY_PRODUCTION_PARAMETERS_INIT; 10229a8e1175bSopenharmony_ci psa_key_production_parameters_t zero; 10230a8e1175bSopenharmony_ci memset(&zero, 0, sizeof(zero)); 10231a8e1175bSopenharmony_ci 10232a8e1175bSopenharmony_ci TEST_EQUAL(init.flags, 0); 10233a8e1175bSopenharmony_ci TEST_EQUAL(zero.flags, 0); 10234a8e1175bSopenharmony_ci} 10235a8e1175bSopenharmony_ci/* END_CASE */ 10236a8e1175bSopenharmony_ci 10237a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ 10238a8e1175bSopenharmony_civoid persistent_key_load_key_from_storage(data_t *data, 10239a8e1175bSopenharmony_ci int type_arg, int bits_arg, 10240a8e1175bSopenharmony_ci int usage_flags_arg, int alg_arg, 10241a8e1175bSopenharmony_ci int generation_method) 10242a8e1175bSopenharmony_ci{ 10243a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(1, 1); 10244a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 10245a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 10246a8e1175bSopenharmony_ci mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; 10247a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 10248a8e1175bSopenharmony_ci size_t bits = bits_arg; 10249a8e1175bSopenharmony_ci psa_key_usage_t usage_flags = usage_flags_arg; 10250a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 10251a8e1175bSopenharmony_ci psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; 10252a8e1175bSopenharmony_ci unsigned char *first_export = NULL; 10253a8e1175bSopenharmony_ci unsigned char *second_export = NULL; 10254a8e1175bSopenharmony_ci size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits); 10255a8e1175bSopenharmony_ci size_t first_exported_length = 0; 10256a8e1175bSopenharmony_ci size_t second_exported_length; 10257a8e1175bSopenharmony_ci 10258a8e1175bSopenharmony_ci if (usage_flags & PSA_KEY_USAGE_EXPORT) { 10259a8e1175bSopenharmony_ci TEST_CALLOC(first_export, export_size); 10260a8e1175bSopenharmony_ci TEST_CALLOC(second_export, export_size); 10261a8e1175bSopenharmony_ci } 10262a8e1175bSopenharmony_ci 10263a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 10264a8e1175bSopenharmony_ci 10265a8e1175bSopenharmony_ci psa_set_key_id(&attributes, key_id); 10266a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage_flags); 10267a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 10268a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 10269a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, bits); 10270a8e1175bSopenharmony_ci 10271a8e1175bSopenharmony_ci switch (generation_method) { 10272a8e1175bSopenharmony_ci case IMPORT_KEY: 10273a8e1175bSopenharmony_ci /* Import the key */ 10274a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, 10275a8e1175bSopenharmony_ci &key)); 10276a8e1175bSopenharmony_ci break; 10277a8e1175bSopenharmony_ci 10278a8e1175bSopenharmony_ci case GENERATE_KEY: 10279a8e1175bSopenharmony_ci /* Generate a key */ 10280a8e1175bSopenharmony_ci PSA_ASSERT(psa_generate_key(&attributes, &key)); 10281a8e1175bSopenharmony_ci break; 10282a8e1175bSopenharmony_ci 10283a8e1175bSopenharmony_ci case DERIVE_KEY: 10284a8e1175bSopenharmony_ci#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256) 10285a8e1175bSopenharmony_ci { 10286a8e1175bSopenharmony_ci /* Create base key */ 10287a8e1175bSopenharmony_ci psa_algorithm_t derive_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256); 10288a8e1175bSopenharmony_ci psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; 10289a8e1175bSopenharmony_ci psa_set_key_usage_flags(&base_attributes, 10290a8e1175bSopenharmony_ci PSA_KEY_USAGE_DERIVE); 10291a8e1175bSopenharmony_ci psa_set_key_algorithm(&base_attributes, derive_alg); 10292a8e1175bSopenharmony_ci psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE); 10293a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&base_attributes, 10294a8e1175bSopenharmony_ci data->x, data->len, 10295a8e1175bSopenharmony_ci &base_key)); 10296a8e1175bSopenharmony_ci /* Derive a key. */ 10297a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&operation, derive_alg)); 10298a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_input_key( 10299a8e1175bSopenharmony_ci &operation, 10300a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_SECRET, base_key)); 10301a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_input_bytes( 10302a8e1175bSopenharmony_ci &operation, PSA_KEY_DERIVATION_INPUT_INFO, 10303a8e1175bSopenharmony_ci NULL, 0)); 10304a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_output_key(&attributes, 10305a8e1175bSopenharmony_ci &operation, 10306a8e1175bSopenharmony_ci &key)); 10307a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_abort(&operation)); 10308a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(base_key)); 10309a8e1175bSopenharmony_ci base_key = MBEDTLS_SVC_KEY_ID_INIT; 10310a8e1175bSopenharmony_ci } 10311a8e1175bSopenharmony_ci#else 10312a8e1175bSopenharmony_ci TEST_ASSUME(!"KDF not supported in this configuration"); 10313a8e1175bSopenharmony_ci#endif 10314a8e1175bSopenharmony_ci break; 10315a8e1175bSopenharmony_ci 10316a8e1175bSopenharmony_ci default: 10317a8e1175bSopenharmony_ci TEST_FAIL("generation_method not implemented in test"); 10318a8e1175bSopenharmony_ci break; 10319a8e1175bSopenharmony_ci } 10320a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 10321a8e1175bSopenharmony_ci 10322a8e1175bSopenharmony_ci /* Export the key if permitted by the key policy. */ 10323a8e1175bSopenharmony_ci if (usage_flags & PSA_KEY_USAGE_EXPORT) { 10324a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_key(key, 10325a8e1175bSopenharmony_ci first_export, export_size, 10326a8e1175bSopenharmony_ci &first_exported_length)); 10327a8e1175bSopenharmony_ci if (generation_method == IMPORT_KEY) { 10328a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(data->x, data->len, 10329a8e1175bSopenharmony_ci first_export, first_exported_length); 10330a8e1175bSopenharmony_ci } 10331a8e1175bSopenharmony_ci } 10332a8e1175bSopenharmony_ci 10333a8e1175bSopenharmony_ci /* Shutdown and restart */ 10334a8e1175bSopenharmony_ci PSA_ASSERT(psa_purge_key(key)); 10335a8e1175bSopenharmony_ci PSA_DONE(); 10336a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 10337a8e1175bSopenharmony_ci 10338a8e1175bSopenharmony_ci /* Check key slot still contains key data */ 10339a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 10340a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_svc_key_id_equal( 10341a8e1175bSopenharmony_ci psa_get_key_id(&attributes), key_id)); 10342a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&attributes), 10343a8e1175bSopenharmony_ci PSA_KEY_LIFETIME_PERSISTENT); 10344a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&attributes), type); 10345a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&attributes), bits); 10346a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&attributes), 10347a8e1175bSopenharmony_ci mbedtls_test_update_key_usage_flags(usage_flags)); 10348a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&attributes), alg); 10349a8e1175bSopenharmony_ci 10350a8e1175bSopenharmony_ci /* Export the key again if permitted by the key policy. */ 10351a8e1175bSopenharmony_ci if (usage_flags & PSA_KEY_USAGE_EXPORT) { 10352a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_key(key, 10353a8e1175bSopenharmony_ci second_export, export_size, 10354a8e1175bSopenharmony_ci &second_exported_length)); 10355a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(first_export, first_exported_length, 10356a8e1175bSopenharmony_ci second_export, second_exported_length); 10357a8e1175bSopenharmony_ci } 10358a8e1175bSopenharmony_ci 10359a8e1175bSopenharmony_ci /* Do something with the key according to its type and permitted usage. */ 10360a8e1175bSopenharmony_ci if (!mbedtls_test_psa_exercise_key(key, usage_flags, alg, 0)) { 10361a8e1175bSopenharmony_ci goto exit; 10362a8e1175bSopenharmony_ci } 10363a8e1175bSopenharmony_ci 10364a8e1175bSopenharmony_ciexit: 10365a8e1175bSopenharmony_ci /* 10366a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 10367a8e1175bSopenharmony_ci * thus reset them as required. 10368a8e1175bSopenharmony_ci */ 10369a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 10370a8e1175bSopenharmony_ci 10371a8e1175bSopenharmony_ci mbedtls_free(first_export); 10372a8e1175bSopenharmony_ci mbedtls_free(second_export); 10373a8e1175bSopenharmony_ci psa_key_derivation_abort(&operation); 10374a8e1175bSopenharmony_ci psa_destroy_key(base_key); 10375a8e1175bSopenharmony_ci psa_destroy_key(key); 10376a8e1175bSopenharmony_ci PSA_DONE(); 10377a8e1175bSopenharmony_ci} 10378a8e1175bSopenharmony_ci/* END_CASE */ 10379a8e1175bSopenharmony_ci 10380a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 10381a8e1175bSopenharmony_civoid ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, 10382a8e1175bSopenharmony_ci int primitive_arg, int hash_arg, int role_arg, 10383a8e1175bSopenharmony_ci int test_input, data_t *pw_data, 10384a8e1175bSopenharmony_ci int inj_err_type_arg, 10385a8e1175bSopenharmony_ci int expected_error_arg) 10386a8e1175bSopenharmony_ci{ 10387a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 10388a8e1175bSopenharmony_ci psa_pake_operation_t operation = psa_pake_operation_init(); 10389a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 10390a8e1175bSopenharmony_ci psa_pake_primitive_t primitive = primitive_arg; 10391a8e1175bSopenharmony_ci psa_key_type_t key_type_pw = key_type_pw_arg; 10392a8e1175bSopenharmony_ci psa_key_usage_t key_usage_pw = key_usage_pw_arg; 10393a8e1175bSopenharmony_ci psa_algorithm_t hash_alg = hash_arg; 10394a8e1175bSopenharmony_ci psa_pake_role_t role = role_arg; 10395a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 10396a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 10397a8e1175bSopenharmony_ci ecjpake_injected_failure_t inj_err_type = inj_err_type_arg; 10398a8e1175bSopenharmony_ci psa_status_t expected_error = expected_error_arg; 10399a8e1175bSopenharmony_ci psa_status_t status; 10400a8e1175bSopenharmony_ci unsigned char *output_buffer = NULL; 10401a8e1175bSopenharmony_ci size_t output_len = 0; 10402a8e1175bSopenharmony_ci 10403a8e1175bSopenharmony_ci PSA_INIT(); 10404a8e1175bSopenharmony_ci 10405a8e1175bSopenharmony_ci size_t buf_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg, 10406a8e1175bSopenharmony_ci PSA_PAKE_STEP_KEY_SHARE); 10407a8e1175bSopenharmony_ci TEST_CALLOC(output_buffer, buf_size); 10408a8e1175bSopenharmony_ci 10409a8e1175bSopenharmony_ci if (pw_data->len > 0) { 10410a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, key_usage_pw); 10411a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 10412a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type_pw); 10413a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 10414a8e1175bSopenharmony_ci &key)); 10415a8e1175bSopenharmony_ci } 10416a8e1175bSopenharmony_ci 10417a8e1175bSopenharmony_ci psa_pake_cs_set_algorithm(&cipher_suite, alg); 10418a8e1175bSopenharmony_ci psa_pake_cs_set_primitive(&cipher_suite, primitive); 10419a8e1175bSopenharmony_ci psa_pake_cs_set_hash(&cipher_suite, hash_alg); 10420a8e1175bSopenharmony_ci 10421a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 10422a8e1175bSopenharmony_ci 10423a8e1175bSopenharmony_ci if (inj_err_type == INJECT_ERR_UNINITIALIZED_ACCESS) { 10424a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_user(&operation, NULL, 0), 10425a8e1175bSopenharmony_ci expected_error); 10426a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 10427a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_peer(&operation, NULL, 0), 10428a8e1175bSopenharmony_ci expected_error); 10429a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 10430a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_password_key(&operation, key), 10431a8e1175bSopenharmony_ci expected_error); 10432a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 10433a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_role(&operation, role), 10434a8e1175bSopenharmony_ci expected_error); 10435a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 10436a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 10437a8e1175bSopenharmony_ci NULL, 0, NULL), 10438a8e1175bSopenharmony_ci expected_error); 10439a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 10440a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, NULL, 0), 10441a8e1175bSopenharmony_ci expected_error); 10442a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 10443a8e1175bSopenharmony_ci goto exit; 10444a8e1175bSopenharmony_ci } 10445a8e1175bSopenharmony_ci 10446a8e1175bSopenharmony_ci status = psa_pake_setup(&operation, &cipher_suite); 10447a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 10448a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_error); 10449a8e1175bSopenharmony_ci goto exit; 10450a8e1175bSopenharmony_ci } 10451a8e1175bSopenharmony_ci 10452a8e1175bSopenharmony_ci if (inj_err_type == INJECT_ERR_DUPLICATE_SETUP) { 10453a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), 10454a8e1175bSopenharmony_ci expected_error); 10455a8e1175bSopenharmony_ci goto exit; 10456a8e1175bSopenharmony_ci } 10457a8e1175bSopenharmony_ci 10458a8e1175bSopenharmony_ci status = psa_pake_set_role(&operation, role); 10459a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 10460a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_error); 10461a8e1175bSopenharmony_ci goto exit; 10462a8e1175bSopenharmony_ci } 10463a8e1175bSopenharmony_ci 10464a8e1175bSopenharmony_ci if (pw_data->len > 0) { 10465a8e1175bSopenharmony_ci status = psa_pake_set_password_key(&operation, key); 10466a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 10467a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_error); 10468a8e1175bSopenharmony_ci goto exit; 10469a8e1175bSopenharmony_ci } 10470a8e1175bSopenharmony_ci } 10471a8e1175bSopenharmony_ci 10472a8e1175bSopenharmony_ci if (inj_err_type == INJECT_ERR_INVALID_USER) { 10473a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_user(&operation, NULL, 0), 10474a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 10475a8e1175bSopenharmony_ci goto exit; 10476a8e1175bSopenharmony_ci } 10477a8e1175bSopenharmony_ci 10478a8e1175bSopenharmony_ci if (inj_err_type == INJECT_ERR_INVALID_PEER) { 10479a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_peer(&operation, NULL, 0), 10480a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 10481a8e1175bSopenharmony_ci goto exit; 10482a8e1175bSopenharmony_ci } 10483a8e1175bSopenharmony_ci 10484a8e1175bSopenharmony_ci if (inj_err_type == INJECT_ERR_SET_USER) { 10485a8e1175bSopenharmony_ci const uint8_t unsupported_id[] = "abcd"; 10486a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_user(&operation, unsupported_id, 4), 10487a8e1175bSopenharmony_ci PSA_ERROR_NOT_SUPPORTED); 10488a8e1175bSopenharmony_ci goto exit; 10489a8e1175bSopenharmony_ci } 10490a8e1175bSopenharmony_ci 10491a8e1175bSopenharmony_ci if (inj_err_type == INJECT_ERR_SET_PEER) { 10492a8e1175bSopenharmony_ci const uint8_t unsupported_id[] = "abcd"; 10493a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_peer(&operation, unsupported_id, 4), 10494a8e1175bSopenharmony_ci PSA_ERROR_NOT_SUPPORTED); 10495a8e1175bSopenharmony_ci goto exit; 10496a8e1175bSopenharmony_ci } 10497a8e1175bSopenharmony_ci 10498a8e1175bSopenharmony_ci const size_t size_key_share = PSA_PAKE_INPUT_SIZE(alg, primitive, 10499a8e1175bSopenharmony_ci PSA_PAKE_STEP_KEY_SHARE); 10500a8e1175bSopenharmony_ci const size_t size_zk_public = PSA_PAKE_INPUT_SIZE(alg, primitive, 10501a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PUBLIC); 10502a8e1175bSopenharmony_ci const size_t size_zk_proof = PSA_PAKE_INPUT_SIZE(alg, primitive, 10503a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PROOF); 10504a8e1175bSopenharmony_ci 10505a8e1175bSopenharmony_ci if (test_input) { 10506a8e1175bSopenharmony_ci if (inj_err_type == INJECT_EMPTY_IO_BUFFER) { 10507a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PROOF, NULL, 0), 10508a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 10509a8e1175bSopenharmony_ci goto exit; 10510a8e1175bSopenharmony_ci } 10511a8e1175bSopenharmony_ci 10512a8e1175bSopenharmony_ci if (inj_err_type == INJECT_UNKNOWN_STEP) { 10513a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PROOF + 10, 10514a8e1175bSopenharmony_ci output_buffer, size_zk_proof), 10515a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 10516a8e1175bSopenharmony_ci goto exit; 10517a8e1175bSopenharmony_ci } 10518a8e1175bSopenharmony_ci 10519a8e1175bSopenharmony_ci if (inj_err_type == INJECT_INVALID_FIRST_STEP) { 10520a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PROOF, 10521a8e1175bSopenharmony_ci output_buffer, size_zk_proof), 10522a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 10523a8e1175bSopenharmony_ci goto exit; 10524a8e1175bSopenharmony_ci } 10525a8e1175bSopenharmony_ci 10526a8e1175bSopenharmony_ci status = psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 10527a8e1175bSopenharmony_ci output_buffer, size_key_share); 10528a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 10529a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_error); 10530a8e1175bSopenharmony_ci goto exit; 10531a8e1175bSopenharmony_ci } 10532a8e1175bSopenharmony_ci 10533a8e1175bSopenharmony_ci if (inj_err_type == INJECT_WRONG_BUFFER_SIZE) { 10534a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PUBLIC, 10535a8e1175bSopenharmony_ci output_buffer, size_zk_public + 1), 10536a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 10537a8e1175bSopenharmony_ci goto exit; 10538a8e1175bSopenharmony_ci } 10539a8e1175bSopenharmony_ci 10540a8e1175bSopenharmony_ci if (inj_err_type == INJECT_VALID_OPERATION_AFTER_FAILURE) { 10541a8e1175bSopenharmony_ci // Just trigger any kind of error. We don't care about the result here 10542a8e1175bSopenharmony_ci psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PUBLIC, 10543a8e1175bSopenharmony_ci output_buffer, size_zk_public + 1); 10544a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PUBLIC, 10545a8e1175bSopenharmony_ci output_buffer, size_zk_public), 10546a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 10547a8e1175bSopenharmony_ci goto exit; 10548a8e1175bSopenharmony_ci } 10549a8e1175bSopenharmony_ci } else { 10550a8e1175bSopenharmony_ci if (inj_err_type == INJECT_EMPTY_IO_BUFFER) { 10551a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_ZK_PROOF, 10552a8e1175bSopenharmony_ci NULL, 0, NULL), 10553a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 10554a8e1175bSopenharmony_ci goto exit; 10555a8e1175bSopenharmony_ci } 10556a8e1175bSopenharmony_ci 10557a8e1175bSopenharmony_ci if (inj_err_type == INJECT_UNKNOWN_STEP) { 10558a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_ZK_PROOF + 10, 10559a8e1175bSopenharmony_ci output_buffer, buf_size, &output_len), 10560a8e1175bSopenharmony_ci PSA_ERROR_INVALID_ARGUMENT); 10561a8e1175bSopenharmony_ci goto exit; 10562a8e1175bSopenharmony_ci } 10563a8e1175bSopenharmony_ci 10564a8e1175bSopenharmony_ci if (inj_err_type == INJECT_INVALID_FIRST_STEP) { 10565a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_ZK_PROOF, 10566a8e1175bSopenharmony_ci output_buffer, buf_size, &output_len), 10567a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 10568a8e1175bSopenharmony_ci goto exit; 10569a8e1175bSopenharmony_ci } 10570a8e1175bSopenharmony_ci 10571a8e1175bSopenharmony_ci status = psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 10572a8e1175bSopenharmony_ci output_buffer, buf_size, &output_len); 10573a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 10574a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_error); 10575a8e1175bSopenharmony_ci goto exit; 10576a8e1175bSopenharmony_ci } 10577a8e1175bSopenharmony_ci 10578a8e1175bSopenharmony_ci TEST_ASSERT(output_len > 0); 10579a8e1175bSopenharmony_ci 10580a8e1175bSopenharmony_ci if (inj_err_type == INJECT_WRONG_BUFFER_SIZE) { 10581a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_ZK_PUBLIC, 10582a8e1175bSopenharmony_ci output_buffer, size_zk_public - 1, &output_len), 10583a8e1175bSopenharmony_ci PSA_ERROR_BUFFER_TOO_SMALL); 10584a8e1175bSopenharmony_ci goto exit; 10585a8e1175bSopenharmony_ci } 10586a8e1175bSopenharmony_ci 10587a8e1175bSopenharmony_ci if (inj_err_type == INJECT_VALID_OPERATION_AFTER_FAILURE) { 10588a8e1175bSopenharmony_ci // Just trigger any kind of error. We don't care about the result here 10589a8e1175bSopenharmony_ci psa_pake_output(&operation, PSA_PAKE_STEP_ZK_PUBLIC, 10590a8e1175bSopenharmony_ci output_buffer, size_zk_public - 1, &output_len); 10591a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_ZK_PUBLIC, 10592a8e1175bSopenharmony_ci output_buffer, buf_size, &output_len), 10593a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 10594a8e1175bSopenharmony_ci goto exit; 10595a8e1175bSopenharmony_ci } 10596a8e1175bSopenharmony_ci } 10597a8e1175bSopenharmony_ci 10598a8e1175bSopenharmony_ciexit: 10599a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 10600a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 10601a8e1175bSopenharmony_ci mbedtls_free(output_buffer); 10602a8e1175bSopenharmony_ci PSA_DONE(); 10603a8e1175bSopenharmony_ci} 10604a8e1175bSopenharmony_ci/* END_CASE */ 10605a8e1175bSopenharmony_ci 10606a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 10607a8e1175bSopenharmony_civoid ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, 10608a8e1175bSopenharmony_ci int client_input_first, int inject_error, 10609a8e1175bSopenharmony_ci data_t *pw_data) 10610a8e1175bSopenharmony_ci{ 10611a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 10612a8e1175bSopenharmony_ci psa_pake_operation_t server = psa_pake_operation_init(); 10613a8e1175bSopenharmony_ci psa_pake_operation_t client = psa_pake_operation_init(); 10614a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 10615a8e1175bSopenharmony_ci psa_algorithm_t hash_alg = hash_arg; 10616a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 10617a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 10618a8e1175bSopenharmony_ci 10619a8e1175bSopenharmony_ci PSA_INIT(); 10620a8e1175bSopenharmony_ci 10621a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 10622a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 10623a8e1175bSopenharmony_ci psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 10624a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 10625a8e1175bSopenharmony_ci &key)); 10626a8e1175bSopenharmony_ci 10627a8e1175bSopenharmony_ci psa_pake_cs_set_algorithm(&cipher_suite, alg); 10628a8e1175bSopenharmony_ci psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); 10629a8e1175bSopenharmony_ci psa_pake_cs_set_hash(&cipher_suite, hash_alg); 10630a8e1175bSopenharmony_ci 10631a8e1175bSopenharmony_ci 10632a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); 10633a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); 10634a8e1175bSopenharmony_ci 10635a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); 10636a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); 10637a8e1175bSopenharmony_ci 10638a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_password_key(&server, key)); 10639a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_password_key(&client, key)); 10640a8e1175bSopenharmony_ci 10641a8e1175bSopenharmony_ci ecjpake_do_round(alg, primitive_arg, &server, &client, 10642a8e1175bSopenharmony_ci client_input_first, 1, inject_error); 10643a8e1175bSopenharmony_ci 10644a8e1175bSopenharmony_ci if (inject_error == 1 || inject_error == 2) { 10645a8e1175bSopenharmony_ci goto exit; 10646a8e1175bSopenharmony_ci } 10647a8e1175bSopenharmony_ci 10648a8e1175bSopenharmony_ci ecjpake_do_round(alg, primitive_arg, &server, &client, 10649a8e1175bSopenharmony_ci client_input_first, 2, inject_error); 10650a8e1175bSopenharmony_ci 10651a8e1175bSopenharmony_ciexit: 10652a8e1175bSopenharmony_ci psa_destroy_key(key); 10653a8e1175bSopenharmony_ci psa_pake_abort(&server); 10654a8e1175bSopenharmony_ci psa_pake_abort(&client); 10655a8e1175bSopenharmony_ci PSA_DONE(); 10656a8e1175bSopenharmony_ci} 10657a8e1175bSopenharmony_ci/* END_CASE */ 10658a8e1175bSopenharmony_ci 10659a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 10660a8e1175bSopenharmony_civoid ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, 10661a8e1175bSopenharmony_ci int derive_alg_arg, data_t *pw_data, 10662a8e1175bSopenharmony_ci int client_input_first, int inj_err_type_arg) 10663a8e1175bSopenharmony_ci{ 10664a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 10665a8e1175bSopenharmony_ci psa_pake_operation_t server = psa_pake_operation_init(); 10666a8e1175bSopenharmony_ci psa_pake_operation_t client = psa_pake_operation_init(); 10667a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 10668a8e1175bSopenharmony_ci psa_algorithm_t hash_alg = hash_arg; 10669a8e1175bSopenharmony_ci psa_algorithm_t derive_alg = derive_alg_arg; 10670a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 10671a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 10672a8e1175bSopenharmony_ci psa_key_derivation_operation_t server_derive = 10673a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_OPERATION_INIT; 10674a8e1175bSopenharmony_ci psa_key_derivation_operation_t client_derive = 10675a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_OPERATION_INIT; 10676a8e1175bSopenharmony_ci ecjpake_injected_failure_t inj_err_type = inj_err_type_arg; 10677a8e1175bSopenharmony_ci 10678a8e1175bSopenharmony_ci PSA_INIT(); 10679a8e1175bSopenharmony_ci 10680a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 10681a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 10682a8e1175bSopenharmony_ci psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 10683a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 10684a8e1175bSopenharmony_ci &key)); 10685a8e1175bSopenharmony_ci 10686a8e1175bSopenharmony_ci psa_pake_cs_set_algorithm(&cipher_suite, alg); 10687a8e1175bSopenharmony_ci psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); 10688a8e1175bSopenharmony_ci psa_pake_cs_set_hash(&cipher_suite, hash_alg); 10689a8e1175bSopenharmony_ci 10690a8e1175bSopenharmony_ci /* Get shared key */ 10691a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg)); 10692a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg)); 10693a8e1175bSopenharmony_ci 10694a8e1175bSopenharmony_ci if (PSA_ALG_IS_TLS12_PRF(derive_alg) || 10695a8e1175bSopenharmony_ci PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) { 10696a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive, 10697a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_SEED, 10698a8e1175bSopenharmony_ci (const uint8_t *) "", 0)); 10699a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive, 10700a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_SEED, 10701a8e1175bSopenharmony_ci (const uint8_t *) "", 0)); 10702a8e1175bSopenharmony_ci } 10703a8e1175bSopenharmony_ci 10704a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); 10705a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); 10706a8e1175bSopenharmony_ci 10707a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); 10708a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); 10709a8e1175bSopenharmony_ci 10710a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_password_key(&server, key)); 10711a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_password_key(&client, key)); 10712a8e1175bSopenharmony_ci 10713a8e1175bSopenharmony_ci if (inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_1) { 10714a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_get_implicit_key(&server, &server_derive), 10715a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 10716a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_get_implicit_key(&client, &client_derive), 10717a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 10718a8e1175bSopenharmony_ci goto exit; 10719a8e1175bSopenharmony_ci } 10720a8e1175bSopenharmony_ci 10721a8e1175bSopenharmony_ci /* First round */ 10722a8e1175bSopenharmony_ci ecjpake_do_round(alg, primitive_arg, &server, &client, 10723a8e1175bSopenharmony_ci client_input_first, 1, 0); 10724a8e1175bSopenharmony_ci 10725a8e1175bSopenharmony_ci if (inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_2) { 10726a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_get_implicit_key(&server, &server_derive), 10727a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 10728a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_get_implicit_key(&client, &client_derive), 10729a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 10730a8e1175bSopenharmony_ci goto exit; 10731a8e1175bSopenharmony_ci } 10732a8e1175bSopenharmony_ci 10733a8e1175bSopenharmony_ci /* Second round */ 10734a8e1175bSopenharmony_ci ecjpake_do_round(alg, primitive_arg, &server, &client, 10735a8e1175bSopenharmony_ci client_input_first, 2, 0); 10736a8e1175bSopenharmony_ci 10737a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); 10738a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); 10739a8e1175bSopenharmony_ci 10740a8e1175bSopenharmony_ciexit: 10741a8e1175bSopenharmony_ci psa_key_derivation_abort(&server_derive); 10742a8e1175bSopenharmony_ci psa_key_derivation_abort(&client_derive); 10743a8e1175bSopenharmony_ci psa_destroy_key(key); 10744a8e1175bSopenharmony_ci psa_pake_abort(&server); 10745a8e1175bSopenharmony_ci psa_pake_abort(&client); 10746a8e1175bSopenharmony_ci PSA_DONE(); 10747a8e1175bSopenharmony_ci} 10748a8e1175bSopenharmony_ci/* END_CASE */ 10749a8e1175bSopenharmony_ci 10750a8e1175bSopenharmony_ci/* BEGIN_CASE */ 10751a8e1175bSopenharmony_civoid ecjpake_size_macros() 10752a8e1175bSopenharmony_ci{ 10753a8e1175bSopenharmony_ci const psa_algorithm_t alg = PSA_ALG_JPAKE; 10754a8e1175bSopenharmony_ci const size_t bits = 256; 10755a8e1175bSopenharmony_ci const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( 10756a8e1175bSopenharmony_ci PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, bits); 10757a8e1175bSopenharmony_ci const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( 10758a8e1175bSopenharmony_ci PSA_ECC_FAMILY_SECP_R1); 10759a8e1175bSopenharmony_ci 10760a8e1175bSopenharmony_ci // https://armmbed.github.io/mbed-crypto/1.1_PAKE_Extension.0-bet.0/html/pake.html#pake-step-types 10761a8e1175bSopenharmony_ci /* The output for KEY_SHARE and ZK_PUBLIC is the same as a public key */ 10762a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), 10763a8e1175bSopenharmony_ci PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)); 10764a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), 10765a8e1175bSopenharmony_ci PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)); 10766a8e1175bSopenharmony_ci /* The output for ZK_PROOF is the same bitsize as the curve */ 10767a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), 10768a8e1175bSopenharmony_ci PSA_BITS_TO_BYTES(bits)); 10769a8e1175bSopenharmony_ci 10770a8e1175bSopenharmony_ci /* Input sizes are the same as output sizes */ 10771a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), 10772a8e1175bSopenharmony_ci PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE)); 10773a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), 10774a8e1175bSopenharmony_ci PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC)); 10775a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), 10776a8e1175bSopenharmony_ci PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF)); 10777a8e1175bSopenharmony_ci 10778a8e1175bSopenharmony_ci /* These inequalities will always hold even when other PAKEs are added */ 10779a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), 10780a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_MAX_SIZE); 10781a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), 10782a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_MAX_SIZE); 10783a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), 10784a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_MAX_SIZE); 10785a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), 10786a8e1175bSopenharmony_ci PSA_PAKE_INPUT_MAX_SIZE); 10787a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), 10788a8e1175bSopenharmony_ci PSA_PAKE_INPUT_MAX_SIZE); 10789a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), 10790a8e1175bSopenharmony_ci PSA_PAKE_INPUT_MAX_SIZE); 10791a8e1175bSopenharmony_ci} 10792a8e1175bSopenharmony_ci/* END_CASE */ 10793