1/* BEGIN_HEADER */ 2#include "test/drivers/test_driver.h" 3 4/* Auxiliary variables for pake tests. 5 Global to silent the compiler when unused. */ 6size_t pake_expected_hit_count = 0; 7int pake_in_driver = 0; 8 9/* The only two JPAKE user/peer identifiers supported for the time being. */ 10static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; 11static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; 12 13#if defined(PSA_WANT_ALG_JPAKE) && \ 14 defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ 15 defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) 16static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, 17 psa_pake_operation_t *server, 18 psa_pake_operation_t *client, 19 int client_input_first, 20 int round) 21{ 22 unsigned char *buffer0 = NULL, *buffer1 = NULL; 23 size_t buffer_length = ( 24 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + 25 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + 26 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; 27 /* The output should be exactly this size according to the spec */ 28 const size_t expected_size_key_share = 29 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); 30 /* The output should be exactly this size according to the spec */ 31 const size_t expected_size_zk_public = 32 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); 33 /* The output can be smaller: the spec allows stripping leading zeroes */ 34 const size_t max_expected_size_zk_proof = 35 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); 36 size_t buffer0_off = 0; 37 size_t buffer1_off = 0; 38 size_t s_g1_len, s_g2_len, s_a_len; 39 size_t s_g1_off, s_g2_off, s_a_off; 40 size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; 41 size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; 42 size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; 43 size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; 44 size_t c_g1_len, c_g2_len, c_a_len; 45 size_t c_g1_off, c_g2_off, c_a_off; 46 size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; 47 size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; 48 size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; 49 size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; 50 psa_status_t status; 51 52 TEST_CALLOC(buffer0, buffer_length); 53 TEST_CALLOC(buffer1, buffer_length); 54 55 switch (round) { 56 case 1: 57 /* Server first round Output */ 58 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 59 buffer0 + buffer0_off, 60 buffer_length - buffer0_off, &s_g1_len)); 61 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 62 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 63 TEST_EQUAL(s_g1_len, expected_size_key_share); 64 s_g1_off = buffer0_off; 65 buffer0_off += s_g1_len; 66 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 67 buffer0 + buffer0_off, 68 buffer_length - buffer0_off, &s_x1_pk_len)); 69 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 70 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 71 TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); 72 s_x1_pk_off = buffer0_off; 73 buffer0_off += s_x1_pk_len; 74 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 75 buffer0 + buffer0_off, 76 buffer_length - buffer0_off, &s_x1_pr_len)); 77 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 78 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 79 TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); 80 s_x1_pr_off = buffer0_off; 81 buffer0_off += s_x1_pr_len; 82 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 83 buffer0 + buffer0_off, 84 buffer_length - buffer0_off, &s_g2_len)); 85 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 86 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 87 TEST_EQUAL(s_g2_len, expected_size_key_share); 88 s_g2_off = buffer0_off; 89 buffer0_off += s_g2_len; 90 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 91 buffer0 + buffer0_off, 92 buffer_length - buffer0_off, &s_x2_pk_len)); 93 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 94 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 95 TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); 96 s_x2_pk_off = buffer0_off; 97 buffer0_off += s_x2_pk_len; 98 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 99 buffer0 + buffer0_off, 100 buffer_length - buffer0_off, &s_x2_pr_len)); 101 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 102 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 103 TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); 104 s_x2_pr_off = buffer0_off; 105 buffer0_off += s_x2_pr_len; 106 107 if (client_input_first == 1) { 108 /* Client first round Input */ 109 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 110 buffer0 + s_g1_off, s_g1_len); 111 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 112 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 113 TEST_EQUAL(status, PSA_SUCCESS); 114 115 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 116 buffer0 + s_x1_pk_off, 117 s_x1_pk_len); 118 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 119 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 120 TEST_EQUAL(status, PSA_SUCCESS); 121 122 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 123 buffer0 + s_x1_pr_off, 124 s_x1_pr_len); 125 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 126 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 127 TEST_EQUAL(status, PSA_SUCCESS); 128 129 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 130 buffer0 + s_g2_off, 131 s_g2_len); 132 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 133 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 134 TEST_EQUAL(status, PSA_SUCCESS); 135 136 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 137 buffer0 + s_x2_pk_off, 138 s_x2_pk_len); 139 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 140 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 141 TEST_EQUAL(status, PSA_SUCCESS); 142 143 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 144 buffer0 + s_x2_pr_off, 145 s_x2_pr_len); 146 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 147 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 148 TEST_EQUAL(status, PSA_SUCCESS); 149 } 150 151 /* Adjust for indirect client driver setup in first pake_output call. */ 152 pake_expected_hit_count++; 153 154 /* Client first round Output */ 155 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 156 buffer1 + buffer1_off, 157 buffer_length - buffer1_off, &c_g1_len)); 158 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 159 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 160 TEST_EQUAL(c_g1_len, expected_size_key_share); 161 c_g1_off = buffer1_off; 162 buffer1_off += c_g1_len; 163 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 164 buffer1 + buffer1_off, 165 buffer_length - buffer1_off, &c_x1_pk_len)); 166 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 167 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 168 TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); 169 c_x1_pk_off = buffer1_off; 170 buffer1_off += c_x1_pk_len; 171 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 172 buffer1 + buffer1_off, 173 buffer_length - buffer1_off, &c_x1_pr_len)); 174 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 175 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 176 TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); 177 c_x1_pr_off = buffer1_off; 178 buffer1_off += c_x1_pr_len; 179 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 180 buffer1 + buffer1_off, 181 buffer_length - buffer1_off, &c_g2_len)); 182 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 183 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 184 TEST_EQUAL(c_g2_len, expected_size_key_share); 185 c_g2_off = buffer1_off; 186 buffer1_off += c_g2_len; 187 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 188 buffer1 + buffer1_off, 189 buffer_length - buffer1_off, &c_x2_pk_len)); 190 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 191 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 192 TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); 193 c_x2_pk_off = buffer1_off; 194 buffer1_off += c_x2_pk_len; 195 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 196 buffer1 + buffer1_off, 197 buffer_length - buffer1_off, &c_x2_pr_len)); 198 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 199 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 200 TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); 201 c_x2_pr_off = buffer1_off; 202 buffer1_off += c_x2_pr_len; 203 204 if (client_input_first == 0) { 205 /* Client first round Input */ 206 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 207 buffer0 + s_g1_off, s_g1_len); 208 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 209 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 210 TEST_EQUAL(status, PSA_SUCCESS); 211 212 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 213 buffer0 + s_x1_pk_off, 214 s_x1_pk_len); 215 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 216 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 217 TEST_EQUAL(status, PSA_SUCCESS); 218 219 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 220 buffer0 + s_x1_pr_off, 221 s_x1_pr_len); 222 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 223 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 224 TEST_EQUAL(status, PSA_SUCCESS); 225 226 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 227 buffer0 + s_g2_off, 228 s_g2_len); 229 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 230 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 231 TEST_EQUAL(status, PSA_SUCCESS); 232 233 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 234 buffer0 + s_x2_pk_off, 235 s_x2_pk_len); 236 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 237 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 238 TEST_EQUAL(status, PSA_SUCCESS); 239 240 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 241 buffer0 + s_x2_pr_off, 242 s_x2_pr_len); 243 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 244 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 245 TEST_EQUAL(status, PSA_SUCCESS); 246 } 247 248 /* Server first round Input */ 249 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 250 buffer1 + c_g1_off, c_g1_len); 251 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 252 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 253 TEST_EQUAL(status, PSA_SUCCESS); 254 255 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 256 buffer1 + c_x1_pk_off, c_x1_pk_len); 257 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 258 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 259 TEST_EQUAL(status, PSA_SUCCESS); 260 261 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 262 buffer1 + c_x1_pr_off, c_x1_pr_len); 263 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 264 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 265 TEST_EQUAL(status, PSA_SUCCESS); 266 267 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 268 buffer1 + c_g2_off, c_g2_len); 269 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 270 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 271 TEST_EQUAL(status, PSA_SUCCESS); 272 273 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 274 buffer1 + c_x2_pk_off, c_x2_pk_len); 275 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 276 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 277 TEST_EQUAL(status, PSA_SUCCESS); 278 279 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 280 buffer1 + c_x2_pr_off, c_x2_pr_len); 281 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 282 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 283 TEST_EQUAL(status, PSA_SUCCESS); 284 285 break; 286 287 case 2: 288 /* Server second round Output */ 289 buffer0_off = 0; 290 291 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 292 buffer0 + buffer0_off, 293 buffer_length - buffer0_off, &s_a_len)); 294 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 295 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 296 TEST_EQUAL(s_a_len, expected_size_key_share); 297 s_a_off = buffer0_off; 298 buffer0_off += s_a_len; 299 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 300 buffer0 + buffer0_off, 301 buffer_length - buffer0_off, &s_x2s_pk_len)); 302 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 303 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 304 TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); 305 s_x2s_pk_off = buffer0_off; 306 buffer0_off += s_x2s_pk_len; 307 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 308 buffer0 + buffer0_off, 309 buffer_length - buffer0_off, &s_x2s_pr_len)); 310 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 311 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 312 TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); 313 s_x2s_pr_off = buffer0_off; 314 buffer0_off += s_x2s_pr_len; 315 316 if (client_input_first == 1) { 317 /* Client second round Input */ 318 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 319 buffer0 + s_a_off, s_a_len); 320 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 321 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 322 TEST_EQUAL(status, PSA_SUCCESS); 323 324 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 325 buffer0 + s_x2s_pk_off, 326 s_x2s_pk_len); 327 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 328 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 329 TEST_EQUAL(status, PSA_SUCCESS); 330 331 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 332 buffer0 + s_x2s_pr_off, 333 s_x2s_pr_len); 334 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 335 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 336 TEST_EQUAL(status, PSA_SUCCESS); 337 } 338 339 /* Client second round Output */ 340 buffer1_off = 0; 341 342 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 343 buffer1 + buffer1_off, 344 buffer_length - buffer1_off, &c_a_len)); 345 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 346 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 347 TEST_EQUAL(c_a_len, expected_size_key_share); 348 c_a_off = buffer1_off; 349 buffer1_off += c_a_len; 350 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 351 buffer1 + buffer1_off, 352 buffer_length - buffer1_off, &c_x2s_pk_len)); 353 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 354 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 355 TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); 356 c_x2s_pk_off = buffer1_off; 357 buffer1_off += c_x2s_pk_len; 358 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 359 buffer1 + buffer1_off, 360 buffer_length - buffer1_off, &c_x2s_pr_len)); 361 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 362 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 363 TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); 364 c_x2s_pr_off = buffer1_off; 365 buffer1_off += c_x2s_pr_len; 366 367 if (client_input_first == 0) { 368 /* Client second round Input */ 369 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 370 buffer0 + s_a_off, s_a_len); 371 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 372 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 373 TEST_EQUAL(status, PSA_SUCCESS); 374 375 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 376 buffer0 + s_x2s_pk_off, 377 s_x2s_pk_len); 378 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 379 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 380 TEST_EQUAL(status, PSA_SUCCESS); 381 382 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 383 buffer0 + s_x2s_pr_off, 384 s_x2s_pr_len); 385 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 386 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 387 TEST_EQUAL(status, PSA_SUCCESS); 388 } 389 390 /* Server second round Input */ 391 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 392 buffer1 + c_a_off, c_a_len); 393 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 394 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 395 TEST_EQUAL(status, PSA_SUCCESS); 396 397 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 398 buffer1 + c_x2s_pk_off, c_x2s_pk_len); 399 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 400 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 401 TEST_EQUAL(status, PSA_SUCCESS); 402 403 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 404 buffer1 + c_x2s_pr_off, c_x2s_pr_len); 405 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 406 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 407 TEST_EQUAL(status, PSA_SUCCESS); 408 409 break; 410 } 411 412exit: 413 mbedtls_free(buffer0); 414 mbedtls_free(buffer1); 415} 416#endif /* PSA_WANT_ALG_JPAKE */ 417 418#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) 419/* Sanity checks on the output of RSA encryption. 420 * 421 * \param modulus Key modulus. Must not have leading zeros. 422 * \param private_exponent Key private exponent. 423 * \param alg An RSA algorithm. 424 * \param input_data The input plaintext. 425 * \param buf The ciphertext produced by the driver. 426 * \param length Length of \p buf in bytes. 427 */ 428static int sanity_check_rsa_encryption_result( 429 psa_algorithm_t alg, 430 const data_t *modulus, const data_t *private_exponent, 431 const data_t *input_data, 432 uint8_t *buf, size_t length) 433{ 434#if defined(MBEDTLS_BIGNUM_C) 435 mbedtls_mpi N, D, C, X; 436 mbedtls_mpi_init(&N); 437 mbedtls_mpi_init(&D); 438 mbedtls_mpi_init(&C); 439 mbedtls_mpi_init(&X); 440#endif /* MBEDTLS_BIGNUM_C */ 441 442 int ok = 0; 443 444 TEST_ASSERT(length == modulus->len); 445 446#if defined(MBEDTLS_BIGNUM_C) 447 /* Perform the private key operation */ 448 TEST_ASSERT(mbedtls_mpi_read_binary(&N, modulus->x, modulus->len) == 0); 449 TEST_ASSERT(mbedtls_mpi_read_binary(&D, 450 private_exponent->x, 451 private_exponent->len) == 0); 452 TEST_ASSERT(mbedtls_mpi_read_binary(&C, buf, length) == 0); 453 TEST_ASSERT(mbedtls_mpi_exp_mod(&X, &C, &D, &N, NULL) == 0); 454 455 /* Sanity checks on the padded plaintext */ 456 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, length) == 0); 457 458 if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { 459 TEST_ASSERT(length > input_data->len + 2); 460 TEST_EQUAL(buf[0], 0x00); 461 TEST_EQUAL(buf[1], 0x02); 462 TEST_EQUAL(buf[length - input_data->len - 1], 0x00); 463 TEST_MEMORY_COMPARE(buf + length - input_data->len, input_data->len, 464 input_data->x, input_data->len); 465 } else if (PSA_ALG_IS_RSA_OAEP(alg)) { 466 TEST_EQUAL(buf[0], 0x00); 467 /* The rest is too hard to check */ 468 } else { 469 TEST_FAIL("Encryption result sanity check not implemented for RSA algorithm"); 470 } 471#endif /* MBEDTLS_BIGNUM_C */ 472 473 ok = 1; 474 475exit: 476#if defined(MBEDTLS_BIGNUM_C) 477 mbedtls_mpi_free(&N); 478 mbedtls_mpi_free(&D); 479 mbedtls_mpi_free(&C); 480 mbedtls_mpi_free(&X); 481#endif /* MBEDTLS_BIGNUM_C */ 482 return ok; 483} 484#endif 485/* END_HEADER */ 486 487/* BEGIN_DEPENDENCIES 488 * depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_CRYPTO_DRIVER_TEST 489 * END_DEPENDENCIES 490 */ 491 492/* BEGIN_CASE */ 493void sign_hash(int key_type_arg, 494 int alg_arg, 495 int force_status_arg, 496 data_t *key_input, 497 data_t *data_input, 498 data_t *expected_output, 499 int fake_output, 500 int expected_status_arg) 501{ 502 psa_status_t force_status = force_status_arg; 503 psa_status_t expected_status = expected_status_arg; 504 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 505 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 506 psa_algorithm_t alg = alg_arg; 507 size_t key_bits; 508 psa_key_type_t key_type = key_type_arg; 509 unsigned char *signature = NULL; 510 size_t signature_size; 511 size_t signature_length = 0xdeadbeef; 512 psa_status_t actual_status; 513 mbedtls_test_driver_signature_sign_hooks = 514 mbedtls_test_driver_signature_hooks_init(); 515 516 PSA_ASSERT(psa_crypto_init()); 517 psa_set_key_type(&attributes, 518 key_type); 519 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 520 psa_set_key_algorithm(&attributes, alg); 521 psa_import_key(&attributes, 522 key_input->x, key_input->len, 523 &key); 524 525 mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; 526 if (fake_output == 1) { 527 mbedtls_test_driver_signature_sign_hooks.forced_output = 528 expected_output->x; 529 mbedtls_test_driver_signature_sign_hooks.forced_output_length = 530 expected_output->len; 531 } 532 533 /* Allocate a buffer which has the size advertized by the 534 * library. */ 535 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 536 key_bits = psa_get_key_bits(&attributes); 537 signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 538 539 TEST_ASSERT(signature_size != 0); 540 TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); 541 TEST_CALLOC(signature, signature_size); 542 543 actual_status = psa_sign_hash(key, alg, 544 data_input->x, data_input->len, 545 signature, signature_size, 546 &signature_length); 547 TEST_EQUAL(actual_status, expected_status); 548 if (expected_status == PSA_SUCCESS) { 549 TEST_MEMORY_COMPARE(signature, signature_length, 550 expected_output->x, expected_output->len); 551 } 552 TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1); 553 554exit: 555 psa_reset_key_attributes(&attributes); 556 psa_destroy_key(key); 557 mbedtls_free(signature); 558 PSA_DONE(); 559 mbedtls_test_driver_signature_sign_hooks = 560 mbedtls_test_driver_signature_hooks_init(); 561} 562/* END_CASE */ 563 564/* BEGIN_CASE */ 565void verify_hash(int key_type_arg, 566 int key_type_public_arg, 567 int alg_arg, 568 int force_status_arg, 569 int register_public_key, 570 data_t *key_input, 571 data_t *data_input, 572 data_t *signature_input, 573 int expected_status_arg) 574{ 575 psa_status_t force_status = force_status_arg; 576 psa_status_t expected_status = expected_status_arg; 577 psa_algorithm_t alg = alg_arg; 578 psa_key_type_t key_type = key_type_arg; 579 psa_key_type_t key_type_public = key_type_public_arg; 580 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 581 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 582 psa_status_t actual_status; 583 mbedtls_test_driver_signature_verify_hooks = 584 mbedtls_test_driver_signature_hooks_init(); 585 586 PSA_ASSERT(psa_crypto_init()); 587 if (register_public_key) { 588 psa_set_key_type(&attributes, key_type_public); 589 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 590 psa_set_key_algorithm(&attributes, alg); 591 psa_import_key(&attributes, 592 key_input->x, key_input->len, 593 &key); 594 } else { 595 psa_set_key_type(&attributes, key_type); 596 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 597 psa_set_key_algorithm(&attributes, alg); 598 psa_import_key(&attributes, 599 key_input->x, key_input->len, 600 &key); 601 } 602 603 mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; 604 605 actual_status = psa_verify_hash(key, alg, 606 data_input->x, data_input->len, 607 signature_input->x, signature_input->len); 608 TEST_EQUAL(actual_status, expected_status); 609 TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 1); 610 611exit: 612 psa_reset_key_attributes(&attributes); 613 psa_destroy_key(key); 614 PSA_DONE(); 615 mbedtls_test_driver_signature_verify_hooks = 616 mbedtls_test_driver_signature_hooks_init(); 617} 618/* END_CASE */ 619 620/* BEGIN_CASE */ 621void sign_message(int key_type_arg, 622 int alg_arg, 623 int force_status_arg, 624 data_t *key_input, 625 data_t *data_input, 626 data_t *expected_output, 627 int fake_output, 628 int expected_status_arg) 629{ 630 psa_status_t force_status = force_status_arg; 631 psa_status_t expected_status = expected_status_arg; 632 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 633 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 634 psa_algorithm_t alg = alg_arg; 635 size_t key_bits; 636 psa_key_type_t key_type = key_type_arg; 637 unsigned char *signature = NULL; 638 size_t signature_size; 639 size_t signature_length = 0xdeadbeef; 640 psa_status_t actual_status; 641 mbedtls_test_driver_signature_sign_hooks = 642 mbedtls_test_driver_signature_hooks_init(); 643 644 PSA_ASSERT(psa_crypto_init()); 645 psa_set_key_type(&attributes, key_type); 646 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); 647 psa_set_key_algorithm(&attributes, alg); 648 psa_import_key(&attributes, 649 key_input->x, key_input->len, 650 &key); 651 652 mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; 653 if (fake_output == 1) { 654 mbedtls_test_driver_signature_sign_hooks.forced_output = 655 expected_output->x; 656 mbedtls_test_driver_signature_sign_hooks.forced_output_length = 657 expected_output->len; 658 } 659 660 /* Allocate a buffer which has the size advertized by the 661 * library. */ 662 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 663 key_bits = psa_get_key_bits(&attributes); 664 signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 665 666 TEST_ASSERT(signature_size != 0); 667 TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); 668 TEST_CALLOC(signature, signature_size); 669 670 actual_status = psa_sign_message(key, alg, 671 data_input->x, data_input->len, 672 signature, signature_size, 673 &signature_length); 674 TEST_EQUAL(actual_status, expected_status); 675 if (expected_status == PSA_SUCCESS) { 676 TEST_MEMORY_COMPARE(signature, signature_length, 677 expected_output->x, expected_output->len); 678 } 679 /* In the builtin algorithm the driver is called twice. */ 680 TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 681 force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); 682 683exit: 684 psa_reset_key_attributes(&attributes); 685 psa_destroy_key(key); 686 mbedtls_free(signature); 687 PSA_DONE(); 688 mbedtls_test_driver_signature_sign_hooks = 689 mbedtls_test_driver_signature_hooks_init(); 690} 691/* END_CASE */ 692 693/* BEGIN_CASE */ 694void verify_message(int key_type_arg, 695 int key_type_public_arg, 696 int alg_arg, 697 int force_status_arg, 698 int register_public_key, 699 data_t *key_input, 700 data_t *data_input, 701 data_t *signature_input, 702 int expected_status_arg) 703{ 704 psa_status_t force_status = force_status_arg; 705 psa_status_t expected_status = expected_status_arg; 706 psa_algorithm_t alg = alg_arg; 707 psa_key_type_t key_type = key_type_arg; 708 psa_key_type_t key_type_public = key_type_public_arg; 709 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 710 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 711 psa_status_t actual_status; 712 mbedtls_test_driver_signature_verify_hooks = 713 mbedtls_test_driver_signature_hooks_init(); 714 715 PSA_ASSERT(psa_crypto_init()); 716 if (register_public_key) { 717 psa_set_key_type(&attributes, key_type_public); 718 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 719 psa_set_key_algorithm(&attributes, alg); 720 psa_import_key(&attributes, 721 key_input->x, key_input->len, 722 &key); 723 } else { 724 psa_set_key_type(&attributes, key_type); 725 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 726 psa_set_key_algorithm(&attributes, alg); 727 psa_import_key(&attributes, 728 key_input->x, key_input->len, 729 &key); 730 } 731 732 mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; 733 734 actual_status = psa_verify_message(key, alg, 735 data_input->x, data_input->len, 736 signature_input->x, signature_input->len); 737 TEST_EQUAL(actual_status, expected_status); 738 /* In the builtin algorithm the driver is called twice. */ 739 TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 740 force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); 741 742exit: 743 psa_reset_key_attributes(&attributes); 744 psa_destroy_key(key); 745 PSA_DONE(); 746 mbedtls_test_driver_signature_verify_hooks = 747 mbedtls_test_driver_signature_hooks_init(); 748} 749/* END_CASE */ 750 751/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ 752void generate_ec_key(int force_status_arg, 753 data_t *fake_output, 754 int expected_status_arg) 755{ 756 psa_status_t force_status = force_status_arg; 757 psa_status_t expected_status = expected_status_arg; 758 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 759 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 760 psa_algorithm_t alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256); 761 const uint8_t *expected_output = NULL; 762 size_t expected_output_length = 0; 763 psa_status_t actual_status; 764 uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = { 0 }; 765 size_t actual_output_length; 766 mbedtls_test_driver_key_management_hooks = 767 mbedtls_test_driver_key_management_hooks_init(); 768 769 psa_set_key_type(&attributes, 770 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); 771 psa_set_key_bits(&attributes, 256); 772 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT); 773 psa_set_key_algorithm(&attributes, alg); 774 775 if (fake_output->len > 0) { 776 expected_output = 777 mbedtls_test_driver_key_management_hooks.forced_output = 778 fake_output->x; 779 780 expected_output_length = 781 mbedtls_test_driver_key_management_hooks.forced_output_length = 782 fake_output->len; 783 } 784 785 mbedtls_test_driver_key_management_hooks.hits = 0; 786 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 787 788 PSA_ASSERT(psa_crypto_init()); 789 790 actual_status = psa_generate_key(&attributes, &key); 791 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); 792 TEST_EQUAL(actual_status, expected_status); 793 794 if (actual_status == PSA_SUCCESS) { 795 psa_export_key(key, actual_output, sizeof(actual_output), &actual_output_length); 796 797 if (fake_output->len > 0) { 798 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 799 expected_output, expected_output_length); 800 } else { 801 size_t zeroes = 0; 802 for (size_t i = 0; i < sizeof(actual_output); i++) { 803 if (actual_output[i] == 0) { 804 zeroes++; 805 } 806 } 807 TEST_ASSERT(zeroes != sizeof(actual_output)); 808 } 809 } 810exit: 811 psa_reset_key_attributes(&attributes); 812 psa_destroy_key(key); 813 PSA_DONE(); 814 mbedtls_test_driver_key_management_hooks = 815 mbedtls_test_driver_key_management_hooks_init(); 816} 817/* END_CASE */ 818 819/* BEGIN_CASE */ 820void validate_key(int force_status_arg, 821 int location, 822 int owner_id_arg, 823 int id_arg, 824 int key_type_arg, 825 data_t *key_input, 826 int expected_status_arg) 827{ 828 psa_key_lifetime_t lifetime = 829 PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ 830 PSA_KEY_PERSISTENCE_DEFAULT, location); 831 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg); 832 psa_status_t force_status = force_status_arg; 833 psa_status_t expected_status = expected_status_arg; 834 psa_key_type_t key_type = key_type_arg; 835 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 836 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 837 psa_status_t actual_status; 838 mbedtls_test_driver_key_management_hooks = 839 mbedtls_test_driver_key_management_hooks_init(); 840 841 psa_set_key_id(&attributes, id); 842 psa_set_key_type(&attributes, 843 key_type); 844 psa_set_key_lifetime(&attributes, lifetime); 845 psa_set_key_bits(&attributes, 0); 846 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 847 848 PSA_ASSERT(psa_crypto_init()); 849 850 mbedtls_test_driver_key_management_hooks.hits = 0; 851 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 852 actual_status = psa_import_key(&attributes, key_input->x, key_input->len, &key); 853 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); 854 TEST_EQUAL(actual_status, expected_status); 855 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.location, location); 856exit: 857 psa_reset_key_attributes(&attributes); 858 psa_destroy_key(key); 859 PSA_DONE(); 860 mbedtls_test_driver_key_management_hooks = 861 mbedtls_test_driver_key_management_hooks_init(); 862} 863/* END_CASE */ 864 865/* BEGIN_CASE */ 866void export_key(int force_status_arg, 867 data_t *fake_output, 868 int key_in_type_arg, 869 data_t *key_in, 870 int key_out_type_arg, 871 data_t *expected_output, 872 int expected_status_arg) 873{ 874 psa_status_t force_status = force_status_arg; 875 psa_status_t expected_status = expected_status_arg; 876 psa_key_handle_t handle = 0; 877 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 878 psa_key_type_t input_key_type = key_in_type_arg; 879 psa_key_type_t output_key_type = key_out_type_arg; 880 const uint8_t *expected_output_ptr = NULL; 881 size_t expected_output_length = 0; 882 psa_status_t actual_status; 883 uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = { 0 }; 884 size_t actual_output_length; 885 mbedtls_test_driver_key_management_hooks = 886 mbedtls_test_driver_key_management_hooks_init(); 887 888 psa_set_key_type(&attributes, input_key_type); 889 psa_set_key_bits(&attributes, 256); 890 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 891 892 PSA_ASSERT(psa_crypto_init()); 893 PSA_ASSERT(psa_import_key(&attributes, key_in->x, key_in->len, &handle)); 894 895 if (fake_output->len > 0) { 896 expected_output_ptr = 897 mbedtls_test_driver_key_management_hooks.forced_output = 898 fake_output->x; 899 900 expected_output_length = 901 mbedtls_test_driver_key_management_hooks.forced_output_length = 902 fake_output->len; 903 } else { 904 expected_output_ptr = expected_output->x; 905 expected_output_length = expected_output->len; 906 } 907 908 mbedtls_test_driver_key_management_hooks.hits = 0; 909 mbedtls_test_driver_key_management_hooks.hits_export_public_key = 0; 910 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 911 912 if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { 913 actual_status = psa_export_public_key(handle, 914 actual_output, 915 sizeof(actual_output), 916 &actual_output_length); 917 } else { 918 actual_status = psa_export_key(handle, 919 actual_output, 920 sizeof(actual_output), 921 &actual_output_length); 922 } 923 TEST_EQUAL(actual_status, expected_status); 924 925 if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && 926 !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { 927 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_export_public_key, 1); 928 } 929 930 if (actual_status == PSA_SUCCESS) { 931 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 932 expected_output_ptr, expected_output_length); 933 } 934exit: 935 psa_reset_key_attributes(&attributes); 936 psa_destroy_key(handle); 937 PSA_DONE(); 938 mbedtls_test_driver_key_management_hooks = 939 mbedtls_test_driver_key_management_hooks_init(); 940} 941/* END_CASE */ 942 943/* BEGIN_CASE */ 944void key_agreement(int alg_arg, 945 int force_status_arg, 946 int our_key_type_arg, 947 data_t *our_key_data, 948 data_t *peer_key_data, 949 data_t *expected_output, 950 data_t *fake_output, 951 int expected_status_arg) 952{ 953 psa_status_t force_status = force_status_arg; 954 psa_status_t expected_status = expected_status_arg; 955 psa_algorithm_t alg = alg_arg; 956 psa_key_type_t our_key_type = our_key_type_arg; 957 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 958 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 959 const uint8_t *expected_output_ptr = NULL; 960 size_t expected_output_length = 0; 961 unsigned char *actual_output = NULL; 962 size_t actual_output_length = ~0; 963 size_t key_bits; 964 psa_status_t actual_status; 965 mbedtls_test_driver_key_agreement_hooks = 966 mbedtls_test_driver_key_agreement_hooks_init(); 967 968 PSA_ASSERT(psa_crypto_init()); 969 970 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 971 psa_set_key_algorithm(&attributes, alg); 972 psa_set_key_type(&attributes, our_key_type); 973 PSA_ASSERT(psa_import_key(&attributes, 974 our_key_data->x, our_key_data->len, 975 &our_key)); 976 977 PSA_ASSERT(psa_get_key_attributes(our_key, &attributes)); 978 key_bits = psa_get_key_bits(&attributes); 979 980 TEST_LE_U(expected_output->len, 981 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits)); 982 TEST_LE_U(PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits), 983 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); 984 985 if (fake_output->len > 0) { 986 expected_output_ptr = 987 mbedtls_test_driver_key_agreement_hooks.forced_output = 988 fake_output->x; 989 990 expected_output_length = 991 mbedtls_test_driver_key_agreement_hooks.forced_output_length = 992 fake_output->len; 993 } else { 994 expected_output_ptr = expected_output->x; 995 expected_output_length = expected_output->len; 996 } 997 998 mbedtls_test_driver_key_agreement_hooks.hits = 0; 999 mbedtls_test_driver_key_agreement_hooks.forced_status = force_status; 1000 1001 TEST_CALLOC(actual_output, expected_output->len); 1002 actual_status = psa_raw_key_agreement(alg, our_key, 1003 peer_key_data->x, peer_key_data->len, 1004 actual_output, expected_output->len, 1005 &actual_output_length); 1006 TEST_EQUAL(actual_status, expected_status); 1007 TEST_EQUAL(mbedtls_test_driver_key_agreement_hooks.hits, 1); 1008 1009 if (actual_status == PSA_SUCCESS) { 1010 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 1011 expected_output_ptr, expected_output_length); 1012 } 1013 mbedtls_free(actual_output); 1014 actual_output = NULL; 1015 actual_output_length = ~0; 1016 1017exit: 1018 psa_reset_key_attributes(&attributes); 1019 psa_destroy_key(our_key); 1020 PSA_DONE(); 1021 mbedtls_test_driver_key_agreement_hooks = 1022 mbedtls_test_driver_key_agreement_hooks_init(); 1023} 1024 1025/* END_CASE */ 1026 1027/* BEGIN_CASE */ 1028void cipher_encrypt_validation(int alg_arg, 1029 int key_type_arg, 1030 data_t *key_data, 1031 data_t *input) 1032{ 1033 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1034 psa_key_type_t key_type = key_type_arg; 1035 psa_algorithm_t alg = alg_arg; 1036 size_t iv_size = PSA_CIPHER_IV_LENGTH(key_type, alg); 1037 unsigned char *output1 = NULL; 1038 size_t output1_buffer_size = 0; 1039 size_t output1_length = 0; 1040 unsigned char *output2 = NULL; 1041 size_t output2_buffer_size = 0; 1042 size_t output2_length = 0; 1043 size_t function_output_length = 0; 1044 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1045 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1046 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1047 1048 PSA_ASSERT(psa_crypto_init()); 1049 1050 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1051 psa_set_key_algorithm(&attributes, alg); 1052 psa_set_key_type(&attributes, key_type); 1053 1054 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); 1055 output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + 1056 PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); 1057 TEST_CALLOC(output1, output1_buffer_size); 1058 TEST_CALLOC(output2, output2_buffer_size); 1059 1060 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1061 &key)); 1062 1063 mbedtls_test_driver_cipher_hooks.hits = 0; 1064 mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; 1065 PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, 1066 output1_buffer_size, &output1_length)); 1067 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); 1068 mbedtls_test_driver_cipher_hooks.hits = 0; 1069 1070 PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 1071 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1072 mbedtls_test_driver_cipher_hooks.hits = 0; 1073 1074 PSA_ASSERT(psa_cipher_set_iv(&operation, output1, iv_size)); 1075 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1076 mbedtls_test_driver_cipher_hooks.hits = 0; 1077 1078 PSA_ASSERT(psa_cipher_update(&operation, 1079 input->x, input->len, 1080 output2, output2_buffer_size, 1081 &function_output_length)); 1082 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1083 mbedtls_test_driver_cipher_hooks.hits = 0; 1084 1085 output2_length += function_output_length; 1086 PSA_ASSERT(psa_cipher_finish(&operation, 1087 output2 + output2_length, 1088 output2_buffer_size - output2_length, 1089 &function_output_length)); 1090 /* Finish will have called abort as well, so expecting two hits here */ 1091 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1092 mbedtls_test_driver_cipher_hooks.hits = 0; 1093 1094 output2_length += function_output_length; 1095 1096 PSA_ASSERT(psa_cipher_abort(&operation)); 1097 // driver function should've been called as part of the finish() core routine 1098 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1099 TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size, 1100 output2, output2_length); 1101 1102exit: 1103 psa_cipher_abort(&operation); 1104 mbedtls_free(output1); 1105 mbedtls_free(output2); 1106 psa_destroy_key(key); 1107 PSA_DONE(); 1108 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1109} 1110/* END_CASE */ 1111 1112/* BEGIN_CASE */ 1113void cipher_encrypt_multipart(int alg_arg, 1114 int key_type_arg, 1115 data_t *key_data, 1116 data_t *iv, 1117 data_t *input, 1118 int first_part_size_arg, 1119 int output1_length_arg, 1120 int output2_length_arg, 1121 data_t *expected_output, 1122 int mock_output_arg, 1123 int force_status_arg, 1124 int expected_status_arg) 1125{ 1126 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1127 psa_key_type_t key_type = key_type_arg; 1128 psa_algorithm_t alg = alg_arg; 1129 psa_status_t status; 1130 psa_status_t expected_status = expected_status_arg; 1131 psa_status_t force_status = force_status_arg; 1132 size_t first_part_size = first_part_size_arg; 1133 size_t output1_length = output1_length_arg; 1134 size_t output2_length = output2_length_arg; 1135 unsigned char *output = NULL; 1136 size_t output_buffer_size = 0; 1137 size_t function_output_length = 0; 1138 size_t total_output_length = 0; 1139 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1140 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1141 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1142 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1143 1144 /* Test operation initialization */ 1145 mbedtls_psa_cipher_operation_t mbedtls_operation = 1146 MBEDTLS_PSA_CIPHER_OPERATION_INIT; 1147 1148 mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = 1149 MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; 1150 1151 mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = 1152 MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; 1153 1154 operation.ctx.mbedtls_ctx = mbedtls_operation; 1155 operation.ctx.transparent_test_driver_ctx = transparent_operation; 1156 operation.ctx.opaque_test_driver_ctx = opaque_operation; 1157 1158 PSA_ASSERT(psa_crypto_init()); 1159 1160 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1161 psa_set_key_algorithm(&attributes, alg); 1162 psa_set_key_type(&attributes, key_type); 1163 1164 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1165 &key)); 1166 1167 mbedtls_test_driver_cipher_hooks.hits = 0; 1168 PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 1169 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1170 mbedtls_test_driver_cipher_hooks.hits = 0; 1171 1172 PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 1173 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1174 mbedtls_test_driver_cipher_hooks.hits = 0; 1175 1176 output_buffer_size = ((size_t) input->len + 1177 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); 1178 TEST_CALLOC(output, output_buffer_size); 1179 1180 if (mock_output_arg) { 1181 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1182 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1183 } 1184 1185 TEST_ASSERT(first_part_size <= input->len); 1186 PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size, 1187 output, output_buffer_size, 1188 &function_output_length)); 1189 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1190 mbedtls_test_driver_cipher_hooks.hits = 0; 1191 1192 TEST_ASSERT(function_output_length == output1_length); 1193 total_output_length += function_output_length; 1194 1195 if (first_part_size < input->len) { 1196 PSA_ASSERT(psa_cipher_update(&operation, 1197 input->x + first_part_size, 1198 input->len - first_part_size, 1199 output + total_output_length, 1200 output_buffer_size - total_output_length, 1201 &function_output_length)); 1202 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1203 mbedtls_test_driver_cipher_hooks.hits = 0; 1204 1205 TEST_ASSERT(function_output_length == output2_length); 1206 total_output_length += function_output_length; 1207 } 1208 1209 if (mock_output_arg) { 1210 mbedtls_test_driver_cipher_hooks.forced_output = NULL; 1211 mbedtls_test_driver_cipher_hooks.forced_output_length = 0; 1212 } 1213 1214 status = psa_cipher_finish(&operation, 1215 output + total_output_length, 1216 output_buffer_size - total_output_length, 1217 &function_output_length); 1218 /* Finish will have called abort as well, so expecting two hits here */ 1219 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); 1220 mbedtls_test_driver_cipher_hooks.hits = 0; 1221 total_output_length += function_output_length; 1222 TEST_EQUAL(status, expected_status); 1223 1224 if (expected_status == PSA_SUCCESS) { 1225 PSA_ASSERT(psa_cipher_abort(&operation)); 1226 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1227 1228 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1229 output, total_output_length); 1230 } 1231 1232exit: 1233 psa_cipher_abort(&operation); 1234 mbedtls_free(output); 1235 psa_destroy_key(key); 1236 PSA_DONE(); 1237 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1238} 1239/* END_CASE */ 1240 1241/* BEGIN_CASE */ 1242void cipher_decrypt_multipart(int alg_arg, 1243 int key_type_arg, 1244 data_t *key_data, 1245 data_t *iv, 1246 data_t *input, 1247 int first_part_size_arg, 1248 int output1_length_arg, 1249 int output2_length_arg, 1250 data_t *expected_output, 1251 int mock_output_arg, 1252 int force_status_arg, 1253 int expected_status_arg) 1254{ 1255 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1256 psa_key_type_t key_type = key_type_arg; 1257 psa_algorithm_t alg = alg_arg; 1258 psa_status_t status; 1259 psa_status_t expected_status = expected_status_arg; 1260 psa_status_t force_status = force_status_arg; 1261 size_t first_part_size = first_part_size_arg; 1262 size_t output1_length = output1_length_arg; 1263 size_t output2_length = output2_length_arg; 1264 unsigned char *output = NULL; 1265 size_t output_buffer_size = 0; 1266 size_t function_output_length = 0; 1267 size_t total_output_length = 0; 1268 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1269 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1270 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1271 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1272 1273 /* Test operation initialization */ 1274 mbedtls_psa_cipher_operation_t mbedtls_operation = 1275 MBEDTLS_PSA_CIPHER_OPERATION_INIT; 1276 1277 mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = 1278 MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; 1279 1280 mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = 1281 MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; 1282 1283 operation.ctx.mbedtls_ctx = mbedtls_operation; 1284 operation.ctx.transparent_test_driver_ctx = transparent_operation; 1285 operation.ctx.opaque_test_driver_ctx = opaque_operation; 1286 1287 PSA_ASSERT(psa_crypto_init()); 1288 1289 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1290 psa_set_key_algorithm(&attributes, alg); 1291 psa_set_key_type(&attributes, key_type); 1292 1293 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1294 &key)); 1295 1296 mbedtls_test_driver_cipher_hooks.hits = 0; 1297 PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); 1298 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1299 mbedtls_test_driver_cipher_hooks.hits = 0; 1300 1301 PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 1302 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1303 mbedtls_test_driver_cipher_hooks.hits = 0; 1304 1305 output_buffer_size = ((size_t) input->len + 1306 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); 1307 TEST_CALLOC(output, output_buffer_size); 1308 1309 if (mock_output_arg) { 1310 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1311 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1312 } 1313 1314 TEST_ASSERT(first_part_size <= input->len); 1315 PSA_ASSERT(psa_cipher_update(&operation, 1316 input->x, first_part_size, 1317 output, output_buffer_size, 1318 &function_output_length)); 1319 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1320 mbedtls_test_driver_cipher_hooks.hits = 0; 1321 1322 TEST_ASSERT(function_output_length == output1_length); 1323 total_output_length += function_output_length; 1324 1325 if (first_part_size < input->len) { 1326 PSA_ASSERT(psa_cipher_update(&operation, 1327 input->x + first_part_size, 1328 input->len - first_part_size, 1329 output + total_output_length, 1330 output_buffer_size - total_output_length, 1331 &function_output_length)); 1332 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1333 mbedtls_test_driver_cipher_hooks.hits = 0; 1334 1335 TEST_ASSERT(function_output_length == output2_length); 1336 total_output_length += function_output_length; 1337 } 1338 1339 if (mock_output_arg) { 1340 mbedtls_test_driver_cipher_hooks.forced_output = NULL; 1341 mbedtls_test_driver_cipher_hooks.forced_output_length = 0; 1342 } 1343 1344 status = psa_cipher_finish(&operation, 1345 output + total_output_length, 1346 output_buffer_size - total_output_length, 1347 &function_output_length); 1348 /* Finish will have called abort as well, so expecting two hits here */ 1349 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); 1350 mbedtls_test_driver_cipher_hooks.hits = 0; 1351 total_output_length += function_output_length; 1352 TEST_EQUAL(status, expected_status); 1353 1354 if (expected_status == PSA_SUCCESS) { 1355 PSA_ASSERT(psa_cipher_abort(&operation)); 1356 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1357 1358 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1359 output, total_output_length); 1360 } 1361 1362exit: 1363 psa_cipher_abort(&operation); 1364 mbedtls_free(output); 1365 psa_destroy_key(key); 1366 PSA_DONE(); 1367 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1368} 1369/* END_CASE */ 1370 1371/* BEGIN_CASE */ 1372void cipher_decrypt(int alg_arg, 1373 int key_type_arg, 1374 data_t *key_data, 1375 data_t *iv, 1376 data_t *input_arg, 1377 data_t *expected_output, 1378 int mock_output_arg, 1379 int force_status_arg, 1380 int expected_status_arg) 1381{ 1382 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1383 psa_status_t status; 1384 psa_key_type_t key_type = key_type_arg; 1385 psa_algorithm_t alg = alg_arg; 1386 psa_status_t expected_status = expected_status_arg; 1387 psa_status_t force_status = force_status_arg; 1388 unsigned char *input = NULL; 1389 size_t input_buffer_size = 0; 1390 unsigned char *output = NULL; 1391 size_t output_buffer_size = 0; 1392 size_t output_length = 0; 1393 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1394 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1395 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1396 1397 PSA_ASSERT(psa_crypto_init()); 1398 1399 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1400 psa_set_key_algorithm(&attributes, alg); 1401 psa_set_key_type(&attributes, key_type); 1402 1403 /* Allocate input buffer and copy the iv and the plaintext */ 1404 input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); 1405 if (input_buffer_size > 0) { 1406 TEST_CALLOC(input, input_buffer_size); 1407 memcpy(input, iv->x, iv->len); 1408 memcpy(input + iv->len, input_arg->x, input_arg->len); 1409 } 1410 1411 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); 1412 TEST_CALLOC(output, output_buffer_size); 1413 1414 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1415 &key)); 1416 1417 if (mock_output_arg) { 1418 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1419 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1420 } 1421 1422 mbedtls_test_driver_cipher_hooks.hits = 0; 1423 status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, 1424 output_buffer_size, &output_length); 1425 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1426 mbedtls_test_driver_cipher_hooks.hits = 0; 1427 1428 TEST_EQUAL(status, expected_status); 1429 1430 if (expected_status == PSA_SUCCESS) { 1431 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1432 output, output_length); 1433 } 1434 1435exit: 1436 mbedtls_free(input); 1437 mbedtls_free(output); 1438 psa_destroy_key(key); 1439 PSA_DONE(); 1440 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1441} 1442/* END_CASE */ 1443 1444/* BEGIN_CASE */ 1445void cipher_entry_points(int alg_arg, int key_type_arg, 1446 data_t *key_data, data_t *iv, 1447 data_t *input) 1448{ 1449 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1450 psa_status_t status; 1451 psa_key_type_t key_type = key_type_arg; 1452 psa_algorithm_t alg = alg_arg; 1453 unsigned char *output = NULL; 1454 size_t output_buffer_size = 0; 1455 size_t function_output_length = 0; 1456 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1457 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1458 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1459 1460 TEST_CALLOC(output, input->len + 16); 1461 output_buffer_size = input->len + 16; 1462 1463 PSA_ASSERT(psa_crypto_init()); 1464 1465 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 1466 psa_set_key_algorithm(&attributes, alg); 1467 psa_set_key_type(&attributes, key_type); 1468 1469 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1470 &key)); 1471 1472 /* 1473 * Test encrypt failure 1474 * First test that if we don't force a driver error, encryption is 1475 * successful, then force driver error. 1476 */ 1477 mbedtls_test_driver_cipher_hooks.hits = 0; 1478 mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; 1479 status = psa_cipher_encrypt( 1480 key, alg, input->x, input->len, 1481 output, output_buffer_size, &function_output_length); 1482 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); 1483 TEST_EQUAL(status, PSA_SUCCESS); 1484 mbedtls_test_driver_cipher_hooks.hits = 0; 1485 1486 mbedtls_test_driver_cipher_hooks.forced_status_encrypt = PSA_ERROR_GENERIC_ERROR; 1487 /* Set the output buffer in a given state. */ 1488 for (size_t i = 0; i < output_buffer_size; i++) { 1489 output[i] = 0xa5; 1490 } 1491 1492 mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; 1493 status = psa_cipher_encrypt( 1494 key, alg, input->x, input->len, 1495 output, output_buffer_size, &function_output_length); 1496 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); 1497 TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); 1498 1499 mbedtls_test_driver_cipher_hooks.hits = 0; 1500 1501 /* Test setup call, encrypt */ 1502 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1503 status = psa_cipher_encrypt_setup(&operation, key, alg); 1504 /* When setup fails, it shouldn't call any further entry points */ 1505 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1506 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1507 mbedtls_test_driver_cipher_hooks.hits = 0; 1508 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1509 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1510 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1511 1512 /* Test setup call failure, decrypt */ 1513 status = psa_cipher_decrypt_setup(&operation, key, alg); 1514 /* When setup fails, it shouldn't call any further entry points */ 1515 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1516 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1517 mbedtls_test_driver_cipher_hooks.hits = 0; 1518 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1519 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1520 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1521 1522 /* Test IV setting failure */ 1523 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1524 status = psa_cipher_encrypt_setup(&operation, key, alg); 1525 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1526 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1527 mbedtls_test_driver_cipher_hooks.hits = 0; 1528 1529 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1530 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1531 /* When setting the IV fails, it should call abort too */ 1532 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1533 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1534 /* Failure should prevent further operations from executing on the driver */ 1535 mbedtls_test_driver_cipher_hooks.hits = 0; 1536 status = psa_cipher_update(&operation, 1537 input->x, input->len, 1538 output, output_buffer_size, 1539 &function_output_length); 1540 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1541 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1542 psa_cipher_abort(&operation); 1543 1544 /* Test IV generation failure */ 1545 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1546 status = psa_cipher_encrypt_setup(&operation, key, alg); 1547 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1548 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1549 mbedtls_test_driver_cipher_hooks.hits = 0; 1550 mbedtls_test_driver_cipher_hooks.hits_set_iv = 0; 1551 1552 mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_ERROR_GENERIC_ERROR; 1553 /* Set the output buffer in a given state. */ 1554 for (size_t i = 0; i < 16; i++) { 1555 output[i] = 0xa5; 1556 } 1557 1558 status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length); 1559 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_set_iv, 1); 1560 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status_set_iv); 1561 mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_SUCCESS; 1562 /* Failure should prevent further operations from executing on the driver */ 1563 mbedtls_test_driver_cipher_hooks.hits = 0; 1564 status = psa_cipher_update(&operation, 1565 input->x, input->len, 1566 output, output_buffer_size, 1567 &function_output_length); 1568 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1569 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1570 psa_cipher_abort(&operation); 1571 1572 /* Test update failure */ 1573 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1574 status = psa_cipher_encrypt_setup(&operation, key, alg); 1575 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1576 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1577 mbedtls_test_driver_cipher_hooks.hits = 0; 1578 1579 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1580 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1581 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1582 mbedtls_test_driver_cipher_hooks.hits = 0; 1583 1584 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1585 status = psa_cipher_update(&operation, 1586 input->x, input->len, 1587 output, output_buffer_size, 1588 &function_output_length); 1589 /* When the update call fails, it should call abort too */ 1590 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1591 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1592 /* Failure should prevent further operations from executing on the driver */ 1593 mbedtls_test_driver_cipher_hooks.hits = 0; 1594 status = psa_cipher_update(&operation, 1595 input->x, input->len, 1596 output, output_buffer_size, 1597 &function_output_length); 1598 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1599 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1600 psa_cipher_abort(&operation); 1601 1602 /* Test finish failure */ 1603 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1604 status = psa_cipher_encrypt_setup(&operation, key, alg); 1605 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1606 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1607 mbedtls_test_driver_cipher_hooks.hits = 0; 1608 1609 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1610 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1611 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1612 mbedtls_test_driver_cipher_hooks.hits = 0; 1613 1614 status = psa_cipher_update(&operation, 1615 input->x, input->len, 1616 output, output_buffer_size, 1617 &function_output_length); 1618 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1619 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1620 mbedtls_test_driver_cipher_hooks.hits = 0; 1621 1622 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1623 status = psa_cipher_finish(&operation, 1624 output + function_output_length, 1625 output_buffer_size - function_output_length, 1626 &function_output_length); 1627 /* When the finish call fails, it should call abort too */ 1628 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1629 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1630 /* Failure should prevent further operations from executing on the driver */ 1631 mbedtls_test_driver_cipher_hooks.hits = 0; 1632 status = psa_cipher_update(&operation, 1633 input->x, input->len, 1634 output, output_buffer_size, 1635 &function_output_length); 1636 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1637 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1638 psa_cipher_abort(&operation); 1639 1640exit: 1641 psa_cipher_abort(&operation); 1642 mbedtls_free(output); 1643 psa_destroy_key(key); 1644 PSA_DONE(); 1645 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1646} 1647/* END_CASE */ 1648 1649/* BEGIN_CASE */ 1650void aead_encrypt(int key_type_arg, data_t *key_data, 1651 int alg_arg, 1652 data_t *nonce, 1653 data_t *additional_data, 1654 data_t *input_data, 1655 data_t *expected_result, 1656 int forced_status_arg) 1657{ 1658 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1659 psa_key_type_t key_type = key_type_arg; 1660 psa_algorithm_t alg = alg_arg; 1661 size_t key_bits; 1662 psa_status_t forced_status = forced_status_arg; 1663 unsigned char *output_data = NULL; 1664 size_t output_size = 0; 1665 size_t output_length = 0; 1666 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1667 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1668 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1669 1670 PSA_ASSERT(psa_crypto_init()); 1671 1672 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1673 psa_set_key_algorithm(&attributes, alg); 1674 psa_set_key_type(&attributes, key_type); 1675 1676 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1677 &key)); 1678 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1679 key_bits = psa_get_key_bits(&attributes); 1680 1681 output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 1682 alg); 1683 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 1684 * should be exact. */ 1685 TEST_EQUAL(output_size, 1686 PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 1687 TEST_ASSERT(output_size <= 1688 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 1689 TEST_CALLOC(output_data, output_size); 1690 1691 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 1692 status = psa_aead_encrypt(key, alg, 1693 nonce->x, nonce->len, 1694 additional_data->x, additional_data->len, 1695 input_data->x, input_data->len, 1696 output_data, output_size, 1697 &output_length); 1698 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt, 1); 1699 TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); 1700 1701 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 1702 PSA_SUCCESS : forced_status); 1703 1704 if (status == PSA_SUCCESS) { 1705 TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, 1706 output_data, output_length); 1707 } 1708 1709exit: 1710 psa_destroy_key(key); 1711 mbedtls_free(output_data); 1712 PSA_DONE(); 1713 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1714} 1715/* END_CASE */ 1716 1717/* BEGIN_CASE */ 1718void aead_decrypt(int key_type_arg, data_t *key_data, 1719 int alg_arg, 1720 data_t *nonce, 1721 data_t *additional_data, 1722 data_t *input_data, 1723 data_t *expected_data, 1724 int forced_status_arg) 1725{ 1726 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1727 psa_key_type_t key_type = key_type_arg; 1728 psa_algorithm_t alg = alg_arg; 1729 size_t key_bits; 1730 psa_status_t forced_status = forced_status_arg; 1731 unsigned char *output_data = NULL; 1732 size_t output_size = 0; 1733 size_t output_length = 0; 1734 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1735 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1736 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1737 1738 PSA_ASSERT(psa_crypto_init()); 1739 1740 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1741 psa_set_key_algorithm(&attributes, alg); 1742 psa_set_key_type(&attributes, key_type); 1743 1744 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1745 &key)); 1746 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1747 key_bits = psa_get_key_bits(&attributes); 1748 1749 output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits, 1750 alg); 1751 TEST_CALLOC(output_data, output_size); 1752 1753 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 1754 status = psa_aead_decrypt(key, alg, 1755 nonce->x, nonce->len, 1756 additional_data->x, 1757 additional_data->len, 1758 input_data->x, input_data->len, 1759 output_data, output_size, 1760 &output_length); 1761 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt, 1); 1762 TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); 1763 1764 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 1765 PSA_SUCCESS : forced_status); 1766 1767 if (status == PSA_SUCCESS) { 1768 TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, 1769 output_data, output_length); 1770 } 1771 1772exit: 1773 psa_destroy_key(key); 1774 mbedtls_free(output_data); 1775 PSA_DONE(); 1776 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1777} 1778/* END_CASE */ 1779 1780/* BEGIN_CASE */ 1781void mac_sign(int key_type_arg, 1782 data_t *key_data, 1783 int alg_arg, 1784 data_t *input, 1785 data_t *expected_mac, 1786 int forced_status_arg) 1787{ 1788 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1789 psa_key_type_t key_type = key_type_arg; 1790 psa_algorithm_t alg = alg_arg; 1791 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1792 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1793 uint8_t *actual_mac = NULL; 1794 size_t mac_buffer_size = 1795 PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 1796 size_t mac_length = 0; 1797 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1798 psa_status_t forced_status = forced_status_arg; 1799 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1800 1801 TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); 1802 /* We expect PSA_MAC_LENGTH to be exact. */ 1803 TEST_ASSERT(expected_mac->len == mac_buffer_size); 1804 1805 PSA_ASSERT(psa_crypto_init()); 1806 1807 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 1808 psa_set_key_algorithm(&attributes, alg); 1809 psa_set_key_type(&attributes, key_type); 1810 1811 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1812 &key)); 1813 1814 TEST_CALLOC(actual_mac, mac_buffer_size); 1815 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 1816 1817 /* 1818 * Calculate the MAC, one-shot case. 1819 */ 1820 status = psa_mac_compute(key, alg, 1821 input->x, input->len, 1822 actual_mac, mac_buffer_size, 1823 &mac_length); 1824 1825 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1826 if (forced_status == PSA_SUCCESS || 1827 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1828 PSA_ASSERT(status); 1829 } else { 1830 TEST_EQUAL(forced_status, status); 1831 } 1832 1833 PSA_ASSERT(psa_mac_abort(&operation)); 1834 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1835 1836 if (forced_status == PSA_SUCCESS) { 1837 TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, 1838 actual_mac, mac_length); 1839 } 1840 1841 mbedtls_free(actual_mac); 1842 actual_mac = NULL; 1843 1844exit: 1845 psa_mac_abort(&operation); 1846 psa_destroy_key(key); 1847 PSA_DONE(); 1848 mbedtls_free(actual_mac); 1849 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1850} 1851/* END_CASE */ 1852 1853/* BEGIN_CASE */ 1854void mac_sign_multipart(int key_type_arg, 1855 data_t *key_data, 1856 int alg_arg, 1857 data_t *input, 1858 data_t *expected_mac, 1859 int fragments_count, 1860 int forced_status_arg) 1861{ 1862 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1863 psa_key_type_t key_type = key_type_arg; 1864 psa_algorithm_t alg = alg_arg; 1865 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1866 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1867 uint8_t *actual_mac = NULL; 1868 size_t mac_buffer_size = 1869 PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 1870 size_t mac_length = 0; 1871 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1872 psa_status_t forced_status = forced_status_arg; 1873 uint8_t *input_x = input->x; 1874 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1875 1876 TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); 1877 /* We expect PSA_MAC_LENGTH to be exact. */ 1878 TEST_ASSERT(expected_mac->len == mac_buffer_size); 1879 1880 PSA_ASSERT(psa_crypto_init()); 1881 1882 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 1883 psa_set_key_algorithm(&attributes, alg); 1884 psa_set_key_type(&attributes, key_type); 1885 1886 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1887 &key)); 1888 1889 TEST_CALLOC(actual_mac, mac_buffer_size); 1890 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 1891 1892 /* 1893 * Calculate the MAC, multipart case. 1894 */ 1895 status = psa_mac_sign_setup(&operation, key, alg); 1896 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1897 1898 if (forced_status == PSA_SUCCESS || 1899 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1900 PSA_ASSERT(status); 1901 } else { 1902 TEST_EQUAL(forced_status, status); 1903 } 1904 1905 if (fragments_count) { 1906 TEST_ASSERT((input->len / fragments_count) > 0); 1907 } 1908 1909 for (int i = 0; i < fragments_count; i++) { 1910 int fragment_size = input->len / fragments_count; 1911 if (i == fragments_count - 1) { 1912 fragment_size += (input->len % fragments_count); 1913 } 1914 1915 status = psa_mac_update(&operation, 1916 input_x, fragment_size); 1917 if (forced_status == PSA_SUCCESS) { 1918 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); 1919 } else { 1920 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1921 } 1922 if (forced_status == PSA_SUCCESS || 1923 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1924 PSA_ASSERT(status); 1925 } else { 1926 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 1927 } 1928 input_x += fragment_size; 1929 } 1930 1931 status = psa_mac_sign_finish(&operation, 1932 actual_mac, mac_buffer_size, 1933 &mac_length); 1934 if (forced_status == PSA_SUCCESS) { 1935 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 1936 } else { 1937 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1938 } 1939 1940 if (forced_status == PSA_SUCCESS || 1941 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1942 PSA_ASSERT(status); 1943 } else { 1944 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 1945 } 1946 1947 PSA_ASSERT(psa_mac_abort(&operation)); 1948 if (forced_status == PSA_SUCCESS) { 1949 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 1950 } else { 1951 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1952 } 1953 1954 if (forced_status == PSA_SUCCESS) { 1955 TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, 1956 actual_mac, mac_length); 1957 } 1958 1959 mbedtls_free(actual_mac); 1960 actual_mac = NULL; 1961 1962exit: 1963 psa_mac_abort(&operation); 1964 psa_destroy_key(key); 1965 PSA_DONE(); 1966 mbedtls_free(actual_mac); 1967 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1968} 1969/* END_CASE */ 1970 1971/* BEGIN_CASE */ 1972void mac_verify(int key_type_arg, 1973 data_t *key_data, 1974 int alg_arg, 1975 data_t *input, 1976 data_t *expected_mac, 1977 int forced_status_arg) 1978{ 1979 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1980 psa_key_type_t key_type = key_type_arg; 1981 psa_algorithm_t alg = alg_arg; 1982 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1983 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1984 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1985 psa_status_t forced_status = forced_status_arg; 1986 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1987 1988 TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); 1989 1990 PSA_ASSERT(psa_crypto_init()); 1991 1992 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 1993 psa_set_key_algorithm(&attributes, alg); 1994 psa_set_key_type(&attributes, key_type); 1995 1996 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1997 &key)); 1998 1999 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 2000 2001 /* 2002 * Verify the MAC, one-shot case. 2003 */ 2004 status = psa_mac_verify(key, alg, 2005 input->x, input->len, 2006 expected_mac->x, expected_mac->len); 2007 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2008 if (forced_status == PSA_SUCCESS || 2009 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2010 PSA_ASSERT(status); 2011 } else { 2012 TEST_EQUAL(forced_status, status); 2013 } 2014 2015 PSA_ASSERT(psa_mac_abort(&operation)); 2016 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2017exit: 2018 psa_mac_abort(&operation); 2019 psa_destroy_key(key); 2020 PSA_DONE(); 2021 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2022} 2023/* END_CASE */ 2024 2025/* BEGIN_CASE */ 2026void mac_verify_multipart(int key_type_arg, 2027 data_t *key_data, 2028 int alg_arg, 2029 data_t *input, 2030 data_t *expected_mac, 2031 int fragments_count, 2032 int forced_status_arg) 2033{ 2034 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2035 psa_key_type_t key_type = key_type_arg; 2036 psa_algorithm_t alg = alg_arg; 2037 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2038 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2039 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2040 psa_status_t forced_status = forced_status_arg; 2041 uint8_t *input_x = input->x; 2042 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2043 2044 TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); 2045 2046 PSA_ASSERT(psa_crypto_init()); 2047 2048 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 2049 psa_set_key_algorithm(&attributes, alg); 2050 psa_set_key_type(&attributes, key_type); 2051 2052 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2053 &key)); 2054 2055 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 2056 2057 /* 2058 * Verify the MAC, multi-part case. 2059 */ 2060 status = psa_mac_verify_setup(&operation, key, alg); 2061 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2062 2063 if (forced_status == PSA_SUCCESS || 2064 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2065 PSA_ASSERT(status); 2066 } else { 2067 TEST_EQUAL(forced_status, status); 2068 } 2069 2070 if (fragments_count) { 2071 TEST_ASSERT((input->len / fragments_count) > 0); 2072 } 2073 2074 for (int i = 0; i < fragments_count; i++) { 2075 int fragment_size = input->len / fragments_count; 2076 if (i == fragments_count - 1) { 2077 fragment_size += (input->len % fragments_count); 2078 } 2079 2080 status = psa_mac_update(&operation, 2081 input_x, fragment_size); 2082 if (forced_status == PSA_SUCCESS) { 2083 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); 2084 } else { 2085 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2086 } 2087 2088 if (forced_status == PSA_SUCCESS || 2089 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2090 PSA_ASSERT(status); 2091 } else { 2092 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 2093 } 2094 input_x += fragment_size; 2095 } 2096 2097 status = psa_mac_verify_finish(&operation, 2098 expected_mac->x, 2099 expected_mac->len); 2100 if (forced_status == PSA_SUCCESS) { 2101 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 2102 } else { 2103 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2104 } 2105 2106 if (forced_status == PSA_SUCCESS || 2107 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2108 PSA_ASSERT(status); 2109 } else { 2110 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 2111 } 2112 2113 2114 PSA_ASSERT(psa_mac_abort(&operation)); 2115 if (forced_status == PSA_SUCCESS) { 2116 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 2117 } else { 2118 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2119 } 2120 2121exit: 2122 psa_mac_abort(&operation); 2123 psa_destroy_key(key); 2124 PSA_DONE(); 2125 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2126} 2127/* END_CASE */ 2128 2129/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 2130void builtin_key_export(int builtin_key_id_arg, 2131 int builtin_key_type_arg, 2132 int builtin_key_bits_arg, 2133 int builtin_key_algorithm_arg, 2134 data_t *expected_output, 2135 int expected_status_arg) 2136{ 2137 psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; 2138 psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; 2139 psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; 2140 size_t builtin_key_bits = (size_t) builtin_key_bits_arg; 2141 psa_status_t expected_status = expected_status_arg; 2142 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2143 2144 mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); 2145 uint8_t *output_buffer = NULL; 2146 size_t output_size = 0; 2147 psa_status_t actual_status; 2148 2149 PSA_ASSERT(psa_crypto_init()); 2150 TEST_CALLOC(output_buffer, expected_output->len); 2151 2152 actual_status = psa_export_key(key, output_buffer, expected_output->len, &output_size); 2153 2154 if (expected_status == PSA_SUCCESS) { 2155 PSA_ASSERT(actual_status); 2156 TEST_EQUAL(output_size, expected_output->len); 2157 TEST_MEMORY_COMPARE(output_buffer, output_size, 2158 expected_output->x, expected_output->len); 2159 2160 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2161 TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); 2162 TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); 2163 TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); 2164 } else { 2165 if (actual_status != expected_status) { 2166 fprintf(stderr, "Expected %d but got %d\n", expected_status, actual_status); 2167 } 2168 TEST_EQUAL(actual_status, expected_status); 2169 TEST_EQUAL(output_size, 0); 2170 } 2171 2172exit: 2173 mbedtls_free(output_buffer); 2174 psa_reset_key_attributes(&attributes); 2175 psa_destroy_key(key); 2176 PSA_DONE(); 2177} 2178/* END_CASE */ 2179 2180/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 2181void builtin_pubkey_export(int builtin_key_id_arg, 2182 int builtin_key_type_arg, 2183 int builtin_key_bits_arg, 2184 int builtin_key_algorithm_arg, 2185 data_t *expected_output, 2186 int expected_status_arg) 2187{ 2188 psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; 2189 psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; 2190 psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; 2191 size_t builtin_key_bits = (size_t) builtin_key_bits_arg; 2192 psa_status_t expected_status = expected_status_arg; 2193 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2194 2195 mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); 2196 uint8_t *output_buffer = NULL; 2197 size_t output_size = 0; 2198 psa_status_t actual_status; 2199 2200 PSA_ASSERT(psa_crypto_init()); 2201 TEST_CALLOC(output_buffer, expected_output->len); 2202 2203 actual_status = psa_export_public_key(key, output_buffer, expected_output->len, &output_size); 2204 2205 if (expected_status == PSA_SUCCESS) { 2206 PSA_ASSERT(actual_status); 2207 TEST_EQUAL(output_size, expected_output->len); 2208 TEST_MEMORY_COMPARE(output_buffer, output_size, 2209 expected_output->x, expected_output->len); 2210 2211 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2212 TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); 2213 TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); 2214 TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); 2215 } else { 2216 TEST_EQUAL(actual_status, expected_status); 2217 TEST_EQUAL(output_size, 0); 2218 } 2219 2220exit: 2221 mbedtls_free(output_buffer); 2222 psa_reset_key_attributes(&attributes); 2223 psa_destroy_key(key); 2224 PSA_DONE(); 2225} 2226/* END_CASE */ 2227 2228/* BEGIN_CASE */ 2229void hash_compute(int alg_arg, 2230 data_t *input, data_t *hash, 2231 int forced_status_arg, 2232 int expected_status_arg) 2233{ 2234 psa_algorithm_t alg = alg_arg; 2235 psa_status_t forced_status = forced_status_arg; 2236 psa_status_t expected_status = expected_status_arg; 2237 unsigned char *output = NULL; 2238 size_t output_length; 2239 2240 2241 PSA_ASSERT(psa_crypto_init()); 2242 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2243 2244 /* Do this after psa_crypto_init() which may call hash drivers */ 2245 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2246 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2247 2248 TEST_EQUAL(psa_hash_compute(alg, input->x, input->len, 2249 output, PSA_HASH_LENGTH(alg), 2250 &output_length), expected_status); 2251 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2252 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2253 2254 if (expected_status == PSA_SUCCESS) { 2255 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2256 } 2257 2258exit: 2259 mbedtls_free(output); 2260 PSA_DONE(); 2261 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2262} 2263/* END_CASE */ 2264 2265/* BEGIN_CASE */ 2266void hash_multipart_setup(int alg_arg, 2267 data_t *input, data_t *hash, 2268 int forced_status_arg, 2269 int expected_status_arg) 2270{ 2271 psa_algorithm_t alg = alg_arg; 2272 psa_status_t forced_status = forced_status_arg; 2273 psa_status_t expected_status = expected_status_arg; 2274 unsigned char *output = NULL; 2275 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2276 size_t output_length; 2277 2278 2279 PSA_ASSERT(psa_crypto_init()); 2280 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2281 2282 /* Do this after psa_crypto_init() which may call hash drivers */ 2283 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2284 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2285 2286 TEST_EQUAL(psa_hash_setup(&operation, alg), expected_status); 2287 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2288 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2289 2290 if (expected_status == PSA_SUCCESS) { 2291 PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 2292 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2293 forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 2); 2294 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2295 2296 PSA_ASSERT(psa_hash_finish(&operation, 2297 output, PSA_HASH_LENGTH(alg), 2298 &output_length)); 2299 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2300 forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4); 2301 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2302 2303 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2304 } 2305 2306exit: 2307 psa_hash_abort(&operation); 2308 mbedtls_free(output); 2309 PSA_DONE(); 2310 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2311} 2312/* END_CASE */ 2313 2314/* BEGIN_CASE */ 2315void hash_multipart_update(int alg_arg, 2316 data_t *input, data_t *hash, 2317 int forced_status_arg) 2318{ 2319 psa_algorithm_t alg = alg_arg; 2320 psa_status_t forced_status = forced_status_arg; 2321 unsigned char *output = NULL; 2322 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2323 size_t output_length; 2324 2325 2326 PSA_ASSERT(psa_crypto_init()); 2327 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2328 2329 /* Do this after psa_crypto_init() which may call hash drivers */ 2330 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2331 2332 /* 2333 * Update inactive operation, the driver shouldn't be called. 2334 */ 2335 TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), 2336 PSA_ERROR_BAD_STATE); 2337 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2338 2339 PSA_ASSERT(psa_hash_setup(&operation, alg)); 2340 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2341 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2342 2343 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2344 TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), 2345 forced_status); 2346 /* One or two more calls to the driver interface: update or update + abort */ 2347 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2348 forced_status == PSA_SUCCESS ? 2 : 3); 2349 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2350 2351 if (forced_status == PSA_SUCCESS) { 2352 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2353 PSA_ASSERT(psa_hash_finish(&operation, 2354 output, PSA_HASH_LENGTH(alg), 2355 &output_length)); 2356 /* Two calls to the driver interface: update + abort */ 2357 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); 2358 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2359 2360 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2361 } 2362 2363exit: 2364 psa_hash_abort(&operation); 2365 mbedtls_free(output); 2366 PSA_DONE(); 2367 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2368} 2369/* END_CASE */ 2370 2371/* BEGIN_CASE */ 2372void hash_multipart_finish(int alg_arg, 2373 data_t *input, data_t *hash, 2374 int forced_status_arg) 2375{ 2376 psa_algorithm_t alg = alg_arg; 2377 psa_status_t forced_status = forced_status_arg; 2378 unsigned char *output = NULL; 2379 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2380 size_t output_length; 2381 2382 PSA_ASSERT(psa_crypto_init()); 2383 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2384 2385 /* Do this after psa_crypto_init() which may call hash drivers */ 2386 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2387 2388 /* 2389 * Finish inactive operation, the driver shouldn't be called. 2390 */ 2391 TEST_EQUAL(psa_hash_finish(&operation, output, PSA_HASH_LENGTH(alg), 2392 &output_length), 2393 PSA_ERROR_BAD_STATE); 2394 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2395 2396 PSA_ASSERT(psa_hash_setup(&operation, alg)); 2397 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2398 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2399 2400 PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 2401 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); 2402 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2403 2404 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2405 TEST_EQUAL(psa_hash_finish(&operation, 2406 output, PSA_HASH_LENGTH(alg), 2407 &output_length), 2408 forced_status); 2409 /* Two more calls to the driver interface: finish + abort */ 2410 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 4); 2411 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2412 2413 if (forced_status == PSA_SUCCESS) { 2414 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2415 } 2416 2417exit: 2418 psa_hash_abort(&operation); 2419 mbedtls_free(output); 2420 PSA_DONE(); 2421 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2422} 2423/* END_CASE */ 2424 2425/* BEGIN_CASE */ 2426void hash_clone(int alg_arg, 2427 data_t *input, data_t *hash, 2428 int forced_status_arg) 2429{ 2430 psa_algorithm_t alg = alg_arg; 2431 psa_status_t forced_status = forced_status_arg; 2432 unsigned char *output = NULL; 2433 psa_hash_operation_t source_operation = PSA_HASH_OPERATION_INIT; 2434 psa_hash_operation_t target_operation = PSA_HASH_OPERATION_INIT; 2435 size_t output_length; 2436 2437 PSA_ASSERT(psa_crypto_init()); 2438 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2439 2440 /* Do this after psa_crypto_init() which may call hash drivers */ 2441 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2442 2443 /* 2444 * Clone inactive operation, the driver shouldn't be called. 2445 */ 2446 TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), 2447 PSA_ERROR_BAD_STATE); 2448 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2449 2450 PSA_ASSERT(psa_hash_setup(&source_operation, alg)); 2451 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2452 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2453 2454 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2455 TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), 2456 forced_status); 2457 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2458 forced_status == PSA_SUCCESS ? 2 : 3); 2459 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2460 2461 if (forced_status == PSA_SUCCESS) { 2462 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2463 PSA_ASSERT(psa_hash_update(&target_operation, 2464 input->x, input->len)); 2465 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2466 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2467 2468 PSA_ASSERT(psa_hash_finish(&target_operation, 2469 output, PSA_HASH_LENGTH(alg), 2470 &output_length)); 2471 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 3); 2472 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2473 2474 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2475 } 2476 2477exit: 2478 psa_hash_abort(&source_operation); 2479 psa_hash_abort(&target_operation); 2480 mbedtls_free(output); 2481 PSA_DONE(); 2482 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2483} 2484/* END_CASE */ 2485 2486/* BEGIN_CASE */ 2487void asymmetric_encrypt_decrypt(int alg_arg, 2488 data_t *key_data, 2489 data_t *input_data, 2490 data_t *label, 2491 data_t *fake_output_encrypt, 2492 data_t *fake_output_decrypt, 2493 int forced_status_encrypt_arg, 2494 int forced_status_decrypt_arg, 2495 int expected_status_encrypt_arg, 2496 int expected_status_decrypt_arg) 2497{ 2498 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2499 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 2500 psa_algorithm_t alg = alg_arg; 2501 size_t key_bits; 2502 unsigned char *output = NULL; 2503 size_t output_size; 2504 size_t output_length = ~0; 2505 unsigned char *output2 = NULL; 2506 size_t output2_size; 2507 size_t output2_length = ~0; 2508 psa_status_t forced_status_encrypt = forced_status_encrypt_arg; 2509 psa_status_t forced_status_decrypt = forced_status_decrypt_arg; 2510 psa_status_t expected_status_encrypt = expected_status_encrypt_arg; 2511 psa_status_t expected_status_decrypt = expected_status_decrypt_arg; 2512 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2513 2514 PSA_ASSERT(psa_crypto_init()); 2515 mbedtls_test_driver_asymmetric_encryption_hooks = 2516 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2517 2518 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 2519 psa_set_key_algorithm(&attributes, alg); 2520 psa_set_key_type(&attributes, key_type); 2521 2522 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2523 &key)); 2524 2525 /* Determine the maximum ciphertext length */ 2526 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2527 key_bits = psa_get_key_bits(&attributes); 2528 2529 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2530 forced_status_encrypt; 2531 if (fake_output_encrypt->len > 0) { 2532 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2533 fake_output_encrypt->x; 2534 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2535 fake_output_encrypt->len; 2536 output_size = fake_output_encrypt->len; 2537 TEST_CALLOC(output, output_size); 2538 } else { 2539 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 2540 TEST_ASSERT(output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); 2541 TEST_CALLOC(output, output_size); 2542 } 2543 2544 /* We test encryption by checking that encrypt-then-decrypt gives back 2545 * the original plaintext because of the non-optional random 2546 * part of encryption process which prevents using fixed vectors. */ 2547 TEST_EQUAL(psa_asymmetric_encrypt(key, alg, 2548 input_data->x, input_data->len, 2549 label->x, label->len, 2550 output, output_size, 2551 &output_length), expected_status_encrypt); 2552 /* We don't know what ciphertext length to expect, but check that 2553 * it looks sensible. */ 2554 TEST_ASSERT(output_length <= output_size); 2555 2556 if (expected_status_encrypt == PSA_SUCCESS) { 2557 if (fake_output_encrypt->len > 0) { 2558 TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, 2559 output, output_length); 2560 } else { 2561 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2562 forced_status_decrypt; 2563 if (fake_output_decrypt->len > 0) { 2564 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2565 fake_output_decrypt->x; 2566 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2567 fake_output_decrypt->len; 2568 output2_size = fake_output_decrypt->len; 2569 TEST_CALLOC(output2, output2_size); 2570 } else { 2571 output2_size = input_data->len; 2572 TEST_ASSERT(output2_size <= 2573 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); 2574 TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); 2575 TEST_CALLOC(output2, output2_size); 2576 } 2577 2578 TEST_EQUAL(psa_asymmetric_decrypt(key, alg, 2579 output, output_length, 2580 label->x, label->len, 2581 output2, output2_size, 2582 &output2_length), expected_status_decrypt); 2583 if (expected_status_decrypt == PSA_SUCCESS) { 2584 if (fake_output_decrypt->len > 0) { 2585 TEST_MEMORY_COMPARE(fake_output_decrypt->x, fake_output_decrypt->len, 2586 output2, output2_length); 2587 } else { 2588 TEST_MEMORY_COMPARE(input_data->x, input_data->len, 2589 output2, output2_length); 2590 } 2591 } 2592 } 2593 } 2594 2595exit: 2596 /* 2597 * Key attributes may have been returned by psa_get_key_attributes() 2598 * thus reset them as required. 2599 */ 2600 psa_reset_key_attributes(&attributes); 2601 2602 psa_destroy_key(key); 2603 mbedtls_free(output); 2604 mbedtls_free(output2); 2605 PSA_DONE(); 2606} 2607/* END_CASE */ 2608 2609/* BEGIN_CASE */ 2610void asymmetric_decrypt(int alg_arg, 2611 data_t *key_data, 2612 data_t *input_data, 2613 data_t *label, 2614 data_t *expected_output_data, 2615 data_t *fake_output_decrypt, 2616 int forced_status_decrypt_arg, 2617 int expected_status_decrypt_arg) 2618{ 2619 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2620 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 2621 psa_algorithm_t alg = alg_arg; 2622 unsigned char *output = NULL; 2623 size_t output_size; 2624 size_t output_length = ~0; 2625 psa_status_t forced_status_decrypt = forced_status_decrypt_arg; 2626 psa_status_t expected_status_decrypt = expected_status_decrypt_arg; 2627 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2628 2629 PSA_ASSERT(psa_crypto_init()); 2630 mbedtls_test_driver_asymmetric_encryption_hooks = 2631 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2632 2633 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 2634 psa_set_key_algorithm(&attributes, alg); 2635 psa_set_key_type(&attributes, key_type); 2636 2637 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2638 &key)); 2639 2640 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2641 forced_status_decrypt; 2642 2643 if (fake_output_decrypt->len > 0) { 2644 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2645 fake_output_decrypt->x; 2646 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2647 fake_output_decrypt->len; 2648 output_size = fake_output_decrypt->len; 2649 TEST_CALLOC(output, output_size); 2650 } else { 2651 output_size = expected_output_data->len; 2652 TEST_CALLOC(output, expected_output_data->len); 2653 } 2654 2655 TEST_EQUAL(psa_asymmetric_decrypt(key, alg, 2656 input_data->x, input_data->len, 2657 label->x, label->len, 2658 output, output_size, 2659 &output_length), expected_status_decrypt); 2660 if (expected_status_decrypt == PSA_SUCCESS) { 2661 TEST_EQUAL(output_length, expected_output_data->len); 2662 TEST_MEMORY_COMPARE(expected_output_data->x, expected_output_data->len, 2663 output, output_length); 2664 } 2665exit: 2666 /* 2667 * Key attributes may have been returned by psa_get_key_attributes() 2668 * thus reset them as required. 2669 */ 2670 psa_reset_key_attributes(&attributes); 2671 2672 psa_destroy_key(key); 2673 mbedtls_free(output); 2674 PSA_DONE(); 2675} 2676/* END_CASE */ 2677 2678/* BEGIN_CASE */ 2679void asymmetric_encrypt(int alg_arg, 2680 data_t *key_data, 2681 data_t *modulus, 2682 data_t *private_exponent, 2683 data_t *input_data, 2684 data_t *label, 2685 data_t *fake_output_encrypt, 2686 int forced_status_encrypt_arg, 2687 int expected_status_encrypt_arg) 2688{ 2689 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2690 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_PUBLIC_KEY; 2691 psa_algorithm_t alg = alg_arg; 2692 unsigned char *output = NULL; 2693 size_t output_size; 2694 size_t output_length = ~0; 2695 psa_status_t forced_status_encrypt = forced_status_encrypt_arg; 2696 psa_status_t expected_status_encrypt = expected_status_encrypt_arg; 2697 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2698 2699 PSA_ASSERT(psa_crypto_init()); 2700 mbedtls_test_driver_asymmetric_encryption_hooks = 2701 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2702 2703 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 2704 psa_set_key_algorithm(&attributes, alg); 2705 psa_set_key_type(&attributes, key_type); 2706 2707 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2708 &key)); 2709 2710 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2711 size_t key_bits = psa_get_key_bits(&attributes); 2712 2713 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2714 forced_status_encrypt; 2715 2716 if (fake_output_encrypt->len > 0) { 2717 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2718 fake_output_encrypt->x; 2719 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2720 fake_output_encrypt->len; 2721 output_size = fake_output_encrypt->len; 2722 TEST_CALLOC(output, output_size); 2723 } else { 2724 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 2725 TEST_CALLOC(output, output_size); 2726 } 2727 2728 TEST_EQUAL(psa_asymmetric_encrypt(key, alg, 2729 input_data->x, input_data->len, 2730 label->x, label->len, 2731 output, output_size, 2732 &output_length), expected_status_encrypt); 2733 if (expected_status_encrypt == PSA_SUCCESS) { 2734 if (fake_output_encrypt->len > 0) { 2735 TEST_EQUAL(fake_output_encrypt->len, output_length); 2736 TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, 2737 output, output_length); 2738 } else { 2739 /* Perform sanity checks on the output */ 2740#if PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2741 if (PSA_KEY_TYPE_IS_RSA(key_type)) { 2742 if (!sanity_check_rsa_encryption_result( 2743 alg, modulus, private_exponent, 2744 input_data, 2745 output, output_length)) { 2746 goto exit; 2747 } 2748 } else 2749#endif 2750 { 2751 (void) modulus; 2752 (void) private_exponent; 2753 TEST_FAIL("Encryption sanity checks not implemented for this key type"); 2754 } 2755 } 2756 } 2757exit: 2758 /* 2759 * Key attributes may have been returned by psa_get_key_attributes() 2760 * thus reset them as required. 2761 */ 2762 psa_reset_key_attributes(&attributes); 2763 2764 psa_destroy_key(key); 2765 mbedtls_free(output); 2766 PSA_DONE(); 2767} 2768/* END_CASE */ 2769 2770/* BEGIN_CASE */ 2771void aead_encrypt_setup(int key_type_arg, data_t *key_data, 2772 int alg_arg, 2773 data_t *nonce, 2774 data_t *additional_data, 2775 data_t *input_data, 2776 data_t *expected_ciphertext, 2777 data_t *expected_tag, 2778 int forced_status_arg, 2779 int expected_status_arg) 2780{ 2781 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2782 psa_key_type_t key_type = key_type_arg; 2783 psa_algorithm_t alg = alg_arg; 2784 size_t key_bits; 2785 psa_status_t forced_status = forced_status_arg; 2786 psa_status_t expected_status = expected_status_arg; 2787 uint8_t *output_data = NULL; 2788 size_t output_size = 0; 2789 size_t output_length = 0; 2790 size_t finish_output_length = 0; 2791 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2792 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2793 size_t tag_length = 0; 2794 uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 2795 2796 psa_aead_operation_t operation = psa_aead_operation_init(); 2797 2798 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2799 2800 PSA_INIT(); 2801 2802 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 2803 2804 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 2805 psa_set_key_algorithm(&attributes, alg); 2806 psa_set_key_type(&attributes, key_type); 2807 2808 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2809 &key)); 2810 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2811 key_bits = psa_get_key_bits(&attributes); 2812 2813 output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 2814 alg); 2815 2816 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 2817 * should be exact. */ 2818 TEST_EQUAL(output_size, 2819 PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 2820 TEST_ASSERT(output_size <= 2821 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 2822 TEST_CALLOC(output_data, output_size); 2823 2824 status = psa_aead_encrypt_setup(&operation, key, alg); 2825 2826 TEST_EQUAL(status, expected_status); 2827 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt_setup, 1); 2828 2829 if (status == PSA_SUCCESS) { 2830 /* Set the nonce. */ 2831 PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 2832 2833 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, 2834 forced_status == PSA_SUCCESS ? 1 : 0); 2835 2836 /* Check hooks hits and 2837 * set length (additional data and data to encrypt) */ 2838 PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 2839 input_data->len)); 2840 2841 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, 2842 forced_status == PSA_SUCCESS ? 1 : 0); 2843 2844 /* Pass the additional data */ 2845 PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 2846 additional_data->len)); 2847 2848 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, 2849 forced_status == PSA_SUCCESS ? 1 : 0); 2850 2851 /* Pass the data to encrypt */ 2852 PSA_ASSERT(psa_aead_update(&operation, input_data->x, input_data->len, 2853 output_data, output_size, &output_length)); 2854 2855 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, 2856 forced_status == PSA_SUCCESS ? 1 : 0); 2857 2858 /* Finish the encryption operation */ 2859 PSA_ASSERT(psa_aead_finish(&operation, output_data + output_length, 2860 output_size - output_length, 2861 &finish_output_length, tag_buffer, 2862 PSA_AEAD_TAG_MAX_SIZE, &tag_length)); 2863 2864 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 2865 forced_status == PSA_SUCCESS ? 1 : 0); 2866 2867 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, 2868 forced_status == PSA_SUCCESS ? 1 : 0); 2869 2870 /* Compare output_data and expected_ciphertext */ 2871 TEST_MEMORY_COMPARE(expected_ciphertext->x, expected_ciphertext->len, 2872 output_data, output_length + finish_output_length); 2873 2874 /* Compare tag and expected_tag */ 2875 TEST_MEMORY_COMPARE(expected_tag->x, expected_tag->len, tag_buffer, tag_length); 2876 } 2877 2878exit: 2879 /* Cleanup */ 2880 PSA_ASSERT(psa_destroy_key(key)); 2881 mbedtls_free(output_data); 2882 PSA_DONE(); 2883 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2884} 2885/* END_CASE */ 2886 2887/* BEGIN_CASE */ 2888void aead_decrypt_setup(int key_type_arg, data_t *key_data, 2889 int alg_arg, 2890 data_t *nonce, 2891 data_t *additional_data, 2892 data_t *input_ciphertext, 2893 data_t *input_tag, 2894 data_t *expected_result, 2895 int forced_status_arg, 2896 int expected_status_arg) 2897{ 2898 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2899 psa_key_type_t key_type = key_type_arg; 2900 psa_algorithm_t alg = alg_arg; 2901 unsigned char *output_data = NULL; 2902 size_t output_size = 0; 2903 size_t output_length = 0; 2904 size_t verify_output_length = 0; 2905 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2906 psa_status_t forced_status = forced_status_arg; 2907 psa_status_t expected_status = expected_status_arg; 2908 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2909 2910 psa_aead_operation_t operation = psa_aead_operation_init(); 2911 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2912 2913 PSA_INIT(); 2914 2915 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 2916 psa_set_key_algorithm(&attributes, alg); 2917 psa_set_key_type(&attributes, key_type); 2918 2919 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2920 &key)); 2921 2922 output_size = input_ciphertext->len; 2923 2924 TEST_CALLOC(output_data, output_size); 2925 2926 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 2927 2928 status = psa_aead_decrypt_setup(&operation, key, alg); 2929 2930 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 2931 PSA_SUCCESS : forced_status); 2932 2933 TEST_EQUAL(status, expected_status); 2934 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt_setup, 1); 2935 2936 if (status == PSA_SUCCESS) { 2937 PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 2938 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, 2939 forced_status == PSA_SUCCESS ? 1 : 0); 2940 2941 PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 2942 input_ciphertext->len)); 2943 2944 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, 2945 forced_status == PSA_SUCCESS ? 1 : 0); 2946 2947 PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 2948 additional_data->len)); 2949 2950 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, 2951 forced_status == PSA_SUCCESS ? 1 : 0); 2952 2953 PSA_ASSERT(psa_aead_update(&operation, input_ciphertext->x, 2954 input_ciphertext->len, output_data, 2955 output_size, &output_length)); 2956 2957 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, 2958 forced_status == PSA_SUCCESS ? 1 : 0); 2959 2960 /* Offset applied to output_data in order to handle cases where verify() 2961 * outputs further data */ 2962 PSA_ASSERT(psa_aead_verify(&operation, output_data + output_length, 2963 output_size - output_length, 2964 &verify_output_length, input_tag->x, 2965 input_tag->len)); 2966 2967 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_verify, 2968 forced_status == PSA_SUCCESS ? 1 : 0); 2969 2970 /* Since this is a decryption operation, 2971 * finish should never be hit */ 2972 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 0); 2973 2974 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, 2975 forced_status == PSA_SUCCESS ? 1 : 0); 2976 2977 TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, 2978 output_data, output_length + verify_output_length); 2979 } 2980 2981exit: 2982 PSA_ASSERT(psa_destroy_key(key)); 2983 mbedtls_free(output_data); 2984 PSA_DONE(); 2985} 2986/* END_CASE */ 2987 2988/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 2989void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, 2990 data_t *forced_output, int expected_status_arg, 2991 int fut) 2992{ 2993 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2994 psa_status_t forced_status = forced_status_arg; 2995 psa_status_t forced_status_setup = forced_status_setup_arg; 2996 psa_status_t expected_status = expected_status_arg; 2997 psa_pake_operation_t operation = psa_pake_operation_init(); 2998 psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 2999 psa_key_derivation_operation_t implicit_key = 3000 PSA_KEY_DERIVATION_OPERATION_INIT; 3001 psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( 3002 PSA_PAKE_PRIMITIVE_TYPE_ECC, 3003 PSA_ECC_FAMILY_SECP_R1, 256); 3004 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3005 unsigned char *input_buffer = NULL; 3006 const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3007 PSA_PAKE_STEP_KEY_SHARE); 3008 unsigned char *output_buffer = NULL; 3009 size_t output_len = 0; 3010 size_t output_size = PSA_PAKE_OUTPUT_SIZE(PSA_ALG_JPAKE, primitive, 3011 PSA_PAKE_STEP_KEY_SHARE); 3012 int in_driver = (forced_status_setup_arg == PSA_SUCCESS); 3013 3014 TEST_CALLOC(input_buffer, 3015 PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3016 PSA_PAKE_STEP_KEY_SHARE)); 3017 memset(input_buffer, 0xAA, size_key_share); 3018 3019 TEST_CALLOC(output_buffer, 3020 PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3021 PSA_PAKE_STEP_KEY_SHARE)); 3022 memset(output_buffer, 0x55, output_size); 3023 3024 PSA_INIT(); 3025 3026 mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); 3027 3028 if (pw_data->len > 0) { 3029 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 3030 psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); 3031 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 3032 PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 3033 &key)); 3034 } 3035 3036 psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); 3037 psa_pake_cs_set_primitive(&cipher_suite, primitive); 3038 psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); 3039 3040 mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; 3041 3042 /* Collecting input stage (no driver entry points) */ 3043 3044 TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), 3045 PSA_SUCCESS); 3046 3047 PSA_ASSERT(psa_pake_set_user(&operation, jpake_server_id, sizeof(jpake_server_id))); 3048 PSA_ASSERT(psa_pake_set_peer(&operation, jpake_client_id, sizeof(jpake_client_id))); 3049 3050 TEST_EQUAL(psa_pake_set_password_key(&operation, key), 3051 PSA_SUCCESS); 3052 3053 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3054 3055 /* Computation stage (driver entry points) */ 3056 3057 switch (fut) { 3058 case 0: /* setup (via input) */ 3059 /* --- psa_pake_input (driver: setup, input) --- */ 3060 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3061 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3062 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3063 input_buffer, size_key_share), 3064 expected_status); 3065 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3066 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3067 break; 3068 3069 case 1: /* setup (via output) */ 3070 /* --- psa_pake_output (driver: setup, output) --- */ 3071 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3072 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3073 TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 3074 output_buffer, output_size, &output_len), 3075 expected_status); 3076 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3077 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3078 break; 3079 3080 case 2: /* input */ 3081 /* --- psa_pake_input (driver: setup, input, abort) --- */ 3082 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3083 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3084 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3085 input_buffer, size_key_share), 3086 expected_status); 3087 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); 3088 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3089 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.input, in_driver ? 1 : 0); 3090 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); 3091 break; 3092 3093 case 3: /* output */ 3094 /* --- psa_pake_output (driver: setup, output, (abort)) --- */ 3095 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3096 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3097 if (forced_output->len > 0) { 3098 mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; 3099 mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; 3100 } 3101 TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 3102 output_buffer, output_size, &output_len), 3103 expected_status); 3104 3105 if (forced_output->len > 0) { 3106 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 2 : 1); 3107 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3108 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); 3109 TEST_EQUAL(output_len, forced_output->len); 3110 TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); 3111 } else { 3112 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); 3113 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3114 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); 3115 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); 3116 } 3117 break; 3118 3119 case 4: /* get_implicit_key */ 3120 /* Call driver setup indirectly */ 3121 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3122 input_buffer, size_key_share), 3123 PSA_SUCCESS); 3124 3125 /* Simulate that we are ready to get implicit key. */ 3126 operation.computation_stage.jpake.round = PSA_JPAKE_FINISHED; 3127 operation.computation_stage.jpake.inputs = 0; 3128 operation.computation_stage.jpake.outputs = 0; 3129 operation.computation_stage.jpake.step = PSA_PAKE_STEP_KEY_SHARE; 3130 3131 /* --- psa_pake_get_implicit_key --- */ 3132 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3133 memset(&mbedtls_test_driver_pake_hooks.hits, 0, 3134 sizeof(mbedtls_test_driver_pake_hooks.hits)); 3135 TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), 3136 expected_status); 3137 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 2); 3138 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.implicit_key, 1); 3139 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); 3140 3141 break; 3142 3143 case 5: /* abort */ 3144 /* Call driver setup indirectly */ 3145 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3146 input_buffer, size_key_share), 3147 PSA_SUCCESS); 3148 3149 /* --- psa_pake_abort --- */ 3150 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3151 memset(&mbedtls_test_driver_pake_hooks.hits, 0, 3152 sizeof(mbedtls_test_driver_pake_hooks.hits)); 3153 TEST_EQUAL(psa_pake_abort(&operation), expected_status); 3154 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3155 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); 3156 break; 3157 3158 default: 3159 break; 3160 } 3161 3162 /* Clean up */ 3163 mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_SUCCESS; 3164 mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; 3165 TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS); 3166exit: 3167 /* 3168 * Key attributes may have been returned by psa_get_key_attributes() 3169 * thus reset them as required. 3170 */ 3171 psa_reset_key_attributes(&attributes); 3172 mbedtls_free(input_buffer); 3173 mbedtls_free(output_buffer); 3174 psa_destroy_key(key); 3175 mbedtls_test_driver_pake_hooks = 3176 mbedtls_test_driver_pake_hooks_init(); 3177 PSA_DONE(); 3178} 3179/* END_CASE */ 3180 3181/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ 3182void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, 3183 int derive_alg_arg, data_t *pw_data, 3184 int client_input_first, int in_driver) 3185{ 3186 psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 3187 psa_pake_operation_t server = psa_pake_operation_init(); 3188 psa_pake_operation_t client = psa_pake_operation_init(); 3189 psa_algorithm_t alg = alg_arg; 3190 psa_algorithm_t hash_alg = hash_arg; 3191 psa_algorithm_t derive_alg = derive_alg_arg; 3192 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3193 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3194 psa_key_derivation_operation_t server_derive = 3195 PSA_KEY_DERIVATION_OPERATION_INIT; 3196 psa_key_derivation_operation_t client_derive = 3197 PSA_KEY_DERIVATION_OPERATION_INIT; 3198 pake_in_driver = in_driver; 3199 /* driver setup is called indirectly through pake_output/pake_input */ 3200 if (pake_in_driver) { 3201 pake_expected_hit_count = 2; 3202 } else { 3203 pake_expected_hit_count = 1; 3204 } 3205 3206 PSA_INIT(); 3207 3208 mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); 3209 3210 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 3211 psa_set_key_algorithm(&attributes, alg); 3212 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 3213 PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 3214 &key)); 3215 3216 psa_pake_cs_set_algorithm(&cipher_suite, alg); 3217 psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); 3218 psa_pake_cs_set_hash(&cipher_suite, hash_alg); 3219 3220 /* Get shared key */ 3221 PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg)); 3222 PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg)); 3223 3224 if (PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) { 3225 PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive, 3226 PSA_KEY_DERIVATION_INPUT_SEED, 3227 (const uint8_t *) "", 0)); 3228 PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive, 3229 PSA_KEY_DERIVATION_INPUT_SEED, 3230 (const uint8_t *) "", 0)); 3231 } 3232 3233 if (!pake_in_driver) { 3234 mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_ERROR_NOT_SUPPORTED; 3235 } 3236 3237 PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); 3238 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3239 PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); 3240 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3241 3242 3243 PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); 3244 PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); 3245 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3246 PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); 3247 PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); 3248 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3249 PSA_ASSERT(psa_pake_set_password_key(&server, key)); 3250 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3251 PSA_ASSERT(psa_pake_set_password_key(&client, key)); 3252 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3253 3254 /* First round */ 3255 ecjpake_do_round(alg, primitive_arg, &server, &client, 3256 client_input_first, 1); 3257 3258 /* Second round */ 3259 ecjpake_do_round(alg, primitive_arg, &server, &client, 3260 client_input_first, 2); 3261 3262 /* After the key is obtained operation is aborted. 3263 Adapt counter of expected hits. */ 3264 if (pake_in_driver) { 3265 pake_expected_hit_count++; 3266 } 3267 3268 PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); 3269 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 3270 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 3271 3272 /* After the key is obtained operation is aborted. 3273 Adapt counter of expected hits. */ 3274 if (pake_in_driver) { 3275 pake_expected_hit_count++; 3276 } 3277 3278 PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); 3279 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 3280 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 3281exit: 3282 psa_key_derivation_abort(&server_derive); 3283 psa_key_derivation_abort(&client_derive); 3284 psa_destroy_key(key); 3285 psa_pake_abort(&server); 3286 psa_pake_abort(&client); 3287 PSA_DONE(); 3288} 3289/* END_CASE */ 3290