1/* BEGIN_HEADER */ 2/* Test macros that provide metadata about algorithms and key types. 3 * This test suite only contains tests that don't require executing 4 * code. Other test suites validate macros that require creating a key 5 * and using it. */ 6 7#if defined(MBEDTLS_PSA_CRYPTO_SPM) 8#include "spm/psa_defs.h" 9#endif 10 11#include "psa/crypto.h" 12#include "psa_crypto_invasive.h" 13 14/* Flags for algorithm classification macros. There is a flag for every 15 * algorithm classification macro PSA_ALG_IS_xxx except for the 16 * category test macros, which are hard-coded in each 17 * category-specific function. The name of the flag is the name of the 18 * classification macro without the PSA_ prefix. */ 19#define ALG_IS_VENDOR_DEFINED (1u << 0) 20#define ALG_IS_HMAC (1u << 1) 21#define ALG_IS_BLOCK_CIPHER_MAC (1u << 2) 22#define ALG_IS_STREAM_CIPHER (1u << 3) 23#define ALG_IS_RSA_PKCS1V15_SIGN (1u << 4) 24#define ALG_IS_RSA_PSS (1u << 5) 25#define ALG_IS_RSA_PSS_ANY_SALT (1u << 6) 26#define ALG_IS_RSA_PSS_STANDARD_SALT (1u << 7) 27#define ALG_IS_DSA (1u << 8) 28#define ALG_DSA_IS_DETERMINISTIC (1u << 9) 29#define ALG_IS_DETERMINISTIC_DSA (1u << 10) 30#define ALG_IS_RANDOMIZED_DSA (1u << 11) 31#define ALG_IS_ECDSA (1u << 12) 32#define ALG_ECDSA_IS_DETERMINISTIC (1u << 13) 33#define ALG_IS_DETERMINISTIC_ECDSA (1u << 14) 34#define ALG_IS_RANDOMIZED_ECDSA (1u << 15) 35#define ALG_IS_HASH_EDDSA (1u << 16) 36#define ALG_IS_SIGN_HASH (1u << 17) 37#define ALG_IS_HASH_AND_SIGN (1u << 18) 38#define ALG_IS_RSA_OAEP (1u << 19) 39#define ALG_IS_HKDF (1u << 20) 40#define ALG_IS_HKDF_EXTRACT (1u << 21) 41#define ALG_IS_HKDF_EXPAND (1u << 22) 42#define ALG_IS_FFDH (1u << 23) 43#define ALG_IS_ECDH (1u << 24) 44#define ALG_IS_WILDCARD (1u << 25) 45#define ALG_IS_RAW_KEY_AGREEMENT (1u << 26) 46#define ALG_IS_AEAD_ON_BLOCK_CIPHER (1u << 27) 47#define ALG_IS_TLS12_PRF (1u << 28) 48#define ALG_IS_TLS12_PSK_TO_MS (1u << 29) 49#define ALG_FLAG_MASK_PLUS_ONE (1u << 30) /* must be last! */ 50 51/* Flags for key type classification macros. There is a flag for every 52 * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that 53 * are tested as derived from other macros. The name of the flag is 54 * the name of the classification macro without the PSA_ prefix. */ 55#define KEY_TYPE_IS_VENDOR_DEFINED (1u << 0) 56#define KEY_TYPE_IS_UNSTRUCTURED (1u << 1) 57#define KEY_TYPE_IS_PUBLIC_KEY (1u << 2) 58#define KEY_TYPE_IS_KEY_PAIR (1u << 3) 59#define KEY_TYPE_IS_RSA (1u << 4) 60#define KEY_TYPE_IS_DSA (1u << 5) 61#define KEY_TYPE_IS_ECC (1u << 6) 62#define KEY_TYPE_IS_DH (1u << 7) 63#define KEY_TYPE_FLAG_MASK_PLUS_ONE (1u << 8) /* must be last! */ 64 65/* Flags for lifetime classification macros. There is a flag for every 66 * lifetime classification macro PSA_KEY_LIFETIME_IS_xxx. The name of the 67 * flag is the name of the classification macro without the PSA_ prefix. */ 68#define KEY_LIFETIME_IS_VOLATILE (1u << 0) 69#define KEY_LIFETIME_IS_READ_ONLY (1u << 1) 70#define KEY_LIFETIME_FLAG_MASK_PLUS_ONE (1u << 2) /* must be last! */ 71 72/* Check that in the value of flags, the bit flag (which should be a macro 73 * expanding to a number of the form 1 << k) is set if and only if 74 * PSA_##flag(alg) is true. 75 * 76 * Only perform this check if cond is true. Typically cond is 1, but it can 77 * be different if the value of the flag bit is only specified under specific 78 * conditions. 79 * 80 * Unconditionally mask flag into the ambient variable 81 * classification_flags_tested. 82 */ 83#define TEST_CLASSIFICATION_MACRO(cond, flag, alg, flags) \ 84 do \ 85 { \ 86 if (cond) \ 87 { \ 88 if ((flags) & (flag)) \ 89 TEST_ASSERT(PSA_##flag(alg)); \ 90 else \ 91 TEST_ASSERT(!PSA_##flag(alg)); \ 92 } \ 93 classification_flags_tested |= (flag); \ 94 } \ 95 while (0) 96 97/* Check the parity of value. 98 * 99 * There are several numerical encodings for which the PSA Cryptography API 100 * specification deliberately defines encodings that all have the same 101 * parity. This way, a data glitch that flips one bit in the data cannot 102 * possibly turn a valid encoding into another valid encoding. Here in 103 * the tests, we check that the values (including Mbed TLS vendor-specific 104 * values) have the expected parity. 105 * 106 * The expected parity is even so that 0 is considered a valid encoding. 107 * 108 * Return a nonzero value if value has even parity and 0 otherwise. */ 109int has_even_parity(uint32_t value) 110{ 111 value ^= value >> 16; 112 value ^= value >> 8; 113 value ^= value >> 4; 114 return 0x9669 & 1 << (value & 0xf); 115} 116#define TEST_PARITY(value) \ 117 TEST_ASSERT(has_even_parity(value)) 118 119void algorithm_classification(psa_algorithm_t alg, unsigned flags) 120{ 121 unsigned classification_flags_tested = 0; 122 TEST_CLASSIFICATION_MACRO(1, ALG_IS_VENDOR_DEFINED, alg, flags); 123 TEST_CLASSIFICATION_MACRO(1, ALG_IS_HMAC, alg, flags); 124 TEST_CLASSIFICATION_MACRO(1, ALG_IS_BLOCK_CIPHER_MAC, alg, flags); 125 TEST_CLASSIFICATION_MACRO(1, ALG_IS_STREAM_CIPHER, alg, flags); 126 TEST_CLASSIFICATION_MACRO(1, ALG_IS_RSA_PKCS1V15_SIGN, alg, flags); 127 TEST_CLASSIFICATION_MACRO(1, ALG_IS_RSA_PSS, alg, flags); 128 TEST_CLASSIFICATION_MACRO(1, ALG_IS_RSA_PSS_ANY_SALT, alg, flags); 129 TEST_CLASSIFICATION_MACRO(1, ALG_IS_RSA_PSS_STANDARD_SALT, alg, flags); 130 TEST_CLASSIFICATION_MACRO(1, ALG_IS_DSA, alg, flags); 131 TEST_CLASSIFICATION_MACRO(PSA_ALG_IS_DSA(alg), 132 ALG_DSA_IS_DETERMINISTIC, alg, flags); 133 TEST_CLASSIFICATION_MACRO(1, ALG_IS_DETERMINISTIC_DSA, alg, flags); 134 TEST_CLASSIFICATION_MACRO(1, ALG_IS_RANDOMIZED_DSA, alg, flags); 135 TEST_CLASSIFICATION_MACRO(1, ALG_IS_ECDSA, alg, flags); 136 TEST_CLASSIFICATION_MACRO(PSA_ALG_IS_ECDSA(alg), 137 ALG_ECDSA_IS_DETERMINISTIC, alg, flags); 138 TEST_CLASSIFICATION_MACRO(1, ALG_IS_DETERMINISTIC_ECDSA, alg, flags); 139 TEST_CLASSIFICATION_MACRO(1, ALG_IS_RANDOMIZED_ECDSA, alg, flags); 140 TEST_CLASSIFICATION_MACRO(1, ALG_IS_HASH_EDDSA, alg, flags); 141 TEST_CLASSIFICATION_MACRO(1, ALG_IS_SIGN_HASH, alg, flags); 142 TEST_CLASSIFICATION_MACRO(1, ALG_IS_HASH_AND_SIGN, alg, flags); 143 TEST_CLASSIFICATION_MACRO(1, ALG_IS_RSA_OAEP, alg, flags); 144 TEST_CLASSIFICATION_MACRO(1, ALG_IS_HKDF, alg, flags); 145 TEST_CLASSIFICATION_MACRO(1, ALG_IS_HKDF_EXTRACT, alg, flags); 146 TEST_CLASSIFICATION_MACRO(1, ALG_IS_HKDF_EXPAND, alg, flags); 147 TEST_CLASSIFICATION_MACRO(1, ALG_IS_WILDCARD, alg, flags); 148 TEST_CLASSIFICATION_MACRO(1, ALG_IS_ECDH, alg, flags); 149 TEST_CLASSIFICATION_MACRO(1, ALG_IS_FFDH, alg, flags); 150 TEST_CLASSIFICATION_MACRO(1, ALG_IS_RAW_KEY_AGREEMENT, alg, flags); 151 TEST_CLASSIFICATION_MACRO(1, ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags); 152 TEST_CLASSIFICATION_MACRO(1, ALG_IS_TLS12_PRF, alg, flags); 153 TEST_CLASSIFICATION_MACRO(1, ALG_IS_TLS12_PSK_TO_MS, alg, flags); 154 TEST_EQUAL(classification_flags_tested, ALG_FLAG_MASK_PLUS_ONE - 1); 155exit:; 156} 157 158void key_type_classification(psa_key_type_t type, unsigned flags) 159{ 160 unsigned classification_flags_tested = 0; 161 162 /* Macros tested based on the test case parameter */ 163 TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_VENDOR_DEFINED, type, flags); 164 TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_UNSTRUCTURED, type, flags); 165 TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_PUBLIC_KEY, type, flags); 166 TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_KEY_PAIR, type, flags); 167 TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_RSA, type, flags); 168 TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_DSA, type, flags); 169 TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_ECC, type, flags); 170 TEST_CLASSIFICATION_MACRO(1, KEY_TYPE_IS_DH, type, flags); 171 TEST_EQUAL(classification_flags_tested, KEY_TYPE_FLAG_MASK_PLUS_ONE - 1); 172 173 /* Macros with derived semantics */ 174 TEST_EQUAL(PSA_KEY_TYPE_IS_ASYMMETRIC(type), 175 (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) || 176 PSA_KEY_TYPE_IS_KEY_PAIR(type))); 177 TEST_EQUAL(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type), 178 (PSA_KEY_TYPE_IS_ECC(type) && 179 PSA_KEY_TYPE_IS_KEY_PAIR(type))); 180 TEST_EQUAL(PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type), 181 (PSA_KEY_TYPE_IS_ECC(type) && 182 PSA_KEY_TYPE_IS_PUBLIC_KEY(type))); 183 TEST_EQUAL(PSA_KEY_TYPE_IS_DH_KEY_PAIR(type), 184 (PSA_KEY_TYPE_IS_DH(type) && 185 PSA_KEY_TYPE_IS_KEY_PAIR(type))); 186 TEST_EQUAL(PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type), 187 (PSA_KEY_TYPE_IS_DH(type) && 188 PSA_KEY_TYPE_IS_PUBLIC_KEY(type))); 189 190 TEST_PARITY(type); 191 192exit:; 193} 194 195void mac_algorithm_core(psa_algorithm_t alg, int classification_flags, 196 psa_key_type_t key_type, size_t key_bits, 197 size_t length) 198{ 199 /* Algorithm classification */ 200 TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); 201 TEST_ASSERT(PSA_ALG_IS_MAC(alg)); 202 TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg)); 203 TEST_ASSERT(!PSA_ALG_IS_AEAD(alg)); 204 TEST_ASSERT(!PSA_ALG_IS_SIGN(alg)); 205 TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)); 206 TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg)); 207 TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg)); 208 TEST_ASSERT(!PSA_ALG_IS_PAKE(alg)); 209 algorithm_classification(alg, classification_flags); 210 211 /* Length */ 212 TEST_EQUAL(length, PSA_MAC_LENGTH(key_type, key_bits, alg)); 213 214#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) 215 PSA_ASSERT(psa_mac_key_can_do(alg, key_type)); 216#endif 217 218exit:; 219} 220 221void aead_algorithm_core(psa_algorithm_t alg, int classification_flags, 222 psa_key_type_t key_type, size_t key_bits, 223 size_t tag_length) 224{ 225 /* Algorithm classification */ 226 TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); 227 TEST_ASSERT(!PSA_ALG_IS_MAC(alg)); 228 TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg)); 229 TEST_ASSERT(PSA_ALG_IS_AEAD(alg)); 230 TEST_ASSERT(!PSA_ALG_IS_SIGN(alg)); 231 TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)); 232 TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg)); 233 TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg)); 234 TEST_ASSERT(!PSA_ALG_IS_PAKE(alg)); 235 algorithm_classification(alg, classification_flags); 236 237 /* Tag length */ 238 TEST_EQUAL(tag_length, PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg)); 239 240exit:; 241} 242 243/* END_HEADER */ 244 245/* BEGIN_DEPENDENCIES 246 * depends_on:MBEDTLS_PSA_CRYPTO_CLIENT 247 * END_DEPENDENCIES 248 */ 249 250/* BEGIN_CASE */ 251void hash_algorithm(int alg_arg, int length_arg) 252{ 253 psa_algorithm_t alg = alg_arg; 254 size_t length = length_arg; 255 psa_algorithm_t hmac_alg = PSA_ALG_HMAC(alg); 256 psa_algorithm_t rsa_pkcs1v15_sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN(alg); 257 psa_algorithm_t rsa_pss_alg = PSA_ALG_RSA_PSS(alg); 258 psa_algorithm_t dsa_alg = PSA_ALG_DSA(alg); 259 psa_algorithm_t deterministic_dsa_alg = PSA_ALG_DETERMINISTIC_DSA(alg); 260 psa_algorithm_t ecdsa_alg = PSA_ALG_ECDSA(alg); 261 psa_algorithm_t deterministic_ecdsa_alg = PSA_ALG_DETERMINISTIC_ECDSA(alg); 262 psa_algorithm_t rsa_oaep_alg = PSA_ALG_RSA_OAEP(alg); 263 psa_algorithm_t hkdf_alg = PSA_ALG_HKDF(alg); 264 265 /* Algorithm classification */ 266 TEST_ASSERT(PSA_ALG_IS_HASH(alg)); 267 TEST_ASSERT(!PSA_ALG_IS_MAC(alg)); 268 TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg)); 269 TEST_ASSERT(!PSA_ALG_IS_AEAD(alg)); 270 TEST_ASSERT(!PSA_ALG_IS_SIGN(alg)); 271 TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)); 272 TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg)); 273 TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg)); 274 TEST_ASSERT(!PSA_ALG_IS_PAKE(alg)); 275 algorithm_classification(alg, 0); 276 277 /* Dependent algorithms */ 278 TEST_EQUAL(PSA_ALG_HMAC_GET_HASH(hmac_alg), alg); 279 TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(rsa_pkcs1v15_sign_alg), alg); 280 TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(rsa_pss_alg), alg); 281 TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(dsa_alg), alg); 282 TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(deterministic_dsa_alg), alg); 283 TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(ecdsa_alg), alg); 284 TEST_EQUAL(PSA_ALG_SIGN_GET_HASH(deterministic_ecdsa_alg), alg); 285 TEST_EQUAL(PSA_ALG_RSA_OAEP_GET_HASH(rsa_oaep_alg), alg); 286 TEST_EQUAL(PSA_ALG_HKDF_GET_HASH(hkdf_alg), alg); 287 288 /* Hash length */ 289 TEST_EQUAL(length, PSA_HASH_LENGTH(alg)); 290 TEST_ASSERT(length <= PSA_HASH_MAX_SIZE); 291} 292/* END_CASE */ 293 294/* BEGIN_CASE */ 295void mac_algorithm(int alg_arg, int classification_flags, 296 int length_arg, 297 int key_type_arg, int key_bits_arg) 298{ 299 psa_algorithm_t alg = alg_arg; 300 size_t length = length_arg; 301 size_t n; 302 size_t key_type = key_type_arg; 303 size_t key_bits = key_bits_arg; 304 305 mac_algorithm_core(alg, classification_flags, 306 key_type, key_bits, length); 307 TEST_EQUAL(PSA_ALG_FULL_LENGTH_MAC(alg), alg); 308 TEST_ASSERT(length <= PSA_MAC_MAX_SIZE); 309 310 /* Truncated versions */ 311 for (n = 1; n <= length; n++) { 312 psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC(alg, n); 313 mac_algorithm_core(truncated_alg, classification_flags, 314 key_type, key_bits, n); 315 TEST_EQUAL(PSA_ALG_FULL_LENGTH_MAC(truncated_alg), alg); 316 /* Check that calling PSA_ALG_TRUNCATED_MAC twice gives the length 317 * of the outer truncation (even if the outer length is smaller than 318 * the inner length). */ 319 TEST_EQUAL(PSA_ALG_TRUNCATED_MAC(truncated_alg, 1), 320 PSA_ALG_TRUNCATED_MAC(alg, 1)); 321 TEST_EQUAL(PSA_ALG_TRUNCATED_MAC(truncated_alg, length - 1), 322 PSA_ALG_TRUNCATED_MAC(alg, length - 1)); 323 TEST_EQUAL(PSA_ALG_TRUNCATED_MAC(truncated_alg, length), 324 PSA_ALG_TRUNCATED_MAC(alg, length)); 325 326 /* Check that calling PSA_ALG_TRUNCATED_MAC on an algorithm 327 * earlier constructed with PSA_ALG_AT_LEAST_THIS_LENGTH_MAC gives the 328 * length of the outer truncation (even if the outer length is smaller 329 * than the inner length). */ 330 TEST_EQUAL(PSA_ALG_TRUNCATED_MAC( 331 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(truncated_alg, n), 1), 332 PSA_ALG_TRUNCATED_MAC(alg, 1)); 333 TEST_EQUAL(PSA_ALG_TRUNCATED_MAC( 334 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(truncated_alg, n), length - 1), 335 PSA_ALG_TRUNCATED_MAC(alg, length - 1)); 336 TEST_EQUAL(PSA_ALG_TRUNCATED_MAC( 337 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(truncated_alg, n), length), 338 PSA_ALG_TRUNCATED_MAC(alg, length)); 339 } 340 341 /* At-leat-this-length versions */ 342 for (n = 1; n <= length; n++) { 343 psa_algorithm_t policy_alg = PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, n); 344 mac_algorithm_core(policy_alg, classification_flags | ALG_IS_WILDCARD, 345 key_type, key_bits, n); 346 TEST_EQUAL(PSA_ALG_FULL_LENGTH_MAC(policy_alg), alg); 347 /* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC twice gives the 348 * length of the outer truncation (even if the outer length is smaller 349 * than the inner length). */ 350 TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(policy_alg, 1), 351 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, 1)); 352 TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(policy_alg, length - 1), 353 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, length - 1)); 354 TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(policy_alg, length), 355 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, length)); 356 357 /* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC on an algorithm 358 * earlier constructed with PSA_ALG_TRUNCATED_MAC gives the length of 359 * the outer truncation (even if the outer length is smaller than the 360 * inner length). */ 361 TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( 362 PSA_ALG_TRUNCATED_MAC(policy_alg, n), 1), 363 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, 1)); 364 TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( 365 PSA_ALG_TRUNCATED_MAC(policy_alg, n), length - 1), 366 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, length - 1)); 367 TEST_EQUAL(PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( 368 PSA_ALG_TRUNCATED_MAC(policy_alg, n), length), 369 PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg, length)); 370 } 371} 372/* END_CASE */ 373 374/* BEGIN_CASE */ 375void hmac_algorithm(int alg_arg, 376 int length_arg, 377 int block_size_arg) 378{ 379 psa_algorithm_t alg = alg_arg; 380 psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH(alg); 381 size_t block_size = block_size_arg; 382 size_t length = length_arg; 383 size_t n; 384 385 TEST_ASSERT(PSA_ALG_IS_HASH(hash_alg)); 386 TEST_EQUAL(PSA_ALG_HMAC(hash_alg), alg); 387 388 TEST_ASSERT(block_size == PSA_HASH_BLOCK_LENGTH(alg)); 389 TEST_ASSERT(block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE); 390 391 test_mac_algorithm(alg_arg, ALG_IS_HMAC, length, 392 PSA_KEY_TYPE_HMAC, PSA_BYTES_TO_BITS(length)); 393 394 for (n = 1; n <= length; n++) { 395 psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC(alg, n); 396 TEST_EQUAL(PSA_ALG_HMAC_GET_HASH(truncated_alg), hash_alg); 397 } 398} 399/* END_CASE */ 400 401/* BEGIN_CASE */ 402void cipher_algorithm(int alg_arg, int classification_flags) 403{ 404 psa_algorithm_t alg = alg_arg; 405 406 /* Algorithm classification */ 407 TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); 408 TEST_ASSERT(!PSA_ALG_IS_MAC(alg)); 409 TEST_ASSERT(PSA_ALG_IS_CIPHER(alg)); 410 TEST_ASSERT(!PSA_ALG_IS_AEAD(alg)); 411 TEST_ASSERT(!PSA_ALG_IS_SIGN(alg)); 412 TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)); 413 TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg)); 414 TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg)); 415 TEST_ASSERT(!PSA_ALG_IS_PAKE(alg)); 416 algorithm_classification(alg, classification_flags); 417} 418/* END_CASE */ 419 420/* BEGIN_CASE */ 421void aead_algorithm(int alg_arg, int classification_flags, 422 int tag_length_arg, 423 int key_type_arg, int key_bits_arg) 424{ 425 psa_algorithm_t alg = alg_arg; 426 size_t tag_length = tag_length_arg; 427 size_t n; 428 psa_key_type_t key_type = key_type_arg; 429 size_t key_bits = key_bits_arg; 430 431 aead_algorithm_core(alg, classification_flags, 432 key_type, key_bits, tag_length); 433 434 /* Truncated versions */ 435 for (n = 1; n <= tag_length; n++) { 436 psa_algorithm_t truncated_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, n); 437 aead_algorithm_core(truncated_alg, classification_flags, 438 key_type, key_bits, n); 439 TEST_EQUAL(PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(truncated_alg), 440 alg); 441 /* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG twice gives 442 * the length of the outer truncation (even if the outer length is 443 * smaller than the inner length). */ 444 TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG(truncated_alg, 1), 445 PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 1)); 446 TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG(truncated_alg, tag_length - 1), 447 PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, tag_length - 1)); 448 TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG(truncated_alg, tag_length), 449 PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, tag_length)); 450 451 /* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG on an algorithm 452 * earlier constructed with PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG 453 * gives the length of the outer truncation (even if the outer length is 454 * smaller than the inner length). */ 455 TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG( 456 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(truncated_alg, n), 1), 457 PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 1)); 458 TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG( 459 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(truncated_alg, 460 n), tag_length - 1), 461 PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, tag_length - 1)); 462 TEST_EQUAL(PSA_ALG_AEAD_WITH_SHORTENED_TAG( 463 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(truncated_alg, n), tag_length), 464 PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, tag_length)); 465 } 466 467 /* At-leat-this-length versions */ 468 for (n = 1; n <= tag_length; n++) { 469 psa_algorithm_t policy_alg = PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, n); 470 aead_algorithm_core(policy_alg, classification_flags | ALG_IS_WILDCARD, 471 key_type, key_bits, n); 472 TEST_EQUAL(PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(policy_alg), 473 alg); 474 /* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG twice 475 * gives the length of the outer truncation (even if the outer length is 476 * smaller than the inner length). */ 477 TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(policy_alg, 1), 478 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, 1)); 479 TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(policy_alg, tag_length - 1), 480 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, tag_length - 1)); 481 TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(policy_alg, tag_length), 482 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, tag_length)); 483 484 /* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG on an 485 * algorithm earlier constructed with PSA_ALG_AEAD_WITH_SHORTENED_TAG 486 * gives the length of the outer truncation (even if the outer length is 487 * smaller than the inner length). */ 488 TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( 489 PSA_ALG_AEAD_WITH_SHORTENED_TAG(policy_alg, n), 1), 490 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, 1)); 491 TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( 492 PSA_ALG_AEAD_WITH_SHORTENED_TAG(policy_alg, n), tag_length - 1), 493 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, tag_length - 1)); 494 TEST_EQUAL(PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( 495 PSA_ALG_AEAD_WITH_SHORTENED_TAG(policy_alg, n), tag_length), 496 PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(alg, tag_length)); 497 } 498} 499/* END_CASE */ 500 501/* BEGIN_CASE */ 502void asymmetric_signature_algorithm(int alg_arg, int classification_flags) 503{ 504 psa_algorithm_t alg = alg_arg; 505 506 /* Algorithm classification */ 507 TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); 508 TEST_ASSERT(!PSA_ALG_IS_MAC(alg)); 509 TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg)); 510 TEST_ASSERT(!PSA_ALG_IS_AEAD(alg)); 511 TEST_ASSERT(PSA_ALG_IS_SIGN(alg)); 512 TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)); 513 TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg)); 514 TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg)); 515 TEST_ASSERT(!PSA_ALG_IS_PAKE(alg)); 516 algorithm_classification(alg, classification_flags); 517} 518/* END_CASE */ 519 520/* BEGIN_CASE */ 521void asymmetric_signature_wildcard(int alg_arg, int classification_flags) 522{ 523 classification_flags |= ALG_IS_WILDCARD; 524 classification_flags |= ALG_IS_SIGN_HASH; 525 classification_flags |= ALG_IS_HASH_AND_SIGN; 526 test_asymmetric_signature_algorithm(alg_arg, classification_flags); 527 /* Any failure of this test function comes from 528 * asymmetric_signature_algorithm. Pacify -Werror=unused-label. */ 529 goto exit; 530} 531/* END_CASE */ 532 533/* BEGIN_CASE */ 534void asymmetric_encryption_algorithm(int alg_arg, int classification_flags) 535{ 536 psa_algorithm_t alg = alg_arg; 537 538 /* Algorithm classification */ 539 TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); 540 TEST_ASSERT(!PSA_ALG_IS_MAC(alg)); 541 TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg)); 542 TEST_ASSERT(!PSA_ALG_IS_AEAD(alg)); 543 TEST_ASSERT(!PSA_ALG_IS_SIGN(alg)); 544 TEST_ASSERT(PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)); 545 TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg)); 546 TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg)); 547 TEST_ASSERT(!PSA_ALG_IS_PAKE(alg)); 548 algorithm_classification(alg, classification_flags); 549} 550/* END_CASE */ 551 552/* BEGIN_CASE */ 553void key_derivation_algorithm(int alg_arg, int classification_flags) 554{ 555 psa_algorithm_t alg = alg_arg; 556 psa_algorithm_t ecdh_alg = PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, alg); 557 psa_algorithm_t ffdh_alg = PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, alg); 558 559 /* Algorithm classification */ 560 TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); 561 TEST_ASSERT(!PSA_ALG_IS_MAC(alg)); 562 TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg)); 563 TEST_ASSERT(!PSA_ALG_IS_AEAD(alg)); 564 TEST_ASSERT(!PSA_ALG_IS_SIGN(alg)); 565 TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)); 566 TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg)); 567 TEST_ASSERT(PSA_ALG_IS_KEY_DERIVATION(alg)); 568 TEST_ASSERT(!PSA_ALG_IS_PAKE(alg)); 569 algorithm_classification(alg, classification_flags); 570 571 /* Check combinations with key agreements */ 572 TEST_ASSERT(PSA_ALG_IS_KEY_AGREEMENT(ecdh_alg)); 573 TEST_ASSERT(PSA_ALG_IS_KEY_AGREEMENT(ffdh_alg)); 574 TEST_EQUAL(PSA_ALG_KEY_AGREEMENT_GET_KDF(ecdh_alg), alg); 575 TEST_EQUAL(PSA_ALG_KEY_AGREEMENT_GET_KDF(ffdh_alg), alg); 576} 577/* END_CASE */ 578 579/* BEGIN_CASE */ 580void key_agreement_algorithm(int alg_arg, int classification_flags, 581 int ka_alg_arg, int kdf_alg_arg) 582{ 583 psa_algorithm_t alg = alg_arg; 584 psa_algorithm_t actual_ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(alg); 585 psa_algorithm_t expected_ka_alg = ka_alg_arg; 586 psa_algorithm_t actual_kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg); 587 psa_algorithm_t expected_kdf_alg = kdf_alg_arg; 588 589 /* Algorithm classification */ 590 TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); 591 TEST_ASSERT(!PSA_ALG_IS_MAC(alg)); 592 TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg)); 593 TEST_ASSERT(!PSA_ALG_IS_AEAD(alg)); 594 TEST_ASSERT(!PSA_ALG_IS_SIGN(alg)); 595 TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)); 596 TEST_ASSERT(PSA_ALG_IS_KEY_AGREEMENT(alg)); 597 TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg)); 598 TEST_ASSERT(!PSA_ALG_IS_PAKE(alg)); 599 algorithm_classification(alg, classification_flags); 600 601 /* Shared secret derivation properties */ 602 TEST_EQUAL(actual_ka_alg, expected_ka_alg); 603 TEST_EQUAL(actual_kdf_alg, expected_kdf_alg); 604} 605/* END_CASE */ 606 607/* BEGIN_CASE */ 608void pake_algorithm(int alg_arg) 609{ 610 psa_algorithm_t alg = alg_arg; 611 612 /* Algorithm classification */ 613 TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); 614 TEST_ASSERT(!PSA_ALG_IS_MAC(alg)); 615 TEST_ASSERT(!PSA_ALG_IS_CIPHER(alg)); 616 TEST_ASSERT(!PSA_ALG_IS_AEAD(alg)); 617 TEST_ASSERT(!PSA_ALG_IS_SIGN(alg)); 618 TEST_ASSERT(!PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)); 619 TEST_ASSERT(!PSA_ALG_IS_KEY_AGREEMENT(alg)); 620 TEST_ASSERT(!PSA_ALG_IS_KEY_DERIVATION(alg)); 621 TEST_ASSERT(PSA_ALG_IS_PAKE(alg)); 622} 623 624/* END_CASE */ 625/* BEGIN_CASE */ 626void key_type(int type_arg, int classification_flags) 627{ 628 psa_key_type_t type = type_arg; 629 630 key_type_classification(type, classification_flags); 631 632 /* For asymmetric types, check the corresponding pair/public type */ 633 if (classification_flags & KEY_TYPE_IS_PUBLIC_KEY) { 634 psa_key_type_t pair_type = PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type); 635 TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(pair_type), type); 636 key_type_classification(pair_type, 637 (classification_flags 638 & ~KEY_TYPE_IS_PUBLIC_KEY) 639 | KEY_TYPE_IS_KEY_PAIR); 640 TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type), type); 641 } 642 if (classification_flags & KEY_TYPE_IS_KEY_PAIR) { 643 psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type); 644 TEST_EQUAL(PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(public_type), type); 645 key_type_classification(public_type, 646 (classification_flags 647 & ~KEY_TYPE_IS_KEY_PAIR) 648 | KEY_TYPE_IS_PUBLIC_KEY); 649 TEST_EQUAL(PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type), type); 650 } 651} 652/* END_CASE */ 653 654/* BEGIN_CASE */ 655void block_cipher_key_type(int type_arg, int block_size_arg) 656{ 657 psa_key_type_t type = type_arg; 658 size_t block_size = block_size_arg; 659 660 test_key_type(type_arg, KEY_TYPE_IS_UNSTRUCTURED); 661 662 TEST_EQUAL(type & PSA_KEY_TYPE_CATEGORY_MASK, 663 PSA_KEY_TYPE_CATEGORY_SYMMETRIC); 664 TEST_EQUAL(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type), block_size); 665 666 /* Check that the block size is a power of 2. This is required, at least, 667 for PSA_ROUND_UP_TO_MULTIPLE(block_size, length) in crypto_sizes.h. */ 668 TEST_ASSERT(((block_size - 1) & block_size) == 0); 669} 670/* END_CASE */ 671 672/* BEGIN_CASE */ 673void stream_cipher_key_type(int type_arg) 674{ 675 psa_key_type_t type = type_arg; 676 677 test_key_type(type_arg, KEY_TYPE_IS_UNSTRUCTURED); 678 679 TEST_EQUAL(type & PSA_KEY_TYPE_CATEGORY_MASK, 680 PSA_KEY_TYPE_CATEGORY_SYMMETRIC); 681 TEST_EQUAL(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type), 1); 682} 683/* END_CASE */ 684 685/* BEGIN_CASE depends_on:PSA_KEY_TYPE_ECC_PUBLIC_KEY:PSA_KEY_TYPE_ECC_KEY_PAIR */ 686void ecc_key_family(int curve_arg) 687{ 688 psa_ecc_family_t curve = curve_arg; 689 psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve); 690 psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve); 691 692 TEST_PARITY(curve); 693 694 test_key_type(public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY); 695 test_key_type(pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEY_PAIR); 696 697 TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(public_type), curve); 698 TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(pair_type), curve); 699} 700/* END_CASE */ 701 702/* BEGIN_CASE depends_on:MBEDTLS_DHM_C */ 703void dh_key_family(int group_arg) 704{ 705 psa_dh_family_t group = group_arg; 706 psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY(group); 707 psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR(group); 708 709 TEST_PARITY(group); 710 711 test_key_type(public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY); 712 test_key_type(pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEY_PAIR); 713 714 TEST_EQUAL(PSA_KEY_TYPE_DH_GET_FAMILY(public_type), group); 715 TEST_EQUAL(PSA_KEY_TYPE_DH_GET_FAMILY(pair_type), group); 716} 717/* END_CASE */ 718 719/* BEGIN_CASE */ 720void lifetime(int lifetime_arg, int classification_flags, 721 int persistence_arg, int location_arg) 722{ 723 psa_key_lifetime_t lifetime = lifetime_arg; 724 psa_key_persistence_t persistence = persistence_arg; 725 psa_key_location_t location = location_arg; 726 unsigned flags = classification_flags; 727 unsigned classification_flags_tested = 0; 728 729 TEST_CLASSIFICATION_MACRO(1, KEY_LIFETIME_IS_VOLATILE, lifetime, flags); 730 TEST_CLASSIFICATION_MACRO(1, KEY_LIFETIME_IS_READ_ONLY, lifetime, flags); 731 TEST_EQUAL(classification_flags_tested, 732 KEY_LIFETIME_FLAG_MASK_PLUS_ONE - 1); 733 734 TEST_EQUAL(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime), persistence); 735 TEST_EQUAL(PSA_KEY_LIFETIME_GET_LOCATION(lifetime), location); 736} 737/* END_CASE */ 738