mbedtls/tests/suites/test_suite_psa_crypto.function
2018-09-05 12:38:18 +03:00

654 lines
21 KiB
Text
Executable file

/* BEGIN_HEADER */
#include "psa/crypto.h"
#include "mbedtls/md.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void init_deinit()
{
psa_status_t status;
int i;
for( i = 0; i <= 1; i++ )
{
status = psa_crypto_init( );
TEST_ASSERT( status == PSA_SUCCESS );
status = psa_crypto_init( );
TEST_ASSERT( status == PSA_SUCCESS );
mbedtls_psa_crypto_free( );
}
}
/* END_CASE */
/* BEGIN_CASE */
void import( char *hex, int type, int expected_status )
{
int slot = 1;
psa_status_t status;
unsigned char *data = NULL;
size_t data_size;
data = unhexify_alloc( hex, &data_size );
TEST_ASSERT( data != NULL );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
status = psa_import_key( slot, type, data, data_size );
TEST_ASSERT( status == (psa_status_t) expected_status );
if( status == PSA_SUCCESS )
TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
exit:
mbedtls_free( data );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void import_export( char *hex, int type_arg,
int expected_bits,
int export_size_delta,
int expected_export_status,
int canonical_input )
{
int slot = 1;
int slot2 = slot + 1;
psa_key_type_t type = type_arg;
psa_status_t status;
unsigned char *data = NULL;
unsigned char *exported = NULL;
unsigned char *reexported = NULL;
size_t data_size;
size_t export_size;
size_t exported_length;
size_t reexported_length;
psa_key_type_t got_type;
size_t got_bits;
psa_key_policy_t policy = {0};
data = unhexify_alloc( hex, &data_size );
TEST_ASSERT( data != NULL );
export_size = (ssize_t) data_size + export_size_delta;
exported = mbedtls_calloc( 1, export_size );
TEST_ASSERT( exported != NULL );
if( ! canonical_input )
{
reexported = mbedtls_calloc( 1, export_size );
TEST_ASSERT( reexported != NULL );
}
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
PSA_ALG_VENDOR_FLAG );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
/* Import the key */
TEST_ASSERT( psa_import_key( slot, type,
data, data_size ) == PSA_SUCCESS );
/* Test the key information */
TEST_ASSERT( psa_get_key_information( slot,
&got_type, &got_bits ) ==
PSA_SUCCESS );
TEST_ASSERT( got_type == type );
TEST_ASSERT( got_bits == (size_t) expected_bits );
/* Export the key */
status = psa_export_key( slot,
exported, export_size,
&exported_length );
TEST_ASSERT( status == (psa_status_t) expected_export_status );
if( status != PSA_SUCCESS )
goto destroy;
if( canonical_input )
{
TEST_ASSERT( exported_length == data_size );
TEST_ASSERT( memcmp( exported, data, data_size ) == 0 );
}
else
{
TEST_ASSERT( psa_set_key_policy( slot2, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot2, type,
exported, export_size ) ==
PSA_SUCCESS );
TEST_ASSERT( psa_export_key( slot2,
reexported, export_size,
&reexported_length ) ==
PSA_SUCCESS );
TEST_ASSERT( reexported_length == exported_length );
TEST_ASSERT( memcmp( reexported, exported,
exported_length ) == 0 );
}
destroy:
/* Destroy the key */
TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_information(
slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
exit:
mbedtls_free( data );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void hash_finish( int alg_arg, char *input_hex, char *hash_hex )
{
psa_algorithm_t alg = alg_arg;
unsigned char *input = NULL;
size_t input_size;
unsigned char expected_hash[MBEDTLS_MD_MAX_SIZE];
size_t expected_hash_length;
unsigned char actual_hash[MBEDTLS_MD_MAX_SIZE];
size_t actual_hash_length;
psa_hash_operation_t operation;
input = unhexify_alloc( input_hex, &input_size );
TEST_ASSERT( input != NULL );
expected_hash_length = unhexify( expected_hash, hash_hex );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_start( &operation, alg ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_update( &operation,
input, input_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_finish( &operation,
actual_hash, sizeof( actual_hash ),
&actual_hash_length ) == PSA_SUCCESS );
TEST_ASSERT( actual_hash_length == expected_hash_length );
TEST_ASSERT( memcmp( expected_hash, actual_hash,
expected_hash_length ) == 0 );
exit:
mbedtls_free( input );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void hash_verify( int alg_arg, char *input_hex, char *hash_hex )
{
psa_algorithm_t alg = alg_arg;
unsigned char *input = NULL;
size_t input_size;
unsigned char expected_hash[MBEDTLS_MD_MAX_SIZE];
size_t expected_hash_length;
psa_hash_operation_t operation;
input = unhexify_alloc( input_hex, &input_size );
TEST_ASSERT( input != NULL );
expected_hash_length = unhexify( expected_hash, hash_hex );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_start( &operation, alg ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_update( &operation,
input, input_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_hash_verify( &operation,
expected_hash,
expected_hash_length ) == PSA_SUCCESS );
exit:
mbedtls_free( input );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void mac_verify( int key_type_arg, char *key_hex,
int alg_arg, char *iv_hex,
char *input_hex, char *mac_hex )
{
int key_slot = 1;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *key = NULL;
size_t key_size;
unsigned char *iv = NULL;
size_t iv_size;
unsigned char *input = NULL;
size_t input_size;
unsigned char *expected_mac = NULL;
size_t expected_mac_size;
psa_mac_operation_t operation;
psa_key_policy_t policy;
key = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key != NULL );
if( iv_hex[0] != 0 )
{
iv = unhexify_alloc( iv_hex, &iv_size );
TEST_ASSERT( iv != NULL );
}
input = unhexify_alloc( input_hex, &input_size );
TEST_ASSERT( input != NULL );
expected_mac = unhexify_alloc( mac_hex, &expected_mac_size );
TEST_ASSERT( expected_mac != NULL );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg_arg );
TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( key_slot, key_type,
key, key_size ) == PSA_SUCCESS );
// TODO: support IV
TEST_ASSERT( psa_mac_start( &operation, key_slot, alg ) == PSA_SUCCESS );
TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_update( &operation,
input, input_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_mac_verify( &operation,
expected_mac,
expected_mac_size ) == PSA_SUCCESS );
exit:
mbedtls_free( key );
mbedtls_free( iv );
mbedtls_free( input );
mbedtls_free( expected_mac );
psa_destroy_key( key_slot );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void signature_size( int type_arg, int bits, int alg_arg, int expected_size_arg )
{
psa_key_type_t type = type_arg;
psa_algorithm_t alg = alg_arg;
size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(type, bits, alg);
TEST_ASSERT( actual_size == (size_t) expected_size_arg );
exit:
;
}
/* END_CASE */
/* BEGIN_CASE */
void sign_deterministic( int key_type_arg, char *key_hex,
int alg_arg, char *input_hex, char *output_hex )
{
int slot = 1;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *key_data = NULL;
size_t key_size;
size_t key_bits;
unsigned char *input_data = NULL;
size_t input_size;
unsigned char *output_data = NULL;
size_t output_size;
unsigned char *signature = NULL;
size_t signature_size;
size_t signature_length = 0xdeadbeef;
psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
input_data = unhexify_alloc( input_hex, &input_size );
TEST_ASSERT( input_data != NULL );
output_data = unhexify_alloc( output_hex, &output_size );
TEST_ASSERT( output_data != NULL );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg_arg );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_information( slot,
NULL,
&key_bits ) == PSA_SUCCESS );
signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, alg, key_bits );
TEST_ASSERT( signature_size != 0 );
signature = mbedtls_calloc( 1, signature_size );
TEST_ASSERT( signature != NULL );
TEST_ASSERT( psa_asymmetric_sign( slot, alg,
input_data, input_size,
NULL, 0,
signature, signature_size,
&signature_length ) == PSA_SUCCESS );
TEST_ASSERT( signature_length == output_size );
TEST_ASSERT( memcmp( signature, output_data, output_size ) == 0 );
exit:
psa_destroy_key( slot );
mbedtls_free( key_data );
mbedtls_free( input_data );
mbedtls_free( output_data );
mbedtls_free( signature );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void sign_fail( int key_type_arg, char *key_hex,
int alg_arg, char *input_hex,
int signature_size, int expected_status_arg )
{
int slot = 1;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *key_data = NULL;
size_t key_size;
unsigned char *input_data = NULL;
size_t input_size;
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
unsigned char *signature = NULL;
size_t signature_length = 0xdeadbeef;
psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
input_data = unhexify_alloc( input_hex, &input_size );
TEST_ASSERT( input_data != NULL );
signature = mbedtls_calloc( 1, signature_size );
TEST_ASSERT( signature != NULL );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg_arg );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
actual_status = psa_asymmetric_sign( slot, alg,
input_data, input_size,
NULL, 0,
signature, signature_size,
&signature_length );
TEST_ASSERT( actual_status == expected_status );
TEST_ASSERT( signature_length == 0 );
exit:
psa_destroy_key( slot );
mbedtls_free( key_data );
mbedtls_free( input_data );
mbedtls_free( signature );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void key_policy( int usage_arg, int alg_arg )
{
int key_slot = 1;
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
unsigned char key[32] = {0};
psa_key_policy_t policy_set = {0};
psa_key_policy_t policy_get = {0};
memset( key, 0x2a, sizeof( key ) );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init(& policy_set );
psa_key_policy_init(& policy_get );
psa_key_policy_set_usage( &policy_set, usage_arg, alg_arg );
TEST_ASSERT( psa_key_policy_get_usage( &policy_set ) == ( psa_key_usage_t )usage_arg );
TEST_ASSERT( psa_key_policy_get_algorithm( &policy_set) == ( psa_algorithm_t )alg_arg );
TEST_ASSERT( psa_set_key_policy( key_slot, &policy_set ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( key_slot, key_type,
key, sizeof( key ) ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_policy( key_slot, &policy_get ) == PSA_SUCCESS );
TEST_ASSERT( policy_get.usage == policy_set.usage );
TEST_ASSERT( policy_get.alg == policy_set.alg );
exit:
psa_destroy_key( key_slot );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void key_policy_fail( int usage_arg, int alg_arg, int expected_status, char *key_hex )
{
int key_slot = 1;
unsigned char* keypair = NULL;
size_t key_size = 0;
size_t signature_length = 0;
psa_key_policy_t policy = {0};
int actual_status = PSA_SUCCESS;
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, usage_arg, alg_arg );
TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
if( usage_arg & PSA_KEY_USAGE_EXPORT )
{
keypair = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( keypair != NULL );
TEST_ASSERT( psa_import_key( key_slot, PSA_KEY_TYPE_RSA_KEYPAIR,
keypair, key_size ) == PSA_SUCCESS );
actual_status = psa_asymmetric_sign( key_slot,
( psa_algorithm_t )alg_arg, NULL, 0, NULL, 0,
NULL, 0, &signature_length );
}
if( usage_arg & PSA_KEY_USAGE_SIGN )
{
keypair = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( keypair != NULL );
TEST_ASSERT( psa_import_key( key_slot, PSA_KEY_TYPE_RSA_KEYPAIR,
keypair, key_size ) == PSA_SUCCESS );
actual_status = psa_export_key( key_slot, NULL, 0, NULL );
}
TEST_ASSERT( actual_status == expected_status );
exit:
psa_destroy_key( key_slot );
mbedtls_free( keypair );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void key_lifetime( int lifetime_arg )
{
int key_slot = 1;
psa_key_type_t key_type = PSA_ALG_CBC_BASE;
unsigned char key[32] = {0};
psa_key_lifetime_t lifetime_set = (psa_key_lifetime_t) lifetime_arg;
psa_key_lifetime_t lifetime_get;
memset( key, 0x2a, sizeof( key ) );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
TEST_ASSERT( psa_set_key_lifetime( key_slot,
lifetime_set ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( key_slot, key_type,
key, sizeof( key ) ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_lifetime( key_slot,
&lifetime_get ) == PSA_SUCCESS );
TEST_ASSERT( lifetime_get == lifetime_set );
exit:
psa_destroy_key( key_slot );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void key_lifetime_set_fail( int key_slot_arg, int lifetime_arg, int expected_status_arg )
{
int key_slot = 1;
psa_key_lifetime_t lifetime_set = (psa_key_lifetime_t) lifetime_arg;
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
actual_status = psa_set_key_lifetime( key_slot_arg, lifetime_set );
if( actual_status == PSA_SUCCESS )
actual_status = psa_set_key_lifetime( key_slot_arg, lifetime_set );
TEST_ASSERT( expected_status == actual_status );
exit:
psa_destroy_key( key_slot );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void asymmetric_verify( int key_type_arg, char *key_hex,
int alg_arg, char *hash_hex, char *signature_hex )
{
int slot = 1;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *key_data = NULL;
size_t key_size;
unsigned char *hash_data = NULL;
size_t hash_size;
unsigned char *signature_data = NULL;
size_t signature_size;
psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
hash_data = unhexify_alloc( hash_hex, &hash_size );
TEST_ASSERT( hash_data != NULL );
signature_data = unhexify_alloc( signature_hex, &signature_size );
TEST_ASSERT( signature_data != NULL );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg_arg );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_asymmetric_verify( slot, alg,
hash_data, hash_size,
NULL, 0,
signature_data, signature_size ) ==
PSA_SUCCESS );
exit:
psa_destroy_key( slot );
mbedtls_free( key_data );
mbedtls_free( hash_data );
mbedtls_free( signature_data );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void aead_encrypt_decrypt( int key_type_arg, char * key_hex,
int alg_arg, char * input_hex,
char * add_data, int expected_result )
{
int slot = 1;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *key_data = NULL;
size_t key_size;
unsigned char *input_data = NULL;
size_t input_size;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length;
unsigned char *output_data2 = NULL;
size_t output_length2;
uint8_t nonce[16];
size_t nonce_length = 16;
size_t tag_length = 16;
unsigned char *additional_data = NULL;
size_t additional_data_length = 0;
size_t i = 0;
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
input_data = unhexify_alloc( input_hex, &input_size );
TEST_ASSERT( input_data != NULL );
additional_data = unhexify_alloc( add_data, &additional_data_length );
TEST_ASSERT( input_data != NULL );
output_size = input_size + tag_length;
output_data = mbedtls_calloc( 1, output_size );
TEST_ASSERT( output_data != NULL );
if( alg == PSA_ALG_CCM )
{
nonce_length = 12;
}
for( ; i < nonce_length; ++i )
nonce[i] = i;
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_aead_encrypt( slot, alg,
nonce, nonce_length,
additional_data, additional_data_length,
input_data, input_size, output_data,
output_size, &output_length ) == ( psa_status_t )expected_result );
output_data2 = mbedtls_calloc( 1, output_length );
TEST_ASSERT( output_data2 != NULL );
TEST_ASSERT( psa_aead_decrypt( slot, alg,
nonce, nonce_length,
additional_data, additional_data_length,
output_data, output_length - tag_length, output_data2,
output_length, &output_length2 ) == ( psa_status_t )expected_result );
if( expected_result == 0 )
{
TEST_ASSERT( memcmp( input_data, output_data2,
input_size ) == 0 );
}
exit:
psa_destroy_key( slot );
mbedtls_free( key_data );
mbedtls_free( input_data );
mbedtls_free( additional_data );
mbedtls_free( output_data );
mbedtls_psa_crypto_free( );
}
/* END_CASE */