mbedtls/tests/suites/test_suite_psa_crypto_metadata.function

/* BEGIN_HEADER */
/* Test macros that provide metadata about algorithms and key types.
 * This test suite only contains tests that don't require executing
 * code. Other test suites validate macros that require creating a key
 * and using it. */

#if defined(MBEDTLS_PSA_CRYPTO_SPM)
#include "spm/psa_defs.h"
#endif

#include "psa/crypto.h"
#include "psa_crypto_invasive.h"

/* Flags for algorithm classification macros. There is a flag for every
 * algorithm classification macro PSA_ALG_IS_xxx except for the
 * category test macros, which are hard-coded in each
 * category-specific function. The name of the flag is the name of the
 * classification macro without the PSA_ prefix. */
#define ALG_IS_VENDOR_DEFINED           ( 1u << 0 )
#define ALG_IS_HMAC                     ( 1u << 1 )
#define ALG_IS_BLOCK_CIPHER_MAC         ( 1u << 2 )
#define ALG_IS_STREAM_CIPHER            ( 1u << 3 )
#define ALG_IS_RSA_PKCS1V15_SIGN        ( 1u << 4 )
#define ALG_IS_RSA_PSS                  ( 1u << 5 )
#define ALG_IS_RSA_PSS_ANY_SALT         ( 1u << 6 )
#define ALG_IS_RSA_PSS_STANDARD_SALT    ( 1u << 7 )
#define ALG_IS_DSA                      ( 1u << 8 )
#define ALG_DSA_IS_DETERMINISTIC        ( 1u << 9 )
#define ALG_IS_DETERMINISTIC_DSA        ( 1u << 10 )
#define ALG_IS_RANDOMIZED_DSA           ( 1u << 11 )
#define ALG_IS_ECDSA                    ( 1u << 12 )
#define ALG_ECDSA_IS_DETERMINISTIC      ( 1u << 13 )
#define ALG_IS_DETERMINISTIC_ECDSA      ( 1u << 14 )
#define ALG_IS_RANDOMIZED_ECDSA         ( 1u << 15 )
#define ALG_IS_HASH_EDDSA               ( 1u << 16 )
#define ALG_IS_SIGN_HASH                ( 1u << 17 )
#define ALG_IS_HASH_AND_SIGN            ( 1u << 18 )
#define ALG_IS_RSA_OAEP                 ( 1u << 19 )
#define ALG_IS_HKDF                     ( 1u << 20 )
#define ALG_IS_HKDF_EXTRACT             ( 1u << 21 )
#define ALG_IS_HKDF_EXPAND              ( 1u << 22 )
#define ALG_IS_FFDH                     ( 1u << 23 )
#define ALG_IS_ECDH                     ( 1u << 24 )
#define ALG_IS_WILDCARD                 ( 1u << 25 )
#define ALG_IS_RAW_KEY_AGREEMENT        ( 1u << 26 )
#define ALG_IS_AEAD_ON_BLOCK_CIPHER     ( 1u << 27 )
#define ALG_IS_TLS12_PRF                ( 1u << 28 )
#define ALG_IS_TLS12_PSK_TO_MS          ( 1u << 29 )
#define ALG_FLAG_MASK_PLUS_ONE          ( 1u << 30 ) /* must be last! */

/* Flags for key type classification macros. There is a flag for every
 * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
 * are tested as derived from other macros. The name of the flag is
 * the name of the classification macro without the PSA_ prefix. */
#define KEY_TYPE_IS_VENDOR_DEFINED      ( 1u << 0 )
#define KEY_TYPE_IS_UNSTRUCTURED        ( 1u << 1 )
#define KEY_TYPE_IS_PUBLIC_KEY          ( 1u << 2 )
#define KEY_TYPE_IS_KEY_PAIR            ( 1u << 3 )
#define KEY_TYPE_IS_RSA                 ( 1u << 4 )
#define KEY_TYPE_IS_DSA                 ( 1u << 5 )
#define KEY_TYPE_IS_ECC                 ( 1u << 6 )
#define KEY_TYPE_IS_DH                  ( 1u << 7 )
#define KEY_TYPE_FLAG_MASK_PLUS_ONE     ( 1u << 8 ) /* must be last! */

/* Flags for lifetime classification macros. There is a flag for every
 * lifetime classification macro PSA_KEY_LIFETIME_IS_xxx. The name of the
 * flag is the name of the classification macro without the PSA_ prefix. */
#define KEY_LIFETIME_IS_VOLATILE        ( 1u << 0 )
#define KEY_LIFETIME_IS_READ_ONLY       ( 1u << 1 )
#define KEY_LIFETIME_FLAG_MASK_PLUS_ONE ( 1u << 2 ) /* must be last! */

/* Check that in the value of flags, the bit flag (which should be a macro
 * expanding to a number of the form 1 << k) is set if and only if
 * PSA_##flag(alg) is true.
 *
 * Only perform this check if cond is true. Typically cond is 1, but it can
 * be different if the value of the flag bit is only specified under specific
 * conditions.
 *
 * Unconditionally mask flag into the ambient variable
 * classification_flags_tested.
 */
#define TEST_CLASSIFICATION_MACRO( cond, flag, alg, flags )     \
    do                                                          \
    {                                                           \
        if( cond )                                              \
        {                                                       \
            if( ( flags ) & ( flag ) )                          \
                TEST_ASSERT( PSA_##flag( alg ) );               \
            else                                                \
                TEST_ASSERT( ! PSA_##flag( alg ) );             \
        }                                                       \
        classification_flags_tested |= ( flag );                \
    }                                                           \
    while( 0 )

/* Check the parity of value.
 *
 * There are several numerical encodings for which the PSA Cryptography API
 * specification deliberately defines encodings that all have the same
 * parity. This way, a data glitch that flips one bit in the data cannot
 * possibly turn a valid encoding into another valid encoding. Here in
 * the tests, we check that the values (including Mbed TLS vendor-specific
 * values) have the expected parity.
 *
 * The expected parity is even so that 0 is considered a valid encoding.
 *
 * Return a nonzero value if value has even parity and 0 otherwise. */
int has_even_parity( uint32_t value )
{
    value ^= value >> 16;
    value ^= value >> 8;
    value ^= value >> 4;
    return( 0x9669 & 1 << ( value & 0xf ) );
}
#define TEST_PARITY( value )                    \
    TEST_ASSERT( has_even_parity( value ) )

void algorithm_classification( psa_algorithm_t alg, unsigned flags )
{
    unsigned classification_flags_tested = 0;
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_VENDOR_DEFINED, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HMAC, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_BLOCK_CIPHER_MAC, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_STREAM_CIPHER, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PKCS1V15_SIGN, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_ANY_SALT, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_PSS_STANDARD_SALT, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DSA, alg, flags );
    TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_DSA( alg ),
                               ALG_DSA_IS_DETERMINISTIC, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_DSA, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_DSA, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDSA, alg, flags );
    TEST_CLASSIFICATION_MACRO( PSA_ALG_IS_ECDSA( alg ),
                               ALG_ECDSA_IS_DETERMINISTIC, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_DETERMINISTIC_ECDSA, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RANDOMIZED_ECDSA, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_EDDSA, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_SIGN_HASH, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_AND_SIGN, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_OAEP, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF_EXTRACT, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF_EXPAND, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_WILDCARD, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDH, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PRF, alg, flags );
    TEST_CLASSIFICATION_MACRO( 1, ALG_IS_TLS12_PSK_TO_MS, alg, flags );
    TEST_EQUAL( classification_flags_tested, ALG_FLAG_MASK_PLUS_ONE - 1 );
exit: ;
}

void key_type_classification( psa_key_type_t type, unsigned flags )
{
    unsigned classification_flags_tested = 0;

    /* Macros tested based on the test case parameter */
    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_VENDOR_DEFINED, type, flags );
    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_UNSTRUCTURED, type, flags );
    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_PUBLIC_KEY, type, flags );
    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_KEY_PAIR, type, flags );
    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_RSA, type, flags );
    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DSA, type, flags );
    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_ECC, type, flags );
    TEST_CLASSIFICATION_MACRO( 1, KEY_TYPE_IS_DH, type, flags );
    TEST_EQUAL( classification_flags_tested, KEY_TYPE_FLAG_MASK_PLUS_ONE - 1 );

    /* Macros with derived semantics */
    TEST_EQUAL( PSA_KEY_TYPE_IS_ASYMMETRIC( type ),
                ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ||
                  PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
    TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ),
                ( PSA_KEY_TYPE_IS_ECC( type ) &&
                  PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
    TEST_EQUAL( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ),
                ( PSA_KEY_TYPE_IS_ECC( type ) &&
                  PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );
    TEST_EQUAL( PSA_KEY_TYPE_IS_DH_KEY_PAIR( type ),
                ( PSA_KEY_TYPE_IS_DH( type ) &&
                  PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) );
    TEST_EQUAL( PSA_KEY_TYPE_IS_DH_PUBLIC_KEY( type ),
                ( PSA_KEY_TYPE_IS_DH( type ) &&
                  PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) );

    TEST_PARITY( type );

exit: ;
}

void mac_algorithm_core( psa_algorithm_t alg, int classification_flags,
                         psa_key_type_t key_type, size_t key_bits,
                         size_t length )
{
    /* Algorithm classification */
    TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
    TEST_ASSERT( PSA_ALG_IS_MAC( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );

    /* Length */
    TEST_EQUAL( length, PSA_MAC_LENGTH( key_type, key_bits, alg ) );

#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
    PSA_ASSERT( psa_mac_key_can_do( alg, key_type ) );
#endif

exit: ;
}

void aead_algorithm_core( psa_algorithm_t alg, int classification_flags,
                          psa_key_type_t key_type, size_t key_bits,
                          size_t tag_length )
{
    /* Algorithm classification */
    TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
    TEST_ASSERT( PSA_ALG_IS_AEAD( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );

    /* Tag length */
    TEST_EQUAL( tag_length, PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ) );

exit: ;
}

/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_PSA_CRYPTO_CLIENT
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void hash_algorithm( int alg_arg, int length_arg )
{
    psa_algorithm_t alg = alg_arg;
    size_t length = length_arg;
    psa_algorithm_t hmac_alg = PSA_ALG_HMAC( alg );
    psa_algorithm_t rsa_pkcs1v15_sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN( alg );
    psa_algorithm_t rsa_pss_alg = PSA_ALG_RSA_PSS( alg );
    psa_algorithm_t dsa_alg = PSA_ALG_DSA( alg );
    psa_algorithm_t deterministic_dsa_alg = PSA_ALG_DETERMINISTIC_DSA( alg );
    psa_algorithm_t ecdsa_alg = PSA_ALG_ECDSA( alg );
    psa_algorithm_t deterministic_ecdsa_alg = PSA_ALG_DETERMINISTIC_ECDSA( alg );
    psa_algorithm_t rsa_oaep_alg = PSA_ALG_RSA_OAEP( alg );
    psa_algorithm_t hkdf_alg = PSA_ALG_HKDF( alg );

    /* Algorithm classification */
    TEST_ASSERT( PSA_ALG_IS_HASH( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, 0 );

    /* Dependent algorithms */
    TEST_EQUAL( PSA_ALG_HMAC_GET_HASH( hmac_alg ), alg );
    TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( rsa_pkcs1v15_sign_alg ), alg );
    TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( rsa_pss_alg ), alg );
    TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( dsa_alg ), alg );
    TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( deterministic_dsa_alg ), alg );
    TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( ecdsa_alg ), alg );
    TEST_EQUAL( PSA_ALG_SIGN_GET_HASH( deterministic_ecdsa_alg ), alg );
    TEST_EQUAL( PSA_ALG_RSA_OAEP_GET_HASH( rsa_oaep_alg ), alg );
    TEST_EQUAL( PSA_ALG_HKDF_GET_HASH( hkdf_alg ), alg );

    /* Hash length */
    TEST_EQUAL( length, PSA_HASH_LENGTH( alg ) );
    TEST_ASSERT( length <= PSA_HASH_MAX_SIZE );
}
/* END_CASE */

/* BEGIN_CASE */
void mac_algorithm( int alg_arg, int classification_flags,
                    int length_arg,
                    int key_type_arg, int key_bits_arg )
{
    psa_algorithm_t alg = alg_arg;
    size_t length = length_arg;
    size_t n;
    size_t key_type = key_type_arg;
    size_t key_bits = key_bits_arg;

    mac_algorithm_core( alg, classification_flags,
                        key_type, key_bits, length );
    TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( alg ), alg );
    TEST_ASSERT( length <= PSA_MAC_MAX_SIZE );

    /* Truncated versions */
    for( n = 1; n <= length; n++ )
    {
        psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC( alg, n );
        mac_algorithm_core( truncated_alg, classification_flags,
                            key_type, key_bits, n );
        TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( truncated_alg ), alg );
        /* Check that calling PSA_ALG_TRUNCATED_MAC twice gives the length
         * of the outer truncation (even if the outer length is smaller than
         * the inner length). */
        TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, 1 ),
                    PSA_ALG_TRUNCATED_MAC( alg, 1 ) );
        TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length - 1 ),
                    PSA_ALG_TRUNCATED_MAC( alg, length - 1) );
        TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length ),
                    PSA_ALG_TRUNCATED_MAC( alg, length ) );

        /* Check that calling PSA_ALG_TRUNCATED_MAC on an algorithm
         * earlier constructed with PSA_ALG_AT_LEAST_THIS_LENGTH_MAC gives the
         * length of the outer truncation (even if the outer length is smaller
         * than the inner length). */
        TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
                        PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), 1 ),
                    PSA_ALG_TRUNCATED_MAC( alg, 1 ) );
        TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
                        PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), length - 1 ),
                    PSA_ALG_TRUNCATED_MAC( alg, length - 1) );
        TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
                        PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), length ),
                    PSA_ALG_TRUNCATED_MAC( alg, length ) );
    }

    /* At-leat-this-length versions */
    for( n = 1; n <= length; n++ )
    {
        psa_algorithm_t policy_alg = PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, n );
        mac_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD,
                            key_type, key_bits, n );
        TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( policy_alg ), alg );
        /* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC twice gives the
         * length of the outer truncation (even if the outer length is smaller
         * than the inner length). */
        TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, 1 ),
                    PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, 1 ) );
        TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, length - 1 ),
                    PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length - 1) );
        TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, length ),
                    PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length ) );

        /* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC on an algorithm
         * earlier constructed with PSA_ALG_TRUNCATED_MAC gives the length of
         * the outer truncation (even if the outer length is smaller than the
         * inner length). */
        TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
                        PSA_ALG_TRUNCATED_MAC( policy_alg, n ), 1),
                    PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, 1 ) );
        TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
                        PSA_ALG_TRUNCATED_MAC( policy_alg, n ), length - 1 ),
                    PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length - 1) );
        TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
                        PSA_ALG_TRUNCATED_MAC( policy_alg, n ), length ),
                    PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length ) );
    }
}
/* END_CASE */

/* BEGIN_CASE */
void hmac_algorithm( int alg_arg,
                     int length_arg,
                     int block_size_arg )
{
    psa_algorithm_t alg = alg_arg;
    psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg );
    size_t block_size = block_size_arg;
    size_t length = length_arg;
    size_t n;

    TEST_ASSERT( PSA_ALG_IS_HASH( hash_alg ) );
    TEST_EQUAL( PSA_ALG_HMAC( hash_alg ), alg );

    TEST_ASSERT( block_size == PSA_HASH_BLOCK_LENGTH( alg ) );
    TEST_ASSERT( block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE );

    test_mac_algorithm( alg_arg, ALG_IS_HMAC, length,
                        PSA_KEY_TYPE_HMAC, PSA_BYTES_TO_BITS( length ) );

    for( n = 1; n <= length; n++ )
    {
        psa_algorithm_t truncated_alg = PSA_ALG_TRUNCATED_MAC( alg, n );
        TEST_EQUAL( PSA_ALG_HMAC_GET_HASH( truncated_alg ), hash_alg );
    }
}
/* END_CASE */

/* BEGIN_CASE */
void cipher_algorithm( int alg_arg, int classification_flags )
{
    psa_algorithm_t alg = alg_arg;

    /* Algorithm classification */
    TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
    TEST_ASSERT( PSA_ALG_IS_CIPHER( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );
}
/* END_CASE */

/* BEGIN_CASE */
void aead_algorithm( int alg_arg, int classification_flags,
                     int tag_length_arg,
                     int key_type_arg, int key_bits_arg )
{
    psa_algorithm_t alg = alg_arg;
    size_t tag_length = tag_length_arg;
    size_t n;
    psa_key_type_t key_type = key_type_arg;
    size_t key_bits = key_bits_arg;

    aead_algorithm_core( alg, classification_flags,
                         key_type, key_bits, tag_length );

    /* Truncated versions */
    for( n = 1; n <= tag_length; n++ )
    {
        psa_algorithm_t truncated_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, n );
        aead_algorithm_core( truncated_alg, classification_flags,
                             key_type, key_bits, n );
        TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( truncated_alg ),
                    alg );
        /* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG twice gives
         * the length of the outer truncation (even if the outer length is
         * smaller than the inner length). */
        TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, 1 ),
                    PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 1 ) );
        TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, tag_length - 1 ),
                    PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) );
        TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, tag_length ),
                    PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) );

        /* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG on an algorithm
         * earlier constructed with PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
         * gives the length of the outer truncation (even if the outer length is
         * smaller than the inner length). */
        TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
                        PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), 1 ),
                    PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 1 ) );
        TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
                        PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), tag_length - 1 ),
                    PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) );
        TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
                        PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), tag_length ),
                    PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) );
    }

    /* At-leat-this-length versions */
    for( n = 1; n <= tag_length; n++ )
    {
        psa_algorithm_t policy_alg = PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, n );
        aead_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD,
                             key_type, key_bits, n );
        TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( policy_alg ),
                    alg );
        /* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG twice
         * gives the length of the outer truncation (even if the outer length is
         * smaller than the inner length). */
        TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, 1 ),
                    PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, 1 ) );
        TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, tag_length - 1 ),
                    PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length - 1) );
        TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, tag_length ),
                    PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length ) );

        /* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG on an
         * algorithm earlier constructed with PSA_ALG_AEAD_WITH_SHORTENED_TAG
         * gives the length of the outer truncation (even if the outer length is
         * smaller than the inner length). */
        TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
                        PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), 1),
                    PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, 1 ) );
        TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
                        PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), tag_length - 1 ),
                    PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length - 1) );
        TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
                        PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), tag_length ),
                    PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length ) );
    }
}
/* END_CASE */

/* BEGIN_CASE */
void asymmetric_signature_algorithm( int alg_arg, int classification_flags )
{
    psa_algorithm_t alg = alg_arg;

    /* Algorithm classification */
    TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
    TEST_ASSERT( PSA_ALG_IS_SIGN( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );
}
/* END_CASE */

/* BEGIN_CASE */
void asymmetric_signature_wildcard( int alg_arg, int classification_flags )
{
    classification_flags |= ALG_IS_WILDCARD;
    classification_flags |= ALG_IS_SIGN_HASH;
    classification_flags |= ALG_IS_HASH_AND_SIGN;
    test_asymmetric_signature_algorithm( alg_arg, classification_flags );
    /* Any failure of this test function comes from
     * asymmetric_signature_algorithm. Pacify -Werror=unused-label. */
    goto exit;
}
/* END_CASE */

/* BEGIN_CASE */
void asymmetric_encryption_algorithm( int alg_arg, int classification_flags )
{
    psa_algorithm_t alg = alg_arg;

    /* Algorithm classification */
    TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
    TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );
}
/* END_CASE */

/* BEGIN_CASE */
void key_derivation_algorithm( int alg_arg, int classification_flags )
{
    psa_algorithm_t alg = alg_arg;
    psa_algorithm_t ecdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, alg );
    psa_algorithm_t ffdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, alg );

    /* Algorithm classification */
    TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );

    /* Check combinations with key agreements */
    TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ecdh_alg ) );
    TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ffdh_alg ) );
    TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ecdh_alg ), alg );
    TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ffdh_alg ), alg );
}
/* END_CASE */

/* BEGIN_CASE */
void key_agreement_algorithm( int alg_arg, int classification_flags,
                              int ka_alg_arg, int kdf_alg_arg )
{
    psa_algorithm_t alg = alg_arg;
    psa_algorithm_t actual_ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
    psa_algorithm_t expected_ka_alg = ka_alg_arg;
    psa_algorithm_t actual_kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
    psa_algorithm_t expected_kdf_alg = kdf_alg_arg;

    /* Algorithm classification */
    TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );

    /* Shared secret derivation properties */
    TEST_EQUAL( actual_ka_alg, expected_ka_alg );
    TEST_EQUAL( actual_kdf_alg, expected_kdf_alg );
}
/* END_CASE */

/* BEGIN_CASE */
void pake_algorithm( int alg_arg )
{
    psa_algorithm_t alg = alg_arg;

    /* Algorithm classification */
    TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( PSA_ALG_IS_PAKE( alg ) );
}

/* END_CASE */
/* BEGIN_CASE */
void key_type( int type_arg, int classification_flags )
{
    psa_key_type_t type = type_arg;

    key_type_classification( type, classification_flags );

    /* For asymmetric types, check the corresponding pair/public type */
    if( classification_flags & KEY_TYPE_IS_PUBLIC_KEY )
    {
        psa_key_type_t pair_type = PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( type );
        TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( pair_type ), type );
        key_type_classification( pair_type,
                                 ( classification_flags
                                   & ~KEY_TYPE_IS_PUBLIC_KEY )
                                 | KEY_TYPE_IS_KEY_PAIR );
        TEST_EQUAL( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ), type );
    }
    if( classification_flags & KEY_TYPE_IS_KEY_PAIR )
    {
        psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
        TEST_EQUAL( PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( public_type ), type );
        key_type_classification( public_type,
                                 ( classification_flags
                                   & ~KEY_TYPE_IS_KEY_PAIR )
                                 | KEY_TYPE_IS_PUBLIC_KEY );
        TEST_EQUAL( PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY( type ), type );
    }
}
/* END_CASE */

/* BEGIN_CASE */
void block_cipher_key_type( int type_arg, int block_size_arg )
{
    psa_key_type_t type = type_arg;
    size_t block_size = block_size_arg;

    test_key_type( type_arg, KEY_TYPE_IS_UNSTRUCTURED );

    TEST_EQUAL( type & PSA_KEY_TYPE_CATEGORY_MASK,
                PSA_KEY_TYPE_CATEGORY_SYMMETRIC );
    TEST_EQUAL( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ), block_size );

    /* Check that the block size is a power of 2. This is required, at least,
    for PSA_ROUND_UP_TO_MULTIPLE(block_size, length) in crypto_sizes.h. */
    TEST_ASSERT( ( ( block_size - 1 ) & block_size ) == 0 );
}
/* END_CASE */

/* BEGIN_CASE */
void stream_cipher_key_type( int type_arg )
{
    psa_key_type_t type = type_arg;

    test_key_type( type_arg, KEY_TYPE_IS_UNSTRUCTURED );

    TEST_EQUAL( type & PSA_KEY_TYPE_CATEGORY_MASK,
                PSA_KEY_TYPE_CATEGORY_SYMMETRIC );
    TEST_EQUAL( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ), 1 );
}
/* END_CASE */

/* BEGIN_CASE depends_on:PSA_KEY_TYPE_ECC_PUBLIC_KEY:PSA_KEY_TYPE_ECC_KEY_PAIR */
void ecc_key_family( int curve_arg )
{
    psa_ecc_family_t curve = curve_arg;
    psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
    psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve );

    TEST_PARITY( curve );

    test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY );
    test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEY_PAIR );

    TEST_EQUAL( PSA_KEY_TYPE_ECC_GET_FAMILY( public_type ), curve );
    TEST_EQUAL( PSA_KEY_TYPE_ECC_GET_FAMILY( pair_type ), curve );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_DHM_C */
void dh_key_family( int group_arg )
{
    psa_dh_family_t group = group_arg;
    psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY( group );
    psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR( group );

    TEST_PARITY( group );

    test_key_type( public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY );
    test_key_type( pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEY_PAIR );

    TEST_EQUAL( PSA_KEY_TYPE_DH_GET_FAMILY( public_type ), group );
    TEST_EQUAL( PSA_KEY_TYPE_DH_GET_FAMILY( pair_type ), group );
}
/* END_CASE */

/* BEGIN_CASE */
void lifetime( int lifetime_arg, int classification_flags,
               int persistence_arg, int location_arg )
{
    psa_key_lifetime_t lifetime = lifetime_arg;
    psa_key_persistence_t persistence = persistence_arg;
    psa_key_location_t location = location_arg;
    unsigned flags = classification_flags;
    unsigned classification_flags_tested = 0;

    TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_VOLATILE, lifetime, flags );
    TEST_CLASSIFICATION_MACRO( 1, KEY_LIFETIME_IS_READ_ONLY, lifetime, flags );
    TEST_EQUAL( classification_flags_tested,
                KEY_LIFETIME_FLAG_MASK_PLUS_ONE - 1 );

    TEST_EQUAL( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime ), persistence );
    TEST_EQUAL( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ), location );
}
/* END_CASE */