1/* BEGIN_HEADER */ 2#include "test/drivers/test_driver.h" 3 4/* Auxiliary variables for pake tests. 5 Global to silent the compiler when unused. */ 6size_t pake_expected_hit_count = 0; 7int pake_in_driver = 0; 8 9/* The only two JPAKE user/peer identifiers supported for the time being. */ 10static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; 11static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; 12 13#if defined(PSA_WANT_ALG_JPAKE) && \ 14 defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ 15 defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) 16static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, 17 psa_pake_operation_t *server, 18 psa_pake_operation_t *client, 19 int client_input_first, 20 int round) 21{ 22 unsigned char *buffer0 = NULL, *buffer1 = NULL; 23 size_t buffer_length = ( 24 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + 25 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + 26 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; 27 /* The output should be exactly this size according to the spec */ 28 const size_t expected_size_key_share = 29 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); 30 /* The output should be exactly this size according to the spec */ 31 const size_t expected_size_zk_public = 32 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); 33 /* The output can be smaller: the spec allows stripping leading zeroes */ 34 const size_t max_expected_size_zk_proof = 35 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); 36 size_t buffer0_off = 0; 37 size_t buffer1_off = 0; 38 size_t s_g1_len, s_g2_len, s_a_len; 39 size_t s_g1_off, s_g2_off, s_a_off; 40 size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; 41 size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; 42 size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; 43 size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; 44 size_t c_g1_len, c_g2_len, c_a_len; 45 size_t c_g1_off, c_g2_off, c_a_off; 46 size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; 47 size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; 48 size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; 49 size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; 50 psa_status_t status; 51 52 TEST_CALLOC(buffer0, buffer_length); 53 TEST_CALLOC(buffer1, buffer_length); 54 55 switch (round) { 56 case 1: 57 /* Server first round Output */ 58 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 59 buffer0 + buffer0_off, 60 512 - buffer0_off, &s_g1_len)); 61 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 62 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 63 TEST_EQUAL(s_g1_len, expected_size_key_share); 64 s_g1_off = buffer0_off; 65 buffer0_off += s_g1_len; 66 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 67 buffer0 + buffer0_off, 68 512 - buffer0_off, &s_x1_pk_len)); 69 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 70 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 71 TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); 72 s_x1_pk_off = buffer0_off; 73 buffer0_off += s_x1_pk_len; 74 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 75 buffer0 + buffer0_off, 76 512 - buffer0_off, &s_x1_pr_len)); 77 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 78 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 79 TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); 80 s_x1_pr_off = buffer0_off; 81 buffer0_off += s_x1_pr_len; 82 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 83 buffer0 + buffer0_off, 84 512 - buffer0_off, &s_g2_len)); 85 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 86 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 87 TEST_EQUAL(s_g2_len, expected_size_key_share); 88 s_g2_off = buffer0_off; 89 buffer0_off += s_g2_len; 90 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 91 buffer0 + buffer0_off, 92 512 - buffer0_off, &s_x2_pk_len)); 93 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 94 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 95 TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); 96 s_x2_pk_off = buffer0_off; 97 buffer0_off += s_x2_pk_len; 98 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 99 buffer0 + buffer0_off, 100 512 - buffer0_off, &s_x2_pr_len)); 101 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 102 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 103 TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); 104 s_x2_pr_off = buffer0_off; 105 buffer0_off += s_x2_pr_len; 106 107 if (client_input_first == 1) { 108 /* Client first round Input */ 109 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 110 buffer0 + s_g1_off, s_g1_len); 111 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 112 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 113 TEST_EQUAL(status, PSA_SUCCESS); 114 115 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 116 buffer0 + s_x1_pk_off, 117 s_x1_pk_len); 118 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 119 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 120 TEST_EQUAL(status, PSA_SUCCESS); 121 122 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 123 buffer0 + s_x1_pr_off, 124 s_x1_pr_len); 125 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 126 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 127 TEST_EQUAL(status, PSA_SUCCESS); 128 129 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 130 buffer0 + s_g2_off, 131 s_g2_len); 132 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 133 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 134 TEST_EQUAL(status, PSA_SUCCESS); 135 136 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 137 buffer0 + s_x2_pk_off, 138 s_x2_pk_len); 139 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 140 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 141 TEST_EQUAL(status, PSA_SUCCESS); 142 143 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 144 buffer0 + s_x2_pr_off, 145 s_x2_pr_len); 146 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 147 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 148 TEST_EQUAL(status, PSA_SUCCESS); 149 } 150 151 /* Adjust for indirect client driver setup in first pake_output call. */ 152 pake_expected_hit_count++; 153 154 /* Client first round Output */ 155 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 156 buffer1 + buffer1_off, 157 512 - buffer1_off, &c_g1_len)); 158 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 159 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 160 TEST_EQUAL(c_g1_len, expected_size_key_share); 161 c_g1_off = buffer1_off; 162 buffer1_off += c_g1_len; 163 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 164 buffer1 + buffer1_off, 165 512 - buffer1_off, &c_x1_pk_len)); 166 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 167 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 168 TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); 169 c_x1_pk_off = buffer1_off; 170 buffer1_off += c_x1_pk_len; 171 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 172 buffer1 + buffer1_off, 173 512 - buffer1_off, &c_x1_pr_len)); 174 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 175 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 176 TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); 177 c_x1_pr_off = buffer1_off; 178 buffer1_off += c_x1_pr_len; 179 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 180 buffer1 + buffer1_off, 181 512 - buffer1_off, &c_g2_len)); 182 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 183 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 184 TEST_EQUAL(c_g2_len, expected_size_key_share); 185 c_g2_off = buffer1_off; 186 buffer1_off += c_g2_len; 187 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 188 buffer1 + buffer1_off, 189 512 - buffer1_off, &c_x2_pk_len)); 190 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 191 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 192 TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); 193 c_x2_pk_off = buffer1_off; 194 buffer1_off += c_x2_pk_len; 195 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 196 buffer1 + buffer1_off, 197 512 - buffer1_off, &c_x2_pr_len)); 198 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 199 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 200 TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); 201 c_x2_pr_off = buffer1_off; 202 buffer1_off += c_x2_pr_len; 203 204 if (client_input_first == 0) { 205 /* Client first round Input */ 206 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 207 buffer0 + s_g1_off, s_g1_len); 208 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 209 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 210 TEST_EQUAL(status, PSA_SUCCESS); 211 212 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 213 buffer0 + s_x1_pk_off, 214 s_x1_pk_len); 215 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 216 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 217 TEST_EQUAL(status, PSA_SUCCESS); 218 219 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 220 buffer0 + s_x1_pr_off, 221 s_x1_pr_len); 222 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 223 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 224 TEST_EQUAL(status, PSA_SUCCESS); 225 226 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 227 buffer0 + s_g2_off, 228 s_g2_len); 229 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 230 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 231 TEST_EQUAL(status, PSA_SUCCESS); 232 233 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 234 buffer0 + s_x2_pk_off, 235 s_x2_pk_len); 236 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 237 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 238 TEST_EQUAL(status, PSA_SUCCESS); 239 240 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 241 buffer0 + s_x2_pr_off, 242 s_x2_pr_len); 243 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 244 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 245 TEST_EQUAL(status, PSA_SUCCESS); 246 } 247 248 /* Server first round Input */ 249 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 250 buffer1 + c_g1_off, c_g1_len); 251 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 252 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 253 TEST_EQUAL(status, PSA_SUCCESS); 254 255 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 256 buffer1 + c_x1_pk_off, c_x1_pk_len); 257 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 258 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 259 TEST_EQUAL(status, PSA_SUCCESS); 260 261 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 262 buffer1 + c_x1_pr_off, c_x1_pr_len); 263 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 264 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 265 TEST_EQUAL(status, PSA_SUCCESS); 266 267 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 268 buffer1 + c_g2_off, c_g2_len); 269 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 270 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 271 TEST_EQUAL(status, PSA_SUCCESS); 272 273 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 274 buffer1 + c_x2_pk_off, c_x2_pk_len); 275 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 276 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 277 TEST_EQUAL(status, PSA_SUCCESS); 278 279 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 280 buffer1 + c_x2_pr_off, c_x2_pr_len); 281 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 282 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 283 TEST_EQUAL(status, PSA_SUCCESS); 284 285 break; 286 287 case 2: 288 /* Server second round Output */ 289 buffer0_off = 0; 290 291 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 292 buffer0 + buffer0_off, 293 512 - buffer0_off, &s_a_len)); 294 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 295 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 296 TEST_EQUAL(s_a_len, expected_size_key_share); 297 s_a_off = buffer0_off; 298 buffer0_off += s_a_len; 299 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 300 buffer0 + buffer0_off, 301 512 - buffer0_off, &s_x2s_pk_len)); 302 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 303 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 304 TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); 305 s_x2s_pk_off = buffer0_off; 306 buffer0_off += s_x2s_pk_len; 307 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 308 buffer0 + buffer0_off, 309 512 - buffer0_off, &s_x2s_pr_len)); 310 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 311 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 312 TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); 313 s_x2s_pr_off = buffer0_off; 314 buffer0_off += s_x2s_pr_len; 315 316 if (client_input_first == 1) { 317 /* Client second round Input */ 318 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 319 buffer0 + s_a_off, s_a_len); 320 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 321 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 322 TEST_EQUAL(status, PSA_SUCCESS); 323 324 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 325 buffer0 + s_x2s_pk_off, 326 s_x2s_pk_len); 327 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 328 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 329 TEST_EQUAL(status, PSA_SUCCESS); 330 331 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 332 buffer0 + s_x2s_pr_off, 333 s_x2s_pr_len); 334 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 335 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 336 TEST_EQUAL(status, PSA_SUCCESS); 337 } 338 339 /* Client second round Output */ 340 buffer1_off = 0; 341 342 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 343 buffer1 + buffer1_off, 344 512 - buffer1_off, &c_a_len)); 345 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 346 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 347 TEST_EQUAL(c_a_len, expected_size_key_share); 348 c_a_off = buffer1_off; 349 buffer1_off += c_a_len; 350 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 351 buffer1 + buffer1_off, 352 512 - buffer1_off, &c_x2s_pk_len)); 353 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 354 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 355 TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); 356 c_x2s_pk_off = buffer1_off; 357 buffer1_off += c_x2s_pk_len; 358 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 359 buffer1 + buffer1_off, 360 512 - buffer1_off, &c_x2s_pr_len)); 361 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 362 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 363 TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); 364 c_x2s_pr_off = buffer1_off; 365 buffer1_off += c_x2s_pr_len; 366 367 if (client_input_first == 0) { 368 /* Client second round Input */ 369 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 370 buffer0 + s_a_off, s_a_len); 371 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 372 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 373 TEST_EQUAL(status, PSA_SUCCESS); 374 375 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 376 buffer0 + s_x2s_pk_off, 377 s_x2s_pk_len); 378 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 379 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 380 TEST_EQUAL(status, PSA_SUCCESS); 381 382 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 383 buffer0 + s_x2s_pr_off, 384 s_x2s_pr_len); 385 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 386 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 387 TEST_EQUAL(status, PSA_SUCCESS); 388 } 389 390 /* Server second round Input */ 391 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 392 buffer1 + c_a_off, c_a_len); 393 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 394 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 395 TEST_EQUAL(status, PSA_SUCCESS); 396 397 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 398 buffer1 + c_x2s_pk_off, c_x2s_pk_len); 399 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 400 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 401 TEST_EQUAL(status, PSA_SUCCESS); 402 403 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 404 buffer1 + c_x2s_pr_off, c_x2s_pr_len); 405 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 406 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 407 TEST_EQUAL(status, PSA_SUCCESS); 408 409 break; 410 } 411 412exit: 413 mbedtls_free(buffer0); 414 mbedtls_free(buffer1); 415} 416#endif /* PSA_WANT_ALG_JPAKE */ 417 418#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) 419/* Sanity checks on the output of RSA encryption. 420 * 421 * \param modulus Key modulus. Must not have leading zeros. 422 * \param private_exponent Key private exponent. 423 * \param alg An RSA algorithm. 424 * \param input_data The input plaintext. 425 * \param buf The ciphertext produced by the driver. 426 * \param length Length of \p buf in bytes. 427 */ 428static int sanity_check_rsa_encryption_result( 429 psa_algorithm_t alg, 430 const data_t *modulus, const data_t *private_exponent, 431 const data_t *input_data, 432 uint8_t *buf, size_t length) 433{ 434#if defined(MBEDTLS_BIGNUM_C) 435 mbedtls_mpi N, D, C, X; 436 mbedtls_mpi_init(&N); 437 mbedtls_mpi_init(&D); 438 mbedtls_mpi_init(&C); 439 mbedtls_mpi_init(&X); 440#endif /* MBEDTLS_BIGNUM_C */ 441 442 int ok = 0; 443 444 TEST_ASSERT(length == modulus->len); 445 446#if defined(MBEDTLS_BIGNUM_C) 447 /* Perform the private key operation */ 448 TEST_ASSERT(mbedtls_mpi_read_binary(&N, modulus->x, modulus->len) == 0); 449 TEST_ASSERT(mbedtls_mpi_read_binary(&D, 450 private_exponent->x, 451 private_exponent->len) == 0); 452 TEST_ASSERT(mbedtls_mpi_read_binary(&C, buf, length) == 0); 453 TEST_ASSERT(mbedtls_mpi_exp_mod(&X, &C, &D, &N, NULL) == 0); 454 455 /* Sanity checks on the padded plaintext */ 456 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, length) == 0); 457 458 if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { 459 TEST_ASSERT(length > input_data->len + 2); 460 TEST_EQUAL(buf[0], 0x00); 461 TEST_EQUAL(buf[1], 0x02); 462 TEST_EQUAL(buf[length - input_data->len - 1], 0x00); 463 TEST_MEMORY_COMPARE(buf + length - input_data->len, input_data->len, 464 input_data->x, input_data->len); 465 } else if (PSA_ALG_IS_RSA_OAEP(alg)) { 466 TEST_EQUAL(buf[0], 0x00); 467 /* The rest is too hard to check */ 468 } else { 469 TEST_FAIL("Encryption result sanity check not implemented for RSA algorithm"); 470 } 471#endif /* MBEDTLS_BIGNUM_C */ 472 473 ok = 1; 474 475exit: 476#if defined(MBEDTLS_BIGNUM_C) 477 mbedtls_mpi_free(&N); 478 mbedtls_mpi_free(&D); 479 mbedtls_mpi_free(&C); 480 mbedtls_mpi_free(&X); 481#endif /* MBEDTLS_BIGNUM_C */ 482 return ok; 483} 484#endif 485/* END_HEADER */ 486 487/* BEGIN_DEPENDENCIES 488 * depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_CRYPTO_DRIVER_TEST 489 * END_DEPENDENCIES 490 */ 491 492/* BEGIN_CASE */ 493void sign_hash(int key_type_arg, 494 int alg_arg, 495 int force_status_arg, 496 data_t *key_input, 497 data_t *data_input, 498 data_t *expected_output, 499 int fake_output, 500 int expected_status_arg) 501{ 502 psa_status_t force_status = force_status_arg; 503 psa_status_t expected_status = expected_status_arg; 504 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 505 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 506 psa_algorithm_t alg = alg_arg; 507 size_t key_bits; 508 psa_key_type_t key_type = key_type_arg; 509 unsigned char *signature = NULL; 510 size_t signature_size; 511 size_t signature_length = 0xdeadbeef; 512 psa_status_t actual_status; 513 mbedtls_test_driver_signature_sign_hooks = 514 mbedtls_test_driver_signature_hooks_init(); 515 516 PSA_ASSERT(psa_crypto_init()); 517 psa_set_key_type(&attributes, 518 key_type); 519 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 520 psa_set_key_algorithm(&attributes, alg); 521 psa_import_key(&attributes, 522 key_input->x, key_input->len, 523 &key); 524 525 mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; 526 if (fake_output == 1) { 527 mbedtls_test_driver_signature_sign_hooks.forced_output = 528 expected_output->x; 529 mbedtls_test_driver_signature_sign_hooks.forced_output_length = 530 expected_output->len; 531 } 532 533 /* Allocate a buffer which has the size advertized by the 534 * library. */ 535 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 536 key_bits = psa_get_key_bits(&attributes); 537 signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 538 539 TEST_ASSERT(signature_size != 0); 540 TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); 541 TEST_CALLOC(signature, signature_size); 542 543 actual_status = psa_sign_hash(key, alg, 544 data_input->x, data_input->len, 545 signature, signature_size, 546 &signature_length); 547 TEST_EQUAL(actual_status, expected_status); 548 if (expected_status == PSA_SUCCESS) { 549 TEST_MEMORY_COMPARE(signature, signature_length, 550 expected_output->x, expected_output->len); 551 } 552 TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1); 553 554exit: 555 psa_reset_key_attributes(&attributes); 556 psa_destroy_key(key); 557 mbedtls_free(signature); 558 PSA_DONE(); 559 mbedtls_test_driver_signature_sign_hooks = 560 mbedtls_test_driver_signature_hooks_init(); 561} 562/* END_CASE */ 563 564/* BEGIN_CASE */ 565void verify_hash(int key_type_arg, 566 int key_type_public_arg, 567 int alg_arg, 568 int force_status_arg, 569 int register_public_key, 570 data_t *key_input, 571 data_t *data_input, 572 data_t *signature_input, 573 int expected_status_arg) 574{ 575 psa_status_t force_status = force_status_arg; 576 psa_status_t expected_status = expected_status_arg; 577 psa_algorithm_t alg = alg_arg; 578 psa_key_type_t key_type = key_type_arg; 579 psa_key_type_t key_type_public = key_type_public_arg; 580 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 581 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 582 psa_status_t actual_status; 583 mbedtls_test_driver_signature_verify_hooks = 584 mbedtls_test_driver_signature_hooks_init(); 585 586 PSA_ASSERT(psa_crypto_init()); 587 if (register_public_key) { 588 psa_set_key_type(&attributes, key_type_public); 589 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 590 psa_set_key_algorithm(&attributes, alg); 591 psa_import_key(&attributes, 592 key_input->x, key_input->len, 593 &key); 594 } else { 595 psa_set_key_type(&attributes, key_type); 596 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 597 psa_set_key_algorithm(&attributes, alg); 598 psa_import_key(&attributes, 599 key_input->x, key_input->len, 600 &key); 601 } 602 603 mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; 604 605 actual_status = psa_verify_hash(key, alg, 606 data_input->x, data_input->len, 607 signature_input->x, signature_input->len); 608 TEST_EQUAL(actual_status, expected_status); 609 TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 1); 610 611exit: 612 psa_reset_key_attributes(&attributes); 613 psa_destroy_key(key); 614 PSA_DONE(); 615 mbedtls_test_driver_signature_verify_hooks = 616 mbedtls_test_driver_signature_hooks_init(); 617} 618/* END_CASE */ 619 620/* BEGIN_CASE */ 621void sign_message(int key_type_arg, 622 int alg_arg, 623 int force_status_arg, 624 data_t *key_input, 625 data_t *data_input, 626 data_t *expected_output, 627 int fake_output, 628 int expected_status_arg) 629{ 630 psa_status_t force_status = force_status_arg; 631 psa_status_t expected_status = expected_status_arg; 632 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 633 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 634 psa_algorithm_t alg = alg_arg; 635 size_t key_bits; 636 psa_key_type_t key_type = key_type_arg; 637 unsigned char *signature = NULL; 638 size_t signature_size; 639 size_t signature_length = 0xdeadbeef; 640 psa_status_t actual_status; 641 mbedtls_test_driver_signature_sign_hooks = 642 mbedtls_test_driver_signature_hooks_init(); 643 644 PSA_ASSERT(psa_crypto_init()); 645 psa_set_key_type(&attributes, key_type); 646 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); 647 psa_set_key_algorithm(&attributes, alg); 648 psa_import_key(&attributes, 649 key_input->x, key_input->len, 650 &key); 651 652 mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; 653 if (fake_output == 1) { 654 mbedtls_test_driver_signature_sign_hooks.forced_output = 655 expected_output->x; 656 mbedtls_test_driver_signature_sign_hooks.forced_output_length = 657 expected_output->len; 658 } 659 660 /* Allocate a buffer which has the size advertized by the 661 * library. */ 662 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 663 key_bits = psa_get_key_bits(&attributes); 664 signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 665 666 TEST_ASSERT(signature_size != 0); 667 TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); 668 TEST_CALLOC(signature, signature_size); 669 670 actual_status = psa_sign_message(key, alg, 671 data_input->x, data_input->len, 672 signature, signature_size, 673 &signature_length); 674 TEST_EQUAL(actual_status, expected_status); 675 if (expected_status == PSA_SUCCESS) { 676 TEST_MEMORY_COMPARE(signature, signature_length, 677 expected_output->x, expected_output->len); 678 } 679 /* In the builtin algorithm the driver is called twice. */ 680 TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 681 force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); 682 683exit: 684 psa_reset_key_attributes(&attributes); 685 psa_destroy_key(key); 686 mbedtls_free(signature); 687 PSA_DONE(); 688 mbedtls_test_driver_signature_sign_hooks = 689 mbedtls_test_driver_signature_hooks_init(); 690} 691/* END_CASE */ 692 693/* BEGIN_CASE */ 694void verify_message(int key_type_arg, 695 int key_type_public_arg, 696 int alg_arg, 697 int force_status_arg, 698 int register_public_key, 699 data_t *key_input, 700 data_t *data_input, 701 data_t *signature_input, 702 int expected_status_arg) 703{ 704 psa_status_t force_status = force_status_arg; 705 psa_status_t expected_status = expected_status_arg; 706 psa_algorithm_t alg = alg_arg; 707 psa_key_type_t key_type = key_type_arg; 708 psa_key_type_t key_type_public = key_type_public_arg; 709 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 710 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 711 psa_status_t actual_status; 712 mbedtls_test_driver_signature_verify_hooks = 713 mbedtls_test_driver_signature_hooks_init(); 714 715 PSA_ASSERT(psa_crypto_init()); 716 if (register_public_key) { 717 psa_set_key_type(&attributes, key_type_public); 718 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 719 psa_set_key_algorithm(&attributes, alg); 720 psa_import_key(&attributes, 721 key_input->x, key_input->len, 722 &key); 723 } else { 724 psa_set_key_type(&attributes, key_type); 725 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 726 psa_set_key_algorithm(&attributes, alg); 727 psa_import_key(&attributes, 728 key_input->x, key_input->len, 729 &key); 730 } 731 732 mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; 733 734 actual_status = psa_verify_message(key, alg, 735 data_input->x, data_input->len, 736 signature_input->x, signature_input->len); 737 TEST_EQUAL(actual_status, expected_status); 738 /* In the builtin algorithm the driver is called twice. */ 739 TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 740 force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); 741 742exit: 743 psa_reset_key_attributes(&attributes); 744 psa_destroy_key(key); 745 PSA_DONE(); 746 mbedtls_test_driver_signature_verify_hooks = 747 mbedtls_test_driver_signature_hooks_init(); 748} 749/* END_CASE */ 750 751/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ 752void generate_ec_key(int force_status_arg, 753 data_t *fake_output, 754 int expected_status_arg) 755{ 756 psa_status_t force_status = force_status_arg; 757 psa_status_t expected_status = expected_status_arg; 758 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 759 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 760 psa_algorithm_t alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256); 761 const uint8_t *expected_output = NULL; 762 size_t expected_output_length = 0; 763 psa_status_t actual_status; 764 uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = { 0 }; 765 size_t actual_output_length; 766 mbedtls_test_driver_key_management_hooks = 767 mbedtls_test_driver_key_management_hooks_init(); 768 769 psa_set_key_type(&attributes, 770 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); 771 psa_set_key_bits(&attributes, 256); 772 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT); 773 psa_set_key_algorithm(&attributes, alg); 774 775 if (fake_output->len > 0) { 776 expected_output = 777 mbedtls_test_driver_key_management_hooks.forced_output = 778 fake_output->x; 779 780 expected_output_length = 781 mbedtls_test_driver_key_management_hooks.forced_output_length = 782 fake_output->len; 783 } 784 785 mbedtls_test_driver_key_management_hooks.hits = 0; 786 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 787 788 PSA_ASSERT(psa_crypto_init()); 789 790 actual_status = psa_generate_key(&attributes, &key); 791 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); 792 TEST_EQUAL(actual_status, expected_status); 793 794 if (actual_status == PSA_SUCCESS) { 795 psa_export_key(key, actual_output, sizeof(actual_output), &actual_output_length); 796 797 if (fake_output->len > 0) { 798 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 799 expected_output, expected_output_length); 800 } else { 801 size_t zeroes = 0; 802 for (size_t i = 0; i < sizeof(actual_output); i++) { 803 if (actual_output[i] == 0) { 804 zeroes++; 805 } 806 } 807 TEST_ASSERT(zeroes != sizeof(actual_output)); 808 } 809 } 810exit: 811 psa_reset_key_attributes(&attributes); 812 psa_destroy_key(key); 813 PSA_DONE(); 814 mbedtls_test_driver_key_management_hooks = 815 mbedtls_test_driver_key_management_hooks_init(); 816} 817/* END_CASE */ 818 819/* BEGIN_CASE */ 820void validate_key(int force_status_arg, 821 int location, 822 int owner_id_arg, 823 int id_arg, 824 int key_type_arg, 825 data_t *key_input, 826 int expected_status_arg) 827{ 828 psa_key_lifetime_t lifetime = 829 PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ 830 PSA_KEY_PERSISTENCE_DEFAULT, location); 831 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg); 832 psa_status_t force_status = force_status_arg; 833 psa_status_t expected_status = expected_status_arg; 834 psa_key_type_t key_type = key_type_arg; 835 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 836 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 837 psa_status_t actual_status; 838 mbedtls_test_driver_key_management_hooks = 839 mbedtls_test_driver_key_management_hooks_init(); 840 841 psa_set_key_id(&attributes, id); 842 psa_set_key_type(&attributes, 843 key_type); 844 psa_set_key_lifetime(&attributes, lifetime); 845 psa_set_key_bits(&attributes, 0); 846 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 847 848 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 849 850 PSA_ASSERT(psa_crypto_init()); 851 852 actual_status = psa_import_key(&attributes, key_input->x, key_input->len, &key); 853 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); 854 TEST_EQUAL(actual_status, expected_status); 855 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.location, location); 856exit: 857 psa_reset_key_attributes(&attributes); 858 psa_destroy_key(key); 859 PSA_DONE(); 860 mbedtls_test_driver_key_management_hooks = 861 mbedtls_test_driver_key_management_hooks_init(); 862} 863/* END_CASE */ 864 865/* BEGIN_CASE */ 866void export_key(int force_status_arg, 867 data_t *fake_output, 868 int key_in_type_arg, 869 data_t *key_in, 870 int key_out_type_arg, 871 data_t *expected_output, 872 int expected_status_arg) 873{ 874 psa_status_t force_status = force_status_arg; 875 psa_status_t expected_status = expected_status_arg; 876 psa_key_handle_t handle = 0; 877 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 878 psa_key_type_t input_key_type = key_in_type_arg; 879 psa_key_type_t output_key_type = key_out_type_arg; 880 const uint8_t *expected_output_ptr = NULL; 881 size_t expected_output_length = 0; 882 psa_status_t actual_status; 883 uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = { 0 }; 884 size_t actual_output_length; 885 mbedtls_test_driver_key_management_hooks = 886 mbedtls_test_driver_key_management_hooks_init(); 887 888 psa_set_key_type(&attributes, input_key_type); 889 psa_set_key_bits(&attributes, 256); 890 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 891 892 PSA_ASSERT(psa_crypto_init()); 893 PSA_ASSERT(psa_import_key(&attributes, key_in->x, key_in->len, &handle)); 894 895 if (fake_output->len > 0) { 896 expected_output_ptr = 897 mbedtls_test_driver_key_management_hooks.forced_output = 898 fake_output->x; 899 900 expected_output_length = 901 mbedtls_test_driver_key_management_hooks.forced_output_length = 902 fake_output->len; 903 } else { 904 expected_output_ptr = expected_output->x; 905 expected_output_length = expected_output->len; 906 } 907 908 mbedtls_test_driver_key_management_hooks.hits = 0; 909 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 910 911 if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { 912 actual_status = psa_export_public_key(handle, 913 actual_output, 914 sizeof(actual_output), 915 &actual_output_length); 916 } else { 917 actual_status = psa_export_key(handle, 918 actual_output, 919 sizeof(actual_output), 920 &actual_output_length); 921 } 922 TEST_EQUAL(actual_status, expected_status); 923 924 if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && 925 !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { 926 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); 927 } 928 929 if (actual_status == PSA_SUCCESS) { 930 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 931 expected_output_ptr, expected_output_length); 932 } 933exit: 934 psa_reset_key_attributes(&attributes); 935 psa_destroy_key(handle); 936 PSA_DONE(); 937 mbedtls_test_driver_key_management_hooks = 938 mbedtls_test_driver_key_management_hooks_init(); 939} 940/* END_CASE */ 941 942/* BEGIN_CASE */ 943void key_agreement(int alg_arg, 944 int force_status_arg, 945 int our_key_type_arg, 946 data_t *our_key_data, 947 data_t *peer_key_data, 948 data_t *expected_output, 949 data_t *fake_output, 950 int expected_status_arg) 951{ 952 psa_status_t force_status = force_status_arg; 953 psa_status_t expected_status = expected_status_arg; 954 psa_algorithm_t alg = alg_arg; 955 psa_key_type_t our_key_type = our_key_type_arg; 956 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 957 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 958 const uint8_t *expected_output_ptr = NULL; 959 size_t expected_output_length = 0; 960 unsigned char *actual_output = NULL; 961 size_t actual_output_length = ~0; 962 size_t key_bits; 963 psa_status_t actual_status; 964 mbedtls_test_driver_key_agreement_hooks = 965 mbedtls_test_driver_key_agreement_hooks_init(); 966 967 PSA_ASSERT(psa_crypto_init()); 968 969 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 970 psa_set_key_algorithm(&attributes, alg); 971 psa_set_key_type(&attributes, our_key_type); 972 PSA_ASSERT(psa_import_key(&attributes, 973 our_key_data->x, our_key_data->len, 974 &our_key)); 975 976 PSA_ASSERT(psa_get_key_attributes(our_key, &attributes)); 977 key_bits = psa_get_key_bits(&attributes); 978 979 TEST_LE_U(expected_output->len, 980 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits)); 981 TEST_LE_U(PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits), 982 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); 983 984 if (fake_output->len > 0) { 985 expected_output_ptr = 986 mbedtls_test_driver_key_agreement_hooks.forced_output = 987 fake_output->x; 988 989 expected_output_length = 990 mbedtls_test_driver_key_agreement_hooks.forced_output_length = 991 fake_output->len; 992 } else { 993 expected_output_ptr = expected_output->x; 994 expected_output_length = expected_output->len; 995 } 996 997 mbedtls_test_driver_key_agreement_hooks.hits = 0; 998 mbedtls_test_driver_key_agreement_hooks.forced_status = force_status; 999 1000 TEST_CALLOC(actual_output, expected_output->len); 1001 actual_status = psa_raw_key_agreement(alg, our_key, 1002 peer_key_data->x, peer_key_data->len, 1003 actual_output, expected_output->len, 1004 &actual_output_length); 1005 TEST_EQUAL(actual_status, expected_status); 1006 TEST_EQUAL(mbedtls_test_driver_key_agreement_hooks.hits, 1); 1007 1008 if (actual_status == PSA_SUCCESS) { 1009 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 1010 expected_output_ptr, expected_output_length); 1011 } 1012 mbedtls_free(actual_output); 1013 actual_output = NULL; 1014 actual_output_length = ~0; 1015 1016exit: 1017 psa_reset_key_attributes(&attributes); 1018 psa_destroy_key(our_key); 1019 PSA_DONE(); 1020 mbedtls_test_driver_key_agreement_hooks = 1021 mbedtls_test_driver_key_agreement_hooks_init(); 1022} 1023 1024/* END_CASE */ 1025 1026/* BEGIN_CASE */ 1027void cipher_encrypt_validation(int alg_arg, 1028 int key_type_arg, 1029 data_t *key_data, 1030 data_t *input) 1031{ 1032 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1033 psa_key_type_t key_type = key_type_arg; 1034 psa_algorithm_t alg = alg_arg; 1035 size_t iv_size = PSA_CIPHER_IV_LENGTH(key_type, alg); 1036 unsigned char *output1 = NULL; 1037 size_t output1_buffer_size = 0; 1038 size_t output1_length = 0; 1039 unsigned char *output2 = NULL; 1040 size_t output2_buffer_size = 0; 1041 size_t output2_length = 0; 1042 size_t function_output_length = 0; 1043 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1044 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1045 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1046 1047 PSA_ASSERT(psa_crypto_init()); 1048 1049 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1050 psa_set_key_algorithm(&attributes, alg); 1051 psa_set_key_type(&attributes, key_type); 1052 1053 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); 1054 output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + 1055 PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); 1056 TEST_CALLOC(output1, output1_buffer_size); 1057 TEST_CALLOC(output2, output2_buffer_size); 1058 1059 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1060 &key)); 1061 1062 PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, 1063 output1_buffer_size, &output1_length)); 1064 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1065 mbedtls_test_driver_cipher_hooks.hits = 0; 1066 1067 PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 1068 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1069 mbedtls_test_driver_cipher_hooks.hits = 0; 1070 1071 PSA_ASSERT(psa_cipher_set_iv(&operation, output1, iv_size)); 1072 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1073 mbedtls_test_driver_cipher_hooks.hits = 0; 1074 1075 PSA_ASSERT(psa_cipher_update(&operation, 1076 input->x, input->len, 1077 output2, output2_buffer_size, 1078 &function_output_length)); 1079 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1080 mbedtls_test_driver_cipher_hooks.hits = 0; 1081 1082 output2_length += function_output_length; 1083 PSA_ASSERT(psa_cipher_finish(&operation, 1084 output2 + output2_length, 1085 output2_buffer_size - output2_length, 1086 &function_output_length)); 1087 /* Finish will have called abort as well, so expecting two hits here */ 1088 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1089 mbedtls_test_driver_cipher_hooks.hits = 0; 1090 1091 output2_length += function_output_length; 1092 1093 PSA_ASSERT(psa_cipher_abort(&operation)); 1094 // driver function should've been called as part of the finish() core routine 1095 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1096 TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size, 1097 output2, output2_length); 1098 1099exit: 1100 psa_cipher_abort(&operation); 1101 mbedtls_free(output1); 1102 mbedtls_free(output2); 1103 psa_destroy_key(key); 1104 PSA_DONE(); 1105 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1106} 1107/* END_CASE */ 1108 1109/* BEGIN_CASE */ 1110void cipher_encrypt_multipart(int alg_arg, 1111 int key_type_arg, 1112 data_t *key_data, 1113 data_t *iv, 1114 data_t *input, 1115 int first_part_size_arg, 1116 int output1_length_arg, 1117 int output2_length_arg, 1118 data_t *expected_output, 1119 int mock_output_arg, 1120 int force_status_arg, 1121 int expected_status_arg) 1122{ 1123 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1124 psa_key_type_t key_type = key_type_arg; 1125 psa_algorithm_t alg = alg_arg; 1126 psa_status_t status; 1127 psa_status_t expected_status = expected_status_arg; 1128 psa_status_t force_status = force_status_arg; 1129 size_t first_part_size = first_part_size_arg; 1130 size_t output1_length = output1_length_arg; 1131 size_t output2_length = output2_length_arg; 1132 unsigned char *output = NULL; 1133 size_t output_buffer_size = 0; 1134 size_t function_output_length = 0; 1135 size_t total_output_length = 0; 1136 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1137 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1138 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1139 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1140 1141 /* Test operation initialization */ 1142 mbedtls_psa_cipher_operation_t mbedtls_operation = 1143 MBEDTLS_PSA_CIPHER_OPERATION_INIT; 1144 1145 mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = 1146 MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; 1147 1148 mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = 1149 MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; 1150 1151 operation.ctx.mbedtls_ctx = mbedtls_operation; 1152 operation.ctx.transparent_test_driver_ctx = transparent_operation; 1153 operation.ctx.opaque_test_driver_ctx = opaque_operation; 1154 1155 PSA_ASSERT(psa_crypto_init()); 1156 1157 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1158 psa_set_key_algorithm(&attributes, alg); 1159 psa_set_key_type(&attributes, key_type); 1160 1161 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1162 &key)); 1163 1164 PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 1165 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1166 mbedtls_test_driver_cipher_hooks.hits = 0; 1167 1168 PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 1169 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1170 mbedtls_test_driver_cipher_hooks.hits = 0; 1171 1172 output_buffer_size = ((size_t) input->len + 1173 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); 1174 TEST_CALLOC(output, output_buffer_size); 1175 1176 if (mock_output_arg) { 1177 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1178 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1179 } 1180 1181 TEST_ASSERT(first_part_size <= input->len); 1182 PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size, 1183 output, output_buffer_size, 1184 &function_output_length)); 1185 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1186 mbedtls_test_driver_cipher_hooks.hits = 0; 1187 1188 TEST_ASSERT(function_output_length == output1_length); 1189 total_output_length += function_output_length; 1190 1191 if (first_part_size < input->len) { 1192 PSA_ASSERT(psa_cipher_update(&operation, 1193 input->x + first_part_size, 1194 input->len - first_part_size, 1195 output + total_output_length, 1196 output_buffer_size - total_output_length, 1197 &function_output_length)); 1198 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1199 mbedtls_test_driver_cipher_hooks.hits = 0; 1200 1201 TEST_ASSERT(function_output_length == output2_length); 1202 total_output_length += function_output_length; 1203 } 1204 1205 if (mock_output_arg) { 1206 mbedtls_test_driver_cipher_hooks.forced_output = NULL; 1207 mbedtls_test_driver_cipher_hooks.forced_output_length = 0; 1208 } 1209 1210 status = psa_cipher_finish(&operation, 1211 output + total_output_length, 1212 output_buffer_size - total_output_length, 1213 &function_output_length); 1214 /* Finish will have called abort as well, so expecting two hits here */ 1215 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); 1216 mbedtls_test_driver_cipher_hooks.hits = 0; 1217 total_output_length += function_output_length; 1218 TEST_EQUAL(status, expected_status); 1219 1220 if (expected_status == PSA_SUCCESS) { 1221 PSA_ASSERT(psa_cipher_abort(&operation)); 1222 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1223 1224 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1225 output, total_output_length); 1226 } 1227 1228exit: 1229 psa_cipher_abort(&operation); 1230 mbedtls_free(output); 1231 psa_destroy_key(key); 1232 PSA_DONE(); 1233 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1234} 1235/* END_CASE */ 1236 1237/* BEGIN_CASE */ 1238void cipher_decrypt_multipart(int alg_arg, 1239 int key_type_arg, 1240 data_t *key_data, 1241 data_t *iv, 1242 data_t *input, 1243 int first_part_size_arg, 1244 int output1_length_arg, 1245 int output2_length_arg, 1246 data_t *expected_output, 1247 int mock_output_arg, 1248 int force_status_arg, 1249 int expected_status_arg) 1250{ 1251 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1252 psa_key_type_t key_type = key_type_arg; 1253 psa_algorithm_t alg = alg_arg; 1254 psa_status_t status; 1255 psa_status_t expected_status = expected_status_arg; 1256 psa_status_t force_status = force_status_arg; 1257 size_t first_part_size = first_part_size_arg; 1258 size_t output1_length = output1_length_arg; 1259 size_t output2_length = output2_length_arg; 1260 unsigned char *output = NULL; 1261 size_t output_buffer_size = 0; 1262 size_t function_output_length = 0; 1263 size_t total_output_length = 0; 1264 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1265 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1266 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1267 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1268 1269 /* Test operation initialization */ 1270 mbedtls_psa_cipher_operation_t mbedtls_operation = 1271 MBEDTLS_PSA_CIPHER_OPERATION_INIT; 1272 1273 mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = 1274 MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; 1275 1276 mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = 1277 MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; 1278 1279 operation.ctx.mbedtls_ctx = mbedtls_operation; 1280 operation.ctx.transparent_test_driver_ctx = transparent_operation; 1281 operation.ctx.opaque_test_driver_ctx = opaque_operation; 1282 1283 PSA_ASSERT(psa_crypto_init()); 1284 1285 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1286 psa_set_key_algorithm(&attributes, alg); 1287 psa_set_key_type(&attributes, key_type); 1288 1289 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1290 &key)); 1291 1292 PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); 1293 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1294 mbedtls_test_driver_cipher_hooks.hits = 0; 1295 1296 PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 1297 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1298 mbedtls_test_driver_cipher_hooks.hits = 0; 1299 1300 output_buffer_size = ((size_t) input->len + 1301 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); 1302 TEST_CALLOC(output, output_buffer_size); 1303 1304 if (mock_output_arg) { 1305 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1306 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1307 } 1308 1309 TEST_ASSERT(first_part_size <= input->len); 1310 PSA_ASSERT(psa_cipher_update(&operation, 1311 input->x, first_part_size, 1312 output, output_buffer_size, 1313 &function_output_length)); 1314 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1315 mbedtls_test_driver_cipher_hooks.hits = 0; 1316 1317 TEST_ASSERT(function_output_length == output1_length); 1318 total_output_length += function_output_length; 1319 1320 if (first_part_size < input->len) { 1321 PSA_ASSERT(psa_cipher_update(&operation, 1322 input->x + first_part_size, 1323 input->len - first_part_size, 1324 output + total_output_length, 1325 output_buffer_size - total_output_length, 1326 &function_output_length)); 1327 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1328 mbedtls_test_driver_cipher_hooks.hits = 0; 1329 1330 TEST_ASSERT(function_output_length == output2_length); 1331 total_output_length += function_output_length; 1332 } 1333 1334 if (mock_output_arg) { 1335 mbedtls_test_driver_cipher_hooks.forced_output = NULL; 1336 mbedtls_test_driver_cipher_hooks.forced_output_length = 0; 1337 } 1338 1339 status = psa_cipher_finish(&operation, 1340 output + total_output_length, 1341 output_buffer_size - total_output_length, 1342 &function_output_length); 1343 /* Finish will have called abort as well, so expecting two hits here */ 1344 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); 1345 mbedtls_test_driver_cipher_hooks.hits = 0; 1346 total_output_length += function_output_length; 1347 TEST_EQUAL(status, expected_status); 1348 1349 if (expected_status == PSA_SUCCESS) { 1350 PSA_ASSERT(psa_cipher_abort(&operation)); 1351 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1352 1353 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1354 output, total_output_length); 1355 } 1356 1357exit: 1358 psa_cipher_abort(&operation); 1359 mbedtls_free(output); 1360 psa_destroy_key(key); 1361 PSA_DONE(); 1362 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1363} 1364/* END_CASE */ 1365 1366/* BEGIN_CASE */ 1367void cipher_decrypt(int alg_arg, 1368 int key_type_arg, 1369 data_t *key_data, 1370 data_t *iv, 1371 data_t *input_arg, 1372 data_t *expected_output, 1373 int mock_output_arg, 1374 int force_status_arg, 1375 int expected_status_arg) 1376{ 1377 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1378 psa_status_t status; 1379 psa_key_type_t key_type = key_type_arg; 1380 psa_algorithm_t alg = alg_arg; 1381 psa_status_t expected_status = expected_status_arg; 1382 psa_status_t force_status = force_status_arg; 1383 unsigned char *input = NULL; 1384 size_t input_buffer_size = 0; 1385 unsigned char *output = NULL; 1386 size_t output_buffer_size = 0; 1387 size_t output_length = 0; 1388 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1389 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1390 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1391 1392 PSA_ASSERT(psa_crypto_init()); 1393 1394 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1395 psa_set_key_algorithm(&attributes, alg); 1396 psa_set_key_type(&attributes, key_type); 1397 1398 /* Allocate input buffer and copy the iv and the plaintext */ 1399 input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); 1400 if (input_buffer_size > 0) { 1401 TEST_CALLOC(input, input_buffer_size); 1402 memcpy(input, iv->x, iv->len); 1403 memcpy(input + iv->len, input_arg->x, input_arg->len); 1404 } 1405 1406 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); 1407 TEST_CALLOC(output, output_buffer_size); 1408 1409 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1410 &key)); 1411 1412 if (mock_output_arg) { 1413 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1414 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1415 } 1416 1417 status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, 1418 output_buffer_size, &output_length); 1419 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1420 mbedtls_test_driver_cipher_hooks.hits = 0; 1421 1422 TEST_EQUAL(status, expected_status); 1423 1424 if (expected_status == PSA_SUCCESS) { 1425 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1426 output, output_length); 1427 } 1428 1429exit: 1430 mbedtls_free(input); 1431 mbedtls_free(output); 1432 psa_destroy_key(key); 1433 PSA_DONE(); 1434 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1435} 1436/* END_CASE */ 1437 1438/* BEGIN_CASE */ 1439void cipher_entry_points(int alg_arg, int key_type_arg, 1440 data_t *key_data, data_t *iv, 1441 data_t *input) 1442{ 1443 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1444 psa_status_t status; 1445 psa_key_type_t key_type = key_type_arg; 1446 psa_algorithm_t alg = alg_arg; 1447 unsigned char *output = NULL; 1448 size_t output_buffer_size = 0; 1449 size_t function_output_length = 0; 1450 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; 1451 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1452 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1453 1454 TEST_CALLOC(output, input->len + 16); 1455 output_buffer_size = input->len + 16; 1456 1457 PSA_ASSERT(psa_crypto_init()); 1458 1459 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 1460 psa_set_key_algorithm(&attributes, alg); 1461 psa_set_key_type(&attributes, key_type); 1462 1463 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1464 &key)); 1465 1466 /* 1467 * Test encrypt failure 1468 * First test that if we don't force a driver error, encryption is 1469 * successful, then force driver error. 1470 */ 1471 status = psa_cipher_encrypt( 1472 key, alg, input->x, input->len, 1473 output, output_buffer_size, &function_output_length); 1474 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1475 TEST_EQUAL(status, PSA_SUCCESS); 1476 mbedtls_test_driver_cipher_hooks.hits = 0; 1477 1478 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1479 /* Set the output buffer in a given state. */ 1480 for (size_t i = 0; i < output_buffer_size; i++) { 1481 output[i] = 0xa5; 1482 } 1483 1484 status = psa_cipher_encrypt( 1485 key, alg, input->x, input->len, 1486 output, output_buffer_size, &function_output_length); 1487 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1488 TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); 1489 /* 1490 * Check that the output buffer is still in the same state. 1491 * This will fail if the output buffer is used by the core to pass the IV 1492 * it generated to the driver (and is not restored). 1493 */ 1494 for (size_t i = 0; i < output_buffer_size; i++) { 1495 TEST_EQUAL(output[i], 0xa5); 1496 } 1497 mbedtls_test_driver_cipher_hooks.hits = 0; 1498 1499 /* Test setup call, encrypt */ 1500 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1501 status = psa_cipher_encrypt_setup(&operation, key, alg); 1502 /* When setup fails, it shouldn't call any further entry points */ 1503 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1504 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1505 mbedtls_test_driver_cipher_hooks.hits = 0; 1506 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1507 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1508 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1509 1510 /* Test setup call failure, decrypt */ 1511 status = psa_cipher_decrypt_setup(&operation, key, alg); 1512 /* When setup fails, it shouldn't call any further entry points */ 1513 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1514 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1515 mbedtls_test_driver_cipher_hooks.hits = 0; 1516 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1517 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1518 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1519 1520 /* Test IV setting failure */ 1521 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1522 status = psa_cipher_encrypt_setup(&operation, key, alg); 1523 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1524 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1525 mbedtls_test_driver_cipher_hooks.hits = 0; 1526 1527 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1528 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1529 /* When setting the IV fails, it should call abort too */ 1530 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1531 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1532 /* Failure should prevent further operations from executing on the driver */ 1533 mbedtls_test_driver_cipher_hooks.hits = 0; 1534 status = psa_cipher_update(&operation, 1535 input->x, input->len, 1536 output, output_buffer_size, 1537 &function_output_length); 1538 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1539 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1540 psa_cipher_abort(&operation); 1541 1542 /* Test IV generation failure */ 1543 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1544 status = psa_cipher_encrypt_setup(&operation, key, alg); 1545 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1546 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1547 mbedtls_test_driver_cipher_hooks.hits = 0; 1548 1549 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1550 /* Set the output buffer in a given state. */ 1551 for (size_t i = 0; i < 16; i++) { 1552 output[i] = 0xa5; 1553 } 1554 1555 status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length); 1556 /* When generating the IV fails, it should call abort too */ 1557 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1558 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1559 /* 1560 * Check that the output buffer is still in the same state. 1561 * This will fail if the output buffer is used by the core to pass the IV 1562 * it generated to the driver (and is not restored). 1563 */ 1564 for (size_t i = 0; i < 16; i++) { 1565 TEST_EQUAL(output[i], 0xa5); 1566 } 1567 /* Failure should prevent further operations from executing on the driver */ 1568 mbedtls_test_driver_cipher_hooks.hits = 0; 1569 status = psa_cipher_update(&operation, 1570 input->x, input->len, 1571 output, output_buffer_size, 1572 &function_output_length); 1573 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1574 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1575 psa_cipher_abort(&operation); 1576 1577 /* Test update failure */ 1578 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1579 status = psa_cipher_encrypt_setup(&operation, key, alg); 1580 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1581 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1582 mbedtls_test_driver_cipher_hooks.hits = 0; 1583 1584 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1585 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1586 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1587 mbedtls_test_driver_cipher_hooks.hits = 0; 1588 1589 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1590 status = psa_cipher_update(&operation, 1591 input->x, input->len, 1592 output, output_buffer_size, 1593 &function_output_length); 1594 /* When the update call fails, it should call abort too */ 1595 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1596 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1597 /* Failure should prevent further operations from executing on the driver */ 1598 mbedtls_test_driver_cipher_hooks.hits = 0; 1599 status = psa_cipher_update(&operation, 1600 input->x, input->len, 1601 output, output_buffer_size, 1602 &function_output_length); 1603 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1604 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1605 psa_cipher_abort(&operation); 1606 1607 /* Test finish failure */ 1608 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1609 status = psa_cipher_encrypt_setup(&operation, key, alg); 1610 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1611 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1612 mbedtls_test_driver_cipher_hooks.hits = 0; 1613 1614 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1615 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1616 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1617 mbedtls_test_driver_cipher_hooks.hits = 0; 1618 1619 status = psa_cipher_update(&operation, 1620 input->x, input->len, 1621 output, output_buffer_size, 1622 &function_output_length); 1623 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1624 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1625 mbedtls_test_driver_cipher_hooks.hits = 0; 1626 1627 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1628 status = psa_cipher_finish(&operation, 1629 output + function_output_length, 1630 output_buffer_size - function_output_length, 1631 &function_output_length); 1632 /* When the finish call fails, it should call abort too */ 1633 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1634 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1635 /* Failure should prevent further operations from executing on the driver */ 1636 mbedtls_test_driver_cipher_hooks.hits = 0; 1637 status = psa_cipher_update(&operation, 1638 input->x, input->len, 1639 output, output_buffer_size, 1640 &function_output_length); 1641 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1642 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1643 psa_cipher_abort(&operation); 1644 1645exit: 1646 psa_cipher_abort(&operation); 1647 mbedtls_free(output); 1648 psa_destroy_key(key); 1649 PSA_DONE(); 1650 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1651} 1652/* END_CASE */ 1653 1654/* BEGIN_CASE */ 1655void aead_encrypt(int key_type_arg, data_t *key_data, 1656 int alg_arg, 1657 data_t *nonce, 1658 data_t *additional_data, 1659 data_t *input_data, 1660 data_t *expected_result, 1661 int forced_status_arg) 1662{ 1663 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1664 psa_key_type_t key_type = key_type_arg; 1665 psa_algorithm_t alg = alg_arg; 1666 size_t key_bits; 1667 psa_status_t forced_status = forced_status_arg; 1668 unsigned char *output_data = NULL; 1669 size_t output_size = 0; 1670 size_t output_length = 0; 1671 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1672 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1673 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1674 1675 PSA_ASSERT(psa_crypto_init()); 1676 1677 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1678 psa_set_key_algorithm(&attributes, alg); 1679 psa_set_key_type(&attributes, key_type); 1680 1681 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1682 &key)); 1683 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1684 key_bits = psa_get_key_bits(&attributes); 1685 1686 output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 1687 alg); 1688 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 1689 * should be exact. */ 1690 TEST_EQUAL(output_size, 1691 PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 1692 TEST_ASSERT(output_size <= 1693 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 1694 TEST_CALLOC(output_data, output_size); 1695 1696 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 1697 status = psa_aead_encrypt(key, alg, 1698 nonce->x, nonce->len, 1699 additional_data->x, additional_data->len, 1700 input_data->x, input_data->len, 1701 output_data, output_size, 1702 &output_length); 1703 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt, 1); 1704 TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); 1705 1706 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 1707 PSA_SUCCESS : forced_status); 1708 1709 if (status == PSA_SUCCESS) { 1710 TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, 1711 output_data, output_length); 1712 } 1713 1714exit: 1715 psa_destroy_key(key); 1716 mbedtls_free(output_data); 1717 PSA_DONE(); 1718 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1719} 1720/* END_CASE */ 1721 1722/* BEGIN_CASE */ 1723void aead_decrypt(int key_type_arg, data_t *key_data, 1724 int alg_arg, 1725 data_t *nonce, 1726 data_t *additional_data, 1727 data_t *input_data, 1728 data_t *expected_data, 1729 int forced_status_arg) 1730{ 1731 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1732 psa_key_type_t key_type = key_type_arg; 1733 psa_algorithm_t alg = alg_arg; 1734 size_t key_bits; 1735 psa_status_t forced_status = forced_status_arg; 1736 unsigned char *output_data = NULL; 1737 size_t output_size = 0; 1738 size_t output_length = 0; 1739 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1740 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1741 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1742 1743 PSA_ASSERT(psa_crypto_init()); 1744 1745 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1746 psa_set_key_algorithm(&attributes, alg); 1747 psa_set_key_type(&attributes, key_type); 1748 1749 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1750 &key)); 1751 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1752 key_bits = psa_get_key_bits(&attributes); 1753 1754 output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits, 1755 alg); 1756 TEST_CALLOC(output_data, output_size); 1757 1758 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 1759 status = psa_aead_decrypt(key, alg, 1760 nonce->x, nonce->len, 1761 additional_data->x, 1762 additional_data->len, 1763 input_data->x, input_data->len, 1764 output_data, output_size, 1765 &output_length); 1766 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt, 1); 1767 TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); 1768 1769 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 1770 PSA_SUCCESS : forced_status); 1771 1772 if (status == PSA_SUCCESS) { 1773 TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, 1774 output_data, output_length); 1775 } 1776 1777exit: 1778 psa_destroy_key(key); 1779 mbedtls_free(output_data); 1780 PSA_DONE(); 1781 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1782} 1783/* END_CASE */ 1784 1785/* BEGIN_CASE */ 1786void mac_sign(int key_type_arg, 1787 data_t *key_data, 1788 int alg_arg, 1789 data_t *input, 1790 data_t *expected_mac, 1791 int forced_status_arg) 1792{ 1793 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1794 psa_key_type_t key_type = key_type_arg; 1795 psa_algorithm_t alg = alg_arg; 1796 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1797 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1798 uint8_t *actual_mac = NULL; 1799 size_t mac_buffer_size = 1800 PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 1801 size_t mac_length = 0; 1802 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1803 psa_status_t forced_status = forced_status_arg; 1804 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1805 1806 TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); 1807 /* We expect PSA_MAC_LENGTH to be exact. */ 1808 TEST_ASSERT(expected_mac->len == mac_buffer_size); 1809 1810 PSA_ASSERT(psa_crypto_init()); 1811 1812 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 1813 psa_set_key_algorithm(&attributes, alg); 1814 psa_set_key_type(&attributes, key_type); 1815 1816 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1817 &key)); 1818 1819 TEST_CALLOC(actual_mac, mac_buffer_size); 1820 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 1821 1822 /* 1823 * Calculate the MAC, one-shot case. 1824 */ 1825 status = psa_mac_compute(key, alg, 1826 input->x, input->len, 1827 actual_mac, mac_buffer_size, 1828 &mac_length); 1829 1830 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1831 if (forced_status == PSA_SUCCESS || 1832 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1833 PSA_ASSERT(status); 1834 } else { 1835 TEST_EQUAL(forced_status, status); 1836 } 1837 1838 PSA_ASSERT(psa_mac_abort(&operation)); 1839 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1840 1841 if (forced_status == PSA_SUCCESS) { 1842 TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, 1843 actual_mac, mac_length); 1844 } 1845 1846 mbedtls_free(actual_mac); 1847 actual_mac = NULL; 1848 1849exit: 1850 psa_mac_abort(&operation); 1851 psa_destroy_key(key); 1852 PSA_DONE(); 1853 mbedtls_free(actual_mac); 1854 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1855} 1856/* END_CASE */ 1857 1858/* BEGIN_CASE */ 1859void mac_sign_multipart(int key_type_arg, 1860 data_t *key_data, 1861 int alg_arg, 1862 data_t *input, 1863 data_t *expected_mac, 1864 int fragments_count, 1865 int forced_status_arg) 1866{ 1867 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1868 psa_key_type_t key_type = key_type_arg; 1869 psa_algorithm_t alg = alg_arg; 1870 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1871 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1872 uint8_t *actual_mac = NULL; 1873 size_t mac_buffer_size = 1874 PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 1875 size_t mac_length = 0; 1876 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1877 psa_status_t forced_status = forced_status_arg; 1878 uint8_t *input_x = input->x; 1879 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1880 1881 TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); 1882 /* We expect PSA_MAC_LENGTH to be exact. */ 1883 TEST_ASSERT(expected_mac->len == mac_buffer_size); 1884 1885 PSA_ASSERT(psa_crypto_init()); 1886 1887 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 1888 psa_set_key_algorithm(&attributes, alg); 1889 psa_set_key_type(&attributes, key_type); 1890 1891 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1892 &key)); 1893 1894 TEST_CALLOC(actual_mac, mac_buffer_size); 1895 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 1896 1897 /* 1898 * Calculate the MAC, multipart case. 1899 */ 1900 status = psa_mac_sign_setup(&operation, key, alg); 1901 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1902 1903 if (forced_status == PSA_SUCCESS || 1904 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1905 PSA_ASSERT(status); 1906 } else { 1907 TEST_EQUAL(forced_status, status); 1908 } 1909 1910 if (fragments_count) { 1911 TEST_ASSERT((input->len / fragments_count) > 0); 1912 } 1913 1914 for (int i = 0; i < fragments_count; i++) { 1915 int fragment_size = input->len / fragments_count; 1916 if (i == fragments_count - 1) { 1917 fragment_size += (input->len % fragments_count); 1918 } 1919 1920 status = psa_mac_update(&operation, 1921 input_x, fragment_size); 1922 if (forced_status == PSA_SUCCESS) { 1923 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); 1924 } else { 1925 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1926 } 1927 if (forced_status == PSA_SUCCESS || 1928 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1929 PSA_ASSERT(status); 1930 } else { 1931 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 1932 } 1933 input_x += fragment_size; 1934 } 1935 1936 status = psa_mac_sign_finish(&operation, 1937 actual_mac, mac_buffer_size, 1938 &mac_length); 1939 if (forced_status == PSA_SUCCESS) { 1940 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 1941 } else { 1942 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1943 } 1944 1945 if (forced_status == PSA_SUCCESS || 1946 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1947 PSA_ASSERT(status); 1948 } else { 1949 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 1950 } 1951 1952 PSA_ASSERT(psa_mac_abort(&operation)); 1953 if (forced_status == PSA_SUCCESS) { 1954 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 1955 } else { 1956 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1957 } 1958 1959 if (forced_status == PSA_SUCCESS) { 1960 TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, 1961 actual_mac, mac_length); 1962 } 1963 1964 mbedtls_free(actual_mac); 1965 actual_mac = NULL; 1966 1967exit: 1968 psa_mac_abort(&operation); 1969 psa_destroy_key(key); 1970 PSA_DONE(); 1971 mbedtls_free(actual_mac); 1972 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1973} 1974/* END_CASE */ 1975 1976/* BEGIN_CASE */ 1977void mac_verify(int key_type_arg, 1978 data_t *key_data, 1979 int alg_arg, 1980 data_t *input, 1981 data_t *expected_mac, 1982 int forced_status_arg) 1983{ 1984 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1985 psa_key_type_t key_type = key_type_arg; 1986 psa_algorithm_t alg = alg_arg; 1987 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 1988 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1989 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1990 psa_status_t forced_status = forced_status_arg; 1991 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1992 1993 TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); 1994 1995 PSA_ASSERT(psa_crypto_init()); 1996 1997 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 1998 psa_set_key_algorithm(&attributes, alg); 1999 psa_set_key_type(&attributes, key_type); 2000 2001 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2002 &key)); 2003 2004 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 2005 2006 /* 2007 * Verify the MAC, one-shot case. 2008 */ 2009 status = psa_mac_verify(key, alg, 2010 input->x, input->len, 2011 expected_mac->x, expected_mac->len); 2012 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2013 if (forced_status == PSA_SUCCESS || 2014 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2015 PSA_ASSERT(status); 2016 } else { 2017 TEST_EQUAL(forced_status, status); 2018 } 2019 2020 PSA_ASSERT(psa_mac_abort(&operation)); 2021 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2022exit: 2023 psa_mac_abort(&operation); 2024 psa_destroy_key(key); 2025 PSA_DONE(); 2026 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2027} 2028/* END_CASE */ 2029 2030/* BEGIN_CASE */ 2031void mac_verify_multipart(int key_type_arg, 2032 data_t *key_data, 2033 int alg_arg, 2034 data_t *input, 2035 data_t *expected_mac, 2036 int fragments_count, 2037 int forced_status_arg) 2038{ 2039 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2040 psa_key_type_t key_type = key_type_arg; 2041 psa_algorithm_t alg = alg_arg; 2042 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; 2043 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2044 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2045 psa_status_t forced_status = forced_status_arg; 2046 uint8_t *input_x = input->x; 2047 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2048 2049 TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); 2050 2051 PSA_ASSERT(psa_crypto_init()); 2052 2053 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 2054 psa_set_key_algorithm(&attributes, alg); 2055 psa_set_key_type(&attributes, key_type); 2056 2057 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2058 &key)); 2059 2060 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 2061 2062 /* 2063 * Verify the MAC, multi-part case. 2064 */ 2065 status = psa_mac_verify_setup(&operation, key, alg); 2066 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2067 2068 if (forced_status == PSA_SUCCESS || 2069 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2070 PSA_ASSERT(status); 2071 } else { 2072 TEST_EQUAL(forced_status, status); 2073 } 2074 2075 if (fragments_count) { 2076 TEST_ASSERT((input->len / fragments_count) > 0); 2077 } 2078 2079 for (int i = 0; i < fragments_count; i++) { 2080 int fragment_size = input->len / fragments_count; 2081 if (i == fragments_count - 1) { 2082 fragment_size += (input->len % fragments_count); 2083 } 2084 2085 status = psa_mac_update(&operation, 2086 input_x, fragment_size); 2087 if (forced_status == PSA_SUCCESS) { 2088 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); 2089 } else { 2090 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2091 } 2092 2093 if (forced_status == PSA_SUCCESS || 2094 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2095 PSA_ASSERT(status); 2096 } else { 2097 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 2098 } 2099 input_x += fragment_size; 2100 } 2101 2102 status = psa_mac_verify_finish(&operation, 2103 expected_mac->x, 2104 expected_mac->len); 2105 if (forced_status == PSA_SUCCESS) { 2106 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 2107 } else { 2108 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2109 } 2110 2111 if (forced_status == PSA_SUCCESS || 2112 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2113 PSA_ASSERT(status); 2114 } else { 2115 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 2116 } 2117 2118 2119 PSA_ASSERT(psa_mac_abort(&operation)); 2120 if (forced_status == PSA_SUCCESS) { 2121 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 2122 } else { 2123 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2124 } 2125 2126exit: 2127 psa_mac_abort(&operation); 2128 psa_destroy_key(key); 2129 PSA_DONE(); 2130 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2131} 2132/* END_CASE */ 2133 2134/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 2135void builtin_key_export(int builtin_key_id_arg, 2136 int builtin_key_type_arg, 2137 int builtin_key_bits_arg, 2138 int builtin_key_algorithm_arg, 2139 data_t *expected_output, 2140 int expected_status_arg) 2141{ 2142 psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; 2143 psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; 2144 psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; 2145 size_t builtin_key_bits = (size_t) builtin_key_bits_arg; 2146 psa_status_t expected_status = expected_status_arg; 2147 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2148 2149 mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); 2150 uint8_t *output_buffer = NULL; 2151 size_t output_size = 0; 2152 psa_status_t actual_status; 2153 2154 PSA_ASSERT(psa_crypto_init()); 2155 TEST_CALLOC(output_buffer, expected_output->len); 2156 2157 actual_status = psa_export_key(key, output_buffer, expected_output->len, &output_size); 2158 2159 if (expected_status == PSA_SUCCESS) { 2160 PSA_ASSERT(actual_status); 2161 TEST_EQUAL(output_size, expected_output->len); 2162 TEST_MEMORY_COMPARE(output_buffer, output_size, 2163 expected_output->x, expected_output->len); 2164 2165 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2166 TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); 2167 TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); 2168 TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); 2169 } else { 2170 if (actual_status != expected_status) { 2171 fprintf(stderr, "Expected %d but got %d\n", expected_status, actual_status); 2172 } 2173 TEST_EQUAL(actual_status, expected_status); 2174 TEST_EQUAL(output_size, 0); 2175 } 2176 2177exit: 2178 mbedtls_free(output_buffer); 2179 psa_reset_key_attributes(&attributes); 2180 psa_destroy_key(key); 2181 PSA_DONE(); 2182} 2183/* END_CASE */ 2184 2185/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 2186void builtin_pubkey_export(int builtin_key_id_arg, 2187 int builtin_key_type_arg, 2188 int builtin_key_bits_arg, 2189 int builtin_key_algorithm_arg, 2190 data_t *expected_output, 2191 int expected_status_arg) 2192{ 2193 psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; 2194 psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; 2195 psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; 2196 size_t builtin_key_bits = (size_t) builtin_key_bits_arg; 2197 psa_status_t expected_status = expected_status_arg; 2198 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2199 2200 mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); 2201 uint8_t *output_buffer = NULL; 2202 size_t output_size = 0; 2203 psa_status_t actual_status; 2204 2205 PSA_ASSERT(psa_crypto_init()); 2206 TEST_CALLOC(output_buffer, expected_output->len); 2207 2208 actual_status = psa_export_public_key(key, output_buffer, expected_output->len, &output_size); 2209 2210 if (expected_status == PSA_SUCCESS) { 2211 PSA_ASSERT(actual_status); 2212 TEST_EQUAL(output_size, expected_output->len); 2213 TEST_MEMORY_COMPARE(output_buffer, output_size, 2214 expected_output->x, expected_output->len); 2215 2216 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2217 TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); 2218 TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); 2219 TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); 2220 } else { 2221 TEST_EQUAL(actual_status, expected_status); 2222 TEST_EQUAL(output_size, 0); 2223 } 2224 2225exit: 2226 mbedtls_free(output_buffer); 2227 psa_reset_key_attributes(&attributes); 2228 psa_destroy_key(key); 2229 PSA_DONE(); 2230} 2231/* END_CASE */ 2232 2233/* BEGIN_CASE */ 2234void hash_compute(int alg_arg, 2235 data_t *input, data_t *hash, 2236 int forced_status_arg, 2237 int expected_status_arg) 2238{ 2239 psa_algorithm_t alg = alg_arg; 2240 psa_status_t forced_status = forced_status_arg; 2241 psa_status_t expected_status = expected_status_arg; 2242 unsigned char *output = NULL; 2243 size_t output_length; 2244 2245 2246 PSA_ASSERT(psa_crypto_init()); 2247 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2248 2249 /* Do this after psa_crypto_init() which may call hash drivers */ 2250 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2251 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2252 2253 TEST_EQUAL(psa_hash_compute(alg, input->x, input->len, 2254 output, PSA_HASH_LENGTH(alg), 2255 &output_length), expected_status); 2256 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2257 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2258 2259 if (expected_status == PSA_SUCCESS) { 2260 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2261 } 2262 2263exit: 2264 mbedtls_free(output); 2265 PSA_DONE(); 2266 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2267} 2268/* END_CASE */ 2269 2270/* BEGIN_CASE */ 2271void hash_multipart_setup(int alg_arg, 2272 data_t *input, data_t *hash, 2273 int forced_status_arg, 2274 int expected_status_arg) 2275{ 2276 psa_algorithm_t alg = alg_arg; 2277 psa_status_t forced_status = forced_status_arg; 2278 psa_status_t expected_status = expected_status_arg; 2279 unsigned char *output = NULL; 2280 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2281 size_t output_length; 2282 2283 2284 PSA_ASSERT(psa_crypto_init()); 2285 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2286 2287 /* Do this after psa_crypto_init() which may call hash drivers */ 2288 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2289 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2290 2291 TEST_EQUAL(psa_hash_setup(&operation, alg), expected_status); 2292 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2293 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2294 2295 if (expected_status == PSA_SUCCESS) { 2296 PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 2297 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2298 forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 2); 2299 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2300 2301 PSA_ASSERT(psa_hash_finish(&operation, 2302 output, PSA_HASH_LENGTH(alg), 2303 &output_length)); 2304 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2305 forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4); 2306 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2307 2308 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2309 } 2310 2311exit: 2312 psa_hash_abort(&operation); 2313 mbedtls_free(output); 2314 PSA_DONE(); 2315 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2316} 2317/* END_CASE */ 2318 2319/* BEGIN_CASE */ 2320void hash_multipart_update(int alg_arg, 2321 data_t *input, data_t *hash, 2322 int forced_status_arg) 2323{ 2324 psa_algorithm_t alg = alg_arg; 2325 psa_status_t forced_status = forced_status_arg; 2326 unsigned char *output = NULL; 2327 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2328 size_t output_length; 2329 2330 2331 PSA_ASSERT(psa_crypto_init()); 2332 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2333 2334 /* Do this after psa_crypto_init() which may call hash drivers */ 2335 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2336 2337 /* 2338 * Update inactive operation, the driver shouldn't be called. 2339 */ 2340 TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), 2341 PSA_ERROR_BAD_STATE); 2342 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2343 2344 PSA_ASSERT(psa_hash_setup(&operation, alg)); 2345 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2346 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2347 2348 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2349 TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), 2350 forced_status); 2351 /* One or two more calls to the driver interface: update or update + abort */ 2352 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2353 forced_status == PSA_SUCCESS ? 2 : 3); 2354 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2355 2356 if (forced_status == PSA_SUCCESS) { 2357 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2358 PSA_ASSERT(psa_hash_finish(&operation, 2359 output, PSA_HASH_LENGTH(alg), 2360 &output_length)); 2361 /* Two calls to the driver interface: update + abort */ 2362 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); 2363 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2364 2365 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2366 } 2367 2368exit: 2369 psa_hash_abort(&operation); 2370 mbedtls_free(output); 2371 PSA_DONE(); 2372 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2373} 2374/* END_CASE */ 2375 2376/* BEGIN_CASE */ 2377void hash_multipart_finish(int alg_arg, 2378 data_t *input, data_t *hash, 2379 int forced_status_arg) 2380{ 2381 psa_algorithm_t alg = alg_arg; 2382 psa_status_t forced_status = forced_status_arg; 2383 unsigned char *output = NULL; 2384 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; 2385 size_t output_length; 2386 2387 PSA_ASSERT(psa_crypto_init()); 2388 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2389 2390 /* Do this after psa_crypto_init() which may call hash drivers */ 2391 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2392 2393 /* 2394 * Finish inactive operation, the driver shouldn't be called. 2395 */ 2396 TEST_EQUAL(psa_hash_finish(&operation, output, PSA_HASH_LENGTH(alg), 2397 &output_length), 2398 PSA_ERROR_BAD_STATE); 2399 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2400 2401 PSA_ASSERT(psa_hash_setup(&operation, alg)); 2402 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2403 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2404 2405 PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 2406 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); 2407 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2408 2409 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2410 TEST_EQUAL(psa_hash_finish(&operation, 2411 output, PSA_HASH_LENGTH(alg), 2412 &output_length), 2413 forced_status); 2414 /* Two more calls to the driver interface: finish + abort */ 2415 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 4); 2416 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2417 2418 if (forced_status == PSA_SUCCESS) { 2419 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2420 } 2421 2422exit: 2423 psa_hash_abort(&operation); 2424 mbedtls_free(output); 2425 PSA_DONE(); 2426 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2427} 2428/* END_CASE */ 2429 2430/* BEGIN_CASE */ 2431void hash_clone(int alg_arg, 2432 data_t *input, data_t *hash, 2433 int forced_status_arg) 2434{ 2435 psa_algorithm_t alg = alg_arg; 2436 psa_status_t forced_status = forced_status_arg; 2437 unsigned char *output = NULL; 2438 psa_hash_operation_t source_operation = PSA_HASH_OPERATION_INIT; 2439 psa_hash_operation_t target_operation = PSA_HASH_OPERATION_INIT; 2440 size_t output_length; 2441 2442 PSA_ASSERT(psa_crypto_init()); 2443 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2444 2445 /* Do this after psa_crypto_init() which may call hash drivers */ 2446 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2447 2448 /* 2449 * Clone inactive operation, the driver shouldn't be called. 2450 */ 2451 TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), 2452 PSA_ERROR_BAD_STATE); 2453 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2454 2455 PSA_ASSERT(psa_hash_setup(&source_operation, alg)); 2456 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2457 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2458 2459 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2460 TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), 2461 forced_status); 2462 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2463 forced_status == PSA_SUCCESS ? 2 : 3); 2464 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2465 2466 if (forced_status == PSA_SUCCESS) { 2467 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2468 PSA_ASSERT(psa_hash_update(&target_operation, 2469 input->x, input->len)); 2470 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2471 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2472 2473 PSA_ASSERT(psa_hash_finish(&target_operation, 2474 output, PSA_HASH_LENGTH(alg), 2475 &output_length)); 2476 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 3); 2477 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2478 2479 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2480 } 2481 2482exit: 2483 psa_hash_abort(&source_operation); 2484 psa_hash_abort(&target_operation); 2485 mbedtls_free(output); 2486 PSA_DONE(); 2487 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2488} 2489/* END_CASE */ 2490 2491/* BEGIN_CASE */ 2492void asymmetric_encrypt_decrypt(int alg_arg, 2493 data_t *key_data, 2494 data_t *input_data, 2495 data_t *label, 2496 data_t *fake_output_encrypt, 2497 data_t *fake_output_decrypt, 2498 int forced_status_encrypt_arg, 2499 int forced_status_decrypt_arg, 2500 int expected_status_encrypt_arg, 2501 int expected_status_decrypt_arg) 2502{ 2503 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2504 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 2505 psa_algorithm_t alg = alg_arg; 2506 size_t key_bits; 2507 unsigned char *output = NULL; 2508 size_t output_size; 2509 size_t output_length = ~0; 2510 unsigned char *output2 = NULL; 2511 size_t output2_size; 2512 size_t output2_length = ~0; 2513 psa_status_t forced_status_encrypt = forced_status_encrypt_arg; 2514 psa_status_t forced_status_decrypt = forced_status_decrypt_arg; 2515 psa_status_t expected_status_encrypt = expected_status_encrypt_arg; 2516 psa_status_t expected_status_decrypt = expected_status_decrypt_arg; 2517 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2518 2519 PSA_ASSERT(psa_crypto_init()); 2520 mbedtls_test_driver_asymmetric_encryption_hooks = 2521 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2522 2523 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 2524 psa_set_key_algorithm(&attributes, alg); 2525 psa_set_key_type(&attributes, key_type); 2526 2527 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2528 &key)); 2529 2530 /* Determine the maximum ciphertext length */ 2531 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2532 key_bits = psa_get_key_bits(&attributes); 2533 2534 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2535 forced_status_encrypt; 2536 if (fake_output_encrypt->len > 0) { 2537 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2538 fake_output_encrypt->x; 2539 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2540 fake_output_encrypt->len; 2541 output_size = fake_output_encrypt->len; 2542 TEST_CALLOC(output, output_size); 2543 } else { 2544 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 2545 TEST_ASSERT(output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); 2546 TEST_CALLOC(output, output_size); 2547 } 2548 2549 /* We test encryption by checking that encrypt-then-decrypt gives back 2550 * the original plaintext because of the non-optional random 2551 * part of encryption process which prevents using fixed vectors. */ 2552 TEST_EQUAL(psa_asymmetric_encrypt(key, alg, 2553 input_data->x, input_data->len, 2554 label->x, label->len, 2555 output, output_size, 2556 &output_length), expected_status_encrypt); 2557 /* We don't know what ciphertext length to expect, but check that 2558 * it looks sensible. */ 2559 TEST_ASSERT(output_length <= output_size); 2560 2561 if (expected_status_encrypt == PSA_SUCCESS) { 2562 if (fake_output_encrypt->len > 0) { 2563 TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, 2564 output, output_length); 2565 } else { 2566 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2567 forced_status_decrypt; 2568 if (fake_output_decrypt->len > 0) { 2569 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2570 fake_output_decrypt->x; 2571 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2572 fake_output_decrypt->len; 2573 output2_size = fake_output_decrypt->len; 2574 TEST_CALLOC(output2, output2_size); 2575 } else { 2576 output2_size = input_data->len; 2577 TEST_ASSERT(output2_size <= 2578 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); 2579 TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); 2580 TEST_CALLOC(output2, output2_size); 2581 } 2582 2583 TEST_EQUAL(psa_asymmetric_decrypt(key, alg, 2584 output, output_length, 2585 label->x, label->len, 2586 output2, output2_size, 2587 &output2_length), expected_status_decrypt); 2588 if (expected_status_decrypt == PSA_SUCCESS) { 2589 if (fake_output_decrypt->len > 0) { 2590 TEST_MEMORY_COMPARE(fake_output_decrypt->x, fake_output_decrypt->len, 2591 output2, output2_length); 2592 } else { 2593 TEST_MEMORY_COMPARE(input_data->x, input_data->len, 2594 output2, output2_length); 2595 } 2596 } 2597 } 2598 } 2599 2600exit: 2601 /* 2602 * Key attributes may have been returned by psa_get_key_attributes() 2603 * thus reset them as required. 2604 */ 2605 psa_reset_key_attributes(&attributes); 2606 2607 psa_destroy_key(key); 2608 mbedtls_free(output); 2609 mbedtls_free(output2); 2610 PSA_DONE(); 2611} 2612/* END_CASE */ 2613 2614/* BEGIN_CASE */ 2615void asymmetric_decrypt(int alg_arg, 2616 data_t *key_data, 2617 data_t *input_data, 2618 data_t *label, 2619 data_t *expected_output_data, 2620 data_t *fake_output_decrypt, 2621 int forced_status_decrypt_arg, 2622 int expected_status_decrypt_arg) 2623{ 2624 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2625 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 2626 psa_algorithm_t alg = alg_arg; 2627 unsigned char *output = NULL; 2628 size_t output_size; 2629 size_t output_length = ~0; 2630 psa_status_t forced_status_decrypt = forced_status_decrypt_arg; 2631 psa_status_t expected_status_decrypt = expected_status_decrypt_arg; 2632 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2633 2634 PSA_ASSERT(psa_crypto_init()); 2635 mbedtls_test_driver_asymmetric_encryption_hooks = 2636 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2637 2638 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 2639 psa_set_key_algorithm(&attributes, alg); 2640 psa_set_key_type(&attributes, key_type); 2641 2642 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2643 &key)); 2644 2645 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2646 forced_status_decrypt; 2647 2648 if (fake_output_decrypt->len > 0) { 2649 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2650 fake_output_decrypt->x; 2651 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2652 fake_output_decrypt->len; 2653 output_size = fake_output_decrypt->len; 2654 TEST_CALLOC(output, output_size); 2655 } else { 2656 output_size = expected_output_data->len; 2657 TEST_CALLOC(output, expected_output_data->len); 2658 } 2659 2660 TEST_EQUAL(psa_asymmetric_decrypt(key, alg, 2661 input_data->x, input_data->len, 2662 label->x, label->len, 2663 output, output_size, 2664 &output_length), expected_status_decrypt); 2665 if (expected_status_decrypt == PSA_SUCCESS) { 2666 TEST_EQUAL(output_length, expected_output_data->len); 2667 TEST_MEMORY_COMPARE(expected_output_data->x, expected_output_data->len, 2668 output, output_length); 2669 } 2670exit: 2671 /* 2672 * Key attributes may have been returned by psa_get_key_attributes() 2673 * thus reset them as required. 2674 */ 2675 psa_reset_key_attributes(&attributes); 2676 2677 psa_destroy_key(key); 2678 mbedtls_free(output); 2679 PSA_DONE(); 2680} 2681/* END_CASE */ 2682 2683/* BEGIN_CASE */ 2684void asymmetric_encrypt(int alg_arg, 2685 data_t *key_data, 2686 data_t *modulus, 2687 data_t *private_exponent, 2688 data_t *input_data, 2689 data_t *label, 2690 data_t *fake_output_encrypt, 2691 int forced_status_encrypt_arg, 2692 int expected_status_encrypt_arg) 2693{ 2694 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2695 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_PUBLIC_KEY; 2696 psa_algorithm_t alg = alg_arg; 2697 unsigned char *output = NULL; 2698 size_t output_size; 2699 size_t output_length = ~0; 2700 psa_status_t forced_status_encrypt = forced_status_encrypt_arg; 2701 psa_status_t expected_status_encrypt = expected_status_encrypt_arg; 2702 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2703 2704 PSA_ASSERT(psa_crypto_init()); 2705 mbedtls_test_driver_asymmetric_encryption_hooks = 2706 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2707 2708 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 2709 psa_set_key_algorithm(&attributes, alg); 2710 psa_set_key_type(&attributes, key_type); 2711 2712 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2713 &key)); 2714 2715 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2716 size_t key_bits = psa_get_key_bits(&attributes); 2717 2718 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2719 forced_status_encrypt; 2720 2721 if (fake_output_encrypt->len > 0) { 2722 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2723 fake_output_encrypt->x; 2724 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2725 fake_output_encrypt->len; 2726 output_size = fake_output_encrypt->len; 2727 TEST_CALLOC(output, output_size); 2728 } else { 2729 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 2730 TEST_CALLOC(output, output_size); 2731 } 2732 2733 TEST_EQUAL(psa_asymmetric_encrypt(key, alg, 2734 input_data->x, input_data->len, 2735 label->x, label->len, 2736 output, output_size, 2737 &output_length), expected_status_encrypt); 2738 if (expected_status_encrypt == PSA_SUCCESS) { 2739 if (fake_output_encrypt->len > 0) { 2740 TEST_EQUAL(fake_output_encrypt->len, output_length); 2741 TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, 2742 output, output_length); 2743 } else { 2744 /* Perform sanity checks on the output */ 2745#if PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2746 if (PSA_KEY_TYPE_IS_RSA(key_type)) { 2747 if (!sanity_check_rsa_encryption_result( 2748 alg, modulus, private_exponent, 2749 input_data, 2750 output, output_length)) { 2751 goto exit; 2752 } 2753 } else 2754#endif 2755 { 2756 (void) modulus; 2757 (void) private_exponent; 2758 TEST_FAIL("Encryption sanity checks not implemented for this key type"); 2759 } 2760 } 2761 } 2762exit: 2763 /* 2764 * Key attributes may have been returned by psa_get_key_attributes() 2765 * thus reset them as required. 2766 */ 2767 psa_reset_key_attributes(&attributes); 2768 2769 psa_destroy_key(key); 2770 mbedtls_free(output); 2771 PSA_DONE(); 2772} 2773/* END_CASE */ 2774 2775/* BEGIN_CASE */ 2776void aead_encrypt_setup(int key_type_arg, data_t *key_data, 2777 int alg_arg, 2778 data_t *nonce, 2779 data_t *additional_data, 2780 data_t *input_data, 2781 data_t *expected_ciphertext, 2782 data_t *expected_tag, 2783 int forced_status_arg, 2784 int expected_status_arg) 2785{ 2786 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2787 psa_key_type_t key_type = key_type_arg; 2788 psa_algorithm_t alg = alg_arg; 2789 size_t key_bits; 2790 psa_status_t forced_status = forced_status_arg; 2791 psa_status_t expected_status = expected_status_arg; 2792 uint8_t *output_data = NULL; 2793 size_t output_size = 0; 2794 size_t output_length = 0; 2795 size_t finish_output_length = 0; 2796 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2797 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2798 size_t tag_length = 0; 2799 uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 2800 2801 psa_aead_operation_t operation = psa_aead_operation_init(); 2802 2803 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2804 2805 PSA_INIT(); 2806 2807 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 2808 2809 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 2810 psa_set_key_algorithm(&attributes, alg); 2811 psa_set_key_type(&attributes, key_type); 2812 2813 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2814 &key)); 2815 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2816 key_bits = psa_get_key_bits(&attributes); 2817 2818 output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 2819 alg); 2820 2821 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 2822 * should be exact. */ 2823 TEST_EQUAL(output_size, 2824 PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 2825 TEST_ASSERT(output_size <= 2826 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 2827 TEST_CALLOC(output_data, output_size); 2828 2829 status = psa_aead_encrypt_setup(&operation, key, alg); 2830 2831 TEST_EQUAL(status, expected_status); 2832 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt_setup, 1); 2833 2834 if (status == PSA_SUCCESS) { 2835 /* Set the nonce. */ 2836 PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 2837 2838 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, 2839 forced_status == PSA_SUCCESS ? 1 : 0); 2840 2841 /* Check hooks hits and 2842 * set length (additional data and data to encrypt) */ 2843 PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 2844 input_data->len)); 2845 2846 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, 2847 forced_status == PSA_SUCCESS ? 1 : 0); 2848 2849 /* Pass the additional data */ 2850 PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 2851 additional_data->len)); 2852 2853 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, 2854 forced_status == PSA_SUCCESS ? 1 : 0); 2855 2856 /* Pass the data to encrypt */ 2857 PSA_ASSERT(psa_aead_update(&operation, input_data->x, input_data->len, 2858 output_data, output_size, &output_length)); 2859 2860 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, 2861 forced_status == PSA_SUCCESS ? 1 : 0); 2862 2863 /* Finish the encryption operation */ 2864 PSA_ASSERT(psa_aead_finish(&operation, output_data + output_length, 2865 output_size - output_length, 2866 &finish_output_length, tag_buffer, 2867 PSA_AEAD_TAG_MAX_SIZE, &tag_length)); 2868 2869 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 2870 forced_status == PSA_SUCCESS ? 1 : 0); 2871 2872 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, 2873 forced_status == PSA_SUCCESS ? 1 : 0); 2874 2875 /* Compare output_data and expected_ciphertext */ 2876 TEST_MEMORY_COMPARE(expected_ciphertext->x, expected_ciphertext->len, 2877 output_data, output_length + finish_output_length); 2878 2879 /* Compare tag and expected_tag */ 2880 TEST_MEMORY_COMPARE(expected_tag->x, expected_tag->len, tag_buffer, tag_length); 2881 } 2882 2883exit: 2884 /* Cleanup */ 2885 PSA_ASSERT(psa_destroy_key(key)); 2886 mbedtls_free(output_data); 2887 PSA_DONE(); 2888 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2889} 2890/* END_CASE */ 2891 2892/* BEGIN_CASE */ 2893void aead_decrypt_setup(int key_type_arg, data_t *key_data, 2894 int alg_arg, 2895 data_t *nonce, 2896 data_t *additional_data, 2897 data_t *input_ciphertext, 2898 data_t *input_tag, 2899 data_t *expected_result, 2900 int forced_status_arg, 2901 int expected_status_arg) 2902{ 2903 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2904 psa_key_type_t key_type = key_type_arg; 2905 psa_algorithm_t alg = alg_arg; 2906 unsigned char *output_data = NULL; 2907 size_t output_size = 0; 2908 size_t output_length = 0; 2909 size_t verify_output_length = 0; 2910 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2911 psa_status_t forced_status = forced_status_arg; 2912 psa_status_t expected_status = expected_status_arg; 2913 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2914 2915 psa_aead_operation_t operation = psa_aead_operation_init(); 2916 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2917 2918 PSA_INIT(); 2919 2920 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 2921 psa_set_key_algorithm(&attributes, alg); 2922 psa_set_key_type(&attributes, key_type); 2923 2924 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2925 &key)); 2926 2927 output_size = input_ciphertext->len; 2928 2929 TEST_CALLOC(output_data, output_size); 2930 2931 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 2932 2933 status = psa_aead_decrypt_setup(&operation, key, alg); 2934 2935 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 2936 PSA_SUCCESS : forced_status); 2937 2938 TEST_EQUAL(status, expected_status); 2939 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt_setup, 1); 2940 2941 if (status == PSA_SUCCESS) { 2942 PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 2943 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, 2944 forced_status == PSA_SUCCESS ? 1 : 0); 2945 2946 PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 2947 input_ciphertext->len)); 2948 2949 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, 2950 forced_status == PSA_SUCCESS ? 1 : 0); 2951 2952 PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 2953 additional_data->len)); 2954 2955 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, 2956 forced_status == PSA_SUCCESS ? 1 : 0); 2957 2958 PSA_ASSERT(psa_aead_update(&operation, input_ciphertext->x, 2959 input_ciphertext->len, output_data, 2960 output_size, &output_length)); 2961 2962 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, 2963 forced_status == PSA_SUCCESS ? 1 : 0); 2964 2965 /* Offset applied to output_data in order to handle cases where verify() 2966 * outputs further data */ 2967 PSA_ASSERT(psa_aead_verify(&operation, output_data + output_length, 2968 output_size - output_length, 2969 &verify_output_length, input_tag->x, 2970 input_tag->len)); 2971 2972 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_verify, 2973 forced_status == PSA_SUCCESS ? 1 : 0); 2974 2975 /* Since this is a decryption operation, 2976 * finish should never be hit */ 2977 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 0); 2978 2979 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, 2980 forced_status == PSA_SUCCESS ? 1 : 0); 2981 2982 TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, 2983 output_data, output_length + verify_output_length); 2984 } 2985 2986exit: 2987 PSA_ASSERT(psa_destroy_key(key)); 2988 mbedtls_free(output_data); 2989 PSA_DONE(); 2990} 2991/* END_CASE */ 2992 2993/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 2994void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, 2995 data_t *forced_output, int expected_status_arg, 2996 int fut) 2997{ 2998 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2999 psa_status_t forced_status = forced_status_arg; 3000 psa_status_t forced_status_setup = forced_status_setup_arg; 3001 psa_status_t expected_status = expected_status_arg; 3002 psa_pake_operation_t operation = psa_pake_operation_init(); 3003 psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 3004 psa_key_derivation_operation_t implicit_key = 3005 PSA_KEY_DERIVATION_OPERATION_INIT; 3006 psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( 3007 PSA_PAKE_PRIMITIVE_TYPE_ECC, 3008 PSA_ECC_FAMILY_SECP_R1, 256); 3009 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3010 unsigned char *input_buffer = NULL; 3011 const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3012 PSA_PAKE_STEP_KEY_SHARE); 3013 unsigned char *output_buffer = NULL; 3014 size_t output_len = 0; 3015 size_t output_size = PSA_PAKE_OUTPUT_SIZE(PSA_ALG_JPAKE, primitive, 3016 PSA_PAKE_STEP_KEY_SHARE); 3017 int in_driver = (forced_status_setup_arg == PSA_SUCCESS); 3018 3019 TEST_CALLOC(input_buffer, 3020 PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3021 PSA_PAKE_STEP_KEY_SHARE)); 3022 memset(input_buffer, 0xAA, size_key_share); 3023 3024 TEST_CALLOC(output_buffer, 3025 PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3026 PSA_PAKE_STEP_KEY_SHARE)); 3027 memset(output_buffer, 0x55, output_size); 3028 3029 PSA_INIT(); 3030 3031 mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); 3032 3033 if (pw_data->len > 0) { 3034 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 3035 psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); 3036 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 3037 PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 3038 &key)); 3039 } 3040 3041 psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); 3042 psa_pake_cs_set_primitive(&cipher_suite, primitive); 3043 psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); 3044 3045 mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; 3046 3047 /* Collecting input stage (no driver entry points) */ 3048 3049 TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), 3050 PSA_SUCCESS); 3051 3052 PSA_ASSERT(psa_pake_set_user(&operation, jpake_server_id, sizeof(jpake_server_id))); 3053 PSA_ASSERT(psa_pake_set_peer(&operation, jpake_client_id, sizeof(jpake_client_id))); 3054 3055 TEST_EQUAL(psa_pake_set_password_key(&operation, key), 3056 PSA_SUCCESS); 3057 3058 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3059 3060 /* Computation stage (driver entry points) */ 3061 3062 switch (fut) { 3063 case 0: /* setup (via input) */ 3064 /* --- psa_pake_input (driver: setup, input) --- */ 3065 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3066 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3067 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3068 input_buffer, size_key_share), 3069 expected_status); 3070 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3071 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3072 break; 3073 3074 case 1: /* setup (via output) */ 3075 /* --- psa_pake_output (driver: setup, output) --- */ 3076 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3077 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3078 TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 3079 output_buffer, output_size, &output_len), 3080 expected_status); 3081 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3082 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3083 break; 3084 3085 case 2: /* input */ 3086 /* --- psa_pake_input (driver: setup, input, abort) --- */ 3087 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3088 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3089 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3090 input_buffer, size_key_share), 3091 expected_status); 3092 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); 3093 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3094 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.input, in_driver ? 1 : 0); 3095 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); 3096 break; 3097 3098 case 3: /* output */ 3099 /* --- psa_pake_output (driver: setup, output, (abort)) --- */ 3100 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3101 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3102 if (forced_output->len > 0) { 3103 mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; 3104 mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; 3105 } 3106 TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 3107 output_buffer, output_size, &output_len), 3108 expected_status); 3109 3110 if (forced_output->len > 0) { 3111 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 2 : 1); 3112 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3113 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); 3114 TEST_EQUAL(output_len, forced_output->len); 3115 TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); 3116 } else { 3117 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); 3118 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3119 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); 3120 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); 3121 } 3122 break; 3123 3124 case 4: /* get_implicit_key */ 3125 /* Call driver setup indirectly */ 3126 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3127 input_buffer, size_key_share), 3128 PSA_SUCCESS); 3129 3130 /* Simulate that we are ready to get implicit key. */ 3131 operation.computation_stage.jpake.round = PSA_JPAKE_FINISHED; 3132 operation.computation_stage.jpake.inputs = 0; 3133 operation.computation_stage.jpake.outputs = 0; 3134 operation.computation_stage.jpake.step = PSA_PAKE_STEP_KEY_SHARE; 3135 3136 /* --- psa_pake_get_implicit_key --- */ 3137 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3138 memset(&mbedtls_test_driver_pake_hooks.hits, 0, 3139 sizeof(mbedtls_test_driver_pake_hooks.hits)); 3140 TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), 3141 expected_status); 3142 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 2); 3143 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.implicit_key, 1); 3144 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); 3145 3146 break; 3147 3148 case 5: /* abort */ 3149 /* Call driver setup indirectly */ 3150 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3151 input_buffer, size_key_share), 3152 PSA_SUCCESS); 3153 3154 /* --- psa_pake_abort --- */ 3155 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3156 memset(&mbedtls_test_driver_pake_hooks.hits, 0, 3157 sizeof(mbedtls_test_driver_pake_hooks.hits)); 3158 TEST_EQUAL(psa_pake_abort(&operation), expected_status); 3159 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3160 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); 3161 break; 3162 3163 default: 3164 break; 3165 } 3166 3167 /* Clean up */ 3168 mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_SUCCESS; 3169 mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; 3170 TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS); 3171exit: 3172 /* 3173 * Key attributes may have been returned by psa_get_key_attributes() 3174 * thus reset them as required. 3175 */ 3176 psa_reset_key_attributes(&attributes); 3177 mbedtls_free(input_buffer); 3178 mbedtls_free(output_buffer); 3179 psa_destroy_key(key); 3180 mbedtls_test_driver_pake_hooks = 3181 mbedtls_test_driver_pake_hooks_init(); 3182 PSA_DONE(); 3183} 3184/* END_CASE */ 3185 3186/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ 3187void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, 3188 int derive_alg_arg, data_t *pw_data, 3189 int client_input_first, int in_driver) 3190{ 3191 psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 3192 psa_pake_operation_t server = psa_pake_operation_init(); 3193 psa_pake_operation_t client = psa_pake_operation_init(); 3194 psa_algorithm_t alg = alg_arg; 3195 psa_algorithm_t hash_alg = hash_arg; 3196 psa_algorithm_t derive_alg = derive_alg_arg; 3197 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3198 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3199 psa_key_derivation_operation_t server_derive = 3200 PSA_KEY_DERIVATION_OPERATION_INIT; 3201 psa_key_derivation_operation_t client_derive = 3202 PSA_KEY_DERIVATION_OPERATION_INIT; 3203 pake_in_driver = in_driver; 3204 /* driver setup is called indirectly through pake_output/pake_input */ 3205 if (pake_in_driver) { 3206 pake_expected_hit_count = 2; 3207 } else { 3208 pake_expected_hit_count = 1; 3209 } 3210 3211 PSA_INIT(); 3212 3213 mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); 3214 3215 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 3216 psa_set_key_algorithm(&attributes, alg); 3217 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 3218 PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 3219 &key)); 3220 3221 psa_pake_cs_set_algorithm(&cipher_suite, alg); 3222 psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); 3223 psa_pake_cs_set_hash(&cipher_suite, hash_alg); 3224 3225 /* Get shared key */ 3226 PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg)); 3227 PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg)); 3228 3229 if (PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) { 3230 PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive, 3231 PSA_KEY_DERIVATION_INPUT_SEED, 3232 (const uint8_t *) "", 0)); 3233 PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive, 3234 PSA_KEY_DERIVATION_INPUT_SEED, 3235 (const uint8_t *) "", 0)); 3236 } 3237 3238 if (!pake_in_driver) { 3239 mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_ERROR_NOT_SUPPORTED; 3240 } 3241 3242 PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); 3243 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3244 PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); 3245 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3246 3247 3248 PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); 3249 PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); 3250 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3251 PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); 3252 PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); 3253 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3254 PSA_ASSERT(psa_pake_set_password_key(&server, key)); 3255 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3256 PSA_ASSERT(psa_pake_set_password_key(&client, key)); 3257 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3258 3259 /* First round */ 3260 ecjpake_do_round(alg, primitive_arg, &server, &client, 3261 client_input_first, 1); 3262 3263 /* Second round */ 3264 ecjpake_do_round(alg, primitive_arg, &server, &client, 3265 client_input_first, 2); 3266 3267 /* After the key is obtained operation is aborted. 3268 Adapt counter of expected hits. */ 3269 if (pake_in_driver) { 3270 pake_expected_hit_count++; 3271 } 3272 3273 PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); 3274 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 3275 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 3276 3277 /* After the key is obtained operation is aborted. 3278 Adapt counter of expected hits. */ 3279 if (pake_in_driver) { 3280 pake_expected_hit_count++; 3281 } 3282 3283 PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); 3284 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 3285 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 3286exit: 3287 psa_key_derivation_abort(&server_derive); 3288 psa_key_derivation_abort(&client_derive); 3289 psa_destroy_key(key); 3290 psa_pake_abort(&server); 3291 psa_pake_abort(&client); 3292 PSA_DONE(); 3293} 3294/* END_CASE */ 3295