diff --git a/crypto/tests/Makefile b/crypto/tests/Makefile index 3315a6eca..2de5ffa7a 100644 --- a/crypto/tests/Makefile +++ b/crypto/tests/Makefile @@ -15,10 +15,12 @@ PYTHON ?= python APPS := \ test_suite_psa_crypto \ + test_suite_psa_crypto_metadata \ # Don't delete this line. # Look up for associated function files func.test_suite_psa_crypto := test_suite_psa_crypto +func.test_suite_psa_crypto_metadata := test_suite_psa_crypto_metadata .SILENT: @@ -52,6 +54,7 @@ clean: rm -rf data_files/ctr_drbg_seed data_files/hmac_drbg_seed data_files/mpi_write test: $(APPS) + ./test_suite_psa_crypto_metadata ./test_suite_psa_crypto # Create separate targets for generating embedded tests. diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 0105f7f2a..62d392017 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -424,9 +424,6 @@ typedef uint32_t psa_key_type_t; */ #define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) \ ((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) -/** Whether a key type is an RSA key (pair or public-only). */ -#define PSA_KEY_TYPE_IS_RSA(type) \ - (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY) /** Raw data. * @@ -483,11 +480,17 @@ typedef uint32_t psa_key_type_t; #define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x60010000) /** RSA key pair (private and public key). */ #define PSA_KEY_TYPE_RSA_KEYPAIR ((psa_key_type_t)0x70010000) +/** Whether a key type is an RSA key (pair or public-only). */ +#define PSA_KEY_TYPE_IS_RSA(type) \ + (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY) /** DSA public key. */ #define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000) /** DSA key pair (private and public key). */ #define PSA_KEY_TYPE_DSA_KEYPAIR ((psa_key_type_t)0x70020000) +/** Whether a key type is an DSA key (pair or public-only). */ +#define PSA_KEY_TYPE_IS_DSA(type) \ + (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY) #define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000) #define PSA_KEY_TYPE_ECC_KEYPAIR_BASE ((psa_key_type_t)0x70030000) @@ -522,7 +525,7 @@ typedef uint16_t psa_ecc_curve_t; * TLS Supported Groups Registry (formerly known as the * TLS EC Named Curve Registry) * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 - * The values are defined by RFC 4492, RFC 7027 and RFC 7919. */ + * The values are defined by RFC 8422 and RFC 7027. */ #define PSA_ECC_CURVE_SECT163K1 ((psa_ecc_curve_t) 0x0001) #define PSA_ECC_CURVE_SECT163R1 ((psa_ecc_curve_t) 0x0002) #define PSA_ECC_CURVE_SECT163R2 ((psa_ecc_curve_t) 0x0003) @@ -553,11 +556,6 @@ typedef uint16_t psa_ecc_curve_t; #define PSA_ECC_CURVE_BRAINPOOL_P512R1 ((psa_ecc_curve_t) 0x001c) #define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d) #define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e) -#define PSA_ECC_CURVE_FFDHE_2048 ((psa_ecc_curve_t) 0x0100) -#define PSA_ECC_CURVE_FFDHE_3072 ((psa_ecc_curve_t) 0x0101) -#define PSA_ECC_CURVE_FFDHE_4096 ((psa_ecc_curve_t) 0x0102) -#define PSA_ECC_CURVE_FFDHE_6144 ((psa_ecc_curve_t) 0x0103) -#define PSA_ECC_CURVE_FFDHE_8192 ((psa_ecc_curve_t) 0x0104) /** The block size of a block cipher. * @@ -741,7 +739,7 @@ typedef uint32_t psa_algorithm_t; #define PSA_ALG_HMAC(hash_alg) \ (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) -#define PSA_ALG_HMAC_HASH(hmac_alg) \ +#define PSA_ALG_HMAC_GET_HASH(hmac_alg) \ (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK)) /** Whether the specified algorithm is an HMAC algorithm. @@ -771,7 +769,7 @@ typedef uint32_t psa_algorithm_t; * This macro may return either 0 or 1 if \p alg is not a supported * algorithm identifier. */ -#define PSA_ALG_IS_CIPHER_MAC(alg) \ +#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \ PSA_ALG_CIPHER_MAC_BASE) @@ -1636,21 +1634,21 @@ typedef struct psa_hash_operation_s psa_hash_operation_t; */ #define PSA_HASH_SIZE(alg) \ ( \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_MD2 ? 16 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_MD4 ? 16 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_MD5 ? 16 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \ 0) /** Start a multipart hash operation. diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index c42375beb..edb240be0 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -58,6 +58,9 @@ * should be the maximum size of a hash supported by the implementation, * in bytes, and must be no smaller than this maximum. */ +/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226, + * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for + * HMAC-SHA3-512. */ #if defined(MBEDTLS_SHA512_C) #define PSA_HASH_MAX_SIZE 64 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 @@ -160,9 +163,9 @@ * with the algorithm. */ #define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \ - (PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_HASH(alg)) : \ + (PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \ PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \ - 0) + ((void)(key_type), (void)(key_bits), 0)) /** The maximum size of the output of psa_aead_encrypt(), in bytes. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 29b7711cd..6fd905c8c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1555,7 +1555,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, #if defined(MBEDTLS_MD_C) if( PSA_ALG_IS_HMAC( alg ) ) { - psa_algorithm_t hash_alg = PSA_ALG_HMAC_HASH( alg ); + psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg ); if( hash_alg == 0 ) { status = PSA_ERROR_NOT_SUPPORTED; @@ -3265,7 +3265,7 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, psa_status_t status; status = psa_hmac_setup_internal( &hkdf->hmac, salt, salt_length, - PSA_ALG_HMAC_HASH( hash_alg ) ); + PSA_ALG_HMAC_GET_HASH( hash_alg ) ); if( status != PSA_SUCCESS ) return( status ); status = psa_hash_update( &hkdf->hmac.hash_ctx, diff --git a/scripts/mbed_crypto.make b/scripts/mbed_crypto.make index f06bdfba2..5da57084d 100644 --- a/scripts/mbed_crypto.make +++ b/scripts/mbed_crypto.make @@ -150,6 +150,8 @@ TEST_FILES := \ tests/suites/target_test.function \ tests/suites/test_suite_psa_crypto.data \ tests/suites/test_suite_psa_crypto.function \ + tests/suites/test_suite_psa_crypto_metadata.data \ + tests/suites/test_suite_psa_crypto_metadata.function \ # Don't delete this line. OTHER_FILES := \ diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data new file mode 100644 index 000000000..c9df6c74e --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -0,0 +1,404 @@ +Hash: MD2 +depends_on:MBEDTLS_MD2_C +hash_algorithm:PSA_ALG_MD2:16 + +Hash: MD4 +depends_on:MBEDTLS_MD4_C +hash_algorithm:PSA_ALG_MD4:16 + +Hash: MD5 +depends_on:MBEDTLS_MD5_C +hash_algorithm:PSA_ALG_MD5:16 + +Hash: RIPEMD160 +depends_on:MBEDTLS_RIPEMD160_C +hash_algorithm:PSA_ALG_RIPEMD160:20 + +Hash: SHA-1 +depends_on:MBEDTLS_SHA1_C +hash_algorithm:PSA_ALG_SHA_1:20 + +Hash: SHA-2 SHA-224 +depends_on:MBEDTLS_SHA256_C +hash_algorithm:PSA_ALG_SHA_224:28 + +Hash: SHA-2 SHA-256 +depends_on:MBEDTLS_SHA256_C +hash_algorithm:PSA_ALG_SHA_256:32 + +Hash: SHA-2 SHA-384 +depends_on:MBEDTLS_SHA512_C +hash_algorithm:PSA_ALG_SHA_384:48 + +Hash: SHA-2 SHA-512 +depends_on:MBEDTLS_SHA512_C +hash_algorithm:PSA_ALG_SHA_512:64 + +Hash: SHA-2 SHA-512/224 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 +hash_algorithm:PSA_ALG_SHA_512_224:28 + +Hash: SHA-2 SHA-512/256 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 +hash_algorithm:PSA_ALG_SHA_512_256:32 + +Hash: SHA-3 SHA3-224 +depends_on:MBEDTLS_SHA3_C +hash_algorithm:PSA_ALG_SHA3_224:28 + +Hash: SHA-3 SHA3-256 +depends_on:MBEDTLS_SHA3_C +hash_algorithm:PSA_ALG_SHA3_256:32 + +Hash: SHA-3 SHA3-384 +depends_on:MBEDTLS_SHA3_C +hash_algorithm:PSA_ALG_SHA3_384:48 + +Hash: SHA-3 SHA3-512 +depends_on:MBEDTLS_SHA3_C +hash_algorithm:PSA_ALG_SHA3_512:64 + +MAC: HMAC-MD2 +depends_on:MBEDTLS_MD2_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):16:64 + +MAC: HMAC-MD4 +depends_on:MBEDTLS_MD4_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD4 ):16:64 + +MAC: HMAC-MD5 +depends_on:MBEDTLS_MD5_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):16:64 + +MAC: HMAC-RIPEMD160 +depends_on:MBEDTLS_RIPEMD160_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_RIPEMD160 ):20:64 + +MAC: HMAC-SHA-1 +depends_on:MBEDTLS_SHA1_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_1 ):20:64 + +MAC: HMAC-SHA-224 +depends_on:MBEDTLS_SHA256_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_224 ):28:64 + +MAC: HMAC-SHA-256 +depends_on:MBEDTLS_SHA256_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_256 ):32:64 + +MAC: HMAC-SHA-384 +depends_on:MBEDTLS_SHA512_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_384 ):48:128 + +MAC: HMAC-SHA-512 +depends_on:MBEDTLS_SHA512_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):64:128 + +MAC: HMAC-SHA-512/224 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):28:128 + +MAC: HMAC-SHA-512/256 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):32:128 + +MAC: HMAC-SHA3-224 +depends_on:MBEDTLS_SHA3_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):28:144 + +MAC: HMAC-SHA3-256 +depends_on:MBEDTLS_SHA3_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):32:136 + +MAC: HMAC-SHA3-384 +depends_on:MBEDTLS_SHA3_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):48:104 + +MAC: HMAC-SHA3-512 +depends_on:MBEDTLS_SHA3_C +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):64:72 + +MAC: CBC_MAC-AES-128 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C +mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 + +MAC: CBC_MAC-AES-192 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C +mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192 + +MAC: CBC_MAC-AES-256 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C +mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256 + +MAC: CBC_MAC-3DES +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_C +mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192 + +MAC: CMAC-AES-128 +depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C +mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 + +MAC: CMAC-AES-192 +depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C +mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192 + +MAC: CMAC-AES-256 +depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C +mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256 + +MAC: CMAC-3DES +depends_on:MBEDTLS_DES_C:MBEDTLS_CMAC_C +mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192 + +MAC: GMAC-AES-128 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 + +MAC: GMAC-AES-192 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192 + +MAC: GMAC-AES-256 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256 + +Cipher: ARC4 +depends_on:MBEDTLS_ARC4_C +cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER + +Cipher: CTR +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CTR +cipher_algorithm:PSA_ALG_CTR:ALG_IS_STREAM_CIPHER + +Cipher: CFB +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CFB +cipher_algorithm:PSA_ALG_CFB:ALG_IS_STREAM_CIPHER + +Cipher: OFB +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_OFB +cipher_algorithm:PSA_ALG_OFB:ALG_IS_STREAM_CIPHER + +Cipher: CBC-nopad +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +cipher_algorithm:PSA_ALG_CBC_NO_PADDING:0 + +Cipher: CBC-PKCS#7 +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +cipher_algorithm:PSA_ALG_CBC_PKCS7:0 + +Cipher: XTS +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_XTS +cipher_algorithm:PSA_ALG_XTS:0 + +AEAD: CCM +depends_on:MBEDTLS_CCM_C +aead_algorithm:PSA_ALG_CCM:0:16 + +AEAD: GCM +depends_on:MBEDTLS_GCM_C +aead_algorithm:PSA_ALG_GCM:0:16 + +Asymmetric signature: RSA PKCS#1 v1.5 raw +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15_SIGN + +Asymmetric signature: RSA PKCS#1 v1.5 SHA-256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN + +Asymmetric signature: RSA PSS SHA-256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C +asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS + +Asymmetric signature: SHA-256 + randomized DSA SHA-256 using SHA-256 +depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C +asymmetric_signature_algorithm:PSA_ALG_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA + +Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 +depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C:MBEDTLS_DSA_DETERMINISTIC +asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC + +Asymmetric signature: randomized ECDSA (no hashing) +depends_on:MBEDTLS_ECDSA_C +asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA + +Asymmetric signature: SHA-256 + randomized ECDSA +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C +asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA + +Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C +asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC + +Asymmetric encryption: RSA PKCS#1 v1.5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +asymmetric_encryption_algorithm:PSA_ALG_RSA_PKCS1V15_CRYPT:0 + +Asymmetric encryption: RSA OAEP using SHA-256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C +asymmetric_encryption_algorithm:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):ALG_IS_RSA_OAEP + +Key derivation: HKDF using SHA-256 +depends_on:MBEDTLS_SHA256_C +key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF + +Key type: raw data +key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED + +Key type: HMAC +key_type:PSA_KEY_TYPE_HMAC:KEY_TYPE_IS_UNSTRUCTURED + +Key type: secret for key derivation +key_type:PSA_KEY_TYPE_DERIVE:KEY_TYPE_IS_UNSTRUCTURED + +Key type: AES +depends_on:MBEDTLS_AES_C +key_type:PSA_KEY_TYPE_AES:KEY_TYPE_IS_UNSTRUCTURED + +Key type: DES +depends_on:MBEDTLS_DES_C +key_type:PSA_KEY_TYPE_DES:KEY_TYPE_IS_UNSTRUCTURED + +Key type: Camellia +depends_on:MBEDTLS_CAMELLIA_C +key_type:PSA_KEY_TYPE_CAMELLIA:KEY_TYPE_IS_UNSTRUCTURED + +Key type: ARC4 +depends_on:MBEDTLS_ARC4_C +key_type:PSA_KEY_TYPE_ARC4:KEY_TYPE_IS_UNSTRUCTURED + +Key type: RSA public key +depends_on:MBEDTLS_RSA_C +key_type:PSA_KEY_TYPE_RSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_RSA + +Key type: RSA key pair +depends_on:MBEDTLS_RSA_C +key_type:PSA_KEY_TYPE_RSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_RSA + +Key type: DSA public key +depends_on:MBEDTLS_DSA_C +key_type:PSA_KEY_TYPE_DSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_DSA + +Key type: DSA key pair +depends_on:MBEDTLS_DSA_C +key_type:PSA_KEY_TYPE_DSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_DSA + +ECC key types: sect163k1 +depends_on:MBEDTLS_ECP_DP_SECT163K1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT163K1:163 + +ECC key types: sect163r1 +depends_on:MBEDTLS_ECP_DP_SECT163R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT163R1:163 + +ECC key types: sect163r2 +depends_on:MBEDTLS_ECP_DP_SECT163R2_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT163R2:163 + +ECC key types: sect193r1 +depends_on:MBEDTLS_ECP_DP_SECT193R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT193R1:193 + +ECC key types: sect193r2 +depends_on:MBEDTLS_ECP_DP_SECT193R2_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT193R2:193 + +ECC key types: sect233k1 +depends_on:MBEDTLS_ECP_DP_SECT233K1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT233K1:233 + +ECC key types: sect233r1 +depends_on:MBEDTLS_ECP_DP_SECT233R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT233R1:233 + +ECC key types: sect239k1 +depends_on:MBEDTLS_ECP_DP_SECT239K1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT239K1:239 + +ECC key types: sect283k1 +depends_on:MBEDTLS_ECP_DP_SECT283K1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT283K1:283 + +ECC key types: sect283r1 +depends_on:MBEDTLS_ECP_DP_SECT283R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT283R1:283 + +ECC key types: sect409k1 +depends_on:MBEDTLS_ECP_DP_SECT409K1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT409K1:409 + +ECC key types: sect409r1 +depends_on:MBEDTLS_ECP_DP_SECT409R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT409R1:409 + +ECC key types: sect571k1 +depends_on:MBEDTLS_ECP_DP_SECT571K1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT571K1:571 + +ECC key types: sect571r1 +depends_on:MBEDTLS_ECP_DP_SECT571R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECT571R1:571 + +ECC key types: secp160k1 +depends_on:MBEDTLS_ECP_DP_SECP160K1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP160K1:160 + +ECC key types: secp160r1 +depends_on:MBEDTLS_ECP_DP_SECP160R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP160R1:160 + +ECC key types: secp160r2 +depends_on:MBEDTLS_ECP_DP_SECP160R2_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP160R2:160 + +ECC key types: secp192k1 +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP192K1:192 + +ECC key types: secp192r1 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP192R1:192 + +ECC key types: secp224k1 +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP224K1:224 + +ECC key types: secp224r1 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP224R1:224 + +ECC key types: secp256k1 +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP256K1:256 + +ECC key types: secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP256R1:256 + +ECC key types: secp384r1 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP384R1:384 + +ECC key types: secp521r1 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_SECP521R1:521 + +ECC key types: Brainpool P256R1 +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P256R1:256 + +ECC key types: Brainpool P384R1 +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P384R1:384 + +ECC key types: Brainpool P512R1 +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P512R1:512 + +ECC key types: Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecc_key_types:PSA_ECC_CURVE_CURVE25519:255 + +ECC key types: Curve448 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecc_key_types:PSA_ECC_CURVE_CURVE448:448 diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function new file mode 100644 index 000000000..ca9d5576a --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -0,0 +1,356 @@ +/* BEGIN_HEADER */ +/* Test macros that provide metadata about algorithms and key types. + * This test suite only contains tests that don't require executing + * code. Other test suites validate macros that require creating a key + * and using it. */ + +#if defined(MBEDTLS_PSA_CRYPTO_SPM) +#include "spm/psa_defs.h" +#endif + +#include "psa/crypto.h" + +/* Flags for algorithm classification macros. There is a flag for every + * algorithm classification macro PSA_ALG_IS_xxx except for the + * category test macros, which are hard-coded in each + * category-specific function. The name of the flag is the name of the + * classification macro without the PSA_ prefix. */ +#define ALG_IS_VENDOR_DEFINED ( 1u << 0 ) +#define ALG_IS_HMAC ( 1u << 1 ) +#define ALG_IS_BLOCK_CIPHER_MAC ( 1u << 2 ) +#define ALG_IS_STREAM_CIPHER ( 1u << 3 ) +#define ALG_IS_RSA_PKCS1V15_SIGN ( 1u << 4 ) +#define ALG_IS_RSA_PSS ( 1u << 5 ) +#define ALG_IS_DSA ( 1u << 6 ) +#define ALG_DSA_IS_DETERMINISTIC ( 1u << 7 ) +#define ALG_IS_DETERMINISTIC_DSA ( 1u << 8 ) +#define ALG_IS_RANDOMIZED_DSA ( 1u << 9 ) +#define ALG_IS_ECDSA ( 1u << 10 ) +#define ALG_ECDSA_IS_DETERMINISTIC ( 1u << 11 ) +#define ALG_IS_DETERMINISTIC_ECDSA ( 1u << 12 ) +#define ALG_IS_RANDOMIZED_ECDSA ( 1u << 13 ) +#define ALG_IS_RSA_OAEP ( 1u << 14 ) +#define ALG_IS_HKDF ( 1u << 15 ) + +/* Flags for key type classification macros. There is a flag for every + * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that + * are tested as derived from other macros. The name of the flag is + * the name of the classification macro without the PSA_ prefix. */ +#define KEY_TYPE_IS_VENDOR_DEFINED ( 1u << 0 ) +#define KEY_TYPE_IS_UNSTRUCTURED ( 1u << 1 ) +#define KEY_TYPE_IS_PUBLIC_KEY ( 1u << 2 ) +#define KEY_TYPE_IS_KEYPAIR ( 1u << 3 ) +#define KEY_TYPE_IS_RSA ( 1u << 4 ) +#define KEY_TYPE_IS_DSA ( 1u << 5 ) +#define KEY_TYPE_IS_ECC ( 1u << 6 ) + +#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \ + TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) ) + +void algorithm_classification( psa_algorithm_t alg, unsigned flags ) +{ + TEST_CLASSIFICATION_MACRO( ALG_IS_VENDOR_DEFINED, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_HMAC, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_BLOCK_CIPHER_MAC, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_STREAM_CIPHER, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PKCS1V15_SIGN, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PSS, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_DSA, alg, flags ); + if ( PSA_ALG_IS_DSA( alg ) ) + TEST_CLASSIFICATION_MACRO( ALG_DSA_IS_DETERMINISTIC, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_DSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_DSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_ECDSA, alg, flags ); + if ( PSA_ALG_IS_ECDSA( alg ) ) + TEST_CLASSIFICATION_MACRO( ALG_ECDSA_IS_DETERMINISTIC, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_ECDSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_ECDSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags ); +exit: ; +} + +void key_type_classification( psa_key_type_t type, unsigned flags ) +{ + /* Macros tested based on the test case parameter */ + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_VENDOR_DEFINED, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_UNSTRUCTURED, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_PUBLIC_KEY, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEYPAIR, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags ); + + /* Macros with derived semantics */ + TEST_ASSERT( PSA_KEY_TYPE_IS_ASYMMETRIC( type ) == + ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) || + PSA_KEY_TYPE_IS_KEYPAIR( type ) ) ); + TEST_ASSERT( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) == + ( PSA_KEY_TYPE_IS_ECC( type ) && + PSA_KEY_TYPE_IS_KEYPAIR( type ) ) ); + TEST_ASSERT( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) == + ( PSA_KEY_TYPE_IS_ECC( type ) && + PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) ); + +exit: ; +} + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_CRYPTO_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void hash_algorithm( int alg_arg, int length_arg ) +{ + psa_algorithm_t alg = alg_arg; + size_t length = length_arg; + psa_algorithm_t hmac_alg = PSA_ALG_HMAC( alg ); + psa_algorithm_t rsa_pkcs1v15_sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN( alg ); + psa_algorithm_t rsa_pss_alg = PSA_ALG_RSA_PSS( alg ); + psa_algorithm_t dsa_alg = PSA_ALG_DSA( alg ); + psa_algorithm_t deterministic_dsa_alg = PSA_ALG_DETERMINISTIC_DSA( alg ); + psa_algorithm_t ecdsa_alg = PSA_ALG_ECDSA( alg ); + psa_algorithm_t deterministic_ecdsa_alg = PSA_ALG_DETERMINISTIC_ECDSA( alg ); + psa_algorithm_t rsa_oaep_alg = PSA_ALG_RSA_OAEP( alg ); + psa_algorithm_t hkdf_alg = PSA_ALG_HKDF( alg ); + + /* Algorithm classification */ + TEST_ASSERT( PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, 0 ); + + /* Dependent algorithms */ + TEST_ASSERT( PSA_ALG_HMAC_GET_HASH( hmac_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( rsa_pkcs1v15_sign_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( rsa_pss_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( dsa_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( deterministic_dsa_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( ecdsa_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( deterministic_ecdsa_alg ) == alg ); + TEST_ASSERT( PSA_ALG_RSA_OAEP_GET_HASH( rsa_oaep_alg ) == alg ); + TEST_ASSERT( PSA_ALG_HKDF_GET_HASH( hkdf_alg ) == alg ); + + /* Hash length */ + TEST_ASSERT( length == PSA_HASH_SIZE( alg ) ); + TEST_ASSERT( length <= PSA_HASH_MAX_SIZE ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mac_algorithm( int alg_arg, int classification_flags, + int length_arg, + int key_type_arg, int key_bits_arg ) +{ + psa_algorithm_t alg = alg_arg; + size_t length = length_arg; + size_t key_type = key_type_arg; + size_t key_bits = key_bits_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); + + /* Length */ + TEST_ASSERT( length == PSA_MAC_FINAL_SIZE( key_type, key_bits, alg ) ); + TEST_ASSERT( length <= PSA_MAC_MAX_SIZE ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void hmac_algorithm( int alg_arg, + int length_arg, + int block_size_arg ) +{ + psa_algorithm_t alg = alg_arg; + psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg ); + size_t block_size = block_size_arg; + + TEST_ASSERT( PSA_ALG_IS_HASH( hash_alg ) ); + TEST_ASSERT( PSA_ALG_HMAC( hash_alg ) == alg ); + + TEST_ASSERT( block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE ); + + test_mac_algorithm( alg_arg, ALG_IS_HMAC, length_arg, + PSA_KEY_TYPE_HMAC, PSA_BYTES_TO_BITS( length_arg ) ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void cipher_algorithm( int alg_arg, int classification_flags ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_algorithm( int alg_arg, int classification_flags, + int tag_length_arg ) +{ + psa_algorithm_t alg = alg_arg; + size_t tag_length = tag_length_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); + + /* Tag length */ + TEST_ASSERT( tag_length == PSA_AEAD_TAG_SIZE( alg ) ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void asymmetric_signature_algorithm( int alg_arg, int classification_flags ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void asymmetric_encryption_algorithm( int alg_arg, int classification_flags ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void key_agreement_algorithm( int alg_arg, int classification_flags ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void key_derivation_algorithm( int alg_arg, int classification_flags ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void key_type( int type_arg, int classification_flags ) +{ + psa_key_type_t type = type_arg; + + key_type_classification( type, classification_flags ); + + /* For asymmetric types, check the corresponding pair/public type */ + if( classification_flags & KEY_TYPE_IS_PUBLIC_KEY ) + { + psa_key_type_t pair_type = PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type ); + TEST_ASSERT( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( pair_type ) == type ); + key_type_classification( pair_type, + ( classification_flags + & ~KEY_TYPE_IS_PUBLIC_KEY ) + | KEY_TYPE_IS_KEYPAIR ); + TEST_ASSERT( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type ) == type ); + } + if( classification_flags & KEY_TYPE_IS_KEYPAIR ) + { + psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type ); + TEST_ASSERT( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( public_type ) == type ); + key_type_classification( public_type, + ( classification_flags + & ~KEY_TYPE_IS_KEYPAIR ) + | KEY_TYPE_IS_PUBLIC_KEY ); + TEST_ASSERT( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type ) == type ); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecc_key_types( int curve_arg, int curve_bits_arg ) +{ + psa_ecc_curve_t curve = curve_arg; + size_t curve_bits = curve_bits_arg; + psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ); + psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEYPAIR( curve ); + + test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY ); + test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEYPAIR ); + + TEST_ASSERT( PSA_KEY_TYPE_GET_CURVE( public_type ) == curve ); + TEST_ASSERT( PSA_KEY_TYPE_GET_CURVE( pair_type ) == curve ); + + /* Validate that the bit size is less than the maximum ECC bit size + * in this implementation. There's no parameter that should be equal + * to curve_bits and can be validated without creating a key. */ + TEST_ASSERT( curve_bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS ); +} +/* END_CASE */