1/* BEGIN_HEADER */ 2#include "test/drivers/test_driver.h" 3 4/* Auxiliary variables for pake tests. 5 Global to silent the compiler when unused. */ 6size_t pake_expected_hit_count = 0; 7int pake_in_driver = 0; 8 9/* The only two JPAKE user/peer identifiers supported for the time being. */ 10static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; 11static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; 12 13#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ 14 defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) 15static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, 16 psa_pake_operation_t *server, 17 psa_pake_operation_t *client, 18 int client_input_first, 19 int round) 20{ 21 unsigned char *buffer0 = NULL, *buffer1 = NULL; 22 size_t buffer_length = ( 23 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + 24 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + 25 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; 26 /* The output should be exactly this size according to the spec */ 27 const size_t expected_size_key_share = 28 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); 29 /* The output should be exactly this size according to the spec */ 30 const size_t expected_size_zk_public = 31 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); 32 /* The output can be smaller: the spec allows stripping leading zeroes */ 33 const size_t max_expected_size_zk_proof = 34 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); 35 size_t buffer0_off = 0; 36 size_t buffer1_off = 0; 37 size_t s_g1_len, s_g2_len, s_a_len; 38 size_t s_g1_off, s_g2_off, s_a_off; 39 size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; 40 size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; 41 size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; 42 size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; 43 size_t c_g1_len, c_g2_len, c_a_len; 44 size_t c_g1_off, c_g2_off, c_a_off; 45 size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; 46 size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; 47 size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; 48 size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; 49 psa_status_t status; 50 51 ASSERT_ALLOC(buffer0, buffer_length); 52 ASSERT_ALLOC(buffer1, buffer_length); 53 54 switch (round) { 55 case 1: 56 /* Server first round Output */ 57 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 58 buffer0 + buffer0_off, 59 512 - buffer0_off, &s_g1_len)); 60 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 61 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 62 TEST_EQUAL(s_g1_len, expected_size_key_share); 63 s_g1_off = buffer0_off; 64 buffer0_off += s_g1_len; 65 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 66 buffer0 + buffer0_off, 67 512 - buffer0_off, &s_x1_pk_len)); 68 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 69 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 70 TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); 71 s_x1_pk_off = buffer0_off; 72 buffer0_off += s_x1_pk_len; 73 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 74 buffer0 + buffer0_off, 75 512 - buffer0_off, &s_x1_pr_len)); 76 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 77 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 78 TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); 79 s_x1_pr_off = buffer0_off; 80 buffer0_off += s_x1_pr_len; 81 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 82 buffer0 + buffer0_off, 83 512 - buffer0_off, &s_g2_len)); 84 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 85 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 86 TEST_EQUAL(s_g2_len, expected_size_key_share); 87 s_g2_off = buffer0_off; 88 buffer0_off += s_g2_len; 89 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 90 buffer0 + buffer0_off, 91 512 - buffer0_off, &s_x2_pk_len)); 92 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 93 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 94 TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); 95 s_x2_pk_off = buffer0_off; 96 buffer0_off += s_x2_pk_len; 97 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 98 buffer0 + buffer0_off, 99 512 - buffer0_off, &s_x2_pr_len)); 100 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 101 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 102 TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); 103 s_x2_pr_off = buffer0_off; 104 buffer0_off += s_x2_pr_len; 105 106 if (client_input_first == 1) { 107 /* Client first round Input */ 108 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 109 buffer0 + s_g1_off, s_g1_len); 110 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 111 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 112 TEST_EQUAL(status, PSA_SUCCESS); 113 114 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 115 buffer0 + s_x1_pk_off, 116 s_x1_pk_len); 117 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 118 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 119 TEST_EQUAL(status, PSA_SUCCESS); 120 121 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 122 buffer0 + s_x1_pr_off, 123 s_x1_pr_len); 124 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 125 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 126 TEST_EQUAL(status, PSA_SUCCESS); 127 128 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 129 buffer0 + s_g2_off, 130 s_g2_len); 131 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 132 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 133 TEST_EQUAL(status, PSA_SUCCESS); 134 135 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 136 buffer0 + s_x2_pk_off, 137 s_x2_pk_len); 138 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 139 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 140 TEST_EQUAL(status, PSA_SUCCESS); 141 142 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 143 buffer0 + s_x2_pr_off, 144 s_x2_pr_len); 145 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 146 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 147 TEST_EQUAL(status, PSA_SUCCESS); 148 } 149 150 /* Adjust for indirect client driver setup in first pake_output call. */ 151 pake_expected_hit_count++; 152 153 /* Client first round Output */ 154 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 155 buffer1 + buffer1_off, 156 512 - buffer1_off, &c_g1_len)); 157 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 158 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 159 TEST_EQUAL(c_g1_len, expected_size_key_share); 160 c_g1_off = buffer1_off; 161 buffer1_off += c_g1_len; 162 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 163 buffer1 + buffer1_off, 164 512 - buffer1_off, &c_x1_pk_len)); 165 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 166 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 167 TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); 168 c_x1_pk_off = buffer1_off; 169 buffer1_off += c_x1_pk_len; 170 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 171 buffer1 + buffer1_off, 172 512 - buffer1_off, &c_x1_pr_len)); 173 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 174 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 175 TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); 176 c_x1_pr_off = buffer1_off; 177 buffer1_off += c_x1_pr_len; 178 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 179 buffer1 + buffer1_off, 180 512 - buffer1_off, &c_g2_len)); 181 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 182 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 183 TEST_EQUAL(c_g2_len, expected_size_key_share); 184 c_g2_off = buffer1_off; 185 buffer1_off += c_g2_len; 186 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 187 buffer1 + buffer1_off, 188 512 - buffer1_off, &c_x2_pk_len)); 189 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 190 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 191 TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); 192 c_x2_pk_off = buffer1_off; 193 buffer1_off += c_x2_pk_len; 194 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 195 buffer1 + buffer1_off, 196 512 - buffer1_off, &c_x2_pr_len)); 197 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 198 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 199 TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); 200 c_x2_pr_off = buffer1_off; 201 buffer1_off += c_x2_pr_len; 202 203 if (client_input_first == 0) { 204 /* Client first round Input */ 205 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 206 buffer0 + s_g1_off, s_g1_len); 207 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 208 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 209 TEST_EQUAL(status, PSA_SUCCESS); 210 211 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 212 buffer0 + s_x1_pk_off, 213 s_x1_pk_len); 214 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 215 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 216 TEST_EQUAL(status, PSA_SUCCESS); 217 218 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 219 buffer0 + s_x1_pr_off, 220 s_x1_pr_len); 221 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 222 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 223 TEST_EQUAL(status, PSA_SUCCESS); 224 225 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 226 buffer0 + s_g2_off, 227 s_g2_len); 228 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 229 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 230 TEST_EQUAL(status, PSA_SUCCESS); 231 232 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 233 buffer0 + s_x2_pk_off, 234 s_x2_pk_len); 235 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 236 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 237 TEST_EQUAL(status, PSA_SUCCESS); 238 239 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 240 buffer0 + s_x2_pr_off, 241 s_x2_pr_len); 242 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 243 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 244 TEST_EQUAL(status, PSA_SUCCESS); 245 } 246 247 /* Server first round Input */ 248 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 249 buffer1 + c_g1_off, c_g1_len); 250 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 251 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 252 TEST_EQUAL(status, PSA_SUCCESS); 253 254 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 255 buffer1 + c_x1_pk_off, c_x1_pk_len); 256 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 257 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 258 TEST_EQUAL(status, PSA_SUCCESS); 259 260 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 261 buffer1 + c_x1_pr_off, c_x1_pr_len); 262 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 263 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 264 TEST_EQUAL(status, PSA_SUCCESS); 265 266 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 267 buffer1 + c_g2_off, c_g2_len); 268 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 269 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 270 TEST_EQUAL(status, PSA_SUCCESS); 271 272 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 273 buffer1 + c_x2_pk_off, c_x2_pk_len); 274 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 275 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 276 TEST_EQUAL(status, PSA_SUCCESS); 277 278 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 279 buffer1 + c_x2_pr_off, c_x2_pr_len); 280 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 281 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 282 TEST_EQUAL(status, PSA_SUCCESS); 283 284 break; 285 286 case 2: 287 /* Server second round Output */ 288 buffer0_off = 0; 289 290 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 291 buffer0 + buffer0_off, 292 512 - buffer0_off, &s_a_len)); 293 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 294 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 295 TEST_EQUAL(s_a_len, expected_size_key_share); 296 s_a_off = buffer0_off; 297 buffer0_off += s_a_len; 298 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 299 buffer0 + buffer0_off, 300 512 - buffer0_off, &s_x2s_pk_len)); 301 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 302 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 303 TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); 304 s_x2s_pk_off = buffer0_off; 305 buffer0_off += s_x2s_pk_len; 306 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 307 buffer0 + buffer0_off, 308 512 - buffer0_off, &s_x2s_pr_len)); 309 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 310 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 311 TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); 312 s_x2s_pr_off = buffer0_off; 313 buffer0_off += s_x2s_pr_len; 314 315 if (client_input_first == 1) { 316 /* Client second round Input */ 317 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 318 buffer0 + s_a_off, s_a_len); 319 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 320 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 321 TEST_EQUAL(status, PSA_SUCCESS); 322 323 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 324 buffer0 + s_x2s_pk_off, 325 s_x2s_pk_len); 326 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 327 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 328 TEST_EQUAL(status, PSA_SUCCESS); 329 330 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 331 buffer0 + s_x2s_pr_off, 332 s_x2s_pr_len); 333 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 334 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 335 TEST_EQUAL(status, PSA_SUCCESS); 336 } 337 338 /* Client second round Output */ 339 buffer1_off = 0; 340 341 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 342 buffer1 + buffer1_off, 343 512 - buffer1_off, &c_a_len)); 344 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 345 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 346 TEST_EQUAL(c_a_len, expected_size_key_share); 347 c_a_off = buffer1_off; 348 buffer1_off += c_a_len; 349 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 350 buffer1 + buffer1_off, 351 512 - buffer1_off, &c_x2s_pk_len)); 352 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 353 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 354 TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); 355 c_x2s_pk_off = buffer1_off; 356 buffer1_off += c_x2s_pk_len; 357 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 358 buffer1 + buffer1_off, 359 512 - buffer1_off, &c_x2s_pr_len)); 360 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 361 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 362 TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); 363 c_x2s_pr_off = buffer1_off; 364 buffer1_off += c_x2s_pr_len; 365 366 if (client_input_first == 0) { 367 /* Client second round Input */ 368 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 369 buffer0 + s_a_off, s_a_len); 370 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 371 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 372 TEST_EQUAL(status, PSA_SUCCESS); 373 374 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 375 buffer0 + s_x2s_pk_off, 376 s_x2s_pk_len); 377 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 378 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 379 TEST_EQUAL(status, PSA_SUCCESS); 380 381 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 382 buffer0 + s_x2s_pr_off, 383 s_x2s_pr_len); 384 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 385 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 386 TEST_EQUAL(status, PSA_SUCCESS); 387 } 388 389 /* Server second round Input */ 390 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 391 buffer1 + c_a_off, c_a_len); 392 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 393 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 394 TEST_EQUAL(status, PSA_SUCCESS); 395 396 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 397 buffer1 + c_x2s_pk_off, c_x2s_pk_len); 398 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 399 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 400 TEST_EQUAL(status, PSA_SUCCESS); 401 402 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 403 buffer1 + c_x2s_pr_off, c_x2s_pr_len); 404 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 405 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 406 TEST_EQUAL(status, PSA_SUCCESS); 407 408 break; 409 } 410 411exit: 412 mbedtls_free(buffer0); 413 mbedtls_free(buffer1); 414} 415#endif /* PSA_WANT_ALG_JPAKE */ 416 417#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) 418/* Sanity checks on the output of RSA encryption. 419 * 420 * \param modulus Key modulus. Must not have leading zeros. 421 * \param private_exponent Key private exponent. 422 * \param alg An RSA algorithm. 423 * \param input_data The input plaintext. 424 * \param buf The ciphertext produced by the driver. 425 * \param length Length of \p buf in bytes. 426 */ 427static int sanity_check_rsa_encryption_result( 428 psa_algorithm_t alg, 429 const data_t *modulus, const data_t *private_exponent, 430 const data_t *input_data, 431 uint8_t *buf, size_t length) 432{ 433#if defined(MBEDTLS_BIGNUM_C) 434 mbedtls_mpi N, D, C, X; 435 mbedtls_mpi_init(&N); 436 mbedtls_mpi_init(&D); 437 mbedtls_mpi_init(&C); 438 mbedtls_mpi_init(&X); 439#endif /* MBEDTLS_BIGNUM_C */ 440 441 int ok = 0; 442 443 TEST_ASSERT(length == modulus->len); 444 445#if defined(MBEDTLS_BIGNUM_C) 446 /* Perform the private key operation */ 447 TEST_ASSERT(mbedtls_mpi_read_binary(&N, modulus->x, modulus->len) == 0); 448 TEST_ASSERT(mbedtls_mpi_read_binary(&D, 449 private_exponent->x, 450 private_exponent->len) == 0); 451 TEST_ASSERT(mbedtls_mpi_read_binary(&C, buf, length) == 0); 452 TEST_ASSERT(mbedtls_mpi_exp_mod(&X, &C, &D, &N, NULL) == 0); 453 454 /* Sanity checks on the padded plaintext */ 455 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, length) == 0); 456 457 if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { 458 TEST_ASSERT(length > input_data->len + 2); 459 TEST_EQUAL(buf[0], 0x00); 460 TEST_EQUAL(buf[1], 0x02); 461 TEST_EQUAL(buf[length - input_data->len - 1], 0x00); 462 ASSERT_COMPARE(buf + length - input_data->len, input_data->len, 463 input_data->x, input_data->len); 464 } else if (PSA_ALG_IS_RSA_OAEP(alg)) { 465 TEST_EQUAL(buf[0], 0x00); 466 /* The rest is too hard to check */ 467 } else { 468 TEST_ASSERT(!"Encryption result sanity check not implemented for RSA algorithm"); 469 } 470#endif /* MBEDTLS_BIGNUM_C */ 471 472 ok = 1; 473 474exit: 475#if defined(MBEDTLS_BIGNUM_C) 476 mbedtls_mpi_free(&N); 477 mbedtls_mpi_free(&D); 478 mbedtls_mpi_free(&C); 479 mbedtls_mpi_free(&X); 480#endif /* MBEDTLS_BIGNUM_C */ 481 return ok; 482} 483#endif 484/* END_HEADER */ 485 486/* BEGIN_DEPENDENCIES 487 * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:PSA_CRYPTO_DRIVER_TEST 488 * END_DEPENDENCIES 489 */ 490 491/* BEGIN_CASE */ 492void sign_hash(int key_type_arg, 493 int alg_arg, 494 int force_status_arg, 495 data_t *key_input, 496 data_t *data_input, 497 data_t *expected_output, 498 int fake_output, 499 int expected_status_arg) 500{ 501 psa_status_t force_status = force_status_arg; 502 psa_status_t expected_status = expected_status_arg; 503 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 504 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 505 psa_algorithm_t alg = alg_arg; 506 size_t key_bits; 507 psa_key_type_t key_type = key_type_arg; 508 unsigned char *signature = NULL; 509 size_t signature_size; 510 size_t signature_length = 0xdeadbeef; 511 psa_status_t actual_status; 512 mbedtls_test_driver_signature_sign_hooks = 513 mbedtls_test_driver_signature_hooks_init(); 514 515 PSA_ASSERT(psa_crypto_init()); 516 psa_set_key_type(&attributes, 517 key_type); 518 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 519 psa_set_key_algorithm(&attributes, alg); 520 psa_import_key(&attributes, 521 key_input->x, key_input->len, 522 &key); 523 524 mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; 525 if (fake_output == 1) { 526 mbedtls_test_driver_signature_sign_hooks.forced_output = 527 expected_output->x; 528 mbedtls_test_driver_signature_sign_hooks.forced_output_length = 529 expected_output->len; 530 } 531 532 /* Allocate a buffer which has the size advertized by the 533 * library. */ 534 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 535 key_bits = psa_get_key_bits(&attributes); 536 signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 537 538 TEST_ASSERT(signature_size != 0); 539 TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); 540 ASSERT_ALLOC(signature, signature_size); 541 542 actual_status = psa_sign_hash(key, alg, 543 data_input->x, data_input->len, 544 signature, signature_size, 545 &signature_length); 546 TEST_EQUAL(actual_status, expected_status); 547 if (expected_status == PSA_SUCCESS) { 548 ASSERT_COMPARE(signature, signature_length, 549 expected_output->x, expected_output->len); 550 } 551 TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1); 552 553exit: 554 psa_reset_key_attributes(&attributes); 555 psa_destroy_key(key); 556 mbedtls_free(signature); 557 PSA_DONE(); 558 mbedtls_test_driver_signature_sign_hooks = 559 mbedtls_test_driver_signature_hooks_init(); 560} 561/* END_CASE */ 562 563/* BEGIN_CASE */ 564void verify_hash(int key_type_arg, 565 int key_type_public_arg, 566 int alg_arg, 567 int force_status_arg, 568 int register_public_key, 569 data_t *key_input, 570 data_t *data_input, 571 data_t *signature_input, 572 int expected_status_arg) 573{ 574 psa_status_t force_status = force_status_arg; 575 psa_status_t expected_status = expected_status_arg; 576 psa_algorithm_t alg = alg_arg; 577 psa_key_type_t key_type = key_type_arg; 578 psa_key_type_t key_type_public = key_type_public_arg; 579 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 580 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 581 psa_status_t actual_status; 582 mbedtls_test_driver_signature_verify_hooks = 583 mbedtls_test_driver_signature_hooks_init(); 584 585 PSA_ASSERT(psa_crypto_init()); 586 if (register_public_key) { 587 psa_set_key_type(&attributes, key_type_public); 588 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 589 psa_set_key_algorithm(&attributes, alg); 590 psa_import_key(&attributes, 591 key_input->x, key_input->len, 592 &key); 593 } else { 594 psa_set_key_type(&attributes, key_type); 595 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 596 psa_set_key_algorithm(&attributes, alg); 597 psa_import_key(&attributes, 598 key_input->x, key_input->len, 599 &key); 600 } 601 602 mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; 603 604 actual_status = psa_verify_hash(key, alg, 605 data_input->x, data_input->len, 606 signature_input->x, signature_input->len); 607 TEST_EQUAL(actual_status, expected_status); 608 TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 1); 609 610exit: 611 psa_reset_key_attributes(&attributes); 612 psa_destroy_key(key); 613 PSA_DONE(); 614 mbedtls_test_driver_signature_verify_hooks = 615 mbedtls_test_driver_signature_hooks_init(); 616} 617/* END_CASE */ 618 619/* BEGIN_CASE */ 620void sign_message(int key_type_arg, 621 int alg_arg, 622 int force_status_arg, 623 data_t *key_input, 624 data_t *data_input, 625 data_t *expected_output, 626 int fake_output, 627 int expected_status_arg) 628{ 629 psa_status_t force_status = force_status_arg; 630 psa_status_t expected_status = expected_status_arg; 631 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 632 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 633 psa_algorithm_t alg = alg_arg; 634 size_t key_bits; 635 psa_key_type_t key_type = key_type_arg; 636 unsigned char *signature = NULL; 637 size_t signature_size; 638 size_t signature_length = 0xdeadbeef; 639 psa_status_t actual_status; 640 mbedtls_test_driver_signature_sign_hooks = 641 mbedtls_test_driver_signature_hooks_init(); 642 643 PSA_ASSERT(psa_crypto_init()); 644 psa_set_key_type(&attributes, key_type); 645 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); 646 psa_set_key_algorithm(&attributes, alg); 647 psa_import_key(&attributes, 648 key_input->x, key_input->len, 649 &key); 650 651 mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; 652 if (fake_output == 1) { 653 mbedtls_test_driver_signature_sign_hooks.forced_output = 654 expected_output->x; 655 mbedtls_test_driver_signature_sign_hooks.forced_output_length = 656 expected_output->len; 657 } 658 659 /* Allocate a buffer which has the size advertized by the 660 * library. */ 661 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 662 key_bits = psa_get_key_bits(&attributes); 663 signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 664 665 TEST_ASSERT(signature_size != 0); 666 TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); 667 ASSERT_ALLOC(signature, signature_size); 668 669 actual_status = psa_sign_message(key, alg, 670 data_input->x, data_input->len, 671 signature, signature_size, 672 &signature_length); 673 TEST_EQUAL(actual_status, expected_status); 674 if (expected_status == PSA_SUCCESS) { 675 ASSERT_COMPARE(signature, signature_length, 676 expected_output->x, expected_output->len); 677 } 678 /* In the builtin algorithm the driver is called twice. */ 679 TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 680 force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); 681 682exit: 683 psa_reset_key_attributes(&attributes); 684 psa_destroy_key(key); 685 mbedtls_free(signature); 686 PSA_DONE(); 687 mbedtls_test_driver_signature_sign_hooks = 688 mbedtls_test_driver_signature_hooks_init(); 689} 690/* END_CASE */ 691 692/* BEGIN_CASE */ 693void verify_message(int key_type_arg, 694 int key_type_public_arg, 695 int alg_arg, 696 int force_status_arg, 697 int register_public_key, 698 data_t *key_input, 699 data_t *data_input, 700 data_t *signature_input, 701 int expected_status_arg) 702{ 703 psa_status_t force_status = force_status_arg; 704 psa_status_t expected_status = expected_status_arg; 705 psa_algorithm_t alg = alg_arg; 706 psa_key_type_t key_type = key_type_arg; 707 psa_key_type_t key_type_public = key_type_public_arg; 708 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 709 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 710 psa_status_t actual_status; 711 mbedtls_test_driver_signature_verify_hooks = 712 mbedtls_test_driver_signature_hooks_init(); 713 714 PSA_ASSERT(psa_crypto_init()); 715 if (register_public_key) { 716 psa_set_key_type(&attributes, key_type_public); 717 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 718 psa_set_key_algorithm(&attributes, alg); 719 psa_import_key(&attributes, 720 key_input->x, key_input->len, 721 &key); 722 } else { 723 psa_set_key_type(&attributes, key_type); 724 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 725 psa_set_key_algorithm(&attributes, alg); 726 psa_import_key(&attributes, 727 key_input->x, key_input->len, 728 &key); 729 } 730 731 mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; 732 733 actual_status = psa_verify_message(key, alg, 734 data_input->x, data_input->len, 735 signature_input->x, signature_input->len); 736 TEST_EQUAL(actual_status, expected_status); 737 /* In the builtin algorithm the driver is called twice. */ 738 TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 739 force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); 740 741exit: 742 psa_reset_key_attributes(&attributes); 743 psa_destroy_key(key); 744 PSA_DONE(); 745 mbedtls_test_driver_signature_verify_hooks = 746 mbedtls_test_driver_signature_hooks_init(); 747} 748/* END_CASE */ 749 750/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */ 751void generate_key(int force_status_arg, 752 data_t *fake_output, 753 int expected_status_arg) 754{ 755 psa_status_t force_status = force_status_arg; 756 psa_status_t expected_status = expected_status_arg; 757 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 758 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 759 psa_algorithm_t alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256); 760 const uint8_t *expected_output = NULL; 761 size_t expected_output_length = 0; 762 psa_status_t actual_status; 763 uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = { 0 }; 764 size_t actual_output_length; 765 mbedtls_test_driver_key_management_hooks = 766 mbedtls_test_driver_key_management_hooks_init(); 767 768 psa_set_key_type(&attributes, 769 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); 770 psa_set_key_bits(&attributes, 256); 771 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT); 772 psa_set_key_algorithm(&attributes, alg); 773 774 if (fake_output->len > 0) { 775 expected_output = 776 mbedtls_test_driver_key_management_hooks.forced_output = 777 fake_output->x; 778 779 expected_output_length = 780 mbedtls_test_driver_key_management_hooks.forced_output_length = 781 fake_output->len; 782 } 783 784 mbedtls_test_driver_key_management_hooks.hits = 0; 785 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 786 787 PSA_ASSERT(psa_crypto_init()); 788 789 actual_status = psa_generate_key(&attributes, &key); 790 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); 791 TEST_EQUAL(actual_status, expected_status); 792 793 if (actual_status == PSA_SUCCESS) { 794 psa_export_key(key, actual_output, sizeof(actual_output), &actual_output_length); 795 796 if (fake_output->len > 0) { 797 ASSERT_COMPARE(actual_output, actual_output_length, 798 expected_output, expected_output_length); 799 } else { 800 size_t zeroes = 0; 801 for (size_t i = 0; i < sizeof(actual_output); i++) { 802 if (actual_output[i] == 0) { 803 zeroes++; 804 } 805 } 806 TEST_ASSERT(zeroes != sizeof(actual_output)); 807 } 808 } 809exit: 810 psa_reset_key_attributes(&attributes); 811 psa_destroy_key(key); 812 PSA_DONE(); 813 mbedtls_test_driver_key_management_hooks = 814 mbedtls_test_driver_key_management_hooks_init(); 815} 816/* END_CASE */ 817 818/* BEGIN_CASE */ 819void validate_key(int force_status_arg, 820 int location, 821 int owner_id_arg, 822 int id_arg, 823 int key_type_arg, 824 data_t *key_input, 825 int expected_status_arg) 826{ 827 psa_key_lifetime_t lifetime = 828 PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ 829 PSA_KEY_PERSISTENCE_DEFAULT, location); 830 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg); 831 psa_status_t force_status = force_status_arg; 832 psa_status_t expected_status = expected_status_arg; 833 psa_key_type_t key_type = key_type_arg; 834 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 835 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 836 psa_status_t actual_status; 837 mbedtls_test_driver_key_management_hooks = 838 mbedtls_test_driver_key_management_hooks_init(); 839 840 psa_set_key_id(&attributes, id); 841 psa_set_key_type(&attributes, 842 key_type); 843 psa_set_key_lifetime(&attributes, lifetime); 844 psa_set_key_bits(&attributes, 0); 845 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 846 847 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 848 849 PSA_ASSERT(psa_crypto_init()); 850 851 actual_status = psa_import_key(&attributes, key_input->x, key_input->len, &key); 852 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); 853 TEST_EQUAL(actual_status, expected_status); 854 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.location, location); 855exit: 856 psa_reset_key_attributes(&attributes); 857 psa_destroy_key(key); 858 PSA_DONE(); 859 mbedtls_test_driver_key_management_hooks = 860 mbedtls_test_driver_key_management_hooks_init(); 861} 862/* END_CASE */ 863 864/* BEGIN_CASE */ 865void export_key(int force_status_arg, 866 data_t *fake_output, 867 int key_in_type_arg, 868 data_t *key_in, 869 int key_out_type_arg, 870 data_t *expected_output, 871 int expected_status_arg) 872{ 873 psa_status_t force_status = force_status_arg; 874 psa_status_t expected_status = expected_status_arg; 875 psa_key_handle_t handle = 0; 876 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 877 psa_key_type_t input_key_type = key_in_type_arg; 878 psa_key_type_t output_key_type = key_out_type_arg; 879 const uint8_t *expected_output_ptr = NULL; 880 size_t expected_output_length = 0; 881 psa_status_t actual_status; 882 uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = { 0 }; 883 size_t actual_output_length; 884 mbedtls_test_driver_key_management_hooks = 885 mbedtls_test_driver_key_management_hooks_init(); 886 887 psa_set_key_type(&attributes, input_key_type); 888 psa_set_key_bits(&attributes, 256); 889 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 890 891 PSA_ASSERT(psa_crypto_init()); 892 PSA_ASSERT(psa_import_key(&attributes, key_in->x, key_in->len, &handle)); 893 894 if (fake_output->len > 0) { 895 expected_output_ptr = 896 mbedtls_test_driver_key_management_hooks.forced_output = 897 fake_output->x; 898 899 expected_output_length = 900 mbedtls_test_driver_key_management_hooks.forced_output_length = 901 fake_output->len; 902 } else { 903 expected_output_ptr = expected_output->x; 904 expected_output_length = expected_output->len; 905 } 906 907 mbedtls_test_driver_key_management_hooks.hits = 0; 908 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 909 910 if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { 911 actual_status = psa_export_public_key(handle, 912 actual_output, 913 sizeof(actual_output), 914 &actual_output_length); 915 } else { 916 actual_status = psa_export_key(handle, 917 actual_output, 918 sizeof(actual_output), 919 &actual_output_length); 920 } 921 TEST_EQUAL(actual_status, expected_status); 922 923 if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && 924 !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { 925 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); 926 } 927 928 if (actual_status == PSA_SUCCESS) { 929 ASSERT_COMPARE(actual_output, actual_output_length, 930 expected_output_ptr, expected_output_length); 931 } 932exit: 933 psa_reset_key_attributes(&attributes); 934 psa_destroy_key(handle); 935 PSA_DONE(); 936 mbedtls_test_driver_key_management_hooks = 937 mbedtls_test_driver_key_management_hooks_init(); 938} 939/* END_CASE */ 940 941/* BEGIN_CASE */ 942void key_agreement(int alg_arg, 943 int force_status_arg, 944 int our_key_type_arg, 945 data_t *our_key_data, 946 data_t *peer_key_data, 947 data_t *expected_output, 948 data_t *fake_output, 949 int expected_status_arg) 950{ 951 psa_status_t force_status = force_status_arg; 952 psa_status_t expected_status = expected_status_arg; 953 psa_algorithm_t alg = alg_arg; 954 psa_key_type_t our_key_type = our_key_type_arg; 955 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 956 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 957 const uint8_t *expected_output_ptr = NULL; 958 size_t expected_output_length = 0; 959 unsigned char *actual_output = NULL; 960 size_t actual_output_length = ~0; 961 size_t key_bits; 962 psa_status_t actual_status; 963 mbedtls_test_driver_key_agreement_hooks = 964 mbedtls_test_driver_key_agreement_hooks_init(); 965 966 PSA_ASSERT(psa_crypto_init()); 967 968 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 969 psa_set_key_algorithm(&attributes, alg); 970 psa_set_key_type(&attributes, our_key_type); 971 PSA_ASSERT(psa_import_key(&attributes, 972 our_key_data->x, our_key_data->len, 973 &our_key)); 974 975 PSA_ASSERT(psa_get_key_attributes(our_key, &attributes)); 976 key_bits = psa_get_key_bits(&attributes); 977 978 TEST_LE_U(expected_output->len, 979 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits)); 980 TEST_LE_U(PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits), 981 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); 982 983 if (fake_output->len > 0) { 984 expected_output_ptr = 985 mbedtls_test_driver_key_agreement_hooks.forced_output = 986 fake_output->x; 987 988 expected_output_length = 989 mbedtls_test_driver_key_agreement_hooks.forced_output_length = 990 fake_output->len; 991 } else { 992 expected_output_ptr = expected_output->x; 993 expected_output_length = expected_output->len; 994 } 995 996 mbedtls_test_driver_key_agreement_hooks.hits = 0; 997 mbedtls_test_driver_key_agreement_hooks.forced_status = force_status; 998 999 ASSERT_ALLOC(actual_output, expected_output->len); 1000 actual_status = psa_raw_key_agreement(alg, our_key, 1001 peer_key_data->x, peer_key_data->len, 1002 actual_output, expected_output->len, 1003 &actual_output_length); 1004 TEST_EQUAL(actual_status, expected_status); 1005 TEST_EQUAL(mbedtls_test_driver_key_agreement_hooks.hits, 1); 1006 1007 if (actual_status == PSA_SUCCESS) { 1008 ASSERT_COMPARE(actual_output, actual_output_length, 1009 expected_output_ptr, expected_output_length); 1010 } 1011 mbedtls_free(actual_output); 1012 actual_output = NULL; 1013 actual_output_length = ~0; 1014 1015exit: 1016 psa_reset_key_attributes(&attributes); 1017 psa_destroy_key(our_key); 1018 PSA_DONE(); 1019 mbedtls_test_driver_key_agreement_hooks = 1020 mbedtls_test_driver_key_agreement_hooks_init(); 1021} 1022 1023/* END_CASE */ 1024 1025/* BEGIN_CASE */ 1026void cipher_encrypt_validation(int alg_arg, 1027 int key_type_arg, 1028 data_t *key_data, 1029 data_t *input) 1030{ 1031 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1032 psa_key_type_t key_type = key_type_arg; 1033 psa_algorithm_t alg = alg_arg; 1034 size_t iv_size = PSA_CIPHER_IV_LENGTH(key_type, alg); 1035 unsigned char *output1 = NULL; 1036 size_t output1_buffer_size = 0; 1037 size_t output1_length = 0; 1038 unsigned char *output2 = NULL; 1039 size_t output2_buffer_size = 0; 1040 size_t output2_length = 0; 1041 size_t function_output_length = 0; 1042 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1043 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1044 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1045 1046 PSA_ASSERT(psa_crypto_init()); 1047 1048 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1049 psa_set_key_algorithm(&attributes, alg); 1050 psa_set_key_type(&attributes, key_type); 1051 1052 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); 1053 output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + 1054 PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); 1055 ASSERT_ALLOC(output1, output1_buffer_size); 1056 ASSERT_ALLOC(output2, output2_buffer_size); 1057 1058 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1059 &key)); 1060 1061 PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, 1062 output1_buffer_size, &output1_length)); 1063 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1064 mbedtls_test_driver_cipher_hooks.hits = 0; 1065 1066 PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 1067 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1068 mbedtls_test_driver_cipher_hooks.hits = 0; 1069 1070 PSA_ASSERT(psa_cipher_set_iv(&operation, output1, iv_size)); 1071 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1072 mbedtls_test_driver_cipher_hooks.hits = 0; 1073 1074 PSA_ASSERT(psa_cipher_update(&operation, 1075 input->x, input->len, 1076 output2, output2_buffer_size, 1077 &function_output_length)); 1078 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1079 mbedtls_test_driver_cipher_hooks.hits = 0; 1080 1081 output2_length += function_output_length; 1082 PSA_ASSERT(psa_cipher_finish(&operation, 1083 output2 + output2_length, 1084 output2_buffer_size - output2_length, 1085 &function_output_length)); 1086 /* Finish will have called abort as well, so expecting two hits here */ 1087 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1088 mbedtls_test_driver_cipher_hooks.hits = 0; 1089 1090 output2_length += function_output_length; 1091 1092 PSA_ASSERT(psa_cipher_abort(&operation)); 1093 // driver function should've been called as part of the finish() core routine 1094 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1095 ASSERT_COMPARE(output1 + iv_size, output1_length - iv_size, 1096 output2, output2_length); 1097 1098exit: 1099 psa_cipher_abort(&operation); 1100 mbedtls_free(output1); 1101 mbedtls_free(output2); 1102 psa_destroy_key(key); 1103 PSA_DONE(); 1104 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1105} 1106/* END_CASE */ 1107 1108/* BEGIN_CASE */ 1109void cipher_encrypt_multipart(int alg_arg, 1110 int key_type_arg, 1111 data_t *key_data, 1112 data_t *iv, 1113 data_t *input, 1114 int first_part_size_arg, 1115 int output1_length_arg, 1116 int output2_length_arg, 1117 data_t *expected_output, 1118 int mock_output_arg, 1119 int force_status_arg, 1120 int expected_status_arg) 1121{ 1122 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1123 psa_key_type_t key_type = key_type_arg; 1124 psa_algorithm_t alg = alg_arg; 1125 psa_status_t status; 1126 psa_status_t expected_status = expected_status_arg; 1127 psa_status_t force_status = force_status_arg; 1128 size_t first_part_size = first_part_size_arg; 1129 size_t output1_length = output1_length_arg; 1130 size_t output2_length = output2_length_arg; 1131 unsigned char *output = NULL; 1132 size_t output_buffer_size = 0; 1133 size_t function_output_length = 0; 1134 size_t total_output_length = 0; 1135 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1136 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1137 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1138 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1139 1140 /* Test operation initialization */ 1141 mbedtls_psa_cipher_operation_t mbedtls_operation = 1142 MBEDTLS_PSA_CIPHER_OPERATION_INIT; 1143 1144 mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = 1145 MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; 1146 1147 mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = 1148 MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; 1149 1150 operation.ctx.mbedtls_ctx = mbedtls_operation; 1151 operation.ctx.transparent_test_driver_ctx = transparent_operation; 1152 operation.ctx.opaque_test_driver_ctx = opaque_operation; 1153 1154 PSA_ASSERT(psa_crypto_init()); 1155 1156 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1157 psa_set_key_algorithm(&attributes, alg); 1158 psa_set_key_type(&attributes, key_type); 1159 1160 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1161 &key)); 1162 1163 PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 1164 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1165 mbedtls_test_driver_cipher_hooks.hits = 0; 1166 1167 PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 1168 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1169 mbedtls_test_driver_cipher_hooks.hits = 0; 1170 1171 output_buffer_size = ((size_t) input->len + 1172 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); 1173 ASSERT_ALLOC(output, output_buffer_size); 1174 1175 if (mock_output_arg) { 1176 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1177 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1178 } 1179 1180 TEST_ASSERT(first_part_size <= input->len); 1181 PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size, 1182 output, output_buffer_size, 1183 &function_output_length)); 1184 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1185 mbedtls_test_driver_cipher_hooks.hits = 0; 1186 1187 TEST_ASSERT(function_output_length == output1_length); 1188 total_output_length += function_output_length; 1189 1190 if (first_part_size < input->len) { 1191 PSA_ASSERT(psa_cipher_update(&operation, 1192 input->x + first_part_size, 1193 input->len - first_part_size, 1194 output + total_output_length, 1195 output_buffer_size - total_output_length, 1196 &function_output_length)); 1197 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1198 mbedtls_test_driver_cipher_hooks.hits = 0; 1199 1200 TEST_ASSERT(function_output_length == output2_length); 1201 total_output_length += function_output_length; 1202 } 1203 1204 if (mock_output_arg) { 1205 mbedtls_test_driver_cipher_hooks.forced_output = NULL; 1206 mbedtls_test_driver_cipher_hooks.forced_output_length = 0; 1207 } 1208 1209 status = psa_cipher_finish(&operation, 1210 output + total_output_length, 1211 output_buffer_size - total_output_length, 1212 &function_output_length); 1213 /* Finish will have called abort as well, so expecting two hits here */ 1214 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); 1215 mbedtls_test_driver_cipher_hooks.hits = 0; 1216 total_output_length += function_output_length; 1217 TEST_EQUAL(status, expected_status); 1218 1219 if (expected_status == PSA_SUCCESS) { 1220 PSA_ASSERT(psa_cipher_abort(&operation)); 1221 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1222 1223 ASSERT_COMPARE(expected_output->x, expected_output->len, 1224 output, total_output_length); 1225 } 1226 1227exit: 1228 psa_cipher_abort(&operation); 1229 mbedtls_free(output); 1230 psa_destroy_key(key); 1231 PSA_DONE(); 1232 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1233} 1234/* END_CASE */ 1235 1236/* BEGIN_CASE */ 1237void cipher_decrypt_multipart(int alg_arg, 1238 int key_type_arg, 1239 data_t *key_data, 1240 data_t *iv, 1241 data_t *input, 1242 int first_part_size_arg, 1243 int output1_length_arg, 1244 int output2_length_arg, 1245 data_t *expected_output, 1246 int mock_output_arg, 1247 int force_status_arg, 1248 int expected_status_arg) 1249{ 1250 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1251 psa_key_type_t key_type = key_type_arg; 1252 psa_algorithm_t alg = alg_arg; 1253 psa_status_t status; 1254 psa_status_t expected_status = expected_status_arg; 1255 psa_status_t force_status = force_status_arg; 1256 size_t first_part_size = first_part_size_arg; 1257 size_t output1_length = output1_length_arg; 1258 size_t output2_length = output2_length_arg; 1259 unsigned char *output = NULL; 1260 size_t output_buffer_size = 0; 1261 size_t function_output_length = 0; 1262 size_t total_output_length = 0; 1263 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1264 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1265 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1266 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1267 1268 /* Test operation initialization */ 1269 mbedtls_psa_cipher_operation_t mbedtls_operation = 1270 MBEDTLS_PSA_CIPHER_OPERATION_INIT; 1271 1272 mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = 1273 MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; 1274 1275 mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = 1276 MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; 1277 1278 operation.ctx.mbedtls_ctx = mbedtls_operation; 1279 operation.ctx.transparent_test_driver_ctx = transparent_operation; 1280 operation.ctx.opaque_test_driver_ctx = opaque_operation; 1281 1282 PSA_ASSERT(psa_crypto_init()); 1283 1284 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1285 psa_set_key_algorithm(&attributes, alg); 1286 psa_set_key_type(&attributes, key_type); 1287 1288 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1289 &key)); 1290 1291 PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); 1292 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1293 mbedtls_test_driver_cipher_hooks.hits = 0; 1294 1295 PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 1296 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1297 mbedtls_test_driver_cipher_hooks.hits = 0; 1298 1299 output_buffer_size = ((size_t) input->len + 1300 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); 1301 ASSERT_ALLOC(output, output_buffer_size); 1302 1303 if (mock_output_arg) { 1304 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1305 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1306 } 1307 1308 TEST_ASSERT(first_part_size <= input->len); 1309 PSA_ASSERT(psa_cipher_update(&operation, 1310 input->x, first_part_size, 1311 output, output_buffer_size, 1312 &function_output_length)); 1313 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1314 mbedtls_test_driver_cipher_hooks.hits = 0; 1315 1316 TEST_ASSERT(function_output_length == output1_length); 1317 total_output_length += function_output_length; 1318 1319 if (first_part_size < input->len) { 1320 PSA_ASSERT(psa_cipher_update(&operation, 1321 input->x + first_part_size, 1322 input->len - first_part_size, 1323 output + total_output_length, 1324 output_buffer_size - total_output_length, 1325 &function_output_length)); 1326 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1327 mbedtls_test_driver_cipher_hooks.hits = 0; 1328 1329 TEST_ASSERT(function_output_length == output2_length); 1330 total_output_length += function_output_length; 1331 } 1332 1333 if (mock_output_arg) { 1334 mbedtls_test_driver_cipher_hooks.forced_output = NULL; 1335 mbedtls_test_driver_cipher_hooks.forced_output_length = 0; 1336 } 1337 1338 status = psa_cipher_finish(&operation, 1339 output + total_output_length, 1340 output_buffer_size - total_output_length, 1341 &function_output_length); 1342 /* Finish will have called abort as well, so expecting two hits here */ 1343 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); 1344 mbedtls_test_driver_cipher_hooks.hits = 0; 1345 total_output_length += function_output_length; 1346 TEST_EQUAL(status, expected_status); 1347 1348 if (expected_status == PSA_SUCCESS) { 1349 PSA_ASSERT(psa_cipher_abort(&operation)); 1350 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1351 1352 ASSERT_COMPARE(expected_output->x, expected_output->len, 1353 output, total_output_length); 1354 } 1355 1356exit: 1357 psa_cipher_abort(&operation); 1358 mbedtls_free(output); 1359 psa_destroy_key(key); 1360 PSA_DONE(); 1361 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1362} 1363/* END_CASE */ 1364 1365/* BEGIN_CASE */ 1366void cipher_decrypt(int alg_arg, 1367 int key_type_arg, 1368 data_t *key_data, 1369 data_t *iv, 1370 data_t *input_arg, 1371 data_t *expected_output, 1372 int mock_output_arg, 1373 int force_status_arg, 1374 int expected_status_arg) 1375{ 1376 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1377 psa_status_t status; 1378 psa_key_type_t key_type = key_type_arg; 1379 psa_algorithm_t alg = alg_arg; 1380 psa_status_t expected_status = expected_status_arg; 1381 psa_status_t force_status = force_status_arg; 1382 unsigned char *input = NULL; 1383 size_t input_buffer_size = 0; 1384 unsigned char *output = NULL; 1385 size_t output_buffer_size = 0; 1386 size_t output_length = 0; 1387 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1388 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1389 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1390 1391 PSA_ASSERT(psa_crypto_init()); 1392 1393 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1394 psa_set_key_algorithm(&attributes, alg); 1395 psa_set_key_type(&attributes, key_type); 1396 1397 /* Allocate input buffer and copy the iv and the plaintext */ 1398 input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); 1399 if (input_buffer_size > 0) { 1400 ASSERT_ALLOC(input, input_buffer_size); 1401 memcpy(input, iv->x, iv->len); 1402 memcpy(input + iv->len, input_arg->x, input_arg->len); 1403 } 1404 1405 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); 1406 ASSERT_ALLOC(output, output_buffer_size); 1407 1408 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1409 &key)); 1410 1411 if (mock_output_arg) { 1412 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1413 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1414 } 1415 1416 status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, 1417 output_buffer_size, &output_length); 1418 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1419 mbedtls_test_driver_cipher_hooks.hits = 0; 1420 1421 TEST_EQUAL(status, expected_status); 1422 1423 if (expected_status == PSA_SUCCESS) { 1424 ASSERT_COMPARE(expected_output->x, expected_output->len, 1425 output, output_length); 1426 } 1427 1428exit: 1429 mbedtls_free(input); 1430 mbedtls_free(output); 1431 psa_destroy_key(key); 1432 PSA_DONE(); 1433 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1434} 1435/* END_CASE */ 1436 1437/* BEGIN_CASE */ 1438void cipher_entry_points(int alg_arg, int key_type_arg, 1439 data_t *key_data, data_t *iv, 1440 data_t *input) 1441{ 1442 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1443 psa_status_t status; 1444 psa_key_type_t key_type = key_type_arg; 1445 psa_algorithm_t alg = alg_arg; 1446 unsigned char *output = NULL; 1447 size_t output_buffer_size = 0; 1448 size_t function_output_length = 0; 1449 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1450 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1451 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1452 1453 ASSERT_ALLOC(output, input->len + 16); 1454 output_buffer_size = input->len + 16; 1455 1456 PSA_ASSERT(psa_crypto_init()); 1457 1458 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 1459 psa_set_key_algorithm(&attributes, alg); 1460 psa_set_key_type(&attributes, key_type); 1461 1462 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1463 &key)); 1464 1465 /* 1466 * Test encrypt failure 1467 * First test that if we don't force a driver error, encryption is 1468 * successful, then force driver error. 1469 */ 1470 status = psa_cipher_encrypt( 1471 key, alg, input->x, input->len, 1472 output, output_buffer_size, &function_output_length); 1473 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1474 TEST_EQUAL(status, PSA_SUCCESS); 1475 mbedtls_test_driver_cipher_hooks.hits = 0; 1476 1477 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1478 /* Set the output buffer in a given state. */ 1479 for (size_t i = 0; i < output_buffer_size; i++) { 1480 output[i] = 0xa5; 1481 } 1482 1483 status = psa_cipher_encrypt( 1484 key, alg, input->x, input->len, 1485 output, output_buffer_size, &function_output_length); 1486 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1487 TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); 1488 /* 1489 * Check that the output buffer is still in the same state. 1490 * This will fail if the output buffer is used by the core to pass the IV 1491 * it generated to the driver (and is not restored). 1492 */ 1493 for (size_t i = 0; i < output_buffer_size; i++) { 1494 TEST_EQUAL(output[i], 0xa5); 1495 } 1496 mbedtls_test_driver_cipher_hooks.hits = 0; 1497 1498 /* Test setup call, encrypt */ 1499 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1500 status = psa_cipher_encrypt_setup(&operation, key, alg); 1501 /* When setup fails, it shouldn't call any further entry points */ 1502 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1503 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1504 mbedtls_test_driver_cipher_hooks.hits = 0; 1505 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1506 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1507 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1508 1509 /* Test setup call failure, decrypt */ 1510 status = psa_cipher_decrypt_setup(&operation, key, alg); 1511 /* When setup fails, it shouldn't call any further entry points */ 1512 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1513 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1514 mbedtls_test_driver_cipher_hooks.hits = 0; 1515 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1516 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1517 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1518 1519 /* Test IV setting failure */ 1520 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1521 status = psa_cipher_encrypt_setup(&operation, key, alg); 1522 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1523 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1524 mbedtls_test_driver_cipher_hooks.hits = 0; 1525 1526 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1527 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1528 /* When setting the IV fails, it should call abort too */ 1529 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1530 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1531 /* Failure should prevent further operations from executing on the driver */ 1532 mbedtls_test_driver_cipher_hooks.hits = 0; 1533 status = psa_cipher_update(&operation, 1534 input->x, input->len, 1535 output, output_buffer_size, 1536 &function_output_length); 1537 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1538 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1539 psa_cipher_abort(&operation); 1540 1541 /* Test IV generation failure */ 1542 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1543 status = psa_cipher_encrypt_setup(&operation, key, alg); 1544 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1545 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1546 mbedtls_test_driver_cipher_hooks.hits = 0; 1547 1548 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1549 /* Set the output buffer in a given state. */ 1550 for (size_t i = 0; i < 16; i++) { 1551 output[i] = 0xa5; 1552 } 1553 1554 status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length); 1555 /* When generating the IV fails, it should call abort too */ 1556 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1557 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1558 /* 1559 * Check that the output buffer is still in the same state. 1560 * This will fail if the output buffer is used by the core to pass the IV 1561 * it generated to the driver (and is not restored). 1562 */ 1563 for (size_t i = 0; i < 16; i++) { 1564 TEST_EQUAL(output[i], 0xa5); 1565 } 1566 /* Failure should prevent further operations from executing on the driver */ 1567 mbedtls_test_driver_cipher_hooks.hits = 0; 1568 status = psa_cipher_update(&operation, 1569 input->x, input->len, 1570 output, output_buffer_size, 1571 &function_output_length); 1572 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1573 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1574 psa_cipher_abort(&operation); 1575 1576 /* Test update failure */ 1577 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1578 status = psa_cipher_encrypt_setup(&operation, key, alg); 1579 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1580 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1581 mbedtls_test_driver_cipher_hooks.hits = 0; 1582 1583 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1584 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1585 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1586 mbedtls_test_driver_cipher_hooks.hits = 0; 1587 1588 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1589 status = psa_cipher_update(&operation, 1590 input->x, input->len, 1591 output, output_buffer_size, 1592 &function_output_length); 1593 /* When the update call fails, it should call abort too */ 1594 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1595 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1596 /* Failure should prevent further operations from executing on the driver */ 1597 mbedtls_test_driver_cipher_hooks.hits = 0; 1598 status = psa_cipher_update(&operation, 1599 input->x, input->len, 1600 output, output_buffer_size, 1601 &function_output_length); 1602 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1603 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1604 psa_cipher_abort(&operation); 1605 1606 /* Test finish failure */ 1607 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1608 status = psa_cipher_encrypt_setup(&operation, key, alg); 1609 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1610 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1611 mbedtls_test_driver_cipher_hooks.hits = 0; 1612 1613 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1614 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1615 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1616 mbedtls_test_driver_cipher_hooks.hits = 0; 1617 1618 status = psa_cipher_update(&operation, 1619 input->x, input->len, 1620 output, output_buffer_size, 1621 &function_output_length); 1622 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1623 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1624 mbedtls_test_driver_cipher_hooks.hits = 0; 1625 1626 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1627 status = psa_cipher_finish(&operation, 1628 output + function_output_length, 1629 output_buffer_size - function_output_length, 1630 &function_output_length); 1631 /* When the finish call fails, it should call abort too */ 1632 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1633 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1634 /* Failure should prevent further operations from executing on the driver */ 1635 mbedtls_test_driver_cipher_hooks.hits = 0; 1636 status = psa_cipher_update(&operation, 1637 input->x, input->len, 1638 output, output_buffer_size, 1639 &function_output_length); 1640 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1641 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1642 psa_cipher_abort(&operation); 1643 1644exit: 1645 psa_cipher_abort(&operation); 1646 mbedtls_free(output); 1647 psa_destroy_key(key); 1648 PSA_DONE(); 1649 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1650} 1651/* END_CASE */ 1652 1653/* BEGIN_CASE */ 1654void aead_encrypt(int key_type_arg, data_t *key_data, 1655 int alg_arg, 1656 data_t *nonce, 1657 data_t *additional_data, 1658 data_t *input_data, 1659 data_t *expected_result, 1660 int forced_status_arg) 1661{ 1662 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1663 psa_key_type_t key_type = key_type_arg; 1664 psa_algorithm_t alg = alg_arg; 1665 size_t key_bits; 1666 psa_status_t forced_status = forced_status_arg; 1667 unsigned char *output_data = NULL; 1668 size_t output_size = 0; 1669 size_t output_length = 0; 1670 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1671 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1672 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1673 1674 PSA_ASSERT(psa_crypto_init()); 1675 1676 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1677 psa_set_key_algorithm(&attributes, alg); 1678 psa_set_key_type(&attributes, key_type); 1679 1680 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1681 &key)); 1682 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1683 key_bits = psa_get_key_bits(&attributes); 1684 1685 output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 1686 alg); 1687 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 1688 * should be exact. */ 1689 TEST_EQUAL(output_size, 1690 PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 1691 TEST_ASSERT(output_size <= 1692 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 1693 ASSERT_ALLOC(output_data, output_size); 1694 1695 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 1696 status = psa_aead_encrypt(key, alg, 1697 nonce->x, nonce->len, 1698 additional_data->x, additional_data->len, 1699 input_data->x, input_data->len, 1700 output_data, output_size, 1701 &output_length); 1702 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt, 1); 1703 TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); 1704 1705 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 1706 PSA_SUCCESS : forced_status); 1707 1708 if (status == PSA_SUCCESS) { 1709 ASSERT_COMPARE(expected_result->x, expected_result->len, 1710 output_data, output_length); 1711 } 1712 1713exit: 1714 psa_destroy_key(key); 1715 mbedtls_free(output_data); 1716 PSA_DONE(); 1717 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1718} 1719/* END_CASE */ 1720 1721/* BEGIN_CASE */ 1722void aead_decrypt(int key_type_arg, data_t *key_data, 1723 int alg_arg, 1724 data_t *nonce, 1725 data_t *additional_data, 1726 data_t *input_data, 1727 data_t *expected_data, 1728 int forced_status_arg) 1729{ 1730 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1731 psa_key_type_t key_type = key_type_arg; 1732 psa_algorithm_t alg = alg_arg; 1733 size_t key_bits; 1734 psa_status_t forced_status = forced_status_arg; 1735 unsigned char *output_data = NULL; 1736 size_t output_size = 0; 1737 size_t output_length = 0; 1738 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1739 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1740 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1741 1742 PSA_ASSERT(psa_crypto_init()); 1743 1744 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1745 psa_set_key_algorithm(&attributes, alg); 1746 psa_set_key_type(&attributes, key_type); 1747 1748 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1749 &key)); 1750 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1751 key_bits = psa_get_key_bits(&attributes); 1752 1753 output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits, 1754 alg); 1755 ASSERT_ALLOC(output_data, output_size); 1756 1757 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 1758 status = psa_aead_decrypt(key, alg, 1759 nonce->x, nonce->len, 1760 additional_data->x, 1761 additional_data->len, 1762 input_data->x, input_data->len, 1763 output_data, output_size, 1764 &output_length); 1765 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt, 1); 1766 TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); 1767 1768 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 1769 PSA_SUCCESS : forced_status); 1770 1771 if (status == PSA_SUCCESS) { 1772 ASSERT_COMPARE(expected_data->x, expected_data->len, 1773 output_data, output_length); 1774 } 1775 1776exit: 1777 psa_destroy_key(key); 1778 mbedtls_free(output_data); 1779 PSA_DONE(); 1780 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1781} 1782/* END_CASE */ 1783 1784/* BEGIN_CASE */ 1785void mac_sign(int key_type_arg, 1786 data_t *key_data, 1787 int alg_arg, 1788 data_t *input, 1789 data_t *expected_mac, 1790 int forced_status_arg) 1791{ 1792 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1793 psa_key_type_t key_type = key_type_arg; 1794 psa_algorithm_t alg = alg_arg; 1795 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1796 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1797 uint8_t *actual_mac = NULL; 1798 size_t mac_buffer_size = 1799 PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 1800 size_t mac_length = 0; 1801 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1802 psa_status_t forced_status = forced_status_arg; 1803 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1804 1805 TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); 1806 /* We expect PSA_MAC_LENGTH to be exact. */ 1807 TEST_ASSERT(expected_mac->len == mac_buffer_size); 1808 1809 PSA_ASSERT(psa_crypto_init()); 1810 1811 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 1812 psa_set_key_algorithm(&attributes, alg); 1813 psa_set_key_type(&attributes, key_type); 1814 1815 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1816 &key)); 1817 1818 ASSERT_ALLOC(actual_mac, mac_buffer_size); 1819 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 1820 1821 /* 1822 * Calculate the MAC, one-shot case. 1823 */ 1824 status = psa_mac_compute(key, alg, 1825 input->x, input->len, 1826 actual_mac, mac_buffer_size, 1827 &mac_length); 1828 1829 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1830 if (forced_status == PSA_SUCCESS || 1831 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1832 PSA_ASSERT(status); 1833 } else { 1834 TEST_EQUAL(forced_status, status); 1835 } 1836 1837 PSA_ASSERT(psa_mac_abort(&operation)); 1838 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1839 1840 if (forced_status == PSA_SUCCESS) { 1841 ASSERT_COMPARE(expected_mac->x, expected_mac->len, 1842 actual_mac, mac_length); 1843 } 1844 1845 mbedtls_free(actual_mac); 1846 actual_mac = NULL; 1847 1848exit: 1849 psa_mac_abort(&operation); 1850 psa_destroy_key(key); 1851 PSA_DONE(); 1852 mbedtls_free(actual_mac); 1853 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1854} 1855/* END_CASE */ 1856 1857/* BEGIN_CASE */ 1858void mac_sign_multipart(int key_type_arg, 1859 data_t *key_data, 1860 int alg_arg, 1861 data_t *input, 1862 data_t *expected_mac, 1863 int fragments_count, 1864 int forced_status_arg) 1865{ 1866 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1867 psa_key_type_t key_type = key_type_arg; 1868 psa_algorithm_t alg = alg_arg; 1869 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1870 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1871 uint8_t *actual_mac = NULL; 1872 size_t mac_buffer_size = 1873 PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 1874 size_t mac_length = 0; 1875 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1876 psa_status_t forced_status = forced_status_arg; 1877 uint8_t *input_x = input->x; 1878 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1879 1880 TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); 1881 /* We expect PSA_MAC_LENGTH to be exact. */ 1882 TEST_ASSERT(expected_mac->len == mac_buffer_size); 1883 1884 PSA_ASSERT(psa_crypto_init()); 1885 1886 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 1887 psa_set_key_algorithm(&attributes, alg); 1888 psa_set_key_type(&attributes, key_type); 1889 1890 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1891 &key)); 1892 1893 ASSERT_ALLOC(actual_mac, mac_buffer_size); 1894 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 1895 1896 /* 1897 * Calculate the MAC, multipart case. 1898 */ 1899 status = psa_mac_sign_setup(&operation, key, alg); 1900 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1901 1902 if (forced_status == PSA_SUCCESS || 1903 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1904 PSA_ASSERT(status); 1905 } else { 1906 TEST_EQUAL(forced_status, status); 1907 } 1908 1909 if (fragments_count) { 1910 TEST_ASSERT((input->len / fragments_count) > 0); 1911 } 1912 1913 for (int i = 0; i < fragments_count; i++) { 1914 int fragment_size = input->len / fragments_count; 1915 if (i == fragments_count - 1) { 1916 fragment_size += (input->len % fragments_count); 1917 } 1918 1919 status = psa_mac_update(&operation, 1920 input_x, fragment_size); 1921 if (forced_status == PSA_SUCCESS) { 1922 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); 1923 } else { 1924 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1925 } 1926 if (forced_status == PSA_SUCCESS || 1927 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1928 PSA_ASSERT(status); 1929 } else { 1930 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 1931 } 1932 input_x += fragment_size; 1933 } 1934 1935 status = psa_mac_sign_finish(&operation, 1936 actual_mac, mac_buffer_size, 1937 &mac_length); 1938 if (forced_status == PSA_SUCCESS) { 1939 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 1940 } else { 1941 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1942 } 1943 1944 if (forced_status == PSA_SUCCESS || 1945 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1946 PSA_ASSERT(status); 1947 } else { 1948 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 1949 } 1950 1951 PSA_ASSERT(psa_mac_abort(&operation)); 1952 if (forced_status == PSA_SUCCESS) { 1953 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 1954 } else { 1955 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1956 } 1957 1958 if (forced_status == PSA_SUCCESS) { 1959 ASSERT_COMPARE(expected_mac->x, expected_mac->len, 1960 actual_mac, mac_length); 1961 } 1962 1963 mbedtls_free(actual_mac); 1964 actual_mac = NULL; 1965 1966exit: 1967 psa_mac_abort(&operation); 1968 psa_destroy_key(key); 1969 PSA_DONE(); 1970 mbedtls_free(actual_mac); 1971 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1972} 1973/* END_CASE */ 1974 1975/* BEGIN_CASE */ 1976void mac_verify(int key_type_arg, 1977 data_t *key_data, 1978 int alg_arg, 1979 data_t *input, 1980 data_t *expected_mac, 1981 int forced_status_arg) 1982{ 1983 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1984 psa_key_type_t key_type = key_type_arg; 1985 psa_algorithm_t alg = alg_arg; 1986 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1987 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1988 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1989 psa_status_t forced_status = forced_status_arg; 1990 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1991 1992 TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); 1993 1994 PSA_ASSERT(psa_crypto_init()); 1995 1996 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 1997 psa_set_key_algorithm(&attributes, alg); 1998 psa_set_key_type(&attributes, key_type); 1999 2000 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2001 &key)); 2002 2003 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 2004 2005 /* 2006 * Verify the MAC, one-shot case. 2007 */ 2008 status = psa_mac_verify(key, alg, 2009 input->x, input->len, 2010 expected_mac->x, expected_mac->len); 2011 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2012 if (forced_status == PSA_SUCCESS || 2013 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2014 PSA_ASSERT(status); 2015 } else { 2016 TEST_EQUAL(forced_status, status); 2017 } 2018 2019 PSA_ASSERT(psa_mac_abort(&operation)); 2020 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2021exit: 2022 psa_mac_abort(&operation); 2023 psa_destroy_key(key); 2024 PSA_DONE(); 2025 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2026} 2027/* END_CASE */ 2028 2029/* BEGIN_CASE */ 2030void mac_verify_multipart(int key_type_arg, 2031 data_t *key_data, 2032 int alg_arg, 2033 data_t *input, 2034 data_t *expected_mac, 2035 int fragments_count, 2036 int forced_status_arg) 2037{ 2038 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2039 psa_key_type_t key_type = key_type_arg; 2040 psa_algorithm_t alg = alg_arg; 2041 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2042 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2043 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2044 psa_status_t forced_status = forced_status_arg; 2045 uint8_t *input_x = input->x; 2046 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2047 2048 TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); 2049 2050 PSA_ASSERT(psa_crypto_init()); 2051 2052 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 2053 psa_set_key_algorithm(&attributes, alg); 2054 psa_set_key_type(&attributes, key_type); 2055 2056 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2057 &key)); 2058 2059 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 2060 2061 /* 2062 * Verify the MAC, multi-part case. 2063 */ 2064 status = psa_mac_verify_setup(&operation, key, alg); 2065 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2066 2067 if (forced_status == PSA_SUCCESS || 2068 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2069 PSA_ASSERT(status); 2070 } else { 2071 TEST_EQUAL(forced_status, status); 2072 } 2073 2074 if (fragments_count) { 2075 TEST_ASSERT((input->len / fragments_count) > 0); 2076 } 2077 2078 for (int i = 0; i < fragments_count; i++) { 2079 int fragment_size = input->len / fragments_count; 2080 if (i == fragments_count - 1) { 2081 fragment_size += (input->len % fragments_count); 2082 } 2083 2084 status = psa_mac_update(&operation, 2085 input_x, fragment_size); 2086 if (forced_status == PSA_SUCCESS) { 2087 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); 2088 } else { 2089 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2090 } 2091 2092 if (forced_status == PSA_SUCCESS || 2093 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2094 PSA_ASSERT(status); 2095 } else { 2096 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 2097 } 2098 input_x += fragment_size; 2099 } 2100 2101 status = psa_mac_verify_finish(&operation, 2102 expected_mac->x, 2103 expected_mac->len); 2104 if (forced_status == PSA_SUCCESS) { 2105 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 2106 } else { 2107 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2108 } 2109 2110 if (forced_status == PSA_SUCCESS || 2111 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2112 PSA_ASSERT(status); 2113 } else { 2114 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 2115 } 2116 2117 2118 PSA_ASSERT(psa_mac_abort(&operation)); 2119 if (forced_status == PSA_SUCCESS) { 2120 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 2121 } else { 2122 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2123 } 2124 2125exit: 2126 psa_mac_abort(&operation); 2127 psa_destroy_key(key); 2128 PSA_DONE(); 2129 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2130} 2131/* END_CASE */ 2132 2133/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 2134void builtin_key_export(int builtin_key_id_arg, 2135 int builtin_key_type_arg, 2136 int builtin_key_bits_arg, 2137 int builtin_key_algorithm_arg, 2138 data_t *expected_output, 2139 int expected_status_arg) 2140{ 2141 psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; 2142 psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; 2143 psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; 2144 size_t builtin_key_bits = (size_t) builtin_key_bits_arg; 2145 psa_status_t expected_status = expected_status_arg; 2146 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2147 2148 mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); 2149 uint8_t *output_buffer = NULL; 2150 size_t output_size = 0; 2151 psa_status_t actual_status; 2152 2153 PSA_ASSERT(psa_crypto_init()); 2154 ASSERT_ALLOC(output_buffer, expected_output->len); 2155 2156 actual_status = psa_export_key(key, output_buffer, expected_output->len, &output_size); 2157 2158 if (expected_status == PSA_SUCCESS) { 2159 PSA_ASSERT(actual_status); 2160 TEST_EQUAL(output_size, expected_output->len); 2161 ASSERT_COMPARE(output_buffer, output_size, 2162 expected_output->x, expected_output->len); 2163 2164 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2165 TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); 2166 TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); 2167 TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); 2168 } else { 2169 if (actual_status != expected_status) { 2170 fprintf(stderr, "Expected %d but got %d\n", expected_status, actual_status); 2171 } 2172 TEST_EQUAL(actual_status, expected_status); 2173 TEST_EQUAL(output_size, 0); 2174 } 2175 2176exit: 2177 mbedtls_free(output_buffer); 2178 psa_reset_key_attributes(&attributes); 2179 psa_destroy_key(key); 2180 PSA_DONE(); 2181} 2182/* END_CASE */ 2183 2184/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 2185void builtin_pubkey_export(int builtin_key_id_arg, 2186 int builtin_key_type_arg, 2187 int builtin_key_bits_arg, 2188 int builtin_key_algorithm_arg, 2189 data_t *expected_output, 2190 int expected_status_arg) 2191{ 2192 psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; 2193 psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; 2194 psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; 2195 size_t builtin_key_bits = (size_t) builtin_key_bits_arg; 2196 psa_status_t expected_status = expected_status_arg; 2197 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2198 2199 mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); 2200 uint8_t *output_buffer = NULL; 2201 size_t output_size = 0; 2202 psa_status_t actual_status; 2203 2204 PSA_ASSERT(psa_crypto_init()); 2205 ASSERT_ALLOC(output_buffer, expected_output->len); 2206 2207 actual_status = psa_export_public_key(key, output_buffer, expected_output->len, &output_size); 2208 2209 if (expected_status == PSA_SUCCESS) { 2210 PSA_ASSERT(actual_status); 2211 TEST_EQUAL(output_size, expected_output->len); 2212 ASSERT_COMPARE(output_buffer, output_size, 2213 expected_output->x, expected_output->len); 2214 2215 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2216 TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); 2217 TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); 2218 TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); 2219 } else { 2220 TEST_EQUAL(actual_status, expected_status); 2221 TEST_EQUAL(output_size, 0); 2222 } 2223 2224exit: 2225 mbedtls_free(output_buffer); 2226 psa_reset_key_attributes(&attributes); 2227 psa_destroy_key(key); 2228 PSA_DONE(); 2229} 2230/* END_CASE */ 2231 2232/* BEGIN_CASE */ 2233void hash_compute(int alg_arg, 2234 data_t *input, data_t *hash, 2235 int forced_status_arg, 2236 int expected_status_arg) 2237{ 2238 psa_algorithm_t alg = alg_arg; 2239 psa_status_t forced_status = forced_status_arg; 2240 psa_status_t expected_status = expected_status_arg; 2241 unsigned char *output = NULL; 2242 size_t output_length; 2243 2244 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2245 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2246 2247 PSA_ASSERT(psa_crypto_init()); 2248 ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); 2249 2250 TEST_EQUAL(psa_hash_compute(alg, input->x, input->len, 2251 output, PSA_HASH_LENGTH(alg), 2252 &output_length), expected_status); 2253 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2254 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2255 2256 if (expected_status == PSA_SUCCESS) { 2257 ASSERT_COMPARE(output, output_length, hash->x, hash->len); 2258 } 2259 2260exit: 2261 mbedtls_free(output); 2262 PSA_DONE(); 2263 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2264} 2265/* END_CASE */ 2266 2267/* BEGIN_CASE */ 2268void hash_multipart_setup(int alg_arg, 2269 data_t *input, data_t *hash, 2270 int forced_status_arg, 2271 int expected_status_arg) 2272{ 2273 psa_algorithm_t alg = alg_arg; 2274 psa_status_t forced_status = forced_status_arg; 2275 psa_status_t expected_status = expected_status_arg; 2276 unsigned char *output = NULL; 2277 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2278 size_t output_length; 2279 2280 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2281 ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); 2282 2283 PSA_ASSERT(psa_crypto_init()); 2284 2285 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2286 TEST_EQUAL(psa_hash_setup(&operation, alg), expected_status); 2287 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2288 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2289 2290 if (expected_status == PSA_SUCCESS) { 2291 PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 2292 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2293 forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 2); 2294 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2295 2296 PSA_ASSERT(psa_hash_finish(&operation, 2297 output, PSA_HASH_LENGTH(alg), 2298 &output_length)); 2299 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2300 forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4); 2301 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2302 2303 ASSERT_COMPARE(output, output_length, hash->x, hash->len); 2304 } 2305 2306exit: 2307 psa_hash_abort(&operation); 2308 mbedtls_free(output); 2309 PSA_DONE(); 2310 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2311} 2312/* END_CASE */ 2313 2314/* BEGIN_CASE */ 2315void hash_multipart_update(int alg_arg, 2316 data_t *input, data_t *hash, 2317 int forced_status_arg) 2318{ 2319 psa_algorithm_t alg = alg_arg; 2320 psa_status_t forced_status = forced_status_arg; 2321 unsigned char *output = NULL; 2322 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2323 size_t output_length; 2324 2325 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2326 ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); 2327 2328 PSA_ASSERT(psa_crypto_init()); 2329 2330 /* 2331 * Update inactive operation, the driver shouldn't be called. 2332 */ 2333 TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), 2334 PSA_ERROR_BAD_STATE); 2335 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2336 2337 PSA_ASSERT(psa_hash_setup(&operation, alg)); 2338 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2339 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2340 2341 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2342 TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), 2343 forced_status); 2344 /* One or two more calls to the driver interface: update or update + abort */ 2345 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2346 forced_status == PSA_SUCCESS ? 2 : 3); 2347 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2348 2349 if (forced_status == PSA_SUCCESS) { 2350 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2351 PSA_ASSERT(psa_hash_finish(&operation, 2352 output, PSA_HASH_LENGTH(alg), 2353 &output_length)); 2354 /* Two calls to the driver interface: update + abort */ 2355 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); 2356 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2357 2358 ASSERT_COMPARE(output, output_length, hash->x, hash->len); 2359 } 2360 2361exit: 2362 psa_hash_abort(&operation); 2363 mbedtls_free(output); 2364 PSA_DONE(); 2365 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2366} 2367/* END_CASE */ 2368 2369/* BEGIN_CASE */ 2370void hash_multipart_finish(int alg_arg, 2371 data_t *input, data_t *hash, 2372 int forced_status_arg) 2373{ 2374 psa_algorithm_t alg = alg_arg; 2375 psa_status_t forced_status = forced_status_arg; 2376 unsigned char *output = NULL; 2377 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2378 size_t output_length; 2379 2380 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2381 ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); 2382 2383 PSA_ASSERT(psa_crypto_init()); 2384 2385 /* 2386 * Finish inactive operation, the driver shouldn't be called. 2387 */ 2388 TEST_EQUAL(psa_hash_finish(&operation, output, PSA_HASH_LENGTH(alg), 2389 &output_length), 2390 PSA_ERROR_BAD_STATE); 2391 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2392 2393 PSA_ASSERT(psa_hash_setup(&operation, alg)); 2394 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2395 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2396 2397 PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 2398 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); 2399 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2400 2401 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2402 TEST_EQUAL(psa_hash_finish(&operation, 2403 output, PSA_HASH_LENGTH(alg), 2404 &output_length), 2405 forced_status); 2406 /* Two more calls to the driver interface: finish + abort */ 2407 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 4); 2408 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2409 2410 if (forced_status == PSA_SUCCESS) { 2411 ASSERT_COMPARE(output, output_length, hash->x, hash->len); 2412 } 2413 2414exit: 2415 psa_hash_abort(&operation); 2416 mbedtls_free(output); 2417 PSA_DONE(); 2418 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2419} 2420/* END_CASE */ 2421 2422/* BEGIN_CASE */ 2423void hash_clone(int alg_arg, 2424 data_t *input, data_t *hash, 2425 int forced_status_arg) 2426{ 2427 psa_algorithm_t alg = alg_arg; 2428 psa_status_t forced_status = forced_status_arg; 2429 unsigned char *output = NULL; 2430 psa_hash_operation_t source_operation = PSA_HASH_OPERATION_INIT; 2431 psa_hash_operation_t target_operation = PSA_HASH_OPERATION_INIT; 2432 size_t output_length; 2433 2434 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2435 ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); 2436 2437 PSA_ASSERT(psa_crypto_init()); 2438 2439 /* 2440 * Clone inactive operation, the driver shouldn't be called. 2441 */ 2442 TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), 2443 PSA_ERROR_BAD_STATE); 2444 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2445 2446 PSA_ASSERT(psa_hash_setup(&source_operation, alg)); 2447 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2448 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2449 2450 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2451 TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), 2452 forced_status); 2453 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2454 forced_status == PSA_SUCCESS ? 2 : 3); 2455 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2456 2457 if (forced_status == PSA_SUCCESS) { 2458 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2459 PSA_ASSERT(psa_hash_update(&target_operation, 2460 input->x, input->len)); 2461 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2462 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2463 2464 PSA_ASSERT(psa_hash_finish(&target_operation, 2465 output, PSA_HASH_LENGTH(alg), 2466 &output_length)); 2467 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 3); 2468 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2469 2470 ASSERT_COMPARE(output, output_length, hash->x, hash->len); 2471 } 2472 2473exit: 2474 psa_hash_abort(&source_operation); 2475 psa_hash_abort(&target_operation); 2476 mbedtls_free(output); 2477 PSA_DONE(); 2478 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2479} 2480/* END_CASE */ 2481 2482/* BEGIN_CASE */ 2483void asymmetric_encrypt_decrypt(int alg_arg, 2484 data_t *key_data, 2485 data_t *input_data, 2486 data_t *label, 2487 data_t *fake_output_encrypt, 2488 data_t *fake_output_decrypt, 2489 int forced_status_encrypt_arg, 2490 int forced_status_decrypt_arg, 2491 int expected_status_encrypt_arg, 2492 int expected_status_decrypt_arg) 2493{ 2494 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2495 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 2496 psa_algorithm_t alg = alg_arg; 2497 size_t key_bits; 2498 unsigned char *output = NULL; 2499 size_t output_size; 2500 size_t output_length = ~0; 2501 unsigned char *output2 = NULL; 2502 size_t output2_size; 2503 size_t output2_length = ~0; 2504 psa_status_t forced_status_encrypt = forced_status_encrypt_arg; 2505 psa_status_t forced_status_decrypt = forced_status_decrypt_arg; 2506 psa_status_t expected_status_encrypt = expected_status_encrypt_arg; 2507 psa_status_t expected_status_decrypt = expected_status_decrypt_arg; 2508 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2509 2510 PSA_ASSERT(psa_crypto_init()); 2511 mbedtls_test_driver_asymmetric_encryption_hooks = 2512 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2513 2514 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 2515 psa_set_key_algorithm(&attributes, alg); 2516 psa_set_key_type(&attributes, key_type); 2517 2518 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2519 &key)); 2520 2521 /* Determine the maximum ciphertext length */ 2522 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2523 key_bits = psa_get_key_bits(&attributes); 2524 2525 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2526 forced_status_encrypt; 2527 if (fake_output_encrypt->len > 0) { 2528 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2529 fake_output_encrypt->x; 2530 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2531 fake_output_encrypt->len; 2532 output_size = fake_output_encrypt->len; 2533 ASSERT_ALLOC(output, output_size); 2534 } else { 2535 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 2536 TEST_ASSERT(output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); 2537 ASSERT_ALLOC(output, output_size); 2538 } 2539 2540 /* We test encryption by checking that encrypt-then-decrypt gives back 2541 * the original plaintext because of the non-optional random 2542 * part of encryption process which prevents using fixed vectors. */ 2543 TEST_EQUAL(psa_asymmetric_encrypt(key, alg, 2544 input_data->x, input_data->len, 2545 label->x, label->len, 2546 output, output_size, 2547 &output_length), expected_status_encrypt); 2548 /* We don't know what ciphertext length to expect, but check that 2549 * it looks sensible. */ 2550 TEST_ASSERT(output_length <= output_size); 2551 2552 if (expected_status_encrypt == PSA_SUCCESS) { 2553 if (fake_output_encrypt->len > 0) { 2554 ASSERT_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, 2555 output, output_length); 2556 } else { 2557 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2558 forced_status_decrypt; 2559 if (fake_output_decrypt->len > 0) { 2560 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2561 fake_output_decrypt->x; 2562 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2563 fake_output_decrypt->len; 2564 output2_size = fake_output_decrypt->len; 2565 ASSERT_ALLOC(output2, output2_size); 2566 } else { 2567 output2_size = input_data->len; 2568 TEST_ASSERT(output2_size <= 2569 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); 2570 TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); 2571 ASSERT_ALLOC(output2, output2_size); 2572 } 2573 2574 TEST_EQUAL(psa_asymmetric_decrypt(key, alg, 2575 output, output_length, 2576 label->x, label->len, 2577 output2, output2_size, 2578 &output2_length), expected_status_decrypt); 2579 if (expected_status_decrypt == PSA_SUCCESS) { 2580 if (fake_output_decrypt->len > 0) { 2581 ASSERT_COMPARE(fake_output_decrypt->x, fake_output_decrypt->len, 2582 output2, output2_length); 2583 } else { 2584 ASSERT_COMPARE(input_data->x, input_data->len, 2585 output2, output2_length); 2586 } 2587 } 2588 } 2589 } 2590 2591exit: 2592 /* 2593 * Key attributes may have been returned by psa_get_key_attributes() 2594 * thus reset them as required. 2595 */ 2596 psa_reset_key_attributes(&attributes); 2597 2598 psa_destroy_key(key); 2599 mbedtls_free(output); 2600 mbedtls_free(output2); 2601 PSA_DONE(); 2602} 2603/* END_CASE */ 2604 2605/* BEGIN_CASE */ 2606void asymmetric_decrypt(int alg_arg, 2607 data_t *key_data, 2608 data_t *input_data, 2609 data_t *label, 2610 data_t *expected_output_data, 2611 data_t *fake_output_decrypt, 2612 int forced_status_decrypt_arg, 2613 int expected_status_decrypt_arg) 2614{ 2615 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2616 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 2617 psa_algorithm_t alg = alg_arg; 2618 unsigned char *output = NULL; 2619 size_t output_size; 2620 size_t output_length = ~0; 2621 psa_status_t forced_status_decrypt = forced_status_decrypt_arg; 2622 psa_status_t expected_status_decrypt = expected_status_decrypt_arg; 2623 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2624 2625 PSA_ASSERT(psa_crypto_init()); 2626 mbedtls_test_driver_asymmetric_encryption_hooks = 2627 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2628 2629 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 2630 psa_set_key_algorithm(&attributes, alg); 2631 psa_set_key_type(&attributes, key_type); 2632 2633 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2634 &key)); 2635 2636 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2637 forced_status_decrypt; 2638 2639 if (fake_output_decrypt->len > 0) { 2640 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2641 fake_output_decrypt->x; 2642 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2643 fake_output_decrypt->len; 2644 output_size = fake_output_decrypt->len; 2645 ASSERT_ALLOC(output, output_size); 2646 } else { 2647 output_size = expected_output_data->len; 2648 ASSERT_ALLOC(output, expected_output_data->len); 2649 } 2650 2651 TEST_EQUAL(psa_asymmetric_decrypt(key, alg, 2652 input_data->x, input_data->len, 2653 label->x, label->len, 2654 output, output_size, 2655 &output_length), expected_status_decrypt); 2656 if (expected_status_decrypt == PSA_SUCCESS) { 2657 TEST_EQUAL(output_length, expected_output_data->len); 2658 ASSERT_COMPARE(expected_output_data->x, expected_output_data->len, 2659 output, output_length); 2660 } 2661exit: 2662 /* 2663 * Key attributes may have been returned by psa_get_key_attributes() 2664 * thus reset them as required. 2665 */ 2666 psa_reset_key_attributes(&attributes); 2667 2668 psa_destroy_key(key); 2669 mbedtls_free(output); 2670 PSA_DONE(); 2671} 2672/* END_CASE */ 2673 2674/* BEGIN_CASE */ 2675void asymmetric_encrypt(int alg_arg, 2676 data_t *key_data, 2677 data_t *modulus, 2678 data_t *private_exponent, 2679 data_t *input_data, 2680 data_t *label, 2681 data_t *fake_output_encrypt, 2682 int forced_status_encrypt_arg, 2683 int expected_status_encrypt_arg) 2684{ 2685 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2686 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_PUBLIC_KEY; 2687 psa_algorithm_t alg = alg_arg; 2688 unsigned char *output = NULL; 2689 size_t output_size; 2690 size_t output_length = ~0; 2691 psa_status_t forced_status_encrypt = forced_status_encrypt_arg; 2692 psa_status_t expected_status_encrypt = expected_status_encrypt_arg; 2693 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2694 2695 PSA_ASSERT(psa_crypto_init()); 2696 mbedtls_test_driver_asymmetric_encryption_hooks = 2697 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2698 2699 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 2700 psa_set_key_algorithm(&attributes, alg); 2701 psa_set_key_type(&attributes, key_type); 2702 2703 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2704 &key)); 2705 2706 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2707 size_t key_bits = psa_get_key_bits(&attributes); 2708 2709 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2710 forced_status_encrypt; 2711 2712 if (fake_output_encrypt->len > 0) { 2713 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2714 fake_output_encrypt->x; 2715 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2716 fake_output_encrypt->len; 2717 output_size = fake_output_encrypt->len; 2718 ASSERT_ALLOC(output, output_size); 2719 } else { 2720 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 2721 ASSERT_ALLOC(output, output_size); 2722 } 2723 2724 TEST_EQUAL(psa_asymmetric_encrypt(key, alg, 2725 input_data->x, input_data->len, 2726 label->x, label->len, 2727 output, output_size, 2728 &output_length), expected_status_encrypt); 2729 if (expected_status_encrypt == PSA_SUCCESS) { 2730 if (fake_output_encrypt->len > 0) { 2731 TEST_EQUAL(fake_output_encrypt->len, output_length); 2732 ASSERT_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, 2733 output, output_length); 2734 } else { 2735 /* Perform sanity checks on the output */ 2736#if PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2737 if (PSA_KEY_TYPE_IS_RSA(key_type)) { 2738 if (!sanity_check_rsa_encryption_result( 2739 alg, modulus, private_exponent, 2740 input_data, 2741 output, output_length)) { 2742 goto exit; 2743 } 2744 } else 2745#endif 2746 { 2747 (void) modulus; 2748 (void) private_exponent; 2749 TEST_ASSERT(!"Encryption sanity checks not implemented for this key type"); 2750 } 2751 } 2752 } 2753exit: 2754 /* 2755 * Key attributes may have been returned by psa_get_key_attributes() 2756 * thus reset them as required. 2757 */ 2758 psa_reset_key_attributes(&attributes); 2759 2760 psa_destroy_key(key); 2761 mbedtls_free(output); 2762 PSA_DONE(); 2763} 2764/* END_CASE */ 2765 2766/* BEGIN_CASE */ 2767void aead_encrypt_setup(int key_type_arg, data_t *key_data, 2768 int alg_arg, 2769 data_t *nonce, 2770 data_t *additional_data, 2771 data_t *input_data, 2772 data_t *expected_ciphertext, 2773 data_t *expected_tag, 2774 int forced_status_arg, 2775 int expected_status_arg) 2776{ 2777 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2778 psa_key_type_t key_type = key_type_arg; 2779 psa_algorithm_t alg = alg_arg; 2780 size_t key_bits; 2781 psa_status_t forced_status = forced_status_arg; 2782 psa_status_t expected_status = expected_status_arg; 2783 uint8_t *output_data = NULL; 2784 size_t output_size = 0; 2785 size_t output_length = 0; 2786 size_t finish_output_length = 0; 2787 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2788 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2789 size_t tag_length = 0; 2790 uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 2791 2792 psa_aead_operation_t operation = psa_aead_operation_init(); 2793 2794 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2795 2796 PSA_INIT(); 2797 2798 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 2799 2800 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 2801 psa_set_key_algorithm(&attributes, alg); 2802 psa_set_key_type(&attributes, key_type); 2803 2804 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2805 &key)); 2806 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2807 key_bits = psa_get_key_bits(&attributes); 2808 2809 output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 2810 alg); 2811 2812 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 2813 * should be exact. */ 2814 TEST_EQUAL(output_size, 2815 PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 2816 TEST_ASSERT(output_size <= 2817 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 2818 ASSERT_ALLOC(output_data, output_size); 2819 2820 status = psa_aead_encrypt_setup(&operation, key, alg); 2821 2822 TEST_EQUAL(status, expected_status); 2823 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt_setup, 1); 2824 2825 if (status == PSA_SUCCESS) { 2826 /* Set the nonce. */ 2827 PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 2828 2829 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, 2830 forced_status == PSA_SUCCESS ? 1 : 0); 2831 2832 /* Check hooks hits and 2833 * set length (additional data and data to encrypt) */ 2834 PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 2835 input_data->len)); 2836 2837 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, 2838 forced_status == PSA_SUCCESS ? 1 : 0); 2839 2840 /* Pass the additional data */ 2841 PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 2842 additional_data->len)); 2843 2844 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, 2845 forced_status == PSA_SUCCESS ? 1 : 0); 2846 2847 /* Pass the data to encrypt */ 2848 PSA_ASSERT(psa_aead_update(&operation, input_data->x, input_data->len, 2849 output_data, output_size, &output_length)); 2850 2851 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, 2852 forced_status == PSA_SUCCESS ? 1 : 0); 2853 2854 /* Finish the encryption operation */ 2855 PSA_ASSERT(psa_aead_finish(&operation, output_data + output_length, 2856 output_size - output_length, 2857 &finish_output_length, tag_buffer, 2858 PSA_AEAD_TAG_MAX_SIZE, &tag_length)); 2859 2860 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 2861 forced_status == PSA_SUCCESS ? 1 : 0); 2862 2863 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, 2864 forced_status == PSA_SUCCESS ? 1 : 0); 2865 2866 /* Compare output_data and expected_ciphertext */ 2867 ASSERT_COMPARE(expected_ciphertext->x, expected_ciphertext->len, 2868 output_data, output_length + finish_output_length); 2869 2870 /* Compare tag and expected_tag */ 2871 ASSERT_COMPARE(expected_tag->x, expected_tag->len, tag_buffer, tag_length); 2872 } 2873 2874exit: 2875 /* Cleanup */ 2876 PSA_ASSERT(psa_destroy_key(key)); 2877 mbedtls_free(output_data); 2878 PSA_DONE(); 2879 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2880} 2881/* END_CASE */ 2882 2883/* BEGIN_CASE */ 2884void aead_decrypt_setup(int key_type_arg, data_t *key_data, 2885 int alg_arg, 2886 data_t *nonce, 2887 data_t *additional_data, 2888 data_t *input_ciphertext, 2889 data_t *input_tag, 2890 data_t *expected_result, 2891 int forced_status_arg, 2892 int expected_status_arg) 2893{ 2894 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2895 psa_key_type_t key_type = key_type_arg; 2896 psa_algorithm_t alg = alg_arg; 2897 unsigned char *output_data = NULL; 2898 size_t output_size = 0; 2899 size_t output_length = 0; 2900 size_t verify_output_length = 0; 2901 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2902 psa_status_t forced_status = forced_status_arg; 2903 psa_status_t expected_status = expected_status_arg; 2904 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2905 2906 psa_aead_operation_t operation = psa_aead_operation_init(); 2907 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2908 2909 PSA_INIT(); 2910 2911 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 2912 psa_set_key_algorithm(&attributes, alg); 2913 psa_set_key_type(&attributes, key_type); 2914 2915 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2916 &key)); 2917 2918 output_size = input_ciphertext->len; 2919 2920 ASSERT_ALLOC(output_data, output_size); 2921 2922 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 2923 2924 status = psa_aead_decrypt_setup(&operation, key, alg); 2925 2926 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 2927 PSA_SUCCESS : forced_status); 2928 2929 TEST_EQUAL(status, expected_status); 2930 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt_setup, 1); 2931 2932 if (status == PSA_SUCCESS) { 2933 PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 2934 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, 2935 forced_status == PSA_SUCCESS ? 1 : 0); 2936 2937 PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 2938 input_ciphertext->len)); 2939 2940 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, 2941 forced_status == PSA_SUCCESS ? 1 : 0); 2942 2943 PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 2944 additional_data->len)); 2945 2946 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, 2947 forced_status == PSA_SUCCESS ? 1 : 0); 2948 2949 PSA_ASSERT(psa_aead_update(&operation, input_ciphertext->x, 2950 input_ciphertext->len, output_data, 2951 output_size, &output_length)); 2952 2953 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, 2954 forced_status == PSA_SUCCESS ? 1 : 0); 2955 2956 /* Offset applied to output_data in order to handle cases where verify() 2957 * outputs further data */ 2958 PSA_ASSERT(psa_aead_verify(&operation, output_data + output_length, 2959 output_size - output_length, 2960 &verify_output_length, input_tag->x, 2961 input_tag->len)); 2962 2963 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_verify, 2964 forced_status == PSA_SUCCESS ? 1 : 0); 2965 2966 /* Since this is a decryption operation, 2967 * finish should never be hit */ 2968 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 0); 2969 2970 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, 2971 forced_status == PSA_SUCCESS ? 1 : 0); 2972 2973 ASSERT_COMPARE(expected_result->x, expected_result->len, 2974 output_data, output_length + verify_output_length); 2975 } 2976 2977exit: 2978 PSA_ASSERT(psa_destroy_key(key)); 2979 mbedtls_free(output_data); 2980 PSA_DONE(); 2981} 2982/* END_CASE */ 2983 2984/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 2985void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, 2986 data_t *forced_output, int expected_status_arg, 2987 int fut) 2988{ 2989 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2990 psa_status_t forced_status = forced_status_arg; 2991 psa_status_t forced_status_setup = forced_status_setup_arg; 2992 psa_status_t expected_status = expected_status_arg; 2993 psa_pake_operation_t operation = psa_pake_operation_init(); 2994 psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 2995 psa_key_derivation_operation_t implicit_key = 2996 PSA_KEY_DERIVATION_OPERATION_INIT; 2997 psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( 2998 PSA_PAKE_PRIMITIVE_TYPE_ECC, 2999 PSA_ECC_FAMILY_SECP_R1, 256); 3000 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3001 unsigned char *input_buffer = NULL; 3002 const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3003 PSA_PAKE_STEP_KEY_SHARE); 3004 unsigned char *output_buffer = NULL; 3005 size_t output_len = 0; 3006 size_t output_size = PSA_PAKE_OUTPUT_SIZE(PSA_ALG_JPAKE, primitive, 3007 PSA_PAKE_STEP_KEY_SHARE); 3008 int in_driver = (forced_status_setup_arg == PSA_SUCCESS); 3009 3010 ASSERT_ALLOC(input_buffer, 3011 PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3012 PSA_PAKE_STEP_KEY_SHARE)); 3013 memset(input_buffer, 0xAA, size_key_share); 3014 3015 ASSERT_ALLOC(output_buffer, 3016 PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3017 PSA_PAKE_STEP_KEY_SHARE)); 3018 memset(output_buffer, 0x55, output_size); 3019 3020 PSA_INIT(); 3021 3022 mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); 3023 3024 if (pw_data->len > 0) { 3025 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 3026 psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); 3027 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 3028 PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 3029 &key)); 3030 } 3031 3032 psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); 3033 psa_pake_cs_set_primitive(&cipher_suite, primitive); 3034 psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); 3035 3036 mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; 3037 3038 /* Collecting input stage (no driver entry points) */ 3039 3040 TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), 3041 PSA_SUCCESS); 3042 3043 PSA_ASSERT(psa_pake_set_user(&operation, jpake_server_id, sizeof(jpake_server_id))); 3044 PSA_ASSERT(psa_pake_set_peer(&operation, jpake_client_id, sizeof(jpake_client_id))); 3045 3046 TEST_EQUAL(psa_pake_set_password_key(&operation, key), 3047 PSA_SUCCESS); 3048 3049 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3050 3051 /* Computation stage (driver entry points) */ 3052 3053 switch (fut) { 3054 case 0: /* setup (via input) */ 3055 /* --- psa_pake_input (driver: setup, input) --- */ 3056 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3057 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3058 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3059 input_buffer, size_key_share), 3060 expected_status); 3061 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3062 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3063 break; 3064 3065 case 1: /* setup (via output) */ 3066 /* --- psa_pake_output (driver: setup, output) --- */ 3067 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3068 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3069 TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 3070 output_buffer, output_size, &output_len), 3071 expected_status); 3072 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3073 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3074 break; 3075 3076 case 2: /* input */ 3077 /* --- psa_pake_input (driver: setup, input, abort) --- */ 3078 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3079 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3080 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3081 input_buffer, size_key_share), 3082 expected_status); 3083 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); 3084 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3085 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.input, in_driver ? 1 : 0); 3086 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); 3087 break; 3088 3089 case 3: /* output */ 3090 /* --- psa_pake_output (driver: setup, output, (abort)) --- */ 3091 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3092 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3093 if (forced_output->len > 0) { 3094 mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; 3095 mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; 3096 } 3097 TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 3098 output_buffer, output_size, &output_len), 3099 expected_status); 3100 3101 if (forced_output->len > 0) { 3102 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 2 : 1); 3103 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3104 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); 3105 TEST_EQUAL(output_len, forced_output->len); 3106 TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); 3107 } else { 3108 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); 3109 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3110 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); 3111 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); 3112 } 3113 break; 3114 3115 case 4: /* get_implicit_key */ 3116 /* Call driver setup indirectly */ 3117 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3118 input_buffer, size_key_share), 3119 PSA_SUCCESS); 3120 3121 /* Simulate that we are ready to get implicit key. */ 3122 operation.computation_stage.jpake.input_step = PSA_PAKE_STEP_DERIVE; 3123 operation.computation_stage.jpake.output_step = PSA_PAKE_STEP_DERIVE; 3124 3125 /* --- psa_pake_get_implicit_key --- */ 3126 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3127 memset(&mbedtls_test_driver_pake_hooks.hits, 0, 3128 sizeof(mbedtls_test_driver_pake_hooks.hits)); 3129 TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), 3130 expected_status); 3131 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 2); 3132 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.implicit_key, 1); 3133 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); 3134 3135 break; 3136 3137 case 5: /* abort */ 3138 /* Call driver setup indirectly */ 3139 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3140 input_buffer, size_key_share), 3141 PSA_SUCCESS); 3142 3143 /* --- psa_pake_abort --- */ 3144 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3145 memset(&mbedtls_test_driver_pake_hooks.hits, 0, 3146 sizeof(mbedtls_test_driver_pake_hooks.hits)); 3147 TEST_EQUAL(psa_pake_abort(&operation), expected_status); 3148 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3149 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); 3150 break; 3151 3152 default: 3153 break; 3154 } 3155 3156 /* Clean up */ 3157 mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_SUCCESS; 3158 mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; 3159 TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS); 3160exit: 3161 /* 3162 * Key attributes may have been returned by psa_get_key_attributes() 3163 * thus reset them as required. 3164 */ 3165 psa_reset_key_attributes(&attributes); 3166 mbedtls_free(input_buffer); 3167 mbedtls_free(output_buffer); 3168 psa_destroy_key(key); 3169 mbedtls_test_driver_pake_hooks = 3170 mbedtls_test_driver_pake_hooks_init(); 3171 PSA_DONE(); 3172} 3173/* END_CASE */ 3174 3175/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ 3176void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, 3177 int derive_alg_arg, data_t *pw_data, 3178 int client_input_first, int in_driver) 3179{ 3180 psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 3181 psa_pake_operation_t server = psa_pake_operation_init(); 3182 psa_pake_operation_t client = psa_pake_operation_init(); 3183 psa_algorithm_t alg = alg_arg; 3184 psa_algorithm_t hash_alg = hash_arg; 3185 psa_algorithm_t derive_alg = derive_alg_arg; 3186 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3187 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3188 psa_key_derivation_operation_t server_derive = 3189 PSA_KEY_DERIVATION_OPERATION_INIT; 3190 psa_key_derivation_operation_t client_derive = 3191 PSA_KEY_DERIVATION_OPERATION_INIT; 3192 pake_in_driver = in_driver; 3193 /* driver setup is called indirectly through pake_output/pake_input */ 3194 if (pake_in_driver) { 3195 pake_expected_hit_count = 2; 3196 } else { 3197 pake_expected_hit_count = 1; 3198 } 3199 3200 PSA_INIT(); 3201 3202 mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); 3203 3204 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 3205 psa_set_key_algorithm(&attributes, alg); 3206 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 3207 PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 3208 &key)); 3209 3210 psa_pake_cs_set_algorithm(&cipher_suite, alg); 3211 psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); 3212 psa_pake_cs_set_hash(&cipher_suite, hash_alg); 3213 3214 /* Get shared key */ 3215 PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg)); 3216 PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg)); 3217 3218 if (PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) { 3219 PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive, 3220 PSA_KEY_DERIVATION_INPUT_SEED, 3221 (const uint8_t *) "", 0)); 3222 PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive, 3223 PSA_KEY_DERIVATION_INPUT_SEED, 3224 (const uint8_t *) "", 0)); 3225 } 3226 3227 if (!pake_in_driver) { 3228 mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_ERROR_NOT_SUPPORTED; 3229 } 3230 3231 PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); 3232 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3233 PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); 3234 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3235 3236 3237 PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); 3238 PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); 3239 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3240 PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); 3241 PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); 3242 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3243 PSA_ASSERT(psa_pake_set_password_key(&server, key)); 3244 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3245 PSA_ASSERT(psa_pake_set_password_key(&client, key)); 3246 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3247 3248 /* First round */ 3249 ecjpake_do_round(alg, primitive_arg, &server, &client, 3250 client_input_first, 1); 3251 3252 /* Second round */ 3253 ecjpake_do_round(alg, primitive_arg, &server, &client, 3254 client_input_first, 2); 3255 3256 /* After the key is obtained operation is aborted. 3257 Adapt counter of expected hits. */ 3258 if (pake_in_driver) { 3259 pake_expected_hit_count++; 3260 } 3261 3262 PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); 3263 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 3264 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 3265 3266 /* After the key is obtained operation is aborted. 3267 Adapt counter of expected hits. */ 3268 if (pake_in_driver) { 3269 pake_expected_hit_count++; 3270 } 3271 3272 PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); 3273 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 3274 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 3275exit: 3276 psa_key_derivation_abort(&server_derive); 3277 psa_key_derivation_abort(&client_derive); 3278 psa_destroy_key(key); 3279 psa_pake_abort(&server); 3280 psa_pake_abort(&client); 3281 PSA_DONE(); 3282} 3283/* END_CASE */ 3284