From 2222d689c547b9eb8063ca019607543809612ee5 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 11 Jan 2021 18:45:22 +0100 Subject: [PATCH 1/8] Allow GCM selftest to skip non-12-byte IVs for ALT implementations Signed-off-by: Steven Cooreman --- library/gcm.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/gcm.c b/library/gcm.c index 2363e584e..f237bab7d 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -819,6 +819,15 @@ int mbedtls_gcm_self_test( int verbose ) add_len_test_data[i], pt_test_data[pt_index_test_data[i]], buf, 16, tag_buf ); +#if defined(MBEDTLS_GCM_ALT) + /* Allow alternative implementations to only support 12-byte nonces. */ + if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && + iv_len_test_data[i] != 12 ) + { + mbedtls_printf( "skipped\n" ); + break; + } +#endif /* defined(MBEDTLS_GCM_ALT) */ if( ret != 0 ) goto exit; From 7c9e7da8d43174bd5e8cb9eb91d15dc610fd54ef Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 11 Jan 2021 19:26:33 +0100 Subject: [PATCH 2/8] Add CAVS14.0 AES-GCM vectors to test more IV, tag and key lengths Signed-off-by: Steven Cooreman --- tests/suites/test_suite_psa_crypto.data | 168 ++++++++++++++++++++++++ 1 file changed, 168 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 35c259b11..e69d44d6a 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1617,6 +1617,14 @@ PSA AEAD encrypt/decrypt, AES GCM, 19 bytes #2 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_SUCCESS +PSA AEAD encrypt/decrypt, AES-GCM, 19 bytes, 12 byte nonce , 1 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS + +PSA AEAD encrypt/decrypt, AES GCM, 19 bytes, 12 byte nonce , 2 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_SUCCESS + PSA AEAD encrypt, AES-GCM, 128 bytes #1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" @@ -1637,6 +1645,86 @@ PSA AEAD encrypt, AES-GCM, 128 bytes #1, T=16 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":"":"f149e2b5f0adaa9842ca5f45b768a8fc" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":"":"204bdb1bd62154bf08922aaa54eed705" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":"":"1b2d2764573e20ae640bf29d48e5fe05" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":"":"77e5682a49243d5b9016eb1adafa2d" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":"d3f3f57033df30c22860231334b099cb":"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":"636871d4c0aae3da7b55abd8b5f21297":"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":"3d952be11deb421b56e0ce9d7ce99553":"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":"fdd8a462c86d4365c8bfee0e25fc8a62":"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":"":"bdc1ac884d332457a1d2664f168c76f0" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":"":"2fb9c3e41fff24ef07437c47" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":"":"f6d47505ec96c98a42dc3ae719877b87" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":"":"5233f95bdcf5d666fb957acdcb" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":"":"d57e27914ecb4a764359d3c0f8d4d6" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":"":"72901467" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":"722ee47da4b77424733546c2d400c4e5":"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":"bcf48ddcfe9d011a1003973d68d2d78a":"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":"c37aada3d4408e880d47e41df77da9b9":"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" + +PSA AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":"e5f410fe939e79b7ad33fbd3aaf5856f":"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" + PSA AEAD decrypt, AES-GCM, 144 bytes #1 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS @@ -1677,6 +1765,86 @@ PSA AEAD decrypt: AES-GCM, invalid tag length 18 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":"db1a74ffb5f7de26f5742e0942b1b9cb":"":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":"434ff68f2436f48418fd69f52158":"":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":"496909523f574b205d757659c5":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":"b6e056de521a27266dffbc0d96":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":"bd94b34511bc65ae47684805cb":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":"15e051a5e4a5f5da6cea92e2ebee5bac":"":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":"84c8beff4b0d160ee68ac613097f51":"":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":"8d6351f18d873242204c20144e2b83":"":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":"3bfd3d99fe2063e8ef8255519fe0":"":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":"58375442ab1c0e6a8952c83d128d9fc5f45bb315":"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS + +PSA AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS + PSA AEAD encrypt: ChaCha20-Poly1305 (RFC7539) depends_on:MBEDTLS_CHACHAPOLY_C aead_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" From d588ea17042c4c0a212a2f61187859f6aa8a53cd Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 11 Jan 2021 19:36:04 +0100 Subject: [PATCH 3/8] Allow skipping AES-192 for alternative implementations in PSA test suite Signed-off-by: Steven Cooreman --- tests/suites/test_suite_psa_crypto.function | 56 +++++++++++++++------ 1 file changed, 42 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ef35d578f..786789287 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4061,6 +4061,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, size_t output_length = 0; size_t tag_length = PSA_AEAD_TAG_LENGTH( alg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; output_size = input_data->len + tag_length; /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE @@ -4078,13 +4079,26 @@ void aead_encrypt( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &key ) ); - PSA_ASSERT( psa_aead_encrypt( key, alg, - nonce->x, nonce->len, - additional_data->x, additional_data->len, - input_data->x, input_data->len, - output_data, output_size, - &output_length ) ); + status = psa_aead_encrypt( key, alg, + nonce->x, nonce->len, + additional_data->x, additional_data->len, + input_data->x, input_data->len, + output_data, output_size, + &output_length ); +#if defined(MBEDTLS_AES_ALT) || \ + defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) + if( status == PSA_ERROR_NOT_SUPPORTED && + key_type == PSA_KEY_TYPE_AES && + key_data->len == 24 ) + { + test_skip( "AES-192 not supported", __LINE__, __FILE__ ); + goto exit; + } +#endif /* AES could be alternatively implemented */ + + PSA_ASSERT( status ); ASSERT_COMPARE( expected_result->x, expected_result->len, output_data, output_length ); @@ -4113,6 +4127,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, size_t tag_length = PSA_AEAD_TAG_LENGTH( alg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_result = expected_result_arg; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; output_size = input_data->len - tag_length; /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE @@ -4131,14 +4146,27 @@ void aead_decrypt( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &key ) ); - TEST_EQUAL( psa_aead_decrypt( key, alg, - nonce->x, nonce->len, - additional_data->x, - additional_data->len, - input_data->x, input_data->len, - output_data, output_size, - &output_length ), - expected_result ); + status = psa_aead_decrypt( key, alg, + nonce->x, nonce->len, + additional_data->x, + additional_data->len, + input_data->x, input_data->len, + output_data, output_size, + &output_length ); + +#if defined(MBEDTLS_AES_ALT) || \ + defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) + if( status == PSA_ERROR_NOT_SUPPORTED && + key_type == PSA_KEY_TYPE_AES && + key_data->len == 24 ) + { + test_skip( "AES-192 not supported", __LINE__, __FILE__ ); + goto exit; + } +#endif /* AES could be alternatively implemented */ + + TEST_EQUAL( status, expected_result ); if( expected_result == PSA_SUCCESS ) ASSERT_COMPARE( expected_data->x, expected_data->len, From 82645b153d351c4b45ff5f223f144d983bfe9b2a Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 11 Jan 2021 20:33:20 +0100 Subject: [PATCH 4/8] Allow skipping vectors w/ non-12-byte IV AES-GCM on ALT Signed-off-by: Steven Cooreman --- tests/suites/test_suite_psa_crypto.function | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 786789287..62c76c533 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4097,6 +4097,16 @@ void aead_encrypt( int key_type_arg, data_t *key_data, goto exit; } #endif /* AES could be alternatively implemented */ +#if defined(MBEDTLS_GCM_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_GCM) + if( status == PSA_ERROR_NOT_SUPPORTED && + (alg & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) == PSA_ALG_GCM && + nonce->len != 12 ) + { + test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); + goto exit; + } +#endif /* AES-GCM could be alternatively implemented */ PSA_ASSERT( status ); ASSERT_COMPARE( expected_result->x, expected_result->len, @@ -4165,6 +4175,16 @@ void aead_decrypt( int key_type_arg, data_t *key_data, goto exit; } #endif /* AES could be alternatively implemented */ +#if defined(MBEDTLS_GCM_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_GCM) + if( status == PSA_ERROR_NOT_SUPPORTED && + (alg & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) == PSA_ALG_GCM && + nonce->len != 12 ) + { + test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); + goto exit; + } +#endif /* AES-GCM could be alternatively implemented */ TEST_EQUAL( status, expected_result ); From 2f09913aebf47788a9a705e02227b29e6f42b6bb Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 11 Jan 2021 20:33:45 +0100 Subject: [PATCH 5/8] Set default IV for AES-GCM to 12 bytes Signed-off-by: Steven Cooreman --- tests/suites/test_suite_psa_crypto.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 62c76c533..7e2b53f4e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -484,6 +484,10 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key, size_t ciphertext_length = sizeof( ciphertext ); size_t plaintext_length = sizeof( ciphertext ); + /* Default IV length for AES-GCM is 12 bytes */ + if( (alg & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) == PSA_ALG_GCM ) + nonce_length = 12; + if( usage & PSA_KEY_USAGE_ENCRYPT ) { PSA_ASSERT( psa_aead_encrypt( key, alg, From 50f1f5e119c157425d9a147a74216cbf9faef8e8 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 25 Jan 2021 10:26:49 +0100 Subject: [PATCH 6/8] Use PSA_ALG_ macros to inspect AEAD base algorithm Signed-off-by: Steven Cooreman --- tests/suites/test_suite_psa_crypto.function | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 7e2b53f4e..b68eb7c6f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -485,8 +485,11 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key, size_t plaintext_length = sizeof( ciphertext ); /* Default IV length for AES-GCM is 12 bytes */ - if( (alg & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) == PSA_ALG_GCM ) + if( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) == + PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) + { nonce_length = 12; + } if( usage & PSA_KEY_USAGE_ENCRYPT ) { @@ -4104,7 +4107,8 @@ void aead_encrypt( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_GCM_ALT) || \ defined(MBEDTLS_PSA_ACCEL_ALG_GCM) if( status == PSA_ERROR_NOT_SUPPORTED && - (alg & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) == PSA_ALG_GCM && + ( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) == + PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && nonce->len != 12 ) { test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); @@ -4182,7 +4186,8 @@ void aead_decrypt( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_GCM_ALT) || \ defined(MBEDTLS_PSA_ACCEL_ALG_GCM) if( status == PSA_ERROR_NOT_SUPPORTED && - (alg & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) == PSA_ALG_GCM && + ( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) == + PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && nonce->len != 12 ) { test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); From 28a45ed8dbc8ad706ce76c1e7ad735b6396f8059 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Feb 2021 20:35:42 +0100 Subject: [PATCH 7/8] tests: psa: Add macros to skip a test case Add macros to skip a test case when hitting a common alternative implementation limitation. Add a macro for AES-192 and GCM with a nonce length different from 12 bytes. Signed-off-by: Ronald Cron --- tests/include/test/psa_crypto_helpers.h | 83 +++++++++++++++++++++ tests/suites/test_suite_psa_crypto.function | 54 ++++---------- 2 files changed, 97 insertions(+), 40 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index b97263d59..df3bc0e08 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -21,6 +21,7 @@ #ifndef PSA_CRYPTO_HELPERS_H #define PSA_CRYPTO_HELPERS_H +#include "test/helpers.h" #include "test/psa_helpers.h" #include @@ -100,4 +101,86 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ +/** Skip a test case if the given key is an 192 bits AES key and the AES + * implementation is at least partially an alternative implementation. + * + * Call this macro in a test case when a cryptography operation that may + * involve an AES operation returns with the PSA_ERROR_NOT_SUPPORTED error + * code to skip and not fail the test case in case the operation involves an + * 192 bits AES key and the AES implementation is at least partially an + * alternative implementation. + * + * Hardware AES implementations are likely to not support 192 bits keys. + * Consequently, PSA test cases aim at not failing when an AES operation with + * an 192 bits key performed by an alternative AES implementation returns + * with the PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro + * is to facilitate this and make the related code more readable. + * + * \param key_type Key type + * \param key_bits Key length in number of bits. + */ +#if defined(MBEDTLS_AES_ALT) || \ + defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#define MBEDTLS_TEST_HAVE_ALT_AES 1 +#else +#define MBEDTLS_TEST_HAVE_ALT_AES 0 +#endif + +#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_bits ) \ + do \ + { \ + if( ( MBEDTLS_TEST_HAVE_ALT_AES ) && \ + ( ( key_type ) == PSA_KEY_TYPE_AES ) && \ + ( key_bits == 192 ) ) \ + { \ + mbedtls_test_skip( "AES-192 not supported", __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } \ + while( 0 ) + +/** Skip a test case in case of a GCM operation with a nonce length different + * from 12 bytes. + * + * Call this macro in a test case when an AEAD cryptography operation that + * may involve the GCM mode returns with the PSA_ERROR_NOT_SUPPORTED error + * code to skip and not fail the test case in case the operation involves the + * GCM mode, a nonce with a length different from 12 bytes and the GCM mode + * implementation is an alternative one. + * + * Hardware GCM implementations are likely to not support nonce lengths + * different from 12 are those imply additional computations involving the + * GHASH function. Consequently, PSA test cases aim at not failing when an + * AEAD operation in GCM mode with a nonce length different from 12 bytes + * performed by an alternative GCM implementation returns with the + * PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro is to + * facilitate this and make the related code more readable. + * + * \param alg The AEAD algorithm. + * \param nonce_length The nonce length in number of bytes. + */ + +#if defined(MBEDTLS_GCM_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_GCM) +#define MBEDTLS_TEST_HAVE_ALT_GCM 1 +#else +#define MBEDTLS_TEST_HAVE_ALT_GCM 0 +#endif + +#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, \ + nonce_length ) \ + do \ + { \ + if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) && \ + ( PSA_ALG_AEAD_WITH_TAG_LENGTH( ( alg ) , 0 ) == \ + PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && \ + ( ( nonce_length ) != 12 ) ) \ + { \ + mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } \ + while( 0 ) + #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b68eb7c6f..dbcdb3f3b 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -12,6 +12,8 @@ #include "psa/crypto.h" #include "psa_crypto_slot_management.h" +#include "test/psa_crypto_helpers.h" + /** An invalid export length that will never be set by psa_export_key(). */ static const size_t INVALID_EXPORT_LENGTH = ~0U; @@ -4093,28 +4095,14 @@ void aead_encrypt( int key_type_arg, data_t *key_data, output_data, output_size, &output_length ); -#if defined(MBEDTLS_AES_ALT) || \ - defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) - if( status == PSA_ERROR_NOT_SUPPORTED && - key_type == PSA_KEY_TYPE_AES && - key_data->len == 24 ) + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) { - test_skip( "AES-192 not supported", __LINE__, __FILE__ ); - goto exit; + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); } -#endif /* AES could be alternatively implemented */ -#if defined(MBEDTLS_GCM_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_GCM) - if( status == PSA_ERROR_NOT_SUPPORTED && - ( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) == - PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && - nonce->len != 12 ) - { - test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); - goto exit; - } -#endif /* AES-GCM could be alternatively implemented */ PSA_ASSERT( status ); ASSERT_COMPARE( expected_result->x, expected_result->len, @@ -4172,28 +4160,14 @@ void aead_decrypt( int key_type_arg, data_t *key_data, output_data, output_size, &output_length ); -#if defined(MBEDTLS_AES_ALT) || \ - defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) - if( status == PSA_ERROR_NOT_SUPPORTED && - key_type == PSA_KEY_TYPE_AES && - key_data->len == 24 ) + /* If the operation is not supported, just skip and not fail in case the + * decryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) { - test_skip( "AES-192 not supported", __LINE__, __FILE__ ); - goto exit; + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); } -#endif /* AES could be alternatively implemented */ -#if defined(MBEDTLS_GCM_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_GCM) - if( status == PSA_ERROR_NOT_SUPPORTED && - ( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) == - PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && - nonce->len != 12 ) - { - test_skip( "AES-GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); - goto exit; - } -#endif /* AES-GCM could be alternatively implemented */ TEST_EQUAL( status, expected_result ); From 1e9c042085d10da6e0d74477c554de47eccc7988 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 10 Feb 2021 17:02:05 +0100 Subject: [PATCH 8/8] Minor fixup of SKIP_IF test macro documentation verbiage Signed-off-by: Steven Cooreman --- tests/include/test/psa_crypto_helpers.h | 56 +++++++++++++------------ 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index df3bc0e08..2439ab337 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -101,20 +101,21 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ -/** Skip a test case if the given key is an 192 bits AES key and the AES - * implementation is at least partially an alternative implementation. - * - * Call this macro in a test case when a cryptography operation that may - * involve an AES operation returns with the PSA_ERROR_NOT_SUPPORTED error - * code to skip and not fail the test case in case the operation involves an - * 192 bits AES key and the AES implementation is at least partially an +/** Skip a test case if the given key is a 192 bits AES key and the AES + * implementation is at least partially provided by an accelerator or * alternative implementation. * - * Hardware AES implementations are likely to not support 192 bits keys. + * Call this macro in a test case when a cryptographic operation that may + * involve an AES operation returns a #PSA_ERROR_NOT_SUPPORTED error code. + * The macro call will skip and not fail the test case in case the operation + * involves a 192 bits AES key and the AES implementation is at least + * partially provided by an accelerator or alternative implementation. + * + * Hardware AES implementations not supporting 192 bits keys commonly exist. * Consequently, PSA test cases aim at not failing when an AES operation with - * an 192 bits key performed by an alternative AES implementation returns - * with the PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro - * is to facilitate this and make the related code more readable. + * a 192 bits key performed by an alternative AES implementation returns + * with the #PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro + * is to facilitate this and make the test case code more readable. * * \param key_type Key type * \param key_bits Key length in number of bits. @@ -140,27 +141,28 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, } \ while( 0 ) -/** Skip a test case in case of a GCM operation with a nonce length different - * from 12 bytes. +/** Skip a test case if a GCM operation with a nonce length different from + * 12 bytes fails and was performed by an accelerator or alternative + * implementation. * * Call this macro in a test case when an AEAD cryptography operation that - * may involve the GCM mode returns with the PSA_ERROR_NOT_SUPPORTED error - * code to skip and not fail the test case in case the operation involves the - * GCM mode, a nonce with a length different from 12 bytes and the GCM mode - * implementation is an alternative one. + * may involve the GCM mode returns with a #PSA_ERROR_NOT_SUPPORTED error + * code. The macro call will skip and not fail the test case in case the + * operation involves the GCM mode, a nonce with a length different from + * 12 bytes and the GCM mode implementation is an alternative one. * - * Hardware GCM implementations are likely to not support nonce lengths - * different from 12 are those imply additional computations involving the - * GHASH function. Consequently, PSA test cases aim at not failing when an - * AEAD operation in GCM mode with a nonce length different from 12 bytes - * performed by an alternative GCM implementation returns with the - * PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro is to - * facilitate this and make the related code more readable. + * Hardware GCM implementations not supporting nonce lengths different from + * 12 bytes commonly exist, as supporting a non-12-byte nonce requires + * additional computations involving the GHASH function. + * Consequently, PSA test cases aim at not failing when an AEAD operation in + * GCM mode with a nonce length different from 12 bytes is performed by an + * alternative GCM implementation and returns with a #PSA_ERROR_NOT_SUPPORTED + * error code. The purpose of this macro is to facilitate this check and make + * the test case code more readable. * - * \param alg The AEAD algorithm. - * \param nonce_length The nonce length in number of bytes. + * \param alg The AEAD algorithm. + * \param nonce_length The nonce length in number of bytes. */ - #if defined(MBEDTLS_GCM_ALT) || \ defined(MBEDTLS_PSA_ACCEL_ALG_GCM) #define MBEDTLS_TEST_HAVE_ALT_GCM 1