/* BEGIN_HEADER */ #include "test/drivers/test_driver.h" /* Auxiliary variables for pake tests. Global to silent the compiler when unused. */ size_t pake_expected_hit_count = 0; int pake_in_driver = 0; /* The only two JPAKE user/peer identifiers supported for the time being. */ static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; #if defined(PSA_WANT_ALG_JPAKE) && defined(MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY) && \ defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, psa_pake_operation_t *server, psa_pake_operation_t *client, int client_input_first, int round) { unsigned char *buffer0 = NULL, *buffer1 = NULL; size_t buffer_length = ( PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; /* The output should be exactly this size according to the spec */ const size_t expected_size_key_share = PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); /* The output should be exactly this size according to the spec */ const size_t expected_size_zk_public = PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); /* The output can be smaller: the spec allows stripping leading zeroes */ const size_t max_expected_size_zk_proof = PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); size_t buffer0_off = 0; size_t buffer1_off = 0; size_t s_g1_len, s_g2_len, s_a_len; size_t s_g1_off, s_g2_off, s_a_off; size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; size_t c_g1_len, c_g2_len, c_a_len; size_t c_g1_off, c_g2_off, c_a_off; size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; psa_status_t status; ASSERT_ALLOC(buffer0, buffer_length); ASSERT_ALLOC(buffer1, buffer_length); switch (round) { case 1: /* Server first round Output */ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, 512 - buffer0_off, &s_g1_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_g1_len, expected_size_key_share); s_g1_off = buffer0_off; buffer0_off += s_g1_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, 512 - buffer0_off, &s_x1_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); s_x1_pk_off = buffer0_off; buffer0_off += s_x1_pk_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, 512 - buffer0_off, &s_x1_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); s_x1_pr_off = buffer0_off; buffer0_off += s_x1_pr_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, 512 - buffer0_off, &s_g2_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_g2_len, expected_size_key_share); s_g2_off = buffer0_off; buffer0_off += s_g2_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); s_x2_pk_off = buffer0_off; buffer0_off += s_x2_pk_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); s_x2_pr_off = buffer0_off; buffer0_off += s_x2_pr_len; if (client_input_first == 1) { /* Client first round Input */ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g1_off, s_g1_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x1_pk_off, s_x1_pk_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x1_pr_off, s_x1_pr_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g2_off, s_g2_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2_pk_off, s_x2_pk_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2_pr_off, s_x2_pr_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); } /* Adjust for indirect client driver setup in first pake_output call. */ pake_expected_hit_count++; /* Client first round Output */ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, 512 - buffer1_off, &c_g1_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_g1_len, expected_size_key_share); c_g1_off = buffer1_off; buffer1_off += c_g1_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, 512 - buffer1_off, &c_x1_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); c_x1_pk_off = buffer1_off; buffer1_off += c_x1_pk_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, 512 - buffer1_off, &c_x1_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); c_x1_pr_off = buffer1_off; buffer1_off += c_x1_pr_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, 512 - buffer1_off, &c_g2_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_g2_len, expected_size_key_share); c_g2_off = buffer1_off; buffer1_off += c_g2_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); c_x2_pk_off = buffer1_off; buffer1_off += c_x2_pk_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); c_x2_pr_off = buffer1_off; buffer1_off += c_x2_pr_len; if (client_input_first == 0) { /* Client first round Input */ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g1_off, s_g1_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x1_pk_off, s_x1_pk_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x1_pr_off, s_x1_pr_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g2_off, s_g2_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2_pk_off, s_x2_pk_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2_pr_off, s_x2_pr_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); } /* Server first round Input */ status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, buffer1 + c_g1_off, c_g1_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + c_x1_pk_off, c_x1_pk_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, buffer1 + c_x1_pr_off, c_x1_pr_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, buffer1 + c_g2_off, c_g2_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + c_x2_pk_off, c_x2_pk_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, buffer1 + c_x2_pr_off, c_x2_pr_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); break; case 2: /* Server second round Output */ buffer0_off = 0; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, 512 - buffer0_off, &s_a_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_a_len, expected_size_key_share); s_a_off = buffer0_off; buffer0_off += s_a_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2s_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); s_x2s_pk_off = buffer0_off; buffer0_off += s_x2s_pk_len; PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2s_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); s_x2s_pr_off = buffer0_off; buffer0_off += s_x2s_pr_len; if (client_input_first == 1) { /* Client second round Input */ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_a_off, s_a_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2s_pk_off, s_x2s_pk_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2s_pr_off, s_x2s_pr_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); } /* Client second round Output */ buffer1_off = 0; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, 512 - buffer1_off, &c_a_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_a_len, expected_size_key_share); c_a_off = buffer1_off; buffer1_off += c_a_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2s_pk_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); c_x2s_pk_off = buffer1_off; buffer1_off += c_x2s_pk_len; PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2s_pr_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); c_x2s_pr_off = buffer1_off; buffer1_off += c_x2s_pr_len; if (client_input_first == 0) { /* Client second round Input */ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_a_off, s_a_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2s_pk_off, s_x2s_pk_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2s_pr_off, s_x2s_pr_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); } /* Server second round Input */ status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, buffer1 + c_a_off, c_a_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + c_x2s_pk_off, c_x2s_pk_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, buffer1 + c_x2s_pr_off, c_x2s_pr_len); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); break; } exit: mbedtls_free(buffer0); mbedtls_free(buffer1); } #endif /* PSA_WANT_ALG_JPAKE */ #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) /* Sanity checks on the output of RSA encryption. * * \param modulus Key modulus. Must not have leading zeros. * \param private_exponent Key private exponent. * \param alg An RSA algorithm. * \param input_data The input plaintext. * \param buf The ciphertext produced by the driver. * \param length Length of \p buf in bytes. */ static int sanity_check_rsa_encryption_result( psa_algorithm_t alg, const data_t *modulus, const data_t *private_exponent, const data_t *input_data, uint8_t *buf, size_t length) { #if defined(MBEDTLS_BIGNUM_C) mbedtls_mpi N, D, C, X; mbedtls_mpi_init(&N); mbedtls_mpi_init(&D); mbedtls_mpi_init(&C); mbedtls_mpi_init(&X); #endif /* MBEDTLS_BIGNUM_C */ int ok = 0; TEST_ASSERT(length == modulus->len); #if defined(MBEDTLS_BIGNUM_C) /* Perform the private key operation */ TEST_ASSERT(mbedtls_mpi_read_binary(&N, modulus->x, modulus->len) == 0); TEST_ASSERT(mbedtls_mpi_read_binary(&D, private_exponent->x, private_exponent->len) == 0); TEST_ASSERT(mbedtls_mpi_read_binary(&C, buf, length) == 0); TEST_ASSERT(mbedtls_mpi_exp_mod(&X, &C, &D, &N, NULL) == 0); /* Sanity checks on the padded plaintext */ TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, length) == 0); if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { TEST_ASSERT(length > input_data->len + 2); TEST_EQUAL(buf[0], 0x00); TEST_EQUAL(buf[1], 0x02); TEST_EQUAL(buf[length - input_data->len - 1], 0x00); ASSERT_COMPARE(buf + length - input_data->len, input_data->len, input_data->x, input_data->len); } else if (PSA_ALG_IS_RSA_OAEP(alg)) { TEST_EQUAL(buf[0], 0x00); /* The rest is too hard to check */ } else { TEST_ASSERT(!"Encryption result sanity check not implemented for RSA algorithm"); } #endif /* MBEDTLS_BIGNUM_C */ ok = 1; exit: #if defined(MBEDTLS_BIGNUM_C) mbedtls_mpi_free(&N); mbedtls_mpi_free(&D); mbedtls_mpi_free(&C); mbedtls_mpi_free(&X); #endif /* MBEDTLS_BIGNUM_C */ return ok; } #endif /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_CRYPTO_DRIVER_TEST * END_DEPENDENCIES */ /* BEGIN_CASE */ void sign_hash(int key_type_arg, int alg_arg, int force_status_arg, data_t *key_input, data_t *data_input, data_t *expected_output, int fake_output, int expected_status_arg) { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = alg_arg; size_t key_bits; psa_key_type_t key_type = key_type_arg; unsigned char *signature = NULL; size_t signature_size; size_t signature_length = 0xdeadbeef; psa_status_t actual_status; mbedtls_test_driver_signature_sign_hooks = mbedtls_test_driver_signature_hooks_init(); PSA_ASSERT(psa_crypto_init()); psa_set_key_type(&attributes, key_type); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); psa_set_key_algorithm(&attributes, alg); psa_import_key(&attributes, key_input->x, key_input->len, &key); mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; if (fake_output == 1) { mbedtls_test_driver_signature_sign_hooks.forced_output = expected_output->x; mbedtls_test_driver_signature_sign_hooks.forced_output_length = expected_output->len; } /* Allocate a buffer which has the size advertized by the * library. */ PSA_ASSERT(psa_get_key_attributes(key, &attributes)); key_bits = psa_get_key_bits(&attributes); signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); ASSERT_ALLOC(signature, signature_size); actual_status = psa_sign_hash(key, alg, data_input->x, data_input->len, signature, signature_size, &signature_length); TEST_EQUAL(actual_status, expected_status); if (expected_status == PSA_SUCCESS) { ASSERT_COMPARE(signature, signature_length, expected_output->x, expected_output->len); } TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1); exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); mbedtls_free(signature); PSA_DONE(); mbedtls_test_driver_signature_sign_hooks = mbedtls_test_driver_signature_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void verify_hash(int key_type_arg, int key_type_public_arg, int alg_arg, int force_status_arg, int register_public_key, data_t *key_input, data_t *data_input, data_t *signature_input, int expected_status_arg) { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; psa_algorithm_t alg = alg_arg; psa_key_type_t key_type = key_type_arg; psa_key_type_t key_type_public = key_type_public_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t actual_status; mbedtls_test_driver_signature_verify_hooks = mbedtls_test_driver_signature_hooks_init(); PSA_ASSERT(psa_crypto_init()); if (register_public_key) { psa_set_key_type(&attributes, key_type_public); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); psa_set_key_algorithm(&attributes, alg); psa_import_key(&attributes, key_input->x, key_input->len, &key); } else { psa_set_key_type(&attributes, key_type); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); psa_set_key_algorithm(&attributes, alg); psa_import_key(&attributes, key_input->x, key_input->len, &key); } mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; actual_status = psa_verify_hash(key, alg, data_input->x, data_input->len, signature_input->x, signature_input->len); TEST_EQUAL(actual_status, expected_status); TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, 1); exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_signature_verify_hooks = mbedtls_test_driver_signature_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void sign_message(int key_type_arg, int alg_arg, int force_status_arg, data_t *key_input, data_t *data_input, data_t *expected_output, int fake_output, int expected_status_arg) { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = alg_arg; size_t key_bits; psa_key_type_t key_type = key_type_arg; unsigned char *signature = NULL; size_t signature_size; size_t signature_length = 0xdeadbeef; psa_status_t actual_status; mbedtls_test_driver_signature_sign_hooks = mbedtls_test_driver_signature_hooks_init(); PSA_ASSERT(psa_crypto_init()); psa_set_key_type(&attributes, key_type); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); psa_set_key_algorithm(&attributes, alg); psa_import_key(&attributes, key_input->x, key_input->len, &key); mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; if (fake_output == 1) { mbedtls_test_driver_signature_sign_hooks.forced_output = expected_output->x; mbedtls_test_driver_signature_sign_hooks.forced_output_length = expected_output->len; } /* Allocate a buffer which has the size advertized by the * library. */ PSA_ASSERT(psa_get_key_attributes(key, &attributes)); key_bits = psa_get_key_bits(&attributes); signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); TEST_ASSERT(signature_size != 0); TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE); ASSERT_ALLOC(signature, signature_size); actual_status = psa_sign_message(key, alg, data_input->x, data_input->len, signature, signature_size, &signature_length); TEST_EQUAL(actual_status, expected_status); if (expected_status == PSA_SUCCESS) { ASSERT_COMPARE(signature, signature_length, expected_output->x, expected_output->len); } /* In the builtin algorithm the driver is called twice. */ TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); mbedtls_free(signature); PSA_DONE(); mbedtls_test_driver_signature_sign_hooks = mbedtls_test_driver_signature_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void verify_message(int key_type_arg, int key_type_public_arg, int alg_arg, int force_status_arg, int register_public_key, data_t *key_input, data_t *data_input, data_t *signature_input, int expected_status_arg) { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; psa_algorithm_t alg = alg_arg; psa_key_type_t key_type = key_type_arg; psa_key_type_t key_type_public = key_type_public_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t actual_status; mbedtls_test_driver_signature_verify_hooks = mbedtls_test_driver_signature_hooks_init(); PSA_ASSERT(psa_crypto_init()); if (register_public_key) { psa_set_key_type(&attributes, key_type_public); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); psa_set_key_algorithm(&attributes, alg); psa_import_key(&attributes, key_input->x, key_input->len, &key); } else { psa_set_key_type(&attributes, key_type); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE); psa_set_key_algorithm(&attributes, alg); psa_import_key(&attributes, key_input->x, key_input->len, &key); } mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; actual_status = psa_verify_message(key, alg, data_input->x, data_input->len, signature_input->x, signature_input->len); TEST_EQUAL(actual_status, expected_status); /* In the builtin algorithm the driver is called twice. */ TEST_EQUAL(mbedtls_test_driver_signature_verify_hooks.hits, force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1); exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_signature_verify_hooks = mbedtls_test_driver_signature_hooks_init(); } /* END_CASE */ /* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */ void generate_key(int force_status_arg, data_t *fake_output, int expected_status_arg) { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256); const uint8_t *expected_output = NULL; size_t expected_output_length = 0; psa_status_t actual_status; uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = { 0 }; size_t actual_output_length; mbedtls_test_driver_key_management_hooks = mbedtls_test_driver_key_management_hooks_init(); psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); psa_set_key_bits(&attributes, 256); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT); psa_set_key_algorithm(&attributes, alg); if (fake_output->len > 0) { expected_output = mbedtls_test_driver_key_management_hooks.forced_output = fake_output->x; expected_output_length = mbedtls_test_driver_key_management_hooks.forced_output_length = fake_output->len; } mbedtls_test_driver_key_management_hooks.hits = 0; mbedtls_test_driver_key_management_hooks.forced_status = force_status; PSA_ASSERT(psa_crypto_init()); actual_status = psa_generate_key(&attributes, &key); TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); TEST_EQUAL(actual_status, expected_status); if (actual_status == PSA_SUCCESS) { psa_export_key(key, actual_output, sizeof(actual_output), &actual_output_length); if (fake_output->len > 0) { ASSERT_COMPARE(actual_output, actual_output_length, expected_output, expected_output_length); } else { size_t zeroes = 0; for (size_t i = 0; i < sizeof(actual_output); i++) { if (actual_output[i] == 0) { zeroes++; } } TEST_ASSERT(zeroes != sizeof(actual_output)); } } exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_key_management_hooks = mbedtls_test_driver_key_management_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void validate_key(int force_status_arg, int location, int owner_id_arg, int id_arg, int key_type_arg, data_t *key_input, int expected_status_arg) { psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ PSA_KEY_PERSISTENCE_DEFAULT, location); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg); psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; psa_key_type_t key_type = key_type_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t actual_status; mbedtls_test_driver_key_management_hooks = mbedtls_test_driver_key_management_hooks_init(); psa_set_key_id(&attributes, id); psa_set_key_type(&attributes, key_type); psa_set_key_lifetime(&attributes, lifetime); psa_set_key_bits(&attributes, 0); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); mbedtls_test_driver_key_management_hooks.forced_status = force_status; PSA_ASSERT(psa_crypto_init()); actual_status = psa_import_key(&attributes, key_input->x, key_input->len, &key); TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); TEST_EQUAL(actual_status, expected_status); TEST_EQUAL(mbedtls_test_driver_key_management_hooks.location, location); exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_key_management_hooks = mbedtls_test_driver_key_management_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void export_key(int force_status_arg, data_t *fake_output, int key_in_type_arg, data_t *key_in, int key_out_type_arg, data_t *expected_output, int expected_status_arg) { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t input_key_type = key_in_type_arg; psa_key_type_t output_key_type = key_out_type_arg; const uint8_t *expected_output_ptr = NULL; size_t expected_output_length = 0; psa_status_t actual_status; uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = { 0 }; size_t actual_output_length; mbedtls_test_driver_key_management_hooks = mbedtls_test_driver_key_management_hooks_init(); psa_set_key_type(&attributes, input_key_type); psa_set_key_bits(&attributes, 256); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); PSA_ASSERT(psa_crypto_init()); PSA_ASSERT(psa_import_key(&attributes, key_in->x, key_in->len, &handle)); if (fake_output->len > 0) { expected_output_ptr = mbedtls_test_driver_key_management_hooks.forced_output = fake_output->x; expected_output_length = mbedtls_test_driver_key_management_hooks.forced_output_length = fake_output->len; } else { expected_output_ptr = expected_output->x; expected_output_length = expected_output->len; } mbedtls_test_driver_key_management_hooks.hits = 0; mbedtls_test_driver_key_management_hooks.forced_status = force_status; if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { actual_status = psa_export_public_key(handle, actual_output, sizeof(actual_output), &actual_output_length); } else { actual_status = psa_export_key(handle, actual_output, sizeof(actual_output), &actual_output_length); } TEST_EQUAL(actual_status, expected_status); if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); } if (actual_status == PSA_SUCCESS) { ASSERT_COMPARE(actual_output, actual_output_length, expected_output_ptr, expected_output_length); } exit: psa_reset_key_attributes(&attributes); psa_destroy_key(handle); PSA_DONE(); mbedtls_test_driver_key_management_hooks = mbedtls_test_driver_key_management_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void key_agreement(int alg_arg, int force_status_arg, int our_key_type_arg, data_t *our_key_data, data_t *peer_key_data, data_t *expected_output, data_t *fake_output, int expected_status_arg) { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t *expected_output_ptr = NULL; size_t expected_output_length = 0; unsigned char *actual_output = NULL; size_t actual_output_length = ~0; size_t key_bits; psa_status_t actual_status; mbedtls_test_driver_key_agreement_hooks = mbedtls_test_driver_key_agreement_hooks_init(); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, our_key_type); PSA_ASSERT(psa_import_key(&attributes, our_key_data->x, our_key_data->len, &our_key)); PSA_ASSERT(psa_get_key_attributes(our_key, &attributes)); key_bits = psa_get_key_bits(&attributes); TEST_LE_U(expected_output->len, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits)); TEST_LE_U(PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(our_key_type, key_bits), PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); if (fake_output->len > 0) { expected_output_ptr = mbedtls_test_driver_key_agreement_hooks.forced_output = fake_output->x; expected_output_length = mbedtls_test_driver_key_agreement_hooks.forced_output_length = fake_output->len; } else { expected_output_ptr = expected_output->x; expected_output_length = expected_output->len; } mbedtls_test_driver_key_agreement_hooks.hits = 0; mbedtls_test_driver_key_agreement_hooks.forced_status = force_status; ASSERT_ALLOC(actual_output, expected_output->len); actual_status = psa_raw_key_agreement(alg, our_key, peer_key_data->x, peer_key_data->len, actual_output, expected_output->len, &actual_output_length); TEST_EQUAL(actual_status, expected_status); TEST_EQUAL(mbedtls_test_driver_key_agreement_hooks.hits, 1); if (actual_status == PSA_SUCCESS) { ASSERT_COMPARE(actual_output, actual_output_length, expected_output_ptr, expected_output_length); } mbedtls_free(actual_output); actual_output = NULL; actual_output_length = ~0; exit: psa_reset_key_attributes(&attributes); psa_destroy_key(our_key); PSA_DONE(); mbedtls_test_driver_key_agreement_hooks = mbedtls_test_driver_key_agreement_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void cipher_encrypt_validation(int alg_arg, int key_type_arg, data_t *key_data, data_t *input) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t iv_size = PSA_CIPHER_IV_LENGTH(key_type, alg); unsigned char *output1 = NULL; size_t output1_buffer_size = 0; size_t output1_length = 0; unsigned char *output2 = NULL; size_t output2_buffer_size = 0; size_t output2_length = 0; size_t function_output_length = 0; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len); output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) + PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg); ASSERT_ALLOC(output1, output1_buffer_size); ASSERT_ALLOC(output2, output2_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len, output1, output1_buffer_size, &output1_length)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_set_iv(&operation, output1, iv_size)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_update(&operation, input->x, input->len, output2, output2_buffer_size, &function_output_length)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; output2_length += function_output_length; PSA_ASSERT(psa_cipher_finish(&operation, output2 + output2_length, output2_buffer_size - output2_length, &function_output_length)); /* Finish will have called abort as well, so expecting two hits here */ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); mbedtls_test_driver_cipher_hooks.hits = 0; output2_length += function_output_length; PSA_ASSERT(psa_cipher_abort(&operation)); // driver function should've been called as part of the finish() core routine TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); ASSERT_COMPARE(output1 + iv_size, output1_length - iv_size, output2, output2_length); exit: psa_cipher_abort(&operation); mbedtls_free(output1); mbedtls_free(output2); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void cipher_encrypt_multipart(int alg_arg, int key_type_arg, data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output, int mock_output_arg, int force_status_arg, int expected_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t status; psa_status_t expected_status = expected_status_arg; psa_status_t force_status = force_status_arg; size_t first_part_size = first_part_size_arg; size_t output1_length = output1_length_arg; size_t output2_length = output2_length_arg; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; size_t total_output_length = 0; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); mbedtls_test_driver_cipher_hooks.forced_status = force_status; /* Test operation initialization */ mbedtls_psa_cipher_operation_t mbedtls_operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT; mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; operation.ctx.mbedtls_ctx = mbedtls_operation; operation.ctx.transparent_test_driver_ctx = transparent_operation; operation.ctx.opaque_test_driver_ctx = opaque_operation; PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); mbedtls_test_driver_cipher_hooks.hits = 0; output_buffer_size = ((size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); ASSERT_ALLOC(output, output_buffer_size); if (mock_output_arg) { mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; } TEST_ASSERT(first_part_size <= input->len); PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size, output, output_buffer_size, &function_output_length)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); mbedtls_test_driver_cipher_hooks.hits = 0; TEST_ASSERT(function_output_length == output1_length); total_output_length += function_output_length; if (first_part_size < input->len) { PSA_ASSERT(psa_cipher_update(&operation, input->x + first_part_size, input->len - first_part_size, output + total_output_length, output_buffer_size - total_output_length, &function_output_length)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; TEST_ASSERT(function_output_length == output2_length); total_output_length += function_output_length; } if (mock_output_arg) { mbedtls_test_driver_cipher_hooks.forced_output = NULL; mbedtls_test_driver_cipher_hooks.forced_output_length = 0; } status = psa_cipher_finish(&operation, output + total_output_length, output_buffer_size - total_output_length, &function_output_length); /* Finish will have called abort as well, so expecting two hits here */ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); mbedtls_test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; TEST_EQUAL(status, expected_status); if (expected_status == PSA_SUCCESS) { PSA_ASSERT(psa_cipher_abort(&operation)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); ASSERT_COMPARE(expected_output->x, expected_output->len, output, total_output_length); } exit: psa_cipher_abort(&operation); mbedtls_free(output); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void cipher_decrypt_multipart(int alg_arg, int key_type_arg, data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output, int mock_output_arg, int force_status_arg, int expected_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t status; psa_status_t expected_status = expected_status_arg; psa_status_t force_status = force_status_arg; size_t first_part_size = first_part_size_arg; size_t output1_length = output1_length_arg; size_t output2_length = output2_length_arg; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; size_t total_output_length = 0; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); mbedtls_test_driver_cipher_hooks.forced_status = force_status; /* Test operation initialization */ mbedtls_psa_cipher_operation_t mbedtls_operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT; mbedtls_transparent_test_driver_cipher_operation_t transparent_operation = MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT; mbedtls_opaque_test_driver_cipher_operation_t opaque_operation = MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT; operation.ctx.mbedtls_ctx = mbedtls_operation; operation.ctx.transparent_test_driver_ctx = transparent_operation; operation.ctx.opaque_test_driver_ctx = opaque_operation; PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; PSA_ASSERT(psa_cipher_set_iv(&operation, iv->x, iv->len)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); mbedtls_test_driver_cipher_hooks.hits = 0; output_buffer_size = ((size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type)); ASSERT_ALLOC(output, output_buffer_size); if (mock_output_arg) { mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; } TEST_ASSERT(first_part_size <= input->len); PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size, output, output_buffer_size, &function_output_length)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); mbedtls_test_driver_cipher_hooks.hits = 0; TEST_ASSERT(function_output_length == output1_length); total_output_length += function_output_length; if (first_part_size < input->len) { PSA_ASSERT(psa_cipher_update(&operation, input->x + first_part_size, input->len - first_part_size, output + total_output_length, output_buffer_size - total_output_length, &function_output_length)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 1 : 0)); mbedtls_test_driver_cipher_hooks.hits = 0; TEST_ASSERT(function_output_length == output2_length); total_output_length += function_output_length; } if (mock_output_arg) { mbedtls_test_driver_cipher_hooks.forced_output = NULL; mbedtls_test_driver_cipher_hooks.forced_output_length = 0; } status = psa_cipher_finish(&operation, output + total_output_length, output_buffer_size - total_output_length, &function_output_length); /* Finish will have called abort as well, so expecting two hits here */ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, (force_status == PSA_SUCCESS ? 2 : 0)); mbedtls_test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; TEST_EQUAL(status, expected_status); if (expected_status == PSA_SUCCESS) { PSA_ASSERT(psa_cipher_abort(&operation)); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); ASSERT_COMPARE(expected_output->x, expected_output->len, output, total_output_length); } exit: psa_cipher_abort(&operation); mbedtls_free(output); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void cipher_decrypt(int alg_arg, int key_type_arg, data_t *key_data, data_t *iv, data_t *input_arg, data_t *expected_output, int mock_output_arg, int force_status_arg, int expected_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; psa_status_t force_status = force_status_arg; unsigned char *input = NULL; size_t input_buffer_size = 0; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t output_length = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); mbedtls_test_driver_cipher_hooks.forced_status = force_status; PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); /* Allocate input buffer and copy the iv and the plaintext */ input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len); if (input_buffer_size > 0) { ASSERT_ALLOC(input, input_buffer_size); memcpy(input, iv->x, iv->len); memcpy(input + iv->len, input_arg->x, input_arg->len); } output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size); ASSERT_ALLOC(output, output_buffer_size); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); if (mock_output_arg) { mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x; mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len; } status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output, output_buffer_size, &output_length); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); mbedtls_test_driver_cipher_hooks.hits = 0; TEST_EQUAL(status, expected_status); if (expected_status == PSA_SUCCESS) { ASSERT_COMPARE(expected_output->x, expected_output->len, output, output_length); } exit: mbedtls_free(input); mbedtls_free(output); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void cipher_entry_points(int alg_arg, int key_type_arg, data_t *key_data, data_t *iv, data_t *input) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); ASSERT_ALLOC(output, input->len + 16); output_buffer_size = input->len + 16; PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); /* * Test encrypt failure * First test that if we don't force a driver error, encryption is * successful, then force driver error. */ status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, PSA_SUCCESS); mbedtls_test_driver_cipher_hooks.hits = 0; mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; /* Set the output buffer in a given state. */ for (size_t i = 0; i < output_buffer_size; i++) { output[i] = 0xa5; } status = psa_cipher_encrypt( key, alg, input->x, input->len, output, output_buffer_size, &function_output_length); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, PSA_ERROR_GENERIC_ERROR); /* * Check that the output buffer is still in the same state. * This will fail if the output buffer is used by the core to pass the IV * it generated to the driver (and is not restored). */ for (size_t i = 0; i < output_buffer_size; i++) { TEST_EQUAL(output[i], 0xa5); } mbedtls_test_driver_cipher_hooks.hits = 0; /* Test setup call, encrypt */ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; status = psa_cipher_encrypt_setup(&operation, key, alg); /* When setup fails, it shouldn't call any further entry points */ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_set_iv(&operation, iv->x, iv->len); TEST_EQUAL(status, PSA_ERROR_BAD_STATE); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); /* Test setup call failure, decrypt */ status = psa_cipher_decrypt_setup(&operation, key, alg); /* When setup fails, it shouldn't call any further entry points */ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_set_iv(&operation, iv->x, iv->len); TEST_EQUAL(status, PSA_ERROR_BAD_STATE); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); /* Test IV setting failure */ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; status = psa_cipher_encrypt_setup(&operation, key, alg); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; status = psa_cipher_set_iv(&operation, iv->x, iv->len); /* When setting the IV fails, it should call abort too */ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); /* Failure should prevent further operations from executing on the driver */ mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_update(&operation, input->x, input->len, output, output_buffer_size, &function_output_length); TEST_EQUAL(status, PSA_ERROR_BAD_STATE); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); psa_cipher_abort(&operation); /* Test IV generation failure */ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; status = psa_cipher_encrypt_setup(&operation, key, alg); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; /* Set the output buffer in a given state. */ for (size_t i = 0; i < 16; i++) { output[i] = 0xa5; } status = psa_cipher_generate_iv(&operation, output, 16, &function_output_length); /* When generating the IV fails, it should call abort too */ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); /* * Check that the output buffer is still in the same state. * This will fail if the output buffer is used by the core to pass the IV * it generated to the driver (and is not restored). */ for (size_t i = 0; i < 16; i++) { TEST_EQUAL(output[i], 0xa5); } /* Failure should prevent further operations from executing on the driver */ mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_update(&operation, input->x, input->len, output, output_buffer_size, &function_output_length); TEST_EQUAL(status, PSA_ERROR_BAD_STATE); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); psa_cipher_abort(&operation); /* Test update failure */ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; status = psa_cipher_encrypt_setup(&operation, key, alg); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_set_iv(&operation, iv->x, iv->len); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; status = psa_cipher_update(&operation, input->x, input->len, output, output_buffer_size, &function_output_length); /* When the update call fails, it should call abort too */ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); /* Failure should prevent further operations from executing on the driver */ mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_update(&operation, input->x, input->len, output, output_buffer_size, &function_output_length); TEST_EQUAL(status, PSA_ERROR_BAD_STATE); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); psa_cipher_abort(&operation); /* Test finish failure */ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS; status = psa_cipher_encrypt_setup(&operation, key, alg); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_set_iv(&operation, iv->x, iv->len); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_update(&operation, input->x, input->len, output, output_buffer_size, &function_output_length); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 1); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); mbedtls_test_driver_cipher_hooks.hits = 0; mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; status = psa_cipher_finish(&operation, output + function_output_length, output_buffer_size - function_output_length, &function_output_length); /* When the finish call fails, it should call abort too */ TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 2); TEST_EQUAL(status, mbedtls_test_driver_cipher_hooks.forced_status); /* Failure should prevent further operations from executing on the driver */ mbedtls_test_driver_cipher_hooks.hits = 0; status = psa_cipher_update(&operation, input->x, input->len, output, output_buffer_size, &function_output_length); TEST_EQUAL(status, PSA_ERROR_BAD_STATE); TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0); psa_cipher_abort(&operation); exit: psa_cipher_abort(&operation); mbedtls_free(output); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void aead_encrypt(int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, data_t *input_data, data_t *expected_result, int forced_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; psa_status_t forced_status = forced_status_arg; unsigned char *output_data = NULL; size_t output_size = 0; size_t output_length = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); key_bits = psa_get_key_bits(&attributes); output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE * should be exact. */ TEST_EQUAL(output_size, PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); TEST_ASSERT(output_size <= PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); ASSERT_ALLOC(output_data, output_size); mbedtls_test_driver_aead_hooks.forced_status = forced_status; status = psa_aead_encrypt(key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, input_data->x, input_data->len, output_data, output_size, &output_length); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt, 1); TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? PSA_SUCCESS : forced_status); if (status == PSA_SUCCESS) { ASSERT_COMPARE(expected_result->x, expected_result->len, output_data, output_length); } exit: psa_destroy_key(key); mbedtls_free(output_data); PSA_DONE(); mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void aead_decrypt(int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, data_t *input_data, data_t *expected_data, int forced_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; psa_status_t forced_status = forced_status_arg; unsigned char *output_data = NULL; size_t output_size = 0; size_t output_length = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); key_bits = psa_get_key_bits(&attributes); output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); ASSERT_ALLOC(output_data, output_size); mbedtls_test_driver_aead_hooks.forced_status = forced_status; status = psa_aead_decrypt(key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, input_data->x, input_data->len, output_data, output_size, &output_length); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt, 1); TEST_EQUAL(mbedtls_test_driver_aead_hooks.driver_status, forced_status); TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? PSA_SUCCESS : forced_status); if (status == PSA_SUCCESS) { ASSERT_COMPARE(expected_data->x, expected_data->len, output_data, output_length); } exit: psa_destroy_key(key); mbedtls_free(output_data); PSA_DONE(); mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void mac_sign(int key_type_arg, data_t *key_data, int alg_arg, data_t *input, data_t *expected_mac, int forced_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *actual_mac = NULL; size_t mac_buffer_size = PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); size_t mac_length = 0; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t forced_status = forced_status_arg; mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); /* We expect PSA_MAC_LENGTH to be exact. */ TEST_ASSERT(expected_mac->len == mac_buffer_size); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); ASSERT_ALLOC(actual_mac, mac_buffer_size); mbedtls_test_driver_mac_hooks.forced_status = forced_status; /* * Calculate the MAC, one-shot case. */ status = psa_mac_compute(key, alg, input->x, input->len, actual_mac, mac_buffer_size, &mac_length); TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); if (forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED) { PSA_ASSERT(status); } else { TEST_EQUAL(forced_status, status); } PSA_ASSERT(psa_mac_abort(&operation)); TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); if (forced_status == PSA_SUCCESS) { ASSERT_COMPARE(expected_mac->x, expected_mac->len, actual_mac, mac_length); } mbedtls_free(actual_mac); actual_mac = NULL; exit: psa_mac_abort(&operation); psa_destroy_key(key); PSA_DONE(); mbedtls_free(actual_mac); mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void mac_sign_multipart(int key_type_arg, data_t *key_data, int alg_arg, data_t *input, data_t *expected_mac, int fragments_count, int forced_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *actual_mac = NULL; size_t mac_buffer_size = PSA_MAC_LENGTH(key_type, PSA_BYTES_TO_BITS(key_data->len), alg); size_t mac_length = 0; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t forced_status = forced_status_arg; uint8_t *input_x = input->x; mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); TEST_ASSERT(mac_buffer_size <= PSA_MAC_MAX_SIZE); /* We expect PSA_MAC_LENGTH to be exact. */ TEST_ASSERT(expected_mac->len == mac_buffer_size); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); ASSERT_ALLOC(actual_mac, mac_buffer_size); mbedtls_test_driver_mac_hooks.forced_status = forced_status; /* * Calculate the MAC, multipart case. */ status = psa_mac_sign_setup(&operation, key, alg); TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); if (forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED) { PSA_ASSERT(status); } else { TEST_EQUAL(forced_status, status); } if (fragments_count) { TEST_ASSERT((input->len / fragments_count) > 0); } for (int i = 0; i < fragments_count; i++) { int fragment_size = input->len / fragments_count; if (i == fragments_count - 1) { fragment_size += (input->len % fragments_count); } status = psa_mac_update(&operation, input_x, fragment_size); if (forced_status == PSA_SUCCESS) { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); } else { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); } if (forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED) { PSA_ASSERT(status); } else { TEST_EQUAL(PSA_ERROR_BAD_STATE, status); } input_x += fragment_size; } status = psa_mac_sign_finish(&operation, actual_mac, mac_buffer_size, &mac_length); if (forced_status == PSA_SUCCESS) { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); } else { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); } if (forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED) { PSA_ASSERT(status); } else { TEST_EQUAL(PSA_ERROR_BAD_STATE, status); } PSA_ASSERT(psa_mac_abort(&operation)); if (forced_status == PSA_SUCCESS) { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); } else { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); } if (forced_status == PSA_SUCCESS) { ASSERT_COMPARE(expected_mac->x, expected_mac->len, actual_mac, mac_length); } mbedtls_free(actual_mac); actual_mac = NULL; exit: psa_mac_abort(&operation); psa_destroy_key(key); PSA_DONE(); mbedtls_free(actual_mac); mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void mac_verify(int key_type_arg, data_t *key_data, int alg_arg, data_t *input, data_t *expected_mac, int forced_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t forced_status = forced_status_arg; mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); mbedtls_test_driver_mac_hooks.forced_status = forced_status; /* * Verify the MAC, one-shot case. */ status = psa_mac_verify(key, alg, input->x, input->len, expected_mac->x, expected_mac->len); TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); if (forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED) { PSA_ASSERT(status); } else { TEST_EQUAL(forced_status, status); } PSA_ASSERT(psa_mac_abort(&operation)); TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); exit: psa_mac_abort(&operation); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void mac_verify_multipart(int key_type_arg, data_t *key_data, int alg_arg, data_t *input, data_t *expected_mac, int fragments_count, int forced_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t forced_status = forced_status_arg; uint8_t *input_x = input->x; mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); TEST_ASSERT(expected_mac->len <= PSA_MAC_MAX_SIZE); PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); mbedtls_test_driver_mac_hooks.forced_status = forced_status; /* * Verify the MAC, multi-part case. */ status = psa_mac_verify_setup(&operation, key, alg); TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); if (forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED) { PSA_ASSERT(status); } else { TEST_EQUAL(forced_status, status); } if (fragments_count) { TEST_ASSERT((input->len / fragments_count) > 0); } for (int i = 0; i < fragments_count; i++) { int fragment_size = input->len / fragments_count; if (i == fragments_count - 1) { fragment_size += (input->len % fragments_count); } status = psa_mac_update(&operation, input_x, fragment_size); if (forced_status == PSA_SUCCESS) { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 2 + i); } else { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); } if (forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED) { PSA_ASSERT(status); } else { TEST_EQUAL(PSA_ERROR_BAD_STATE, status); } input_x += fragment_size; } status = psa_mac_verify_finish(&operation, expected_mac->x, expected_mac->len); if (forced_status == PSA_SUCCESS) { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); } else { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); } if (forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED) { PSA_ASSERT(status); } else { TEST_EQUAL(PSA_ERROR_BAD_STATE, status); } PSA_ASSERT(psa_mac_abort(&operation)); if (forced_status == PSA_SUCCESS) { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 3 + fragments_count); } else { TEST_EQUAL(mbedtls_test_driver_mac_hooks.hits, 1); } exit: psa_mac_abort(&operation); psa_destroy_key(key); PSA_DONE(); mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); } /* END_CASE */ /* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ void builtin_key_export(int builtin_key_id_arg, int builtin_key_type_arg, int builtin_key_bits_arg, int builtin_key_algorithm_arg, data_t *expected_output, int expected_status_arg) { psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; size_t builtin_key_bits = (size_t) builtin_key_bits_arg; psa_status_t expected_status = expected_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); uint8_t *output_buffer = NULL; size_t output_size = 0; psa_status_t actual_status; PSA_ASSERT(psa_crypto_init()); ASSERT_ALLOC(output_buffer, expected_output->len); actual_status = psa_export_key(key, output_buffer, expected_output->len, &output_size); if (expected_status == PSA_SUCCESS) { PSA_ASSERT(actual_status); TEST_EQUAL(output_size, expected_output->len); ASSERT_COMPARE(output_buffer, output_size, expected_output->x, expected_output->len); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); } else { if (actual_status != expected_status) { fprintf(stderr, "Expected %d but got %d\n", expected_status, actual_status); } TEST_EQUAL(actual_status, expected_status); TEST_EQUAL(output_size, 0); } exit: mbedtls_free(output_buffer); psa_reset_key_attributes(&attributes); psa_destroy_key(key); PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ void builtin_pubkey_export(int builtin_key_id_arg, int builtin_key_type_arg, int builtin_key_bits_arg, int builtin_key_algorithm_arg, data_t *expected_output, int expected_status_arg) { psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg; psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg; psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg; size_t builtin_key_bits = (size_t) builtin_key_bits_arg; psa_status_t expected_status = expected_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); uint8_t *output_buffer = NULL; size_t output_size = 0; psa_status_t actual_status; PSA_ASSERT(psa_crypto_init()); ASSERT_ALLOC(output_buffer, expected_output->len); actual_status = psa_export_public_key(key, output_buffer, expected_output->len, &output_size); if (expected_status == PSA_SUCCESS) { PSA_ASSERT(actual_status); TEST_EQUAL(output_size, expected_output->len); ASSERT_COMPARE(output_buffer, output_size, expected_output->x, expected_output->len); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits); TEST_EQUAL(psa_get_key_type(&attributes), builtin_key_type); TEST_EQUAL(psa_get_key_algorithm(&attributes), builtin_key_alg); } else { TEST_EQUAL(actual_status, expected_status); TEST_EQUAL(output_size, 0); } exit: mbedtls_free(output_buffer); psa_reset_key_attributes(&attributes); psa_destroy_key(key); PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void hash_compute(int alg_arg, data_t *input, data_t *hash, int forced_status_arg, int expected_status_arg) { psa_algorithm_t alg = alg_arg; psa_status_t forced_status = forced_status_arg; psa_status_t expected_status = expected_status_arg; unsigned char *output = NULL; size_t output_length; PSA_ASSERT(psa_crypto_init()); ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); mbedtls_test_driver_hash_hooks.forced_status = forced_status; TEST_EQUAL(psa_hash_compute(alg, input->x, input->len, output, PSA_HASH_LENGTH(alg), &output_length), expected_status); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); if (expected_status == PSA_SUCCESS) { ASSERT_COMPARE(output, output_length, hash->x, hash->len); } exit: mbedtls_free(output); PSA_DONE(); mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void hash_multipart_setup(int alg_arg, data_t *input, data_t *hash, int forced_status_arg, int expected_status_arg) { psa_algorithm_t alg = alg_arg; psa_status_t forced_status = forced_status_arg; psa_status_t expected_status = expected_status_arg; unsigned char *output = NULL; psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; size_t output_length; PSA_ASSERT(psa_crypto_init()); ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); mbedtls_test_driver_hash_hooks.forced_status = forced_status; TEST_EQUAL(psa_hash_setup(&operation, alg), expected_status); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); if (expected_status == PSA_SUCCESS) { PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 2); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); PSA_ASSERT(psa_hash_finish(&operation, output, PSA_HASH_LENGTH(alg), &output_length)); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); ASSERT_COMPARE(output, output_length, hash->x, hash->len); } exit: psa_hash_abort(&operation); mbedtls_free(output); PSA_DONE(); mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void hash_multipart_update(int alg_arg, data_t *input, data_t *hash, int forced_status_arg) { psa_algorithm_t alg = alg_arg; psa_status_t forced_status = forced_status_arg; unsigned char *output = NULL; psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; size_t output_length; PSA_ASSERT(psa_crypto_init()); ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); /* * Update inactive operation, the driver shouldn't be called. */ TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), PSA_ERROR_BAD_STATE); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); PSA_ASSERT(psa_hash_setup(&operation, alg)); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); mbedtls_test_driver_hash_hooks.forced_status = forced_status; TEST_EQUAL(psa_hash_update(&operation, input->x, input->len), forced_status); /* One or two more calls to the driver interface: update or update + abort */ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, forced_status == PSA_SUCCESS ? 2 : 3); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); if (forced_status == PSA_SUCCESS) { mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); PSA_ASSERT(psa_hash_finish(&operation, output, PSA_HASH_LENGTH(alg), &output_length)); /* Two calls to the driver interface: update + abort */ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); ASSERT_COMPARE(output, output_length, hash->x, hash->len); } exit: psa_hash_abort(&operation); mbedtls_free(output); PSA_DONE(); mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void hash_multipart_finish(int alg_arg, data_t *input, data_t *hash, int forced_status_arg) { psa_algorithm_t alg = alg_arg; psa_status_t forced_status = forced_status_arg; unsigned char *output = NULL; psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; size_t output_length; PSA_ASSERT(psa_crypto_init()); ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); /* * Finish inactive operation, the driver shouldn't be called. */ TEST_EQUAL(psa_hash_finish(&operation, output, PSA_HASH_LENGTH(alg), &output_length), PSA_ERROR_BAD_STATE); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); PSA_ASSERT(psa_hash_setup(&operation, alg)); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); PSA_ASSERT(psa_hash_update(&operation, input->x, input->len)); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); mbedtls_test_driver_hash_hooks.forced_status = forced_status; TEST_EQUAL(psa_hash_finish(&operation, output, PSA_HASH_LENGTH(alg), &output_length), forced_status); /* Two more calls to the driver interface: finish + abort */ TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 4); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); if (forced_status == PSA_SUCCESS) { ASSERT_COMPARE(output, output_length, hash->x, hash->len); } exit: psa_hash_abort(&operation); mbedtls_free(output); PSA_DONE(); mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void hash_clone(int alg_arg, data_t *input, data_t *hash, int forced_status_arg) { psa_algorithm_t alg = alg_arg; psa_status_t forced_status = forced_status_arg; unsigned char *output = NULL; psa_hash_operation_t source_operation = PSA_HASH_OPERATION_INIT; psa_hash_operation_t target_operation = PSA_HASH_OPERATION_INIT; size_t output_length; PSA_ASSERT(psa_crypto_init()); ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); /* Do this after psa_crypto_init() which may call hash drivers */ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); /* * Clone inactive operation, the driver shouldn't be called. */ TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), PSA_ERROR_BAD_STATE); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 0); PSA_ASSERT(psa_hash_setup(&source_operation, alg)); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); mbedtls_test_driver_hash_hooks.forced_status = forced_status; TEST_EQUAL(psa_hash_clone(&source_operation, &target_operation), forced_status); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, forced_status == PSA_SUCCESS ? 2 : 3); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); if (forced_status == PSA_SUCCESS) { mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); PSA_ASSERT(psa_hash_update(&target_operation, input->x, input->len)); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); PSA_ASSERT(psa_hash_finish(&target_operation, output, PSA_HASH_LENGTH(alg), &output_length)); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 3); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS); ASSERT_COMPARE(output, output_length, hash->x, hash->len); } exit: psa_hash_abort(&source_operation); psa_hash_abort(&target_operation); mbedtls_free(output); PSA_DONE(); mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void asymmetric_encrypt_decrypt(int alg_arg, data_t *key_data, data_t *input_data, data_t *label, data_t *fake_output_encrypt, data_t *fake_output_decrypt, int forced_status_encrypt_arg, int forced_status_decrypt_arg, int expected_status_encrypt_arg, int expected_status_decrypt_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; psa_algorithm_t alg = alg_arg; size_t key_bits; unsigned char *output = NULL; size_t output_size; size_t output_length = ~0; unsigned char *output2 = NULL; size_t output2_size; size_t output2_length = ~0; psa_status_t forced_status_encrypt = forced_status_encrypt_arg; psa_status_t forced_status_decrypt = forced_status_decrypt_arg; psa_status_t expected_status_encrypt = expected_status_encrypt_arg; psa_status_t expected_status_decrypt = expected_status_decrypt_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT(psa_crypto_init()); mbedtls_test_driver_asymmetric_encryption_hooks = mbedtls_test_driver_asymmetric_encryption_hooks_init(); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); /* Determine the maximum ciphertext length */ PSA_ASSERT(psa_get_key_attributes(key, &attributes)); key_bits = psa_get_key_bits(&attributes); mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = forced_status_encrypt; if (fake_output_encrypt->len > 0) { mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = fake_output_encrypt->x; mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_encrypt->len; output_size = fake_output_encrypt->len; ASSERT_ALLOC(output, output_size); } else { output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); TEST_ASSERT(output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE); ASSERT_ALLOC(output, output_size); } /* We test encryption by checking that encrypt-then-decrypt gives back * the original plaintext because of the non-optional random * part of encryption process which prevents using fixed vectors. */ TEST_EQUAL(psa_asymmetric_encrypt(key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, &output_length), expected_status_encrypt); /* We don't know what ciphertext length to expect, but check that * it looks sensible. */ TEST_ASSERT(output_length <= output_size); if (expected_status_encrypt == PSA_SUCCESS) { if (fake_output_encrypt->len > 0) { ASSERT_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, output, output_length); } else { mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = forced_status_decrypt; if (fake_output_decrypt->len > 0) { mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = fake_output_decrypt->x; mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_decrypt->len; output2_size = fake_output_decrypt->len; ASSERT_ALLOC(output2, output2_size); } else { output2_size = input_data->len; TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)); TEST_ASSERT(output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE); ASSERT_ALLOC(output2, output2_size); } TEST_EQUAL(psa_asymmetric_decrypt(key, alg, output, output_length, label->x, label->len, output2, output2_size, &output2_length), expected_status_decrypt); if (expected_status_decrypt == PSA_SUCCESS) { if (fake_output_decrypt->len > 0) { ASSERT_COMPARE(fake_output_decrypt->x, fake_output_decrypt->len, output2, output2_length); } else { ASSERT_COMPARE(input_data->x, input_data->len, output2, output2_length); } } } } exit: /* * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ psa_reset_key_attributes(&attributes); psa_destroy_key(key); mbedtls_free(output); mbedtls_free(output2); PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void asymmetric_decrypt(int alg_arg, data_t *key_data, data_t *input_data, data_t *label, data_t *expected_output_data, data_t *fake_output_decrypt, int forced_status_decrypt_arg, int expected_status_decrypt_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; size_t output_size; size_t output_length = ~0; psa_status_t forced_status_decrypt = forced_status_decrypt_arg; psa_status_t expected_status_decrypt = expected_status_decrypt_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT(psa_crypto_init()); mbedtls_test_driver_asymmetric_encryption_hooks = mbedtls_test_driver_asymmetric_encryption_hooks_init(); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = forced_status_decrypt; if (fake_output_decrypt->len > 0) { mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = fake_output_decrypt->x; mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_decrypt->len; output_size = fake_output_decrypt->len; ASSERT_ALLOC(output, output_size); } else { output_size = expected_output_data->len; ASSERT_ALLOC(output, expected_output_data->len); } TEST_EQUAL(psa_asymmetric_decrypt(key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, &output_length), expected_status_decrypt); if (expected_status_decrypt == PSA_SUCCESS) { TEST_EQUAL(output_length, expected_output_data->len); ASSERT_COMPARE(expected_output_data->x, expected_output_data->len, output, output_length); } exit: /* * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ psa_reset_key_attributes(&attributes); psa_destroy_key(key); mbedtls_free(output); PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void asymmetric_encrypt(int alg_arg, data_t *key_data, data_t *modulus, data_t *private_exponent, data_t *input_data, data_t *label, data_t *fake_output_encrypt, int forced_status_encrypt_arg, int expected_status_encrypt_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_RSA_PUBLIC_KEY; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; size_t output_size; size_t output_length = ~0; psa_status_t forced_status_encrypt = forced_status_encrypt_arg; psa_status_t expected_status_encrypt = expected_status_encrypt_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT(psa_crypto_init()); mbedtls_test_driver_asymmetric_encryption_hooks = mbedtls_test_driver_asymmetric_encryption_hooks_init(); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); size_t key_bits = psa_get_key_bits(&attributes); mbedtls_test_driver_asymmetric_encryption_hooks.forced_status = forced_status_encrypt; if (fake_output_encrypt->len > 0) { mbedtls_test_driver_asymmetric_encryption_hooks.forced_output = fake_output_encrypt->x; mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length = fake_output_encrypt->len; output_size = fake_output_encrypt->len; ASSERT_ALLOC(output, output_size); } else { output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg); ASSERT_ALLOC(output, output_size); } TEST_EQUAL(psa_asymmetric_encrypt(key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, &output_length), expected_status_encrypt); if (expected_status_encrypt == PSA_SUCCESS) { if (fake_output_encrypt->len > 0) { TEST_EQUAL(fake_output_encrypt->len, output_length); ASSERT_COMPARE(fake_output_encrypt->x, fake_output_encrypt->len, output, output_length); } else { /* Perform sanity checks on the output */ #if PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY if (PSA_KEY_TYPE_IS_RSA(key_type)) { if (!sanity_check_rsa_encryption_result( alg, modulus, private_exponent, input_data, output, output_length)) { goto exit; } } else #endif { (void) modulus; (void) private_exponent; TEST_ASSERT(!"Encryption sanity checks not implemented for this key type"); } } } exit: /* * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ psa_reset_key_attributes(&attributes); psa_destroy_key(key); mbedtls_free(output); PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ void aead_encrypt_setup(int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, data_t *input_data, data_t *expected_ciphertext, data_t *expected_tag, int forced_status_arg, int expected_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; psa_status_t forced_status = forced_status_arg; psa_status_t expected_status = expected_status_arg; uint8_t *output_data = NULL; size_t output_size = 0; size_t output_length = 0; size_t finish_output_length = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; size_t tag_length = 0; uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; psa_aead_operation_t operation = psa_aead_operation_init(); mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); PSA_INIT(); mbedtls_test_driver_aead_hooks.forced_status = forced_status; psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); PSA_ASSERT(psa_get_key_attributes(key, &attributes)); key_bits = psa_get_key_bits(&attributes); output_size = input_data->len + PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE * should be exact. */ TEST_EQUAL(output_size, PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len)); TEST_ASSERT(output_size <= PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len)); ASSERT_ALLOC(output_data, output_size); status = psa_aead_encrypt_setup(&operation, key, alg); TEST_EQUAL(status, expected_status); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_encrypt_setup, 1); if (status == PSA_SUCCESS) { /* Set the nonce. */ PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, forced_status == PSA_SUCCESS ? 1 : 0); /* Check hooks hits and * set length (additional data and data to encrypt) */ PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, input_data->len)); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, forced_status == PSA_SUCCESS ? 1 : 0); /* Pass the additional data */ PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, additional_data->len)); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, forced_status == PSA_SUCCESS ? 1 : 0); /* Pass the data to encrypt */ PSA_ASSERT(psa_aead_update(&operation, input_data->x, input_data->len, output_data, output_size, &output_length)); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, forced_status == PSA_SUCCESS ? 1 : 0); /* Finish the encryption operation */ PSA_ASSERT(psa_aead_finish(&operation, output_data + output_length, output_size - output_length, &finish_output_length, tag_buffer, PSA_AEAD_TAG_MAX_SIZE, &tag_length)); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, forced_status == PSA_SUCCESS ? 1 : 0); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, forced_status == PSA_SUCCESS ? 1 : 0); /* Compare output_data and expected_ciphertext */ ASSERT_COMPARE(expected_ciphertext->x, expected_ciphertext->len, output_data, output_length + finish_output_length); /* Compare tag and expected_tag */ ASSERT_COMPARE(expected_tag->x, expected_tag->len, tag_buffer, tag_length); } exit: /* Cleanup */ PSA_ASSERT(psa_destroy_key(key)); mbedtls_free(output_data); PSA_DONE(); mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); } /* END_CASE */ /* BEGIN_CASE */ void aead_decrypt_setup(int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, data_t *input_ciphertext, data_t *input_tag, data_t *expected_result, int forced_status_arg, int expected_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; size_t output_size = 0; size_t output_length = 0; size_t verify_output_length = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t forced_status = forced_status_arg; psa_status_t expected_status = expected_status_arg; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_aead_operation_t operation = psa_aead_operation_init(); mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init(); PSA_INIT(); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); output_size = input_ciphertext->len; ASSERT_ALLOC(output_data, output_size); mbedtls_test_driver_aead_hooks.forced_status = forced_status; status = psa_aead_decrypt_setup(&operation, key, alg); TEST_EQUAL(status, (forced_status == PSA_ERROR_NOT_SUPPORTED) ? PSA_SUCCESS : forced_status); TEST_EQUAL(status, expected_status); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_decrypt_setup, 1); if (status == PSA_SUCCESS) { PSA_ASSERT(psa_aead_set_nonce(&operation, nonce->x, nonce->len)); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_nonce, forced_status == PSA_SUCCESS ? 1 : 0); PSA_ASSERT(psa_aead_set_lengths(&operation, additional_data->len, input_ciphertext->len)); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_set_lengths, forced_status == PSA_SUCCESS ? 1 : 0); PSA_ASSERT(psa_aead_update_ad(&operation, additional_data->x, additional_data->len)); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update_ad, forced_status == PSA_SUCCESS ? 1 : 0); PSA_ASSERT(psa_aead_update(&operation, input_ciphertext->x, input_ciphertext->len, output_data, output_size, &output_length)); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_update, forced_status == PSA_SUCCESS ? 1 : 0); /* Offset applied to output_data in order to handle cases where verify() * outputs further data */ PSA_ASSERT(psa_aead_verify(&operation, output_data + output_length, output_size - output_length, &verify_output_length, input_tag->x, input_tag->len)); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_verify, forced_status == PSA_SUCCESS ? 1 : 0); /* Since this is a decryption operation, * finish should never be hit */ TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_finish, 0); TEST_EQUAL(mbedtls_test_driver_aead_hooks.hits_abort, forced_status == PSA_SUCCESS ? 1 : 0); ASSERT_COMPARE(expected_result->x, expected_result->len, output_data, output_length + verify_output_length); } exit: PSA_ASSERT(psa_destroy_key(key)); mbedtls_free(output_data); PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, data_t *forced_output, int expected_status_arg, int fut) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t forced_status = forced_status_arg; psa_status_t forced_status_setup = forced_status_setup_arg; psa_status_t expected_status = expected_status_arg; psa_pake_operation_t operation = psa_pake_operation_init(); psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_key_derivation_operation_t implicit_key = PSA_KEY_DERIVATION_OPERATION_INIT; psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; unsigned char *input_buffer = NULL; const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE); unsigned char *output_buffer = NULL; size_t output_len = 0; size_t output_size = PSA_PAKE_OUTPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE); int in_driver = (forced_status_setup_arg == PSA_SUCCESS); ASSERT_ALLOC(input_buffer, PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE)); memset(input_buffer, 0xAA, size_key_share); ASSERT_ALLOC(output_buffer, PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE)); memset(output_buffer, 0x55, output_size); PSA_INIT(); mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); if (pw_data->len > 0) { psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, &key)); } psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); psa_pake_cs_set_primitive(&cipher_suite, primitive); psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; /* Collecting input stage (no driver entry points) */ TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), PSA_SUCCESS); PSA_ASSERT(psa_pake_set_user(&operation, jpake_server_id, sizeof(jpake_server_id))); PSA_ASSERT(psa_pake_set_peer(&operation, jpake_client_id, sizeof(jpake_client_id))); TEST_EQUAL(psa_pake_set_password_key(&operation, key), PSA_SUCCESS); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); /* Computation stage (driver entry points) */ switch (fut) { case 0: /* setup (via input) */ /* --- psa_pake_input (driver: setup, input) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), expected_status); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); break; case 1: /* setup (via output) */ /* --- psa_pake_output (driver: setup, output) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, output_size, &output_len), expected_status); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); break; case 2: /* input */ /* --- psa_pake_input (driver: setup, input, abort) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), expected_status); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.input, in_driver ? 1 : 0); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); break; case 3: /* output */ /* --- psa_pake_output (driver: setup, output, (abort)) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; if (forced_output->len > 0) { mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; } TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, output_size, &output_len), expected_status); if (forced_output->len > 0) { TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 2 : 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); TEST_EQUAL(output_len, forced_output->len); TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); } else { TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); } break; case 4: /* get_implicit_key */ /* Call driver setup indirectly */ TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), PSA_SUCCESS); /* Simulate that we are ready to get implicit key. */ operation.computation_stage.jpake.input_step = PSA_PAKE_STEP_DERIVE; operation.computation_stage.jpake.output_step = PSA_PAKE_STEP_DERIVE; /* --- psa_pake_get_implicit_key --- */ mbedtls_test_driver_pake_hooks.forced_status = forced_status; memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), expected_status); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 2); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.implicit_key, 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); break; case 5: /* abort */ /* Call driver setup indirectly */ TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), PSA_SUCCESS); /* --- psa_pake_abort --- */ mbedtls_test_driver_pake_hooks.forced_status = forced_status; memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_abort(&operation), expected_status); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); break; default: break; } /* Clean up */ mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_SUCCESS; mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS); exit: /* * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ psa_reset_key_attributes(&attributes); mbedtls_free(input_buffer); mbedtls_free(output_buffer); psa_destroy_key(key); mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, int derive_alg_arg, data_t *pw_data, int client_input_first, int in_driver) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t server = psa_pake_operation_init(); psa_pake_operation_t client = psa_pake_operation_init(); psa_algorithm_t alg = alg_arg; psa_algorithm_t hash_alg = hash_arg; psa_algorithm_t derive_alg = derive_alg_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_derivation_operation_t server_derive = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_derivation_operation_t client_derive = PSA_KEY_DERIVATION_OPERATION_INIT; pake_in_driver = in_driver; /* driver setup is called indirectly through pake_output/pake_input */ if (pake_in_driver) { pake_expected_hit_count = 2; } else { pake_expected_hit_count = 1; } PSA_INIT(); mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, &key)); psa_pake_cs_set_algorithm(&cipher_suite, alg); psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); psa_pake_cs_set_hash(&cipher_suite, hash_alg); /* Get shared key */ PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg)); PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg)); if (PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) { PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive, PSA_KEY_DERIVATION_INPUT_SEED, (const uint8_t *) "", 0)); PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive, PSA_KEY_DERIVATION_INPUT_SEED, (const uint8_t *) "", 0)); } if (!pake_in_driver) { mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_ERROR_NOT_SUPPORTED; } PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_password_key(&server, key)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_password_key(&client, key)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); /* First round */ ecjpake_do_round(alg, primitive_arg, &server, &client, client_input_first, 1); /* Second round */ ecjpake_do_round(alg, primitive_arg, &server, &client, client_input_first, 2); /* After the key is obtained operation is aborted. Adapt counter of expected hits. */ if (pake_in_driver) { pake_expected_hit_count++; } PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); /* After the key is obtained operation is aborted. Adapt counter of expected hits. */ if (pake_in_driver) { pake_expected_hit_count++; } PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); exit: psa_key_derivation_abort(&server_derive); psa_key_derivation_abort(&client_derive); psa_destroy_key(key); psa_pake_abort(&server); psa_pake_abort(&client); PSA_DONE(); } /* END_CASE */