test_suite_psa_crypto_driver_wrappers.function (138389B)
1 /* BEGIN_HEADER */ 2 #include "test/drivers/test_driver.h" 3 4 /* Auxiliary variables for pake tests. 5 Global to silent the compiler when unused. */ 6 size_t pake_expected_hit_count = 0; 7 int pake_in_driver = 0; 8 9 #if defined(PSA_WANT_ALG_JPAKE) && \ 10 defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ 11 defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) 12 13 /* The only two JPAKE user/peer identifiers supported for the time being. */ 14 static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; 15 static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; 16 17 static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, 18 psa_pake_operation_t *server, 19 psa_pake_operation_t *client, 20 int client_input_first, 21 int round) 22 { 23 unsigned char *buffer0 = NULL, *buffer1 = NULL; 24 size_t buffer_length = ( 25 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + 26 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + 27 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; 28 /* The output should be exactly this size according to the spec */ 29 const size_t expected_size_key_share = 30 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); 31 /* The output should be exactly this size according to the spec */ 32 const size_t expected_size_zk_public = 33 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); 34 /* The output can be smaller: the spec allows stripping leading zeroes */ 35 const size_t max_expected_size_zk_proof = 36 PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); 37 size_t buffer0_off = 0; 38 size_t buffer1_off = 0; 39 size_t s_g1_len, s_g2_len, s_a_len; 40 size_t s_g1_off, s_g2_off, s_a_off; 41 size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; 42 size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; 43 size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; 44 size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; 45 size_t c_g1_len, c_g2_len, c_a_len; 46 size_t c_g1_off, c_g2_off, c_a_off; 47 size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; 48 size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; 49 size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; 50 size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; 51 psa_status_t status; 52 53 TEST_CALLOC(buffer0, buffer_length); 54 TEST_CALLOC(buffer1, buffer_length); 55 56 switch (round) { 57 case 1: 58 /* Server first round Output */ 59 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 60 buffer0 + buffer0_off, 61 buffer_length - buffer0_off, &s_g1_len)); 62 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 63 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 64 TEST_EQUAL(s_g1_len, expected_size_key_share); 65 s_g1_off = buffer0_off; 66 buffer0_off += s_g1_len; 67 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 68 buffer0 + buffer0_off, 69 buffer_length - buffer0_off, &s_x1_pk_len)); 70 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 71 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 72 TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); 73 s_x1_pk_off = buffer0_off; 74 buffer0_off += s_x1_pk_len; 75 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 76 buffer0 + buffer0_off, 77 buffer_length - buffer0_off, &s_x1_pr_len)); 78 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 79 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 80 TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); 81 s_x1_pr_off = buffer0_off; 82 buffer0_off += s_x1_pr_len; 83 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 84 buffer0 + buffer0_off, 85 buffer_length - buffer0_off, &s_g2_len)); 86 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 87 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 88 TEST_EQUAL(s_g2_len, expected_size_key_share); 89 s_g2_off = buffer0_off; 90 buffer0_off += s_g2_len; 91 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 92 buffer0 + buffer0_off, 93 buffer_length - buffer0_off, &s_x2_pk_len)); 94 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 95 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 96 TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); 97 s_x2_pk_off = buffer0_off; 98 buffer0_off += s_x2_pk_len; 99 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 100 buffer0 + buffer0_off, 101 buffer_length - buffer0_off, &s_x2_pr_len)); 102 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 103 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 104 TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); 105 s_x2_pr_off = buffer0_off; 106 buffer0_off += s_x2_pr_len; 107 108 if (client_input_first == 1) { 109 /* Client first round Input */ 110 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 111 buffer0 + s_g1_off, s_g1_len); 112 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 113 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 114 TEST_EQUAL(status, PSA_SUCCESS); 115 116 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 117 buffer0 + s_x1_pk_off, 118 s_x1_pk_len); 119 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 120 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 121 TEST_EQUAL(status, PSA_SUCCESS); 122 123 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 124 buffer0 + s_x1_pr_off, 125 s_x1_pr_len); 126 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 127 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 128 TEST_EQUAL(status, PSA_SUCCESS); 129 130 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 131 buffer0 + s_g2_off, 132 s_g2_len); 133 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 134 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 135 TEST_EQUAL(status, PSA_SUCCESS); 136 137 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 138 buffer0 + s_x2_pk_off, 139 s_x2_pk_len); 140 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 141 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 142 TEST_EQUAL(status, PSA_SUCCESS); 143 144 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 145 buffer0 + s_x2_pr_off, 146 s_x2_pr_len); 147 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 148 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 149 TEST_EQUAL(status, PSA_SUCCESS); 150 } 151 152 /* Adjust for indirect client driver setup in first pake_output call. */ 153 pake_expected_hit_count++; 154 155 /* Client first round Output */ 156 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 157 buffer1 + buffer1_off, 158 buffer_length - buffer1_off, &c_g1_len)); 159 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 160 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 161 TEST_EQUAL(c_g1_len, expected_size_key_share); 162 c_g1_off = buffer1_off; 163 buffer1_off += c_g1_len; 164 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 165 buffer1 + buffer1_off, 166 buffer_length - buffer1_off, &c_x1_pk_len)); 167 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 168 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 169 TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); 170 c_x1_pk_off = buffer1_off; 171 buffer1_off += c_x1_pk_len; 172 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 173 buffer1 + buffer1_off, 174 buffer_length - buffer1_off, &c_x1_pr_len)); 175 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 176 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 177 TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); 178 c_x1_pr_off = buffer1_off; 179 buffer1_off += c_x1_pr_len; 180 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 181 buffer1 + buffer1_off, 182 buffer_length - buffer1_off, &c_g2_len)); 183 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 184 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 185 TEST_EQUAL(c_g2_len, expected_size_key_share); 186 c_g2_off = buffer1_off; 187 buffer1_off += c_g2_len; 188 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 189 buffer1 + buffer1_off, 190 buffer_length - buffer1_off, &c_x2_pk_len)); 191 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 192 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 193 TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); 194 c_x2_pk_off = buffer1_off; 195 buffer1_off += c_x2_pk_len; 196 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 197 buffer1 + buffer1_off, 198 buffer_length - buffer1_off, &c_x2_pr_len)); 199 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 200 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 201 TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); 202 c_x2_pr_off = buffer1_off; 203 buffer1_off += c_x2_pr_len; 204 205 if (client_input_first == 0) { 206 /* Client first round Input */ 207 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 208 buffer0 + s_g1_off, s_g1_len); 209 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 210 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 211 TEST_EQUAL(status, PSA_SUCCESS); 212 213 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 214 buffer0 + s_x1_pk_off, 215 s_x1_pk_len); 216 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 217 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 218 TEST_EQUAL(status, PSA_SUCCESS); 219 220 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 221 buffer0 + s_x1_pr_off, 222 s_x1_pr_len); 223 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 224 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 225 TEST_EQUAL(status, PSA_SUCCESS); 226 227 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 228 buffer0 + s_g2_off, 229 s_g2_len); 230 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 231 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 232 TEST_EQUAL(status, PSA_SUCCESS); 233 234 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 235 buffer0 + s_x2_pk_off, 236 s_x2_pk_len); 237 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 238 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 239 TEST_EQUAL(status, PSA_SUCCESS); 240 241 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 242 buffer0 + s_x2_pr_off, 243 s_x2_pr_len); 244 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 245 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 246 TEST_EQUAL(status, PSA_SUCCESS); 247 } 248 249 /* Server first round Input */ 250 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 251 buffer1 + c_g1_off, c_g1_len); 252 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 253 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 254 TEST_EQUAL(status, PSA_SUCCESS); 255 256 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 257 buffer1 + c_x1_pk_off, c_x1_pk_len); 258 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 259 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 260 TEST_EQUAL(status, PSA_SUCCESS); 261 262 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 263 buffer1 + c_x1_pr_off, c_x1_pr_len); 264 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 265 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 266 TEST_EQUAL(status, PSA_SUCCESS); 267 268 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 269 buffer1 + c_g2_off, c_g2_len); 270 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 271 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 272 TEST_EQUAL(status, PSA_SUCCESS); 273 274 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 275 buffer1 + c_x2_pk_off, c_x2_pk_len); 276 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 277 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 278 TEST_EQUAL(status, PSA_SUCCESS); 279 280 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 281 buffer1 + c_x2_pr_off, c_x2_pr_len); 282 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 283 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 284 TEST_EQUAL(status, PSA_SUCCESS); 285 286 break; 287 288 case 2: 289 /* Server second round Output */ 290 buffer0_off = 0; 291 292 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 293 buffer0 + buffer0_off, 294 buffer_length - buffer0_off, &s_a_len)); 295 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 296 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 297 TEST_EQUAL(s_a_len, expected_size_key_share); 298 s_a_off = buffer0_off; 299 buffer0_off += s_a_len; 300 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 301 buffer0 + buffer0_off, 302 buffer_length - buffer0_off, &s_x2s_pk_len)); 303 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 304 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 305 TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); 306 s_x2s_pk_off = buffer0_off; 307 buffer0_off += s_x2s_pk_len; 308 PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 309 buffer0 + buffer0_off, 310 buffer_length - buffer0_off, &s_x2s_pr_len)); 311 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 312 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 313 TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); 314 s_x2s_pr_off = buffer0_off; 315 buffer0_off += s_x2s_pr_len; 316 317 if (client_input_first == 1) { 318 /* Client second round Input */ 319 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 320 buffer0 + s_a_off, s_a_len); 321 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 322 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 323 TEST_EQUAL(status, PSA_SUCCESS); 324 325 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 326 buffer0 + s_x2s_pk_off, 327 s_x2s_pk_len); 328 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 329 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 330 TEST_EQUAL(status, PSA_SUCCESS); 331 332 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 333 buffer0 + s_x2s_pr_off, 334 s_x2s_pr_len); 335 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 336 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 337 TEST_EQUAL(status, PSA_SUCCESS); 338 } 339 340 /* Client second round Output */ 341 buffer1_off = 0; 342 343 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 344 buffer1 + buffer1_off, 345 buffer_length - buffer1_off, &c_a_len)); 346 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 347 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 348 TEST_EQUAL(c_a_len, expected_size_key_share); 349 c_a_off = buffer1_off; 350 buffer1_off += c_a_len; 351 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 352 buffer1 + buffer1_off, 353 buffer_length - buffer1_off, &c_x2s_pk_len)); 354 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 355 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 356 TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); 357 c_x2s_pk_off = buffer1_off; 358 buffer1_off += c_x2s_pk_len; 359 PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 360 buffer1 + buffer1_off, 361 buffer_length - buffer1_off, &c_x2s_pr_len)); 362 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 363 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 364 TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); 365 c_x2s_pr_off = buffer1_off; 366 buffer1_off += c_x2s_pr_len; 367 368 if (client_input_first == 0) { 369 /* Client second round Input */ 370 status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 371 buffer0 + s_a_off, s_a_len); 372 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 373 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 374 TEST_EQUAL(status, PSA_SUCCESS); 375 376 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 377 buffer0 + s_x2s_pk_off, 378 s_x2s_pk_len); 379 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 380 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 381 TEST_EQUAL(status, PSA_SUCCESS); 382 383 status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 384 buffer0 + s_x2s_pr_off, 385 s_x2s_pr_len); 386 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 387 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 388 TEST_EQUAL(status, PSA_SUCCESS); 389 } 390 391 /* Server second round Input */ 392 status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 393 buffer1 + c_a_off, c_a_len); 394 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 395 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 396 TEST_EQUAL(status, PSA_SUCCESS); 397 398 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 399 buffer1 + c_x2s_pk_off, c_x2s_pk_len); 400 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 401 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 402 TEST_EQUAL(status, PSA_SUCCESS); 403 404 status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 405 buffer1 + c_x2s_pr_off, c_x2s_pr_len); 406 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 407 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 408 TEST_EQUAL(status, PSA_SUCCESS); 409 410 break; 411 } 412 413 exit: 414 mbedtls_free(buffer0); 415 mbedtls_free(buffer1); 416 } 417 #endif /* PSA_WANT_ALG_JPAKE */ 418 419 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) 420 /* Sanity checks on the output of RSA encryption. 421 * 422 * \param modulus Key modulus. Must not have leading zeros. 423 * \param private_exponent Key private exponent. 424 * \param alg An RSA algorithm. 425 * \param input_data The input plaintext. 426 * \param buf The ciphertext produced by the driver. 427 * \param length Length of \p buf in bytes. 428 */ 429 static int sanity_check_rsa_encryption_result( 430 psa_algorithm_t alg, 431 const data_t *modulus, const data_t *private_exponent, 432 const data_t *input_data, 433 uint8_t *buf, size_t length) 434 { 435 #if defined(MBEDTLS_BIGNUM_C) 436 mbedtls_mpi N, D, C, X; 437 mbedtls_mpi_init(&N); 438 mbedtls_mpi_init(&D); 439 mbedtls_mpi_init(&C); 440 mbedtls_mpi_init(&X); 441 #else /* MBEDTLS_BIGNUM_C */ 442 (void) alg; 443 (void) private_exponent; 444 (void) input_data; 445 (void) buf; 446 #endif /* MBEDTLS_BIGNUM_C */ 447 448 int ok = 0; 449 450 TEST_ASSERT(length == modulus->len); 451 452 #if defined(MBEDTLS_BIGNUM_C) 453 /* Perform the private key operation */ 454 TEST_ASSERT(mbedtls_mpi_read_binary(&N, modulus->x, modulus->len) == 0); 455 TEST_ASSERT(mbedtls_mpi_read_binary(&D, 456 private_exponent->x, 457 private_exponent->len) == 0); 458 TEST_ASSERT(mbedtls_mpi_read_binary(&C, buf, length) == 0); 459 TEST_ASSERT(mbedtls_mpi_exp_mod(&X, &C, &D, &N, NULL) == 0); 460 461 /* Sanity checks on the padded plaintext */ 462 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, length) == 0); 463 464 if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { 465 TEST_ASSERT(length > input_data->len + 2); 466 TEST_EQUAL(buf[0], 0x00); 467 TEST_EQUAL(buf[1], 0x02); 468 TEST_EQUAL(buf[length - input_data->len - 1], 0x00); 469 TEST_MEMORY_COMPARE(buf + length - input_data->len, input_data->len, 470 input_data->x, input_data->len); 471 } else if (PSA_ALG_IS_RSA_OAEP(alg)) { 472 TEST_EQUAL(buf[0], 0x00); 473 /* The rest is too hard to check */ 474 } else { 475 TEST_FAIL("Encryption result sanity check not implemented for RSA algorithm"); 476 } 477 #endif /* MBEDTLS_BIGNUM_C */ 478 479 ok = 1; 480 481 exit: 482 #if defined(MBEDTLS_BIGNUM_C) 483 mbedtls_mpi_free(&N); 484 mbedtls_mpi_free(&D); 485 mbedtls_mpi_free(&C); 486 mbedtls_mpi_free(&X); 487 #endif /* MBEDTLS_BIGNUM_C */ 488 return ok; 489 } 490 #endif 491 /* END_HEADER */ 492 493 /* BEGIN_DEPENDENCIES 494 * depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_CRYPTO_DRIVER_TEST 495 * END_DEPENDENCIES 496 */ 497 498 /* BEGIN_CASE */ 499 void builtin_key_id_stability() 500 { 501 /* If the range of built-in keys is reduced, it's an API break, since 502 * it breaks user code that hard-codes the key id of built-in keys. 503 * It's ok to expand this range, but not to shrink it. That is, you 504 * may make the MIN smaller or the MAX larger at any time, but 505 * making the MIN larger or the MAX smaller can only be done in 506 * a new major version of the library. 507 */ 508 TEST_EQUAL(MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, 0x7fff0000); 509 TEST_EQUAL(MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, 0x7fffefff); 510 } 511 /* END_CASE */ 512 513 /* BEGIN_CASE */ 514 void sign_hash(int key_type_arg, 515 int alg_arg, 516 int force_status_arg, 517 data_t *key_input, 518 data_t *data_input, 519 data_t *expected_output, 520 int fake_output, 521 int expected_status_arg) 522 { 523 psa_status_t force_status = force_status_arg; 524 psa_status_t expected_status = expected_status_arg; 525 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 526 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 527 psa_algorithm_t alg = alg_arg; 528 size_t key_bits; 529 psa_key_type_t key_type = key_type_arg; 530 unsigned char *signature = NULL; 531 size_t signature_size; 532 size_t signature_length = 0xdeadbeef; 533 psa_status_t actual_status; 534 mbedtls_test_driver_signature_sign_hooks = 535 mbedtls_test_driver_signature_hooks_init(); 536 537 PSA_ASSERT(psa_crypto_init()); 538 psa_set_key_type(&attributes, 539 key_type); 540 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 541 psa_set_key_algorithm(&attributes, alg); 542 psa_import_key(&attributes, 543 key_input->x, key_input->len, 544 &key); 545 546 mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; 547 if (fake_output == 1) { 548 mbedtls_test_driver_signature_sign_hooks.forced_output = 549 expected_output->x; 550 mbedtls_test_driver_signature_sign_hooks.forced_output_length = 551 expected_output->len; 552 } 553 554 /* Allocate a buffer which has the size advertized by the 555 * library. */ 556 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 557 key_bits = psa_get_key_bits(&attributes); 558 signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 559 560 TEST_ASSERT(signature_size != 0); 561 TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); 562 TEST_CALLOC(signature, signature_size); 563 564 actual_status = psa_sign_hash(key, alg, 565 data_input->x, data_input->len, 566 signature, signature_size, 567 &signature_length); 568 TEST_EQUAL(actual_status, expected_status); 569 if (expected_status == PSA_SUCCESS) { 570 TEST_MEMORY_COMPARE(signature, signature_length, 571 expected_output->x, expected_output->len); 572 } 573 TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1); 574 575 exit: 576 psa_reset_key_attributes(&attributes); 577 psa_destroy_key(key); 578 mbedtls_free(signature); 579 PSA_DONE(); 580 mbedtls_test_driver_signature_sign_hooks = 581 mbedtls_test_driver_signature_hooks_init(); 582 } 583 /* END_CASE */ 584 585 /* BEGIN_CASE */ 586 void verify_hash(int key_type_arg, 587 int key_type_public_arg, 588 int alg_arg, 589 int force_status_arg, 590 int register_public_key, 591 data_t *key_input, 592 data_t *data_input, 593 data_t *signature_input, 594 int expected_status_arg) 595 { 596 psa_status_t force_status = force_status_arg; 597 psa_status_t expected_status = expected_status_arg; 598 psa_algorithm_t alg = alg_arg; 599 psa_key_type_t key_type = key_type_arg; 600 psa_key_type_t key_type_public = key_type_public_arg; 601 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 602 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 603 psa_status_t actual_status; 604 mbedtls_test_driver_signature_verify_hooks = 605 mbedtls_test_driver_signature_hooks_init(); 606 607 PSA_ASSERT(psa_crypto_init()); 608 if (register_public_key) { 609 psa_set_key_type(&attributes, key_type_public); 610 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 611 psa_set_key_algorithm(&attributes, alg); 612 psa_import_key(&attributes, 613 key_input->x, key_input->len, 614 &key); 615 } else { 616 psa_set_key_type(&attributes, key_type); 617 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 618 psa_set_key_algorithm(&attributes, alg); 619 psa_import_key(&attributes, 620 key_input->x, key_input->len, 621 &key); 622 } 623 624 mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; 625 626 actual_status = psa_verify_hash(key, alg, 627 data_input->x, data_input->len, 628 signature_input->x, signature_input->len); 629 TEST_EQUAL(actual_status, expected_status); 630 TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 1); 631 632 exit: 633 psa_reset_key_attributes(&attributes); 634 psa_destroy_key(key); 635 PSA_DONE(); 636 mbedtls_test_driver_signature_verify_hooks = 637 mbedtls_test_driver_signature_hooks_init(); 638 } 639 /* END_CASE */ 640 641 /* BEGIN_CASE */ 642 void sign_message(int key_type_arg, 643 int alg_arg, 644 int force_status_arg, 645 data_t *key_input, 646 data_t *data_input, 647 data_t *expected_output, 648 int fake_output, 649 int expected_status_arg) 650 { 651 psa_status_t force_status = force_status_arg; 652 psa_status_t expected_status = expected_status_arg; 653 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 654 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 655 psa_algorithm_t alg = alg_arg; 656 size_t key_bits; 657 psa_key_type_t key_type = key_type_arg; 658 unsigned char *signature = NULL; 659 size_t signature_size; 660 size_t signature_length = 0xdeadbeef; 661 psa_status_t actual_status; 662 mbedtls_test_driver_signature_sign_hooks = 663 mbedtls_test_driver_signature_hooks_init(); 664 665 PSA_ASSERT(psa_crypto_init()); 666 psa_set_key_type(&attributes, key_type); 667 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); 668 psa_set_key_algorithm(&attributes, alg); 669 psa_import_key(&attributes, 670 key_input->x, key_input->len, 671 &key); 672 673 mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; 674 if (fake_output == 1) { 675 mbedtls_test_driver_signature_sign_hooks.forced_output = 676 expected_output->x; 677 mbedtls_test_driver_signature_sign_hooks.forced_output_length = 678 expected_output->len; 679 } 680 681 /* Allocate a buffer which has the size advertized by the 682 * library. */ 683 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 684 key_bits = psa_get_key_bits(&attributes); 685 signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); 686 687 TEST_ASSERT(signature_size != 0); 688 TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); 689 TEST_CALLOC(signature, signature_size); 690 691 actual_status = psa_sign_message(key, alg, 692 data_input->x, data_input->len, 693 signature, signature_size, 694 &signature_length); 695 TEST_EQUAL(actual_status, expected_status); 696 if (expected_status == PSA_SUCCESS) { 697 TEST_MEMORY_COMPARE(signature, signature_length, 698 expected_output->x, expected_output->len); 699 } 700 /* In the builtin algorithm the driver is called twice. */ 701 TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 702 force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); 703 704 exit: 705 psa_reset_key_attributes(&attributes); 706 psa_destroy_key(key); 707 mbedtls_free(signature); 708 PSA_DONE(); 709 mbedtls_test_driver_signature_sign_hooks = 710 mbedtls_test_driver_signature_hooks_init(); 711 } 712 /* END_CASE */ 713 714 /* BEGIN_CASE */ 715 void verify_message(int key_type_arg, 716 int key_type_public_arg, 717 int alg_arg, 718 int force_status_arg, 719 int register_public_key, 720 data_t *key_input, 721 data_t *data_input, 722 data_t *signature_input, 723 int expected_status_arg) 724 { 725 psa_status_t force_status = force_status_arg; 726 psa_status_t expected_status = expected_status_arg; 727 psa_algorithm_t alg = alg_arg; 728 psa_key_type_t key_type = key_type_arg; 729 psa_key_type_t key_type_public = key_type_public_arg; 730 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 731 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 732 psa_status_t actual_status; 733 mbedtls_test_driver_signature_verify_hooks = 734 mbedtls_test_driver_signature_hooks_init(); 735 736 PSA_ASSERT(psa_crypto_init()); 737 if (register_public_key) { 738 psa_set_key_type(&attributes, key_type_public); 739 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 740 psa_set_key_algorithm(&attributes, alg); 741 psa_import_key(&attributes, 742 key_input->x, key_input->len, 743 &key); 744 } else { 745 psa_set_key_type(&attributes, key_type); 746 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); 747 psa_set_key_algorithm(&attributes, alg); 748 psa_import_key(&attributes, 749 key_input->x, key_input->len, 750 &key); 751 } 752 753 mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; 754 755 actual_status = psa_verify_message(key, alg, 756 data_input->x, data_input->len, 757 signature_input->x, signature_input->len); 758 TEST_EQUAL(actual_status, expected_status); 759 /* In the builtin algorithm the driver is called twice. */ 760 TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 761 force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); 762 763 exit: 764 psa_reset_key_attributes(&attributes); 765 psa_destroy_key(key); 766 PSA_DONE(); 767 mbedtls_test_driver_signature_verify_hooks = 768 mbedtls_test_driver_signature_hooks_init(); 769 } 770 /* END_CASE */ 771 772 /* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ 773 void generate_ec_key(int force_status_arg, 774 data_t *fake_output, 775 int expected_status_arg) 776 { 777 psa_status_t force_status = force_status_arg; 778 psa_status_t expected_status = expected_status_arg; 779 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 780 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 781 psa_algorithm_t alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256); 782 const uint8_t *expected_output = NULL; 783 size_t expected_output_length = 0; 784 psa_status_t actual_status; 785 uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = { 0 }; 786 size_t actual_output_length; 787 mbedtls_test_driver_key_management_hooks = 788 mbedtls_test_driver_key_management_hooks_init(); 789 790 psa_set_key_type(&attributes, 791 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); 792 psa_set_key_bits(&attributes, 256); 793 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT); 794 psa_set_key_algorithm(&attributes, alg); 795 796 if (fake_output->len > 0) { 797 expected_output = 798 mbedtls_test_driver_key_management_hooks.forced_output = 799 fake_output->x; 800 801 expected_output_length = 802 mbedtls_test_driver_key_management_hooks.forced_output_length = 803 fake_output->len; 804 } 805 806 PSA_ASSERT(psa_crypto_init()); 807 808 mbedtls_test_driver_key_management_hooks.hits = 0; 809 mbedtls_test_driver_key_management_hooks.hits_generate_key = 0; 810 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 811 812 actual_status = psa_generate_key(&attributes, &key); 813 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_generate_key, 1); 814 TEST_EQUAL(actual_status, expected_status); 815 816 if (actual_status == PSA_SUCCESS) { 817 psa_export_key(key, actual_output, sizeof(actual_output), &actual_output_length); 818 819 if (fake_output->len > 0) { 820 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 821 expected_output, expected_output_length); 822 } else { 823 size_t zeroes = 0; 824 for (size_t i = 0; i < sizeof(actual_output); i++) { 825 if (actual_output[i] == 0) { 826 zeroes++; 827 } 828 } 829 TEST_ASSERT(zeroes != sizeof(actual_output)); 830 } 831 } 832 exit: 833 psa_reset_key_attributes(&attributes); 834 psa_destroy_key(key); 835 PSA_DONE(); 836 mbedtls_test_driver_key_management_hooks = 837 mbedtls_test_driver_key_management_hooks_init(); 838 } 839 /* END_CASE */ 840 841 /* BEGIN_CASE */ 842 void validate_key(int force_status_arg, 843 int location, 844 int owner_id_arg, 845 int id_arg, 846 int key_type_arg, 847 data_t *key_input, 848 int expected_status_arg) 849 { 850 psa_key_lifetime_t lifetime = 851 PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ 852 PSA_KEY_PERSISTENCE_VOLATILE, location); 853 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg); 854 psa_status_t force_status = force_status_arg; 855 psa_status_t expected_status = expected_status_arg; 856 psa_key_type_t key_type = key_type_arg; 857 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 858 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 859 psa_status_t actual_status; 860 mbedtls_test_driver_key_management_hooks = 861 mbedtls_test_driver_key_management_hooks_init(); 862 863 psa_set_key_id(&attributes, id); 864 psa_set_key_type(&attributes, 865 key_type); 866 psa_set_key_lifetime(&attributes, lifetime); 867 psa_set_key_bits(&attributes, 0); 868 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 869 870 PSA_ASSERT(psa_crypto_init()); 871 872 mbedtls_test_driver_key_management_hooks.hits = 0; 873 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 874 actual_status = psa_import_key(&attributes, key_input->x, key_input->len, &key); 875 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); 876 TEST_EQUAL(actual_status, expected_status); 877 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.location, location); 878 exit: 879 psa_reset_key_attributes(&attributes); 880 psa_destroy_key(key); 881 PSA_DONE(); 882 mbedtls_test_driver_key_management_hooks = 883 mbedtls_test_driver_key_management_hooks_init(); 884 } 885 /* END_CASE */ 886 887 /* BEGIN_CASE */ 888 void export_key(int force_status_arg, 889 data_t *fake_output, 890 int key_in_type_arg, 891 data_t *key_in, 892 int key_out_type_arg, 893 data_t *expected_output, 894 int expected_status_arg) 895 { 896 psa_status_t force_status = force_status_arg; 897 psa_status_t expected_status = expected_status_arg; 898 psa_key_handle_t handle = 0; 899 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 900 psa_key_type_t input_key_type = key_in_type_arg; 901 psa_key_type_t output_key_type = key_out_type_arg; 902 const uint8_t *expected_output_ptr = NULL; 903 size_t expected_output_length = 0; 904 psa_status_t actual_status; 905 uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = { 0 }; 906 size_t actual_output_length; 907 mbedtls_test_driver_key_management_hooks = 908 mbedtls_test_driver_key_management_hooks_init(); 909 910 psa_set_key_type(&attributes, input_key_type); 911 psa_set_key_bits(&attributes, 256); 912 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); 913 914 PSA_ASSERT(psa_crypto_init()); 915 PSA_ASSERT(psa_import_key(&attributes, key_in->x, key_in->len, &handle)); 916 917 if (fake_output->len > 0) { 918 expected_output_ptr = 919 mbedtls_test_driver_key_management_hooks.forced_output = 920 fake_output->x; 921 922 expected_output_length = 923 mbedtls_test_driver_key_management_hooks.forced_output_length = 924 fake_output->len; 925 } else { 926 expected_output_ptr = expected_output->x; 927 expected_output_length = expected_output->len; 928 } 929 930 mbedtls_test_driver_key_management_hooks.hits = 0; 931 mbedtls_test_driver_key_management_hooks.hits_export_public_key = 0; 932 mbedtls_test_driver_key_management_hooks.forced_status = force_status; 933 934 if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { 935 actual_status = psa_export_public_key(handle, 936 actual_output, 937 sizeof(actual_output), 938 &actual_output_length); 939 } else { 940 actual_status = psa_export_key(handle, 941 actual_output, 942 sizeof(actual_output), 943 &actual_output_length); 944 } 945 TEST_EQUAL(actual_status, expected_status); 946 947 if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && 948 !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { 949 TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_export_public_key, 1); 950 } 951 952 if (actual_status == PSA_SUCCESS) { 953 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 954 expected_output_ptr, expected_output_length); 955 } 956 exit: 957 psa_reset_key_attributes(&attributes); 958 psa_destroy_key(handle); 959 PSA_DONE(); 960 mbedtls_test_driver_key_management_hooks = 961 mbedtls_test_driver_key_management_hooks_init(); 962 } 963 /* END_CASE */ 964 965 /* BEGIN_CASE */ 966 void key_agreement(int alg_arg, 967 int force_status_arg, 968 int our_key_type_arg, 969 data_t *our_key_data, 970 data_t *peer_key_data, 971 data_t *expected_output, 972 data_t *fake_output, 973 int expected_status_arg) 974 { 975 psa_status_t force_status = force_status_arg; 976 psa_status_t expected_status = expected_status_arg; 977 psa_algorithm_t alg = alg_arg; 978 psa_key_type_t our_key_type = our_key_type_arg; 979 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; 980 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 981 const uint8_t *expected_output_ptr = NULL; 982 size_t expected_output_length = 0; 983 unsigned char *actual_output = NULL; 984 size_t actual_output_length = ~0; 985 size_t key_bits; 986 psa_status_t actual_status; 987 mbedtls_test_driver_key_agreement_hooks = 988 mbedtls_test_driver_key_agreement_hooks_init(); 989 990 PSA_ASSERT(psa_crypto_init()); 991 992 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 993 psa_set_key_algorithm(&attributes, alg); 994 psa_set_key_type(&attributes, our_key_type); 995 PSA_ASSERT(psa_import_key(&attributes, 996 our_key_data->x, our_key_data->len, 997 &our_key)); 998 999 PSA_ASSERT(psa_get_key_attributes(our_key, &attributes)); 1000 key_bits = psa_get_key_bits(&attributes); 1001 1002 TEST_LE_U(expected_output->len, 1003 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits)); 1004 TEST_LE_U(PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits), 1005 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); 1006 1007 if (fake_output->len > 0) { 1008 expected_output_ptr = 1009 mbedtls_test_driver_key_agreement_hooks.forced_output = 1010 fake_output->x; 1011 1012 expected_output_length = 1013 mbedtls_test_driver_key_agreement_hooks.forced_output_length = 1014 fake_output->len; 1015 } else { 1016 expected_output_ptr = expected_output->x; 1017 expected_output_length = expected_output->len; 1018 } 1019 1020 mbedtls_test_driver_key_agreement_hooks.hits = 0; 1021 mbedtls_test_driver_key_agreement_hooks.forced_status = force_status; 1022 1023 TEST_CALLOC(actual_output, expected_output->len); 1024 actual_status = psa_raw_key_agreement(alg, our_key, 1025 peer_key_data->x, peer_key_data->len, 1026 actual_output, expected_output->len, 1027 &actual_output_length); 1028 TEST_EQUAL(actual_status, expected_status); 1029 TEST_EQUAL(mbedtls_test_driver_key_agreement_hooks.hits, 1); 1030 1031 if (actual_status == PSA_SUCCESS) { 1032 TEST_MEMORY_COMPARE(actual_output, actual_output_length, 1033 expected_output_ptr, expected_output_length); 1034 } 1035 mbedtls_free(actual_output); 1036 actual_output = NULL; 1037 actual_output_length = ~0; 1038 1039 exit: 1040 psa_reset_key_attributes(&attributes); 1041 psa_destroy_key(our_key); 1042 PSA_DONE(); 1043 mbedtls_test_driver_key_agreement_hooks = 1044 mbedtls_test_driver_key_agreement_hooks_init(); 1045 } 1046 1047 /* END_CASE */ 1048 1049 /* BEGIN_CASE */ 1050 void cipher_encrypt_validation(int alg_arg, 1051 int key_type_arg, 1052 data_t *key_data, 1053 data_t *input) 1054 { 1055 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1056 psa_key_type_t key_type = key_type_arg; 1057 psa_algorithm_t alg = alg_arg; 1058 size_t iv_size = PSA_CIPHER_IV_LENGTH(key_type, alg); 1059 unsigned char *output1 = NULL; 1060 size_t output1_buffer_size = 0; 1061 size_t output1_length = 0; 1062 unsigned char *output2 = NULL; 1063 size_t output2_buffer_size = 0; 1064 size_t output2_length = 0; 1065 size_t function_output_length = 0; 1066 psa_cipher_operation_t operation = psa_cipher_operation_init_short(); 1067 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1068 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1069 1070 PSA_ASSERT(psa_crypto_init()); 1071 1072 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1073 psa_set_key_algorithm(&attributes, alg); 1074 psa_set_key_type(&attributes, key_type); 1075 1076 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); 1077 output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + 1078 PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); 1079 TEST_CALLOC(output1, output1_buffer_size); 1080 TEST_CALLOC(output2, output2_buffer_size); 1081 1082 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1083 &key)); 1084 1085 mbedtls_test_driver_cipher_hooks.hits = 0; 1086 mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; 1087 PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, 1088 output1_buffer_size, &output1_length)); 1089 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); 1090 mbedtls_test_driver_cipher_hooks.hits = 0; 1091 1092 PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 1093 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1094 mbedtls_test_driver_cipher_hooks.hits = 0; 1095 1096 PSA_ASSERT(psa_cipher_set_iv(&operation, output1, iv_size)); 1097 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1098 mbedtls_test_driver_cipher_hooks.hits = 0; 1099 1100 PSA_ASSERT(psa_cipher_update(&operation, 1101 input->x, input->len, 1102 output2, output2_buffer_size, 1103 &function_output_length)); 1104 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1105 mbedtls_test_driver_cipher_hooks.hits = 0; 1106 1107 output2_length += function_output_length; 1108 PSA_ASSERT(psa_cipher_finish(&operation, 1109 output2 + output2_length, 1110 output2_buffer_size - output2_length, 1111 &function_output_length)); 1112 /* Finish will have called abort as well, so expecting two hits here */ 1113 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1114 mbedtls_test_driver_cipher_hooks.hits = 0; 1115 1116 output2_length += function_output_length; 1117 1118 PSA_ASSERT(psa_cipher_abort(&operation)); 1119 // driver function should've been called as part of the finish() core routine 1120 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1121 TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size, 1122 output2, output2_length); 1123 1124 exit: 1125 psa_cipher_abort(&operation); 1126 mbedtls_free(output1); 1127 mbedtls_free(output2); 1128 psa_destroy_key(key); 1129 PSA_DONE(); 1130 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1131 } 1132 /* END_CASE */ 1133 1134 /* BEGIN_CASE */ 1135 void cipher_encrypt_multipart(int alg_arg, 1136 int key_type_arg, 1137 data_t *key_data, 1138 data_t *iv, 1139 data_t *input, 1140 int first_part_size_arg, 1141 int output1_length_arg, 1142 int output2_length_arg, 1143 data_t *expected_output, 1144 int mock_output_arg, 1145 int force_status_arg, 1146 int expected_status_arg) 1147 { 1148 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1149 psa_key_type_t key_type = key_type_arg; 1150 psa_algorithm_t alg = alg_arg; 1151 psa_status_t status; 1152 psa_status_t expected_status = expected_status_arg; 1153 psa_status_t force_status = force_status_arg; 1154 size_t first_part_size = first_part_size_arg; 1155 size_t output1_length = output1_length_arg; 1156 size_t output2_length = output2_length_arg; 1157 unsigned char *output = NULL; 1158 size_t output_buffer_size = 0; 1159 size_t function_output_length = 0; 1160 size_t total_output_length = 0; 1161 psa_cipher_operation_t operation = psa_cipher_operation_init_short(); 1162 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1163 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1164 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1165 1166 /* Test operation initialization */ 1167 mbedtls_psa_cipher_operation_t mbedtls_operation = 1168 MBEDTLS_PSA_CIPHER_OPERATION_INIT; 1169 1170 mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = 1171 MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; 1172 1173 mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = 1174 MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; 1175 1176 operation.ctx.mbedtls_ctx = mbedtls_operation; 1177 operation.ctx.transparent_test_driver_ctx = transparent_operation; 1178 operation.ctx.opaque_test_driver_ctx = opaque_operation; 1179 1180 PSA_ASSERT(psa_crypto_init()); 1181 1182 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1183 psa_set_key_algorithm(&attributes, alg); 1184 psa_set_key_type(&attributes, key_type); 1185 1186 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1187 &key)); 1188 1189 mbedtls_test_driver_cipher_hooks.hits = 0; 1190 PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); 1191 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1192 mbedtls_test_driver_cipher_hooks.hits = 0; 1193 1194 PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 1195 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1196 mbedtls_test_driver_cipher_hooks.hits = 0; 1197 1198 output_buffer_size = ((size_t) input->len + 1199 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); 1200 TEST_CALLOC(output, output_buffer_size); 1201 1202 if (mock_output_arg) { 1203 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1204 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1205 } 1206 1207 TEST_ASSERT(first_part_size <= input->len); 1208 PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size, 1209 output, output_buffer_size, 1210 &function_output_length)); 1211 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1212 mbedtls_test_driver_cipher_hooks.hits = 0; 1213 1214 TEST_ASSERT(function_output_length == output1_length); 1215 total_output_length += function_output_length; 1216 1217 if (first_part_size < input->len) { 1218 PSA_ASSERT(psa_cipher_update(&operation, 1219 input->x + first_part_size, 1220 input->len - first_part_size, 1221 output + total_output_length, 1222 output_buffer_size - total_output_length, 1223 &function_output_length)); 1224 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1225 mbedtls_test_driver_cipher_hooks.hits = 0; 1226 1227 TEST_ASSERT(function_output_length == output2_length); 1228 total_output_length += function_output_length; 1229 } 1230 1231 if (mock_output_arg) { 1232 mbedtls_test_driver_cipher_hooks.forced_output = NULL; 1233 mbedtls_test_driver_cipher_hooks.forced_output_length = 0; 1234 } 1235 1236 status = psa_cipher_finish(&operation, 1237 output + total_output_length, 1238 output_buffer_size - total_output_length, 1239 &function_output_length); 1240 /* Finish will have called abort as well, so expecting two hits here */ 1241 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); 1242 mbedtls_test_driver_cipher_hooks.hits = 0; 1243 total_output_length += function_output_length; 1244 TEST_EQUAL(status, expected_status); 1245 1246 if (expected_status == PSA_SUCCESS) { 1247 PSA_ASSERT(psa_cipher_abort(&operation)); 1248 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1249 1250 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1251 output, total_output_length); 1252 } 1253 1254 exit: 1255 psa_cipher_abort(&operation); 1256 mbedtls_free(output); 1257 psa_destroy_key(key); 1258 PSA_DONE(); 1259 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1260 } 1261 /* END_CASE */ 1262 1263 /* BEGIN_CASE */ 1264 void cipher_decrypt_multipart(int alg_arg, 1265 int key_type_arg, 1266 data_t *key_data, 1267 data_t *iv, 1268 data_t *input, 1269 int first_part_size_arg, 1270 int output1_length_arg, 1271 int output2_length_arg, 1272 data_t *expected_output, 1273 int mock_output_arg, 1274 int force_status_arg, 1275 int expected_status_arg) 1276 { 1277 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1278 psa_key_type_t key_type = key_type_arg; 1279 psa_algorithm_t alg = alg_arg; 1280 psa_status_t status; 1281 psa_status_t expected_status = expected_status_arg; 1282 psa_status_t force_status = force_status_arg; 1283 size_t first_part_size = first_part_size_arg; 1284 size_t output1_length = output1_length_arg; 1285 size_t output2_length = output2_length_arg; 1286 unsigned char *output = NULL; 1287 size_t output_buffer_size = 0; 1288 size_t function_output_length = 0; 1289 size_t total_output_length = 0; 1290 psa_cipher_operation_t operation = psa_cipher_operation_init_short(); 1291 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1292 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1293 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1294 1295 /* Test operation initialization */ 1296 mbedtls_psa_cipher_operation_t mbedtls_operation = 1297 MBEDTLS_PSA_CIPHER_OPERATION_INIT; 1298 1299 mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = 1300 MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; 1301 1302 mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = 1303 MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; 1304 1305 operation.ctx.mbedtls_ctx = mbedtls_operation; 1306 operation.ctx.transparent_test_driver_ctx = transparent_operation; 1307 operation.ctx.opaque_test_driver_ctx = opaque_operation; 1308 1309 PSA_ASSERT(psa_crypto_init()); 1310 1311 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1312 psa_set_key_algorithm(&attributes, alg); 1313 psa_set_key_type(&attributes, key_type); 1314 1315 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1316 &key)); 1317 1318 mbedtls_test_driver_cipher_hooks.hits = 0; 1319 PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); 1320 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1321 mbedtls_test_driver_cipher_hooks.hits = 0; 1322 1323 PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); 1324 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1325 mbedtls_test_driver_cipher_hooks.hits = 0; 1326 1327 output_buffer_size = ((size_t) input->len + 1328 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); 1329 TEST_CALLOC(output, output_buffer_size); 1330 1331 if (mock_output_arg) { 1332 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1333 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1334 } 1335 1336 TEST_ASSERT(first_part_size <= input->len); 1337 PSA_ASSERT(psa_cipher_update(&operation, 1338 input->x, first_part_size, 1339 output, output_buffer_size, 1340 &function_output_length)); 1341 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1342 mbedtls_test_driver_cipher_hooks.hits = 0; 1343 1344 TEST_ASSERT(function_output_length == output1_length); 1345 total_output_length += function_output_length; 1346 1347 if (first_part_size < input->len) { 1348 PSA_ASSERT(psa_cipher_update(&operation, 1349 input->x + first_part_size, 1350 input->len - first_part_size, 1351 output + total_output_length, 1352 output_buffer_size - total_output_length, 1353 &function_output_length)); 1354 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); 1355 mbedtls_test_driver_cipher_hooks.hits = 0; 1356 1357 TEST_ASSERT(function_output_length == output2_length); 1358 total_output_length += function_output_length; 1359 } 1360 1361 if (mock_output_arg) { 1362 mbedtls_test_driver_cipher_hooks.forced_output = NULL; 1363 mbedtls_test_driver_cipher_hooks.forced_output_length = 0; 1364 } 1365 1366 status = psa_cipher_finish(&operation, 1367 output + total_output_length, 1368 output_buffer_size - total_output_length, 1369 &function_output_length); 1370 /* Finish will have called abort as well, so expecting two hits here */ 1371 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); 1372 mbedtls_test_driver_cipher_hooks.hits = 0; 1373 total_output_length += function_output_length; 1374 TEST_EQUAL(status, expected_status); 1375 1376 if (expected_status == PSA_SUCCESS) { 1377 PSA_ASSERT(psa_cipher_abort(&operation)); 1378 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1379 1380 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1381 output, total_output_length); 1382 } 1383 1384 exit: 1385 psa_cipher_abort(&operation); 1386 mbedtls_free(output); 1387 psa_destroy_key(key); 1388 PSA_DONE(); 1389 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1390 } 1391 /* END_CASE */ 1392 1393 /* BEGIN_CASE */ 1394 void cipher_decrypt(int alg_arg, 1395 int key_type_arg, 1396 data_t *key_data, 1397 data_t *iv, 1398 data_t *input_arg, 1399 data_t *expected_output, 1400 int mock_output_arg, 1401 int force_status_arg, 1402 int expected_status_arg) 1403 { 1404 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1405 psa_status_t status; 1406 psa_key_type_t key_type = key_type_arg; 1407 psa_algorithm_t alg = alg_arg; 1408 psa_status_t expected_status = expected_status_arg; 1409 psa_status_t force_status = force_status_arg; 1410 unsigned char *input = NULL; 1411 size_t input_buffer_size = 0; 1412 unsigned char *output = NULL; 1413 size_t output_buffer_size = 0; 1414 size_t output_length = 0; 1415 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1416 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1417 mbedtls_test_driver_cipher_hooks.forced_status = force_status; 1418 1419 PSA_ASSERT(psa_crypto_init()); 1420 1421 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1422 psa_set_key_algorithm(&attributes, alg); 1423 psa_set_key_type(&attributes, key_type); 1424 1425 /* Allocate input buffer and copy the iv and the plaintext */ 1426 input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); 1427 if (input_buffer_size > 0) { 1428 TEST_CALLOC(input, input_buffer_size); 1429 memcpy(input, iv->x, iv->len); 1430 memcpy(input + iv->len, input_arg->x, input_arg->len); 1431 } 1432 1433 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); 1434 TEST_CALLOC(output, output_buffer_size); 1435 1436 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1437 &key)); 1438 1439 if (mock_output_arg) { 1440 mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; 1441 mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; 1442 } 1443 1444 mbedtls_test_driver_cipher_hooks.hits = 0; 1445 status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, 1446 output_buffer_size, &output_length); 1447 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1448 mbedtls_test_driver_cipher_hooks.hits = 0; 1449 1450 TEST_EQUAL(status, expected_status); 1451 1452 if (expected_status == PSA_SUCCESS) { 1453 TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, 1454 output, output_length); 1455 } 1456 1457 exit: 1458 mbedtls_free(input); 1459 mbedtls_free(output); 1460 psa_destroy_key(key); 1461 PSA_DONE(); 1462 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1463 } 1464 /* END_CASE */ 1465 1466 /* BEGIN_CASE */ 1467 void cipher_entry_points(int alg_arg, int key_type_arg, 1468 data_t *key_data, data_t *iv, 1469 data_t *input) 1470 { 1471 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1472 psa_status_t status; 1473 psa_key_type_t key_type = key_type_arg; 1474 psa_algorithm_t alg = alg_arg; 1475 unsigned char *output = NULL; 1476 size_t output_buffer_size = 0; 1477 size_t function_output_length = 0; 1478 psa_cipher_operation_t operation = psa_cipher_operation_init_short(); 1479 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1480 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1481 1482 TEST_CALLOC(output, input->len + 16); 1483 output_buffer_size = input->len + 16; 1484 1485 PSA_ASSERT(psa_crypto_init()); 1486 1487 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 1488 psa_set_key_algorithm(&attributes, alg); 1489 psa_set_key_type(&attributes, key_type); 1490 1491 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1492 &key)); 1493 1494 /* 1495 * Test encrypt failure 1496 * First test that if we don't force a driver error, encryption is 1497 * successful, then force driver error. 1498 */ 1499 mbedtls_test_driver_cipher_hooks.hits = 0; 1500 mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; 1501 status = psa_cipher_encrypt( 1502 key, alg, input->x, input->len, 1503 output, output_buffer_size, &function_output_length); 1504 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); 1505 TEST_EQUAL(status, PSA_SUCCESS); 1506 mbedtls_test_driver_cipher_hooks.hits = 0; 1507 1508 mbedtls_test_driver_cipher_hooks.forced_status_encrypt = PSA_ERROR_GENERIC_ERROR; 1509 /* Set the output buffer in a given state. */ 1510 for (size_t i = 0; i < output_buffer_size; i++) { 1511 output[i] = 0xa5; 1512 } 1513 1514 mbedtls_test_driver_cipher_hooks.hits_encrypt = 0; 1515 status = psa_cipher_encrypt( 1516 key, alg, input->x, input->len, 1517 output, output_buffer_size, &function_output_length); 1518 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_encrypt, 1); 1519 TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); 1520 1521 mbedtls_test_driver_cipher_hooks.hits = 0; 1522 1523 /* Test setup call, encrypt */ 1524 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1525 status = psa_cipher_encrypt_setup(&operation, key, alg); 1526 /* When setup fails, it shouldn't call any further entry points */ 1527 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1528 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1529 mbedtls_test_driver_cipher_hooks.hits = 0; 1530 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1531 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1532 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1533 1534 /* Test setup call failure, decrypt */ 1535 status = psa_cipher_decrypt_setup(&operation, key, alg); 1536 /* When setup fails, it shouldn't call any further entry points */ 1537 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1538 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1539 mbedtls_test_driver_cipher_hooks.hits = 0; 1540 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1541 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1542 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1543 1544 /* Test IV setting failure */ 1545 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1546 status = psa_cipher_encrypt_setup(&operation, key, alg); 1547 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1548 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1549 mbedtls_test_driver_cipher_hooks.hits = 0; 1550 1551 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1552 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1553 /* When setting the IV fails, it should call abort too */ 1554 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1555 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1556 /* Failure should prevent further operations from executing on the driver */ 1557 mbedtls_test_driver_cipher_hooks.hits = 0; 1558 status = psa_cipher_update(&operation, 1559 input->x, input->len, 1560 output, output_buffer_size, 1561 &function_output_length); 1562 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1563 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1564 psa_cipher_abort(&operation); 1565 1566 /* Test IV generation failure */ 1567 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1568 status = psa_cipher_encrypt_setup(&operation, key, alg); 1569 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1570 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1571 mbedtls_test_driver_cipher_hooks.hits = 0; 1572 mbedtls_test_driver_cipher_hooks.hits_set_iv = 0; 1573 1574 mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_ERROR_GENERIC_ERROR; 1575 /* Set the output buffer in a given state. */ 1576 for (size_t i = 0; i < 16; i++) { 1577 output[i] = 0xa5; 1578 } 1579 1580 status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length); 1581 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits_set_iv, 1); 1582 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status_set_iv); 1583 mbedtls_test_driver_cipher_hooks.forced_status_set_iv = PSA_SUCCESS; 1584 /* Failure should prevent further operations from executing on the driver */ 1585 mbedtls_test_driver_cipher_hooks.hits = 0; 1586 status = psa_cipher_update(&operation, 1587 input->x, input->len, 1588 output, output_buffer_size, 1589 &function_output_length); 1590 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1591 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1592 psa_cipher_abort(&operation); 1593 1594 /* Test update failure */ 1595 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1596 status = psa_cipher_encrypt_setup(&operation, key, alg); 1597 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1598 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1599 mbedtls_test_driver_cipher_hooks.hits = 0; 1600 1601 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1602 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1603 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1604 mbedtls_test_driver_cipher_hooks.hits = 0; 1605 1606 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1607 status = psa_cipher_update(&operation, 1608 input->x, input->len, 1609 output, output_buffer_size, 1610 &function_output_length); 1611 /* When the update call fails, it should call abort too */ 1612 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1613 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1614 /* Failure should prevent further operations from executing on the driver */ 1615 mbedtls_test_driver_cipher_hooks.hits = 0; 1616 status = psa_cipher_update(&operation, 1617 input->x, input->len, 1618 output, output_buffer_size, 1619 &function_output_length); 1620 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1621 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1622 psa_cipher_abort(&operation); 1623 1624 /* Test finish failure */ 1625 mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; 1626 status = psa_cipher_encrypt_setup(&operation, key, alg); 1627 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1628 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1629 mbedtls_test_driver_cipher_hooks.hits = 0; 1630 1631 status = psa_cipher_set_iv(&operation, iv->x, iv->len); 1632 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1633 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1634 mbedtls_test_driver_cipher_hooks.hits = 0; 1635 1636 status = psa_cipher_update(&operation, 1637 input->x, input->len, 1638 output, output_buffer_size, 1639 &function_output_length); 1640 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); 1641 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1642 mbedtls_test_driver_cipher_hooks.hits = 0; 1643 1644 mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; 1645 status = psa_cipher_finish(&operation, 1646 output + function_output_length, 1647 output_buffer_size - function_output_length, 1648 &function_output_length); 1649 /* When the finish call fails, it should call abort too */ 1650 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); 1651 TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); 1652 /* Failure should prevent further operations from executing on the driver */ 1653 mbedtls_test_driver_cipher_hooks.hits = 0; 1654 status = psa_cipher_update(&operation, 1655 input->x, input->len, 1656 output, output_buffer_size, 1657 &function_output_length); 1658 TEST_EQUAL(status, PSA_ERROR_BAD_STATE); 1659 TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); 1660 psa_cipher_abort(&operation); 1661 1662 exit: 1663 psa_cipher_abort(&operation); 1664 mbedtls_free(output); 1665 psa_destroy_key(key); 1666 PSA_DONE(); 1667 mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); 1668 } 1669 /* END_CASE */ 1670 1671 /* BEGIN_CASE */ 1672 void aead_encrypt(int key_type_arg, data_t *key_data, 1673 int alg_arg, 1674 data_t *nonce, 1675 data_t *additional_data, 1676 data_t *input_data, 1677 data_t *expected_result, 1678 int forced_status_arg) 1679 { 1680 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1681 psa_key_type_t key_type = key_type_arg; 1682 psa_algorithm_t alg = alg_arg; 1683 size_t key_bits; 1684 psa_status_t forced_status = forced_status_arg; 1685 unsigned char *output_data = NULL; 1686 size_t output_size = 0; 1687 size_t output_length = 0; 1688 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1689 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1690 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1691 1692 PSA_ASSERT(psa_crypto_init()); 1693 1694 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 1695 psa_set_key_algorithm(&attributes, alg); 1696 psa_set_key_type(&attributes, key_type); 1697 1698 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1699 &key)); 1700 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1701 key_bits = psa_get_key_bits(&attributes); 1702 1703 output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 1704 alg); 1705 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 1706 * should be exact. */ 1707 TEST_EQUAL(output_size, 1708 PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 1709 TEST_ASSERT(output_size <= 1710 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 1711 TEST_CALLOC(output_data, output_size); 1712 1713 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 1714 status = psa_aead_encrypt(key, alg, 1715 nonce->x, nonce->len, 1716 additional_data->x, additional_data->len, 1717 input_data->x, input_data->len, 1718 output_data, output_size, 1719 &output_length); 1720 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt, 1); 1721 TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); 1722 1723 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 1724 PSA_SUCCESS : forced_status); 1725 1726 if (status == PSA_SUCCESS) { 1727 TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, 1728 output_data, output_length); 1729 } 1730 1731 exit: 1732 psa_destroy_key(key); 1733 mbedtls_free(output_data); 1734 PSA_DONE(); 1735 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1736 } 1737 /* END_CASE */ 1738 1739 /* BEGIN_CASE */ 1740 void aead_decrypt(int key_type_arg, data_t *key_data, 1741 int alg_arg, 1742 data_t *nonce, 1743 data_t *additional_data, 1744 data_t *input_data, 1745 data_t *expected_data, 1746 int forced_status_arg) 1747 { 1748 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1749 psa_key_type_t key_type = key_type_arg; 1750 psa_algorithm_t alg = alg_arg; 1751 size_t key_bits; 1752 psa_status_t forced_status = forced_status_arg; 1753 unsigned char *output_data = NULL; 1754 size_t output_size = 0; 1755 size_t output_length = 0; 1756 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1757 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 1758 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1759 1760 PSA_ASSERT(psa_crypto_init()); 1761 1762 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 1763 psa_set_key_algorithm(&attributes, alg); 1764 psa_set_key_type(&attributes, key_type); 1765 1766 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1767 &key)); 1768 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 1769 key_bits = psa_get_key_bits(&attributes); 1770 1771 output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits, 1772 alg); 1773 TEST_CALLOC(output_data, output_size); 1774 1775 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 1776 status = psa_aead_decrypt(key, alg, 1777 nonce->x, nonce->len, 1778 additional_data->x, 1779 additional_data->len, 1780 input_data->x, input_data->len, 1781 output_data, output_size, 1782 &output_length); 1783 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt, 1); 1784 TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); 1785 1786 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 1787 PSA_SUCCESS : forced_status); 1788 1789 if (status == PSA_SUCCESS) { 1790 TEST_MEMORY_COMPARE(expected_data->x, expected_data->len, 1791 output_data, output_length); 1792 } 1793 1794 exit: 1795 psa_destroy_key(key); 1796 mbedtls_free(output_data); 1797 PSA_DONE(); 1798 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 1799 } 1800 /* END_CASE */ 1801 1802 /* BEGIN_CASE */ 1803 void mac_sign(int key_type_arg, 1804 data_t *key_data, 1805 int alg_arg, 1806 data_t *input, 1807 data_t *expected_mac, 1808 int forced_status_arg) 1809 { 1810 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1811 psa_key_type_t key_type = key_type_arg; 1812 psa_algorithm_t alg = alg_arg; 1813 psa_mac_operation_t operation = psa_mac_operation_init_short(); 1814 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1815 uint8_t *actual_mac = NULL; 1816 size_t mac_buffer_size = 1817 PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 1818 size_t mac_length = 0; 1819 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1820 psa_status_t forced_status = forced_status_arg; 1821 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1822 1823 TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); 1824 /* We expect PSA_MAC_LENGTH to be exact. */ 1825 TEST_ASSERT(expected_mac->len == mac_buffer_size); 1826 1827 PSA_ASSERT(psa_crypto_init()); 1828 1829 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 1830 psa_set_key_algorithm(&attributes, alg); 1831 psa_set_key_type(&attributes, key_type); 1832 1833 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1834 &key)); 1835 1836 TEST_CALLOC(actual_mac, mac_buffer_size); 1837 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 1838 1839 /* 1840 * Calculate the MAC, one-shot case. 1841 */ 1842 status = psa_mac_compute(key, alg, 1843 input->x, input->len, 1844 actual_mac, mac_buffer_size, 1845 &mac_length); 1846 1847 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1848 if (forced_status == PSA_SUCCESS || 1849 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1850 PSA_ASSERT(status); 1851 } else { 1852 TEST_EQUAL(forced_status, status); 1853 } 1854 1855 PSA_ASSERT(psa_mac_abort(&operation)); 1856 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1857 1858 if (forced_status == PSA_SUCCESS) { 1859 TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, 1860 actual_mac, mac_length); 1861 } 1862 1863 mbedtls_free(actual_mac); 1864 actual_mac = NULL; 1865 1866 exit: 1867 psa_mac_abort(&operation); 1868 psa_destroy_key(key); 1869 PSA_DONE(); 1870 mbedtls_free(actual_mac); 1871 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1872 } 1873 /* END_CASE */ 1874 1875 /* BEGIN_CASE */ 1876 void mac_sign_multipart(int key_type_arg, 1877 data_t *key_data, 1878 int alg_arg, 1879 data_t *input, 1880 data_t *expected_mac, 1881 int fragments_count, 1882 int forced_status_arg) 1883 { 1884 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 1885 psa_key_type_t key_type = key_type_arg; 1886 psa_algorithm_t alg = alg_arg; 1887 psa_mac_operation_t operation = psa_mac_operation_init_short(); 1888 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1889 uint8_t *actual_mac = NULL; 1890 size_t mac_buffer_size = 1891 PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); 1892 size_t mac_length = 0; 1893 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1894 psa_status_t forced_status = forced_status_arg; 1895 uint8_t *input_x = input->x; 1896 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1897 1898 TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); 1899 /* We expect PSA_MAC_LENGTH to be exact. */ 1900 TEST_ASSERT(expected_mac->len == mac_buffer_size); 1901 1902 PSA_ASSERT(psa_crypto_init()); 1903 1904 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); 1905 psa_set_key_algorithm(&attributes, alg); 1906 psa_set_key_type(&attributes, key_type); 1907 1908 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 1909 &key)); 1910 1911 TEST_CALLOC(actual_mac, mac_buffer_size); 1912 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 1913 1914 /* 1915 * Calculate the MAC, multipart case. 1916 */ 1917 status = psa_mac_sign_setup(&operation, key, alg); 1918 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1919 1920 if (forced_status == PSA_SUCCESS || 1921 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1922 PSA_ASSERT(status); 1923 } else { 1924 TEST_EQUAL(forced_status, status); 1925 } 1926 1927 if (fragments_count) { 1928 TEST_ASSERT((input->len / fragments_count) > 0); 1929 } 1930 1931 for (int i = 0; i < fragments_count; i++) { 1932 int fragment_size = input->len / fragments_count; 1933 if (i == fragments_count - 1) { 1934 fragment_size += (input->len % fragments_count); 1935 } 1936 1937 status = psa_mac_update(&operation, 1938 input_x, fragment_size); 1939 if (forced_status == PSA_SUCCESS) { 1940 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); 1941 } else { 1942 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1943 } 1944 if (forced_status == PSA_SUCCESS || 1945 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1946 PSA_ASSERT(status); 1947 } else { 1948 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 1949 } 1950 input_x += fragment_size; 1951 } 1952 1953 status = psa_mac_sign_finish(&operation, 1954 actual_mac, mac_buffer_size, 1955 &mac_length); 1956 if (forced_status == PSA_SUCCESS) { 1957 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 1958 } else { 1959 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1960 } 1961 1962 if (forced_status == PSA_SUCCESS || 1963 forced_status == PSA_ERROR_NOT_SUPPORTED) { 1964 PSA_ASSERT(status); 1965 } else { 1966 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 1967 } 1968 1969 PSA_ASSERT(psa_mac_abort(&operation)); 1970 if (forced_status == PSA_SUCCESS) { 1971 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 1972 } else { 1973 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 1974 } 1975 1976 if (forced_status == PSA_SUCCESS) { 1977 TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len, 1978 actual_mac, mac_length); 1979 } 1980 1981 mbedtls_free(actual_mac); 1982 actual_mac = NULL; 1983 1984 exit: 1985 psa_mac_abort(&operation); 1986 psa_destroy_key(key); 1987 PSA_DONE(); 1988 mbedtls_free(actual_mac); 1989 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 1990 } 1991 /* END_CASE */ 1992 1993 /* BEGIN_CASE */ 1994 void mac_verify(int key_type_arg, 1995 data_t *key_data, 1996 int alg_arg, 1997 data_t *input, 1998 data_t *expected_mac, 1999 int forced_status_arg) 2000 { 2001 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2002 psa_key_type_t key_type = key_type_arg; 2003 psa_algorithm_t alg = alg_arg; 2004 psa_mac_operation_t operation = psa_mac_operation_init_short(); 2005 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2006 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2007 psa_status_t forced_status = forced_status_arg; 2008 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2009 2010 TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); 2011 2012 PSA_ASSERT(psa_crypto_init()); 2013 2014 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 2015 psa_set_key_algorithm(&attributes, alg); 2016 psa_set_key_type(&attributes, key_type); 2017 2018 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2019 &key)); 2020 2021 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 2022 2023 /* 2024 * Verify the MAC, one-shot case. 2025 */ 2026 status = psa_mac_verify(key, alg, 2027 input->x, input->len, 2028 expected_mac->x, expected_mac->len); 2029 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2030 if (forced_status == PSA_SUCCESS || 2031 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2032 PSA_ASSERT(status); 2033 } else { 2034 TEST_EQUAL(forced_status, status); 2035 } 2036 2037 PSA_ASSERT(psa_mac_abort(&operation)); 2038 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2039 exit: 2040 psa_mac_abort(&operation); 2041 psa_destroy_key(key); 2042 PSA_DONE(); 2043 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2044 } 2045 /* END_CASE */ 2046 2047 /* BEGIN_CASE */ 2048 void mac_verify_multipart(int key_type_arg, 2049 data_t *key_data, 2050 int alg_arg, 2051 data_t *input, 2052 data_t *expected_mac, 2053 int fragments_count, 2054 int forced_status_arg) 2055 { 2056 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2057 psa_key_type_t key_type = key_type_arg; 2058 psa_algorithm_t alg = alg_arg; 2059 psa_mac_operation_t operation = psa_mac_operation_init_short(); 2060 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2061 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2062 psa_status_t forced_status = forced_status_arg; 2063 uint8_t *input_x = input->x; 2064 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2065 2066 TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); 2067 2068 PSA_ASSERT(psa_crypto_init()); 2069 2070 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 2071 psa_set_key_algorithm(&attributes, alg); 2072 psa_set_key_type(&attributes, key_type); 2073 2074 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2075 &key)); 2076 2077 mbedtls_test_driver_mac_hooks.forced_status = forced_status; 2078 2079 /* 2080 * Verify the MAC, multi-part case. 2081 */ 2082 status = psa_mac_verify_setup(&operation, key, alg); 2083 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2084 2085 if (forced_status == PSA_SUCCESS || 2086 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2087 PSA_ASSERT(status); 2088 } else { 2089 TEST_EQUAL(forced_status, status); 2090 } 2091 2092 if (fragments_count) { 2093 TEST_ASSERT((input->len / fragments_count) > 0); 2094 } 2095 2096 for (int i = 0; i < fragments_count; i++) { 2097 int fragment_size = input->len / fragments_count; 2098 if (i == fragments_count - 1) { 2099 fragment_size += (input->len % fragments_count); 2100 } 2101 2102 status = psa_mac_update(&operation, 2103 input_x, fragment_size); 2104 if (forced_status == PSA_SUCCESS) { 2105 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); 2106 } else { 2107 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2108 } 2109 2110 if (forced_status == PSA_SUCCESS || 2111 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2112 PSA_ASSERT(status); 2113 } else { 2114 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 2115 } 2116 input_x += fragment_size; 2117 } 2118 2119 status = psa_mac_verify_finish(&operation, 2120 expected_mac->x, 2121 expected_mac->len); 2122 if (forced_status == PSA_SUCCESS) { 2123 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 2124 } else { 2125 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2126 } 2127 2128 if (forced_status == PSA_SUCCESS || 2129 forced_status == PSA_ERROR_NOT_SUPPORTED) { 2130 PSA_ASSERT(status); 2131 } else { 2132 TEST_EQUAL(PSA_ERROR_BAD_STATE, status); 2133 } 2134 2135 2136 PSA_ASSERT(psa_mac_abort(&operation)); 2137 if (forced_status == PSA_SUCCESS) { 2138 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); 2139 } else { 2140 TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); 2141 } 2142 2143 exit: 2144 psa_mac_abort(&operation); 2145 psa_destroy_key(key); 2146 PSA_DONE(); 2147 mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); 2148 } 2149 /* END_CASE */ 2150 2151 /* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 2152 void builtin_key_export(int builtin_key_id_arg, 2153 int builtin_key_type_arg, 2154 int builtin_key_bits_arg, 2155 int builtin_key_algorithm_arg, 2156 data_t *expected_output, 2157 int expected_status_arg) 2158 { 2159 psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; 2160 psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; 2161 psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; 2162 size_t builtin_key_bits = (size_t) builtin_key_bits_arg; 2163 psa_status_t expected_status = expected_status_arg; 2164 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2165 2166 mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); 2167 uint8_t *output_buffer = NULL; 2168 size_t output_size = 0; 2169 psa_status_t actual_status; 2170 2171 PSA_ASSERT(psa_crypto_init()); 2172 TEST_CALLOC(output_buffer, expected_output->len); 2173 2174 actual_status = psa_export_key(key, output_buffer, expected_output->len, &output_size); 2175 2176 if (expected_status == PSA_SUCCESS) { 2177 PSA_ASSERT(actual_status); 2178 TEST_EQUAL(output_size, expected_output->len); 2179 TEST_MEMORY_COMPARE(output_buffer, output_size, 2180 expected_output->x, expected_output->len); 2181 2182 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2183 TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); 2184 TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); 2185 TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); 2186 } else { 2187 if (actual_status != expected_status) { 2188 fprintf(stderr, "Expected %d but got %d\n", expected_status, actual_status); 2189 } 2190 TEST_EQUAL(actual_status, expected_status); 2191 TEST_EQUAL(output_size, 0); 2192 } 2193 2194 exit: 2195 mbedtls_free(output_buffer); 2196 psa_reset_key_attributes(&attributes); 2197 psa_destroy_key(key); 2198 PSA_DONE(); 2199 } 2200 /* END_CASE */ 2201 2202 /* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 2203 void builtin_pubkey_export(int builtin_key_id_arg, 2204 int builtin_key_type_arg, 2205 int builtin_key_bits_arg, 2206 int builtin_key_algorithm_arg, 2207 data_t *expected_output, 2208 int expected_status_arg) 2209 { 2210 psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; 2211 psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; 2212 psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; 2213 size_t builtin_key_bits = (size_t) builtin_key_bits_arg; 2214 psa_status_t expected_status = expected_status_arg; 2215 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2216 2217 mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); 2218 uint8_t *output_buffer = NULL; 2219 size_t output_size = 0; 2220 psa_status_t actual_status; 2221 2222 PSA_ASSERT(psa_crypto_init()); 2223 TEST_CALLOC(output_buffer, expected_output->len); 2224 2225 actual_status = psa_export_public_key(key, output_buffer, expected_output->len, &output_size); 2226 2227 if (expected_status == PSA_SUCCESS) { 2228 PSA_ASSERT(actual_status); 2229 TEST_EQUAL(output_size, expected_output->len); 2230 TEST_MEMORY_COMPARE(output_buffer, output_size, 2231 expected_output->x, expected_output->len); 2232 2233 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2234 TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); 2235 TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); 2236 TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); 2237 } else { 2238 TEST_EQUAL(actual_status, expected_status); 2239 TEST_EQUAL(output_size, 0); 2240 } 2241 2242 exit: 2243 mbedtls_free(output_buffer); 2244 psa_reset_key_attributes(&attributes); 2245 psa_destroy_key(key); 2246 PSA_DONE(); 2247 } 2248 /* END_CASE */ 2249 2250 /* BEGIN_CASE */ 2251 void hash_compute(int alg_arg, 2252 data_t *input, data_t *hash, 2253 int forced_status_arg, 2254 int expected_status_arg) 2255 { 2256 psa_algorithm_t alg = alg_arg; 2257 psa_status_t forced_status = forced_status_arg; 2258 psa_status_t expected_status = expected_status_arg; 2259 unsigned char *output = NULL; 2260 size_t output_length; 2261 2262 2263 PSA_ASSERT(psa_crypto_init()); 2264 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2265 2266 /* Do this after psa_crypto_init() which may call hash drivers */ 2267 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2268 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2269 2270 TEST_EQUAL(psa_hash_compute(alg, input->x, input->len, 2271 output, PSA_HASH_LENGTH(alg), 2272 &output_length), expected_status); 2273 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2274 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2275 2276 if (expected_status == PSA_SUCCESS) { 2277 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2278 } 2279 2280 exit: 2281 mbedtls_free(output); 2282 PSA_DONE(); 2283 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2284 } 2285 /* END_CASE */ 2286 2287 /* BEGIN_CASE */ 2288 void hash_multipart_setup(int alg_arg, 2289 data_t *input, data_t *hash, 2290 int forced_status_arg, 2291 int expected_status_arg) 2292 { 2293 psa_algorithm_t alg = alg_arg; 2294 psa_status_t forced_status = forced_status_arg; 2295 psa_status_t expected_status = expected_status_arg; 2296 unsigned char *output = NULL; 2297 psa_hash_operation_t operation = psa_hash_operation_init_short(); 2298 size_t output_length; 2299 2300 2301 PSA_ASSERT(psa_crypto_init()); 2302 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2303 2304 /* Do this after psa_crypto_init() which may call hash drivers */ 2305 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2306 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2307 2308 TEST_EQUAL(psa_hash_setup(&operation, alg), expected_status); 2309 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2310 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2311 2312 if (expected_status == PSA_SUCCESS) { 2313 PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 2314 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2315 forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 2); 2316 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2317 2318 PSA_ASSERT(psa_hash_finish(&operation, 2319 output, PSA_HASH_LENGTH(alg), 2320 &output_length)); 2321 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2322 forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4); 2323 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2324 2325 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2326 } 2327 2328 exit: 2329 psa_hash_abort(&operation); 2330 mbedtls_free(output); 2331 PSA_DONE(); 2332 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2333 } 2334 /* END_CASE */ 2335 2336 /* BEGIN_CASE */ 2337 void hash_multipart_update(int alg_arg, 2338 data_t *input, data_t *hash, 2339 int forced_status_arg) 2340 { 2341 psa_algorithm_t alg = alg_arg; 2342 psa_status_t forced_status = forced_status_arg; 2343 unsigned char *output = NULL; 2344 psa_hash_operation_t operation = psa_hash_operation_init_short(); 2345 size_t output_length; 2346 2347 2348 PSA_ASSERT(psa_crypto_init()); 2349 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2350 2351 /* Do this after psa_crypto_init() which may call hash drivers */ 2352 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2353 2354 /* 2355 * Update inactive operation, the driver shouldn't be called. 2356 */ 2357 TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), 2358 PSA_ERROR_BAD_STATE); 2359 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2360 2361 PSA_ASSERT(psa_hash_setup(&operation, alg)); 2362 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2363 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2364 2365 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2366 TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), 2367 forced_status); 2368 /* One or two more calls to the driver interface: update or update + abort */ 2369 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2370 forced_status == PSA_SUCCESS ? 2 : 3); 2371 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2372 2373 if (forced_status == PSA_SUCCESS) { 2374 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2375 PSA_ASSERT(psa_hash_finish(&operation, 2376 output, PSA_HASH_LENGTH(alg), 2377 &output_length)); 2378 /* Two calls to the driver interface: update + abort */ 2379 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); 2380 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2381 2382 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2383 } 2384 2385 exit: 2386 psa_hash_abort(&operation); 2387 mbedtls_free(output); 2388 PSA_DONE(); 2389 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2390 } 2391 /* END_CASE */ 2392 2393 /* BEGIN_CASE */ 2394 void hash_multipart_finish(int alg_arg, 2395 data_t *input, data_t *hash, 2396 int forced_status_arg) 2397 { 2398 psa_algorithm_t alg = alg_arg; 2399 psa_status_t forced_status = forced_status_arg; 2400 unsigned char *output = NULL; 2401 psa_hash_operation_t operation = psa_hash_operation_init_short(); 2402 size_t output_length; 2403 2404 PSA_ASSERT(psa_crypto_init()); 2405 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2406 2407 /* Do this after psa_crypto_init() which may call hash drivers */ 2408 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2409 2410 /* 2411 * Finish inactive operation, the driver shouldn't be called. 2412 */ 2413 TEST_EQUAL(psa_hash_finish(&operation, output, PSA_HASH_LENGTH(alg), 2414 &output_length), 2415 PSA_ERROR_BAD_STATE); 2416 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2417 2418 PSA_ASSERT(psa_hash_setup(&operation, alg)); 2419 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2420 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2421 2422 PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); 2423 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); 2424 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2425 2426 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2427 TEST_EQUAL(psa_hash_finish(&operation, 2428 output, PSA_HASH_LENGTH(alg), 2429 &output_length), 2430 forced_status); 2431 /* Two more calls to the driver interface: finish + abort */ 2432 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 4); 2433 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2434 2435 if (forced_status == PSA_SUCCESS) { 2436 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2437 } 2438 2439 exit: 2440 psa_hash_abort(&operation); 2441 mbedtls_free(output); 2442 PSA_DONE(); 2443 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2444 } 2445 /* END_CASE */ 2446 2447 /* BEGIN_CASE */ 2448 void hash_clone(int alg_arg, 2449 data_t *input, data_t *hash, 2450 int forced_status_arg) 2451 { 2452 psa_algorithm_t alg = alg_arg; 2453 psa_status_t forced_status = forced_status_arg; 2454 unsigned char *output = NULL; 2455 psa_hash_operation_t source_operation = psa_hash_operation_init_short(); 2456 psa_hash_operation_t target_operation = psa_hash_operation_init_short(); 2457 size_t output_length; 2458 2459 PSA_ASSERT(psa_crypto_init()); 2460 TEST_CALLOC(output, PSA_HASH_LENGTH(alg)); 2461 2462 /* Do this after psa_crypto_init() which may call hash drivers */ 2463 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2464 2465 /* 2466 * Clone inactive operation, the driver shouldn't be called. 2467 */ 2468 TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), 2469 PSA_ERROR_BAD_STATE); 2470 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); 2471 2472 PSA_ASSERT(psa_hash_setup(&source_operation, alg)); 2473 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2474 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2475 2476 mbedtls_test_driver_hash_hooks.forced_status = forced_status; 2477 TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), 2478 forced_status); 2479 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2480 forced_status == PSA_SUCCESS ? 2 : 3); 2481 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); 2482 2483 if (forced_status == PSA_SUCCESS) { 2484 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2485 PSA_ASSERT(psa_hash_update(&target_operation, 2486 input->x, input->len)); 2487 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); 2488 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2489 2490 PSA_ASSERT(psa_hash_finish(&target_operation, 2491 output, PSA_HASH_LENGTH(alg), 2492 &output_length)); 2493 TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 3); 2494 TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); 2495 2496 TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len); 2497 } 2498 2499 exit: 2500 psa_hash_abort(&source_operation); 2501 psa_hash_abort(&target_operation); 2502 mbedtls_free(output); 2503 PSA_DONE(); 2504 mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); 2505 } 2506 /* END_CASE */ 2507 2508 /* BEGIN_CASE */ 2509 void asymmetric_encrypt_decrypt(int alg_arg, 2510 data_t *key_data, 2511 data_t *input_data, 2512 data_t *label, 2513 data_t *fake_output_encrypt, 2514 data_t *fake_output_decrypt, 2515 int forced_status_encrypt_arg, 2516 int forced_status_decrypt_arg, 2517 int expected_status_encrypt_arg, 2518 int expected_status_decrypt_arg) 2519 { 2520 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2521 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 2522 psa_algorithm_t alg = alg_arg; 2523 size_t key_bits; 2524 unsigned char *output = NULL; 2525 size_t output_size; 2526 size_t output_length = ~0; 2527 unsigned char *output2 = NULL; 2528 size_t output2_size; 2529 size_t output2_length = ~0; 2530 psa_status_t forced_status_encrypt = forced_status_encrypt_arg; 2531 psa_status_t forced_status_decrypt = forced_status_decrypt_arg; 2532 psa_status_t expected_status_encrypt = expected_status_encrypt_arg; 2533 psa_status_t expected_status_decrypt = expected_status_decrypt_arg; 2534 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2535 2536 PSA_ASSERT(psa_crypto_init()); 2537 mbedtls_test_driver_asymmetric_encryption_hooks = 2538 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2539 2540 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 2541 psa_set_key_algorithm(&attributes, alg); 2542 psa_set_key_type(&attributes, key_type); 2543 2544 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2545 &key)); 2546 2547 /* Determine the maximum ciphertext length */ 2548 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2549 key_bits = psa_get_key_bits(&attributes); 2550 2551 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2552 forced_status_encrypt; 2553 if (fake_output_encrypt->len > 0) { 2554 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2555 fake_output_encrypt->x; 2556 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2557 fake_output_encrypt->len; 2558 output_size = fake_output_encrypt->len; 2559 TEST_CALLOC(output, output_size); 2560 } else { 2561 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 2562 TEST_ASSERT(output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); 2563 TEST_CALLOC(output, output_size); 2564 } 2565 2566 /* We test encryption by checking that encrypt-then-decrypt gives back 2567 * the original plaintext because of the non-optional random 2568 * part of encryption process which prevents using fixed vectors. */ 2569 TEST_EQUAL(psa_asymmetric_encrypt(key, alg, 2570 input_data->x, input_data->len, 2571 label->x, label->len, 2572 output, output_size, 2573 &output_length), expected_status_encrypt); 2574 /* We don't know what ciphertext length to expect, but check that 2575 * it looks sensible. */ 2576 TEST_ASSERT(output_length <= output_size); 2577 2578 if (expected_status_encrypt == PSA_SUCCESS) { 2579 if (fake_output_encrypt->len > 0) { 2580 TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, 2581 output, output_length); 2582 } else { 2583 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2584 forced_status_decrypt; 2585 if (fake_output_decrypt->len > 0) { 2586 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2587 fake_output_decrypt->x; 2588 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2589 fake_output_decrypt->len; 2590 output2_size = fake_output_decrypt->len; 2591 TEST_CALLOC(output2, output2_size); 2592 } else { 2593 output2_size = input_data->len; 2594 TEST_ASSERT(output2_size <= 2595 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); 2596 TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); 2597 TEST_CALLOC(output2, output2_size); 2598 } 2599 2600 TEST_EQUAL(psa_asymmetric_decrypt(key, alg, 2601 output, output_length, 2602 label->x, label->len, 2603 output2, output2_size, 2604 &output2_length), expected_status_decrypt); 2605 if (expected_status_decrypt == PSA_SUCCESS) { 2606 if (fake_output_decrypt->len > 0) { 2607 TEST_MEMORY_COMPARE(fake_output_decrypt->x, fake_output_decrypt->len, 2608 output2, output2_length); 2609 } else { 2610 TEST_MEMORY_COMPARE(input_data->x, input_data->len, 2611 output2, output2_length); 2612 } 2613 } 2614 } 2615 } 2616 2617 exit: 2618 /* 2619 * Key attributes may have been returned by psa_get_key_attributes() 2620 * thus reset them as required. 2621 */ 2622 psa_reset_key_attributes(&attributes); 2623 2624 psa_destroy_key(key); 2625 mbedtls_free(output); 2626 mbedtls_free(output2); 2627 PSA_DONE(); 2628 } 2629 /* END_CASE */ 2630 2631 /* BEGIN_CASE */ 2632 void asymmetric_decrypt(int alg_arg, 2633 data_t *key_data, 2634 data_t *input_data, 2635 data_t *label, 2636 data_t *expected_output_data, 2637 data_t *fake_output_decrypt, 2638 int forced_status_decrypt_arg, 2639 int expected_status_decrypt_arg) 2640 { 2641 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2642 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 2643 psa_algorithm_t alg = alg_arg; 2644 unsigned char *output = NULL; 2645 size_t output_size; 2646 size_t output_length = ~0; 2647 psa_status_t forced_status_decrypt = forced_status_decrypt_arg; 2648 psa_status_t expected_status_decrypt = expected_status_decrypt_arg; 2649 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2650 2651 PSA_ASSERT(psa_crypto_init()); 2652 mbedtls_test_driver_asymmetric_encryption_hooks = 2653 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2654 2655 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 2656 psa_set_key_algorithm(&attributes, alg); 2657 psa_set_key_type(&attributes, key_type); 2658 2659 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2660 &key)); 2661 2662 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2663 forced_status_decrypt; 2664 2665 if (fake_output_decrypt->len > 0) { 2666 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2667 fake_output_decrypt->x; 2668 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2669 fake_output_decrypt->len; 2670 output_size = fake_output_decrypt->len; 2671 TEST_CALLOC(output, output_size); 2672 } else { 2673 output_size = expected_output_data->len; 2674 TEST_CALLOC(output, expected_output_data->len); 2675 } 2676 2677 TEST_EQUAL(psa_asymmetric_decrypt(key, alg, 2678 input_data->x, input_data->len, 2679 label->x, label->len, 2680 output, output_size, 2681 &output_length), expected_status_decrypt); 2682 if (expected_status_decrypt == PSA_SUCCESS) { 2683 TEST_EQUAL(output_length, expected_output_data->len); 2684 TEST_MEMORY_COMPARE(expected_output_data->x, expected_output_data->len, 2685 output, output_length); 2686 } 2687 exit: 2688 /* 2689 * Key attributes may have been returned by psa_get_key_attributes() 2690 * thus reset them as required. 2691 */ 2692 psa_reset_key_attributes(&attributes); 2693 2694 psa_destroy_key(key); 2695 mbedtls_free(output); 2696 PSA_DONE(); 2697 } 2698 /* END_CASE */ 2699 2700 /* BEGIN_CASE */ 2701 void asymmetric_encrypt(int alg_arg, 2702 data_t *key_data, 2703 data_t *modulus, 2704 data_t *private_exponent, 2705 data_t *input_data, 2706 data_t *label, 2707 data_t *fake_output_encrypt, 2708 int forced_status_encrypt_arg, 2709 int expected_status_encrypt_arg) 2710 { 2711 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2712 psa_key_type_t key_type = PSA_KEY_TYPE_RSA_PUBLIC_KEY; 2713 psa_algorithm_t alg = alg_arg; 2714 unsigned char *output = NULL; 2715 size_t output_size; 2716 size_t output_length = ~0; 2717 psa_status_t forced_status_encrypt = forced_status_encrypt_arg; 2718 psa_status_t expected_status_encrypt = expected_status_encrypt_arg; 2719 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2720 2721 PSA_ASSERT(psa_crypto_init()); 2722 mbedtls_test_driver_asymmetric_encryption_hooks = 2723 mbedtls_test_driver_asymmetric_encryption_hooks_init(); 2724 2725 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 2726 psa_set_key_algorithm(&attributes, alg); 2727 psa_set_key_type(&attributes, key_type); 2728 2729 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2730 &key)); 2731 2732 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2733 size_t key_bits = psa_get_key_bits(&attributes); 2734 2735 mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = 2736 forced_status_encrypt; 2737 2738 if (fake_output_encrypt->len > 0) { 2739 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = 2740 fake_output_encrypt->x; 2741 mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = 2742 fake_output_encrypt->len; 2743 output_size = fake_output_encrypt->len; 2744 TEST_CALLOC(output, output_size); 2745 } else { 2746 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); 2747 TEST_CALLOC(output, output_size); 2748 } 2749 2750 TEST_EQUAL(psa_asymmetric_encrypt(key, alg, 2751 input_data->x, input_data->len, 2752 label->x, label->len, 2753 output, output_size, 2754 &output_length), expected_status_encrypt); 2755 if (expected_status_encrypt == PSA_SUCCESS) { 2756 if (fake_output_encrypt->len > 0) { 2757 TEST_EQUAL(fake_output_encrypt->len, output_length); 2758 TEST_MEMORY_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, 2759 output, output_length); 2760 } else { 2761 /* Perform sanity checks on the output */ 2762 #if PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 2763 if (PSA_KEY_TYPE_IS_RSA(key_type)) { 2764 if (!sanity_check_rsa_encryption_result( 2765 alg, modulus, private_exponent, 2766 input_data, 2767 output, output_length)) { 2768 goto exit; 2769 } 2770 } else 2771 #endif 2772 { 2773 (void) modulus; 2774 (void) private_exponent; 2775 TEST_FAIL("Encryption sanity checks not implemented for this key type"); 2776 } 2777 } 2778 } 2779 exit: 2780 /* 2781 * Key attributes may have been returned by psa_get_key_attributes() 2782 * thus reset them as required. 2783 */ 2784 psa_reset_key_attributes(&attributes); 2785 2786 psa_destroy_key(key); 2787 mbedtls_free(output); 2788 PSA_DONE(); 2789 } 2790 /* END_CASE */ 2791 2792 /* BEGIN_CASE */ 2793 void aead_encrypt_setup(int key_type_arg, data_t *key_data, 2794 int alg_arg, 2795 data_t *nonce, 2796 data_t *additional_data, 2797 data_t *input_data, 2798 data_t *expected_ciphertext, 2799 data_t *expected_tag, 2800 int forced_status_arg, 2801 int expected_status_arg) 2802 { 2803 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2804 psa_key_type_t key_type = key_type_arg; 2805 psa_algorithm_t alg = alg_arg; 2806 size_t key_bits; 2807 psa_status_t forced_status = forced_status_arg; 2808 psa_status_t expected_status = expected_status_arg; 2809 uint8_t *output_data = NULL; 2810 size_t output_size = 0; 2811 size_t output_length = 0; 2812 size_t finish_output_length = 0; 2813 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2814 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2815 size_t tag_length = 0; 2816 uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; 2817 2818 psa_aead_operation_t operation = psa_aead_operation_init(); 2819 2820 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2821 2822 PSA_INIT(); 2823 2824 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 2825 2826 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); 2827 psa_set_key_algorithm(&attributes, alg); 2828 psa_set_key_type(&attributes, key_type); 2829 2830 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2831 &key)); 2832 PSA_ASSERT(psa_get_key_attributes(key, &attributes)); 2833 key_bits = psa_get_key_bits(&attributes); 2834 2835 output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, 2836 alg); 2837 2838 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE 2839 * should be exact. */ 2840 TEST_EQUAL(output_size, 2841 PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); 2842 TEST_ASSERT(output_size <= 2843 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); 2844 TEST_CALLOC(output_data, output_size); 2845 2846 status = psa_aead_encrypt_setup(&operation, key, alg); 2847 2848 TEST_EQUAL(status, expected_status); 2849 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt_setup, 1); 2850 2851 if (status == PSA_SUCCESS) { 2852 /* Set the nonce. */ 2853 PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 2854 2855 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, 2856 forced_status == PSA_SUCCESS ? 1 : 0); 2857 2858 /* Check hooks hits and 2859 * set length (additional data and data to encrypt) */ 2860 PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 2861 input_data->len)); 2862 2863 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, 2864 forced_status == PSA_SUCCESS ? 1 : 0); 2865 2866 /* Pass the additional data */ 2867 PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 2868 additional_data->len)); 2869 2870 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, 2871 forced_status == PSA_SUCCESS ? 1 : 0); 2872 2873 /* Pass the data to encrypt */ 2874 PSA_ASSERT(psa_aead_update(&operation, input_data->x, input_data->len, 2875 output_data, output_size, &output_length)); 2876 2877 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, 2878 forced_status == PSA_SUCCESS ? 1 : 0); 2879 2880 /* Finish the encryption operation */ 2881 PSA_ASSERT(psa_aead_finish(&operation, output_data + output_length, 2882 output_size - output_length, 2883 &finish_output_length, tag_buffer, 2884 PSA_AEAD_TAG_MAX_SIZE, &tag_length)); 2885 2886 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 2887 forced_status == PSA_SUCCESS ? 1 : 0); 2888 2889 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, 2890 forced_status == PSA_SUCCESS ? 1 : 0); 2891 2892 /* Compare output_data and expected_ciphertext */ 2893 TEST_MEMORY_COMPARE(expected_ciphertext->x, expected_ciphertext->len, 2894 output_data, output_length + finish_output_length); 2895 2896 /* Compare tag and expected_tag */ 2897 TEST_MEMORY_COMPARE(expected_tag->x, expected_tag->len, tag_buffer, tag_length); 2898 } 2899 2900 exit: 2901 /* Cleanup */ 2902 PSA_ASSERT(psa_destroy_key(key)); 2903 mbedtls_free(output_data); 2904 PSA_DONE(); 2905 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2906 } 2907 /* END_CASE */ 2908 2909 /* BEGIN_CASE */ 2910 void aead_decrypt_setup(int key_type_arg, data_t *key_data, 2911 int alg_arg, 2912 data_t *nonce, 2913 data_t *additional_data, 2914 data_t *input_ciphertext, 2915 data_t *input_tag, 2916 data_t *expected_result, 2917 int forced_status_arg, 2918 int expected_status_arg) 2919 { 2920 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 2921 psa_key_type_t key_type = key_type_arg; 2922 psa_algorithm_t alg = alg_arg; 2923 unsigned char *output_data = NULL; 2924 size_t output_size = 0; 2925 size_t output_length = 0; 2926 size_t verify_output_length = 0; 2927 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2928 psa_status_t forced_status = forced_status_arg; 2929 psa_status_t expected_status = expected_status_arg; 2930 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 2931 2932 psa_aead_operation_t operation = psa_aead_operation_init(); 2933 mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); 2934 2935 PSA_INIT(); 2936 2937 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); 2938 psa_set_key_algorithm(&attributes, alg); 2939 psa_set_key_type(&attributes, key_type); 2940 2941 PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, 2942 &key)); 2943 2944 output_size = input_ciphertext->len; 2945 2946 TEST_CALLOC(output_data, output_size); 2947 2948 mbedtls_test_driver_aead_hooks.forced_status = forced_status; 2949 2950 status = psa_aead_decrypt_setup(&operation, key, alg); 2951 2952 TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? 2953 PSA_SUCCESS : forced_status); 2954 2955 TEST_EQUAL(status, expected_status); 2956 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt_setup, 1); 2957 2958 if (status == PSA_SUCCESS) { 2959 PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); 2960 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, 2961 forced_status == PSA_SUCCESS ? 1 : 0); 2962 2963 PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, 2964 input_ciphertext->len)); 2965 2966 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, 2967 forced_status == PSA_SUCCESS ? 1 : 0); 2968 2969 PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, 2970 additional_data->len)); 2971 2972 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, 2973 forced_status == PSA_SUCCESS ? 1 : 0); 2974 2975 PSA_ASSERT(psa_aead_update(&operation, input_ciphertext->x, 2976 input_ciphertext->len, output_data, 2977 output_size, &output_length)); 2978 2979 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, 2980 forced_status == PSA_SUCCESS ? 1 : 0); 2981 2982 /* Offset applied to output_data in order to handle cases where verify() 2983 * outputs further data */ 2984 PSA_ASSERT(psa_aead_verify(&operation, output_data + output_length, 2985 output_size - output_length, 2986 &verify_output_length, input_tag->x, 2987 input_tag->len)); 2988 2989 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_verify, 2990 forced_status == PSA_SUCCESS ? 1 : 0); 2991 2992 /* Since this is a decryption operation, 2993 * finish should never be hit */ 2994 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 0); 2995 2996 TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, 2997 forced_status == PSA_SUCCESS ? 1 : 0); 2998 2999 TEST_MEMORY_COMPARE(expected_result->x, expected_result->len, 3000 output_data, output_length + verify_output_length); 3001 } 3002 3003 exit: 3004 PSA_ASSERT(psa_destroy_key(key)); 3005 mbedtls_free(output_data); 3006 PSA_DONE(); 3007 } 3008 /* END_CASE */ 3009 3010 /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 3011 void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, 3012 data_t *forced_output, int expected_status_arg, 3013 int fut) 3014 { 3015 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3016 psa_status_t forced_status = forced_status_arg; 3017 psa_status_t forced_status_setup = forced_status_setup_arg; 3018 psa_status_t expected_status = expected_status_arg; 3019 psa_pake_operation_t operation = psa_pake_operation_init(); 3020 psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 3021 psa_key_derivation_operation_t implicit_key = 3022 psa_key_derivation_operation_init_short(); 3023 psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( 3024 PSA_PAKE_PRIMITIVE_TYPE_ECC, 3025 PSA_ECC_FAMILY_SECP_R1, 256); 3026 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3027 unsigned char *input_buffer = NULL; 3028 const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3029 PSA_PAKE_STEP_KEY_SHARE); 3030 unsigned char *output_buffer = NULL; 3031 size_t output_len = 0; 3032 size_t output_size = PSA_PAKE_OUTPUT_SIZE(PSA_ALG_JPAKE, primitive, 3033 PSA_PAKE_STEP_KEY_SHARE); 3034 int in_driver = (forced_status_setup_arg == PSA_SUCCESS); 3035 3036 TEST_CALLOC(input_buffer, 3037 PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3038 PSA_PAKE_STEP_KEY_SHARE)); 3039 memset(input_buffer, 0xAA, size_key_share); 3040 3041 TEST_CALLOC(output_buffer, 3042 PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, 3043 PSA_PAKE_STEP_KEY_SHARE)); 3044 memset(output_buffer, 0x55, output_size); 3045 3046 PSA_INIT(); 3047 3048 mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); 3049 3050 if (pw_data->len > 0) { 3051 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 3052 psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); 3053 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 3054 PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 3055 &key)); 3056 } 3057 3058 psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); 3059 psa_pake_cs_set_primitive(&cipher_suite, primitive); 3060 psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); 3061 3062 mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; 3063 3064 /* Collecting input stage (no driver entry points) */ 3065 3066 TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), 3067 PSA_SUCCESS); 3068 3069 PSA_ASSERT(psa_pake_set_user(&operation, jpake_server_id, sizeof(jpake_server_id))); 3070 PSA_ASSERT(psa_pake_set_peer(&operation, jpake_client_id, sizeof(jpake_client_id))); 3071 3072 TEST_EQUAL(psa_pake_set_password_key(&operation, key), 3073 PSA_SUCCESS); 3074 3075 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3076 3077 /* Computation stage (driver entry points) */ 3078 3079 switch (fut) { 3080 case 0: /* setup (via input) */ 3081 /* --- psa_pake_input (driver: setup, input) --- */ 3082 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3083 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3084 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3085 input_buffer, size_key_share), 3086 expected_status); 3087 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3088 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3089 break; 3090 3091 case 1: /* setup (via output) */ 3092 /* --- psa_pake_output (driver: setup, output) --- */ 3093 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3094 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3095 TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 3096 output_buffer, output_size, &output_len), 3097 expected_status); 3098 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3099 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3100 break; 3101 3102 case 2: /* input */ 3103 /* --- psa_pake_input (driver: setup, input, abort) --- */ 3104 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3105 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3106 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3107 input_buffer, size_key_share), 3108 expected_status); 3109 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); 3110 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3111 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.input, in_driver ? 1 : 0); 3112 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); 3113 break; 3114 3115 case 3: /* output */ 3116 /* --- psa_pake_output (driver: setup, output, (abort)) --- */ 3117 mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; 3118 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3119 if (forced_output->len > 0) { 3120 mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; 3121 mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; 3122 } 3123 TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 3124 output_buffer, output_size, &output_len), 3125 expected_status); 3126 3127 if (forced_output->len > 0) { 3128 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 2 : 1); 3129 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3130 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); 3131 TEST_EQUAL(output_len, forced_output->len); 3132 TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); 3133 } else { 3134 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); 3135 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); 3136 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); 3137 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); 3138 } 3139 break; 3140 3141 case 4: /* get_implicit_key */ 3142 /* Call driver setup indirectly */ 3143 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3144 input_buffer, size_key_share), 3145 PSA_SUCCESS); 3146 3147 /* Simulate that we are ready to get implicit key. */ 3148 operation.computation_stage.jpake.round = PSA_JPAKE_FINISHED; 3149 operation.computation_stage.jpake.inputs = 0; 3150 operation.computation_stage.jpake.outputs = 0; 3151 operation.computation_stage.jpake.step = PSA_PAKE_STEP_KEY_SHARE; 3152 3153 /* --- psa_pake_get_implicit_key --- */ 3154 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3155 memset(&mbedtls_test_driver_pake_hooks.hits, 0, 3156 sizeof(mbedtls_test_driver_pake_hooks.hits)); 3157 TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), 3158 expected_status); 3159 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 2); 3160 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.implicit_key, 1); 3161 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); 3162 3163 break; 3164 3165 case 5: /* abort */ 3166 /* Call driver setup indirectly */ 3167 TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 3168 input_buffer, size_key_share), 3169 PSA_SUCCESS); 3170 3171 /* --- psa_pake_abort --- */ 3172 mbedtls_test_driver_pake_hooks.forced_status = forced_status; 3173 memset(&mbedtls_test_driver_pake_hooks.hits, 0, 3174 sizeof(mbedtls_test_driver_pake_hooks.hits)); 3175 TEST_EQUAL(psa_pake_abort(&operation), expected_status); 3176 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); 3177 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); 3178 break; 3179 3180 default: 3181 break; 3182 } 3183 3184 /* Clean up */ 3185 mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_SUCCESS; 3186 mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; 3187 TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS); 3188 exit: 3189 /* 3190 * Key attributes may have been returned by psa_get_key_attributes() 3191 * thus reset them as required. 3192 */ 3193 psa_reset_key_attributes(&attributes); 3194 mbedtls_free(input_buffer); 3195 mbedtls_free(output_buffer); 3196 psa_destroy_key(key); 3197 mbedtls_test_driver_pake_hooks = 3198 mbedtls_test_driver_pake_hooks_init(); 3199 PSA_DONE(); 3200 } 3201 /* END_CASE */ 3202 3203 /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ 3204 void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, 3205 int derive_alg_arg, data_t *pw_data, 3206 int client_input_first, int in_driver) 3207 { 3208 psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 3209 psa_pake_operation_t server = psa_pake_operation_init(); 3210 psa_pake_operation_t client = psa_pake_operation_init(); 3211 psa_algorithm_t alg = alg_arg; 3212 psa_algorithm_t hash_alg = hash_arg; 3213 psa_algorithm_t derive_alg = derive_alg_arg; 3214 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 3215 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 3216 psa_key_derivation_operation_t server_derive = 3217 psa_key_derivation_operation_init_short(); 3218 psa_key_derivation_operation_t client_derive = 3219 psa_key_derivation_operation_init_short(); 3220 pake_in_driver = in_driver; 3221 /* driver setup is called indirectly through pake_output/pake_input */ 3222 if (pake_in_driver) { 3223 pake_expected_hit_count = 2; 3224 } else { 3225 pake_expected_hit_count = 1; 3226 } 3227 3228 PSA_INIT(); 3229 3230 mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); 3231 3232 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 3233 psa_set_key_algorithm(&attributes, alg); 3234 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 3235 PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 3236 &key)); 3237 3238 psa_pake_cs_set_algorithm(&cipher_suite, alg); 3239 psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); 3240 psa_pake_cs_set_hash(&cipher_suite, hash_alg); 3241 3242 /* Get shared key */ 3243 PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg)); 3244 PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg)); 3245 3246 if (PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) { 3247 PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive, 3248 PSA_KEY_DERIVATION_INPUT_SEED, 3249 (const uint8_t *) "", 0)); 3250 PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive, 3251 PSA_KEY_DERIVATION_INPUT_SEED, 3252 (const uint8_t *) "", 0)); 3253 } 3254 3255 if (!pake_in_driver) { 3256 mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_ERROR_NOT_SUPPORTED; 3257 } 3258 3259 PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); 3260 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3261 PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); 3262 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3263 3264 3265 PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); 3266 PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); 3267 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3268 PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); 3269 PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); 3270 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3271 PSA_ASSERT(psa_pake_set_password_key(&server, key)); 3272 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3273 PSA_ASSERT(psa_pake_set_password_key(&client, key)); 3274 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); 3275 3276 /* First round */ 3277 ecjpake_do_round(alg, primitive_arg, &server, &client, 3278 client_input_first, 1); 3279 3280 /* Second round */ 3281 ecjpake_do_round(alg, primitive_arg, &server, &client, 3282 client_input_first, 2); 3283 3284 /* After the key is obtained operation is aborted. 3285 Adapt counter of expected hits. */ 3286 if (pake_in_driver) { 3287 pake_expected_hit_count++; 3288 } 3289 3290 PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); 3291 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 3292 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 3293 3294 /* After the key is obtained operation is aborted. 3295 Adapt counter of expected hits. */ 3296 if (pake_in_driver) { 3297 pake_expected_hit_count++; 3298 } 3299 3300 PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); 3301 TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 3302 pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); 3303 exit: 3304 psa_key_derivation_abort(&server_derive); 3305 psa_key_derivation_abort(&client_derive); 3306 psa_destroy_key(key); 3307 psa_pake_abort(&server); 3308 psa_pake_abort(&client); 3309 PSA_DONE(); 3310 } 3311 /* END_CASE */