From 44fed61e01486435d7c4e2248739e581fd1dd83e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Aug 2018 18:20:20 +0200 Subject: [PATCH 01/11] Create infrastructure for metadata validation unit tests --- crypto/tests/Makefile | 3 +++ scripts/mbed_crypto.make | 2 ++ .../suites/test_suite_psa_crypto_metadata.data | 0 .../test_suite_psa_crypto_metadata.function | 18 ++++++++++++++++++ 4 files changed, 23 insertions(+) create mode 100644 tests/suites/test_suite_psa_crypto_metadata.data create mode 100644 tests/suites/test_suite_psa_crypto_metadata.function diff --git a/crypto/tests/Makefile b/crypto/tests/Makefile index 3315a6eca..2de5ffa7a 100644 --- a/crypto/tests/Makefile +++ b/crypto/tests/Makefile @@ -15,10 +15,12 @@ PYTHON ?= python APPS := \ test_suite_psa_crypto \ + test_suite_psa_crypto_metadata \ # Don't delete this line. # Look up for associated function files func.test_suite_psa_crypto := test_suite_psa_crypto +func.test_suite_psa_crypto_metadata := test_suite_psa_crypto_metadata .SILENT: @@ -52,6 +54,7 @@ clean: rm -rf data_files/ctr_drbg_seed data_files/hmac_drbg_seed data_files/mpi_write test: $(APPS) + ./test_suite_psa_crypto_metadata ./test_suite_psa_crypto # Create separate targets for generating embedded tests. diff --git a/scripts/mbed_crypto.make b/scripts/mbed_crypto.make index f06bdfba2..5da57084d 100644 --- a/scripts/mbed_crypto.make +++ b/scripts/mbed_crypto.make @@ -150,6 +150,8 @@ TEST_FILES := \ tests/suites/target_test.function \ tests/suites/test_suite_psa_crypto.data \ tests/suites/test_suite_psa_crypto.function \ + tests/suites/test_suite_psa_crypto_metadata.data \ + tests/suites/test_suite_psa_crypto_metadata.function \ # Don't delete this line. OTHER_FILES := \ diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data new file mode 100644 index 000000000..e69de29bb diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function new file mode 100644 index 000000000..51f7a5ef5 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -0,0 +1,18 @@ +/* BEGIN_HEADER */ +/* Test macros that provide metadata about algorithms and key types. + * This test suite only contains tests that don't require executing + * code. Other test suites validate macros that require creating a key + * and using it. */ + +#if defined(MBEDTLS_PSA_CRYPTO_SPM) +#include "spm/psa_defs.h" +#endif + +#include "psa/crypto.h" + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_CRYPTO_C + * END_DEPENDENCIES + */ From 583b55d97d4e263df379aea04be1f18f623caef3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Aug 2018 18:21:32 +0200 Subject: [PATCH 02/11] Add PSA_KEY_TYPE_IS_DSA to go with PSA_KEY_TYPE_IS_RSA Also move PSA_KEY_TYPE_IS_RSA to a more logical location. --- include/psa/crypto.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 1c68304a6..439ca52b2 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -416,9 +416,6 @@ typedef uint32_t psa_key_type_t; */ #define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) \ ((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) -/** Whether a key type is an RSA key (pair or public-only). */ -#define PSA_KEY_TYPE_IS_RSA(type) \ - (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY) /** Raw data. * @@ -475,11 +472,17 @@ typedef uint32_t psa_key_type_t; #define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x60010000) /** RSA key pair (private and public key). */ #define PSA_KEY_TYPE_RSA_KEYPAIR ((psa_key_type_t)0x70010000) +/** Whether a key type is an RSA key (pair or public-only). */ +#define PSA_KEY_TYPE_IS_RSA(type) \ + (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY) /** DSA public key. */ #define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000) /** DSA key pair (private and public key). */ #define PSA_KEY_TYPE_DSA_KEYPAIR ((psa_key_type_t)0x70020000) +/** Whether a key type is an DSA key (pair or public-only). */ +#define PSA_KEY_TYPE_IS_DSA(type) \ + (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY) #define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000) #define PSA_KEY_TYPE_ECC_KEYPAIR_BASE ((psa_key_type_t)0x70030000) From 70ce2c6170a2eb46f56854e520c8ef3de55df82b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Aug 2018 18:21:57 +0200 Subject: [PATCH 03/11] FFDHE groups are not elliptic curves TLS now defines named curves in the "TLS Supported Groups registry", but we're using the encoding only for elliptic curves, so don't include values that aren't named curve. While we're at it, upgrade the reference to the shiny new RFC 8422. --- include/psa/crypto.h | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 439ca52b2..ff299362e 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -517,7 +517,7 @@ typedef uint16_t psa_ecc_curve_t; * TLS Supported Groups Registry (formerly known as the * TLS EC Named Curve Registry) * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 - * The values are defined by RFC 4492, RFC 7027 and RFC 7919. */ + * The values are defined by RFC 8422 and RFC 7027. */ #define PSA_ECC_CURVE_SECT163K1 ((psa_ecc_curve_t) 0x0001) #define PSA_ECC_CURVE_SECT163R1 ((psa_ecc_curve_t) 0x0002) #define PSA_ECC_CURVE_SECT163R2 ((psa_ecc_curve_t) 0x0003) @@ -548,11 +548,6 @@ typedef uint16_t psa_ecc_curve_t; #define PSA_ECC_CURVE_BRAINPOOL_P512R1 ((psa_ecc_curve_t) 0x001c) #define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d) #define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e) -#define PSA_ECC_CURVE_FFDHE_2048 ((psa_ecc_curve_t) 0x0100) -#define PSA_ECC_CURVE_FFDHE_3072 ((psa_ecc_curve_t) 0x0101) -#define PSA_ECC_CURVE_FFDHE_4096 ((psa_ecc_curve_t) 0x0102) -#define PSA_ECC_CURVE_FFDHE_6144 ((psa_ecc_curve_t) 0x0103) -#define PSA_ECC_CURVE_FFDHE_8192 ((psa_ecc_curve_t) 0x0104) /** The block size of a block cipher. * From 9df2dc87ab9b50633345068aba36b9aa71ecda65 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Aug 2018 18:24:17 +0200 Subject: [PATCH 04/11] Fix name of PSA_ALG_IS_BLOCK_CIPHER_MAC The macro was used under the name PSA_ALG_IS_BLOCK_CIPHER_MAC but defined as PSA_ALG_IS_CIPHER_MAC. That wouldn't have worked if we used this macro (we currently don't but it may become useful). --- include/psa/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index ff299362e..ab9bb8e66 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -761,7 +761,7 @@ typedef uint32_t psa_algorithm_t; * This macro may return either 0 or 1 if \p alg is not a supported * algorithm identifier. */ -#define PSA_ALG_IS_CIPHER_MAC(alg) \ +#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \ PSA_ALG_CIPHER_MAC_BASE) From 00709fafb80ea8a8ab3963a0880e5585257d7339 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Aug 2018 18:25:41 +0200 Subject: [PATCH 05/11] Rename PSA_ALG_HMAC_HASH to PSA_ALG_HMAC_GET_HASH Be consistent with other GET_HASH macros. --- include/psa/crypto.h | 32 ++++++++++++++++---------------- include/psa/crypto_sizes.h | 2 +- library/psa_crypto.c | 4 ++-- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index ab9bb8e66..276eb238d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -731,7 +731,7 @@ typedef uint32_t psa_algorithm_t; #define PSA_ALG_HMAC(hash_alg) \ (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) -#define PSA_ALG_HMAC_HASH(hmac_alg) \ +#define PSA_ALG_HMAC_GET_HASH(hmac_alg) \ (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK)) /** Whether the specified algorithm is an HMAC algorithm. @@ -1590,21 +1590,21 @@ typedef struct psa_hash_operation_s psa_hash_operation_t; */ #define PSA_HASH_SIZE(alg) \ ( \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_MD2 ? 16 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_MD4 ? 16 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_MD5 ? 16 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \ - PSA_ALG_HMAC_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \ 0) /** Start a multipart hash operation. diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index c42375beb..988c43f5a 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -160,7 +160,7 @@ * with the algorithm. */ #define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \ - (PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_HASH(alg)) : \ + (PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \ PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \ 0) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 66a6feb3a..91c14bb03 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1549,7 +1549,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, #if defined(MBEDTLS_MD_C) if( PSA_ALG_IS_HMAC( alg ) ) { - psa_algorithm_t hash_alg = PSA_ALG_HMAC_HASH( alg ); + psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg ); if( hash_alg == 0 ) { status = PSA_ERROR_NOT_SUPPORTED; @@ -3253,7 +3253,7 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, psa_status_t status; status = psa_hmac_setup_internal( &hkdf->hmac, salt, salt_length, - PSA_ALG_HMAC_HASH( hash_alg ) ); + PSA_ALG_HMAC_GET_HASH( hash_alg ) ); if( status != PSA_SUCCESS ) return( status ); status = psa_hash_update( &hkdf->hmac.hash_ctx, From 35fe2034c1d6089217bb91f8c4da2f9afbb88d4d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Aug 2018 18:26:02 +0200 Subject: [PATCH 06/11] PSA_MAC_FINAL_SIZE: we don't use key_bits at the moment None of the currently defined MAC algorithms have a MAC size that depends on the key size, so the key_bits parameter is unused. The key_type parameter may be unused on an implementation where there is no block cipher MAC. Declare the key_type and key_bits parameters as used so that callers who define a variable just for this don't risk getting "unused variable" warnings. --- include/psa/crypto_sizes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 988c43f5a..4aa7cd89e 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -162,7 +162,7 @@ #define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \ (PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \ PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \ - 0) + ((void)(key_type), (void)(key_bits), 0)) /** The maximum size of the output of psa_aead_encrypt(), in bytes. * From 17351eb7f26facc20aff5ddf03521961988bfc08 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Aug 2018 18:36:36 +0200 Subject: [PATCH 07/11] Algorithm validation tests For all algorithms, validate feature test macros (PSA_ALG_IS_xxx). For hash algorithms, validate the exact hash size, and validate xxx_GET_HASH macros on dependent algorithms. For MAC algorithms, validate the MAC size. For AEAD algorithms, validate the tag size. There is a separate test case for each HMAC algorithm, which is necessary because each has its own MAC size. For other hash-dependent algorithms, there is no interesting variation to test here, so only one hash gets tested. --- .../test_suite_psa_crypto_metadata.data | 183 ++++++++++++++ .../test_suite_psa_crypto_metadata.function | 232 ++++++++++++++++++ 2 files changed, 415 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index e69de29bb..d1a5986d8 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -0,0 +1,183 @@ +Hash: MD2 +hash_algorithm:PSA_ALG_MD2:16 + +Hash: MD4 +hash_algorithm:PSA_ALG_MD4:16 + +Hash: MD5 +hash_algorithm:PSA_ALG_MD5:16 + +Hash: RIPEMD160 +hash_algorithm:PSA_ALG_RIPEMD160:20 + +Hash: SHA-1 +hash_algorithm:PSA_ALG_SHA_1:20 + +Hash: SHA-2 SHA-224 +hash_algorithm:PSA_ALG_SHA_224:28 + +Hash: SHA-2 SHA-256 +hash_algorithm:PSA_ALG_SHA_256:32 + +Hash: SHA-2 SHA-384 +hash_algorithm:PSA_ALG_SHA_384:48 + +Hash: SHA-2 SHA-512 +hash_algorithm:PSA_ALG_SHA_512:64 + +Hash: SHA-2 SHA-512/224 +hash_algorithm:PSA_ALG_SHA_512_224:28 + +Hash: SHA-2 SHA-512/256 +hash_algorithm:PSA_ALG_SHA_512_256:32 + +Hash: SHA-3 SHA3-224 +hash_algorithm:PSA_ALG_SHA3_224:28 + +Hash: SHA-3 SHA3-256 +hash_algorithm:PSA_ALG_SHA3_256:32 + +Hash: SHA-3 SHA3-384 +hash_algorithm:PSA_ALG_SHA3_384:48 + +Hash: SHA-3 SHA3-512 +hash_algorithm:PSA_ALG_SHA3_512:64 + +MAC: HMAC-MD2 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):ALG_IS_HMAC:16:PSA_KEY_TYPE_HMAC:128 + +MAC: HMAC-MD4 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD4 ):ALG_IS_HMAC:16:PSA_KEY_TYPE_HMAC:128 + +MAC: HMAC-MD5 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):ALG_IS_HMAC:16:PSA_KEY_TYPE_HMAC:128 + +MAC: HMAC-RIPEMD160 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_RIPEMD160 ):ALG_IS_HMAC:20:PSA_KEY_TYPE_HMAC:160 + +MAC: HMAC-SHA-1 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_1 ):ALG_IS_HMAC:20:PSA_KEY_TYPE_HMAC:160 + +MAC: HMAC-SHA-224 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_224 ):ALG_IS_HMAC:28:PSA_KEY_TYPE_HMAC:224 + +MAC: HMAC-SHA-256 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_256 ):ALG_IS_HMAC:32:PSA_KEY_TYPE_HMAC:256 + +MAC: HMAC-SHA-384 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_384 ):ALG_IS_HMAC:48:PSA_KEY_TYPE_HMAC:384 + +MAC: HMAC-SHA-512 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):ALG_IS_HMAC:64:PSA_KEY_TYPE_HMAC:512 + +MAC: HMAC-SHA-512/224 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):ALG_IS_HMAC:28:PSA_KEY_TYPE_HMAC:224 + +MAC: HMAC-SHA-512/256 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):ALG_IS_HMAC:32:PSA_KEY_TYPE_HMAC:256 + +MAC: HMAC-SHA3-224 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):ALG_IS_HMAC:28:PSA_KEY_TYPE_HMAC:224 + +MAC: HMAC-SHA3-256 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):ALG_IS_HMAC:32:PSA_KEY_TYPE_HMAC:256 + +MAC: HMAC-SHA3-384 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):ALG_IS_HMAC:48:PSA_KEY_TYPE_HMAC:384 + +MAC: HMAC-SHA3-512 +mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):ALG_IS_HMAC:64:PSA_KEY_TYPE_HMAC:512 + +MAC: CBC_MAC-AES-128 +mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 + +MAC: CBC_MAC-AES-192 +mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192 + +MAC: CBC_MAC-AES-256 +mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256 + +MAC: CBC_MAC-3DES +mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192 + +MAC: CMAC-AES-128 +mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 + +MAC: CMAC-AES-192 +mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192 + +MAC: CMAC-AES-256 +mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256 + +MAC: CMAC-3DES +mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192 + +MAC: GMAC-AES-128 +mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 + +MAC: GMAC-AES-192 +mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192 + +MAC: GMAC-AES-256 +mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256 + +Cipher: ARC4 +cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER + +Cipher: CTR +cipher_algorithm:PSA_ALG_CTR:ALG_IS_STREAM_CIPHER + +Cipher: CFB +cipher_algorithm:PSA_ALG_CFB:ALG_IS_STREAM_CIPHER + +Cipher: OFB +cipher_algorithm:PSA_ALG_OFB:ALG_IS_STREAM_CIPHER + +Cipher: CBC-nopad +cipher_algorithm:PSA_ALG_CBC_NO_PADDING:0 + +Cipher: CBC-PKCS#7 +cipher_algorithm:PSA_ALG_CBC_PKCS7:0 + +Cipher: XTS +cipher_algorithm:PSA_ALG_XTS:0 + +AEAD: CCM +aead_algorithm:PSA_ALG_CCM:0:16 + +AEAD: GCM +aead_algorithm:PSA_ALG_GCM:0:16 + +Asymmetric signature: RSA PKCS#1 v1.5 raw +asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15_SIGN + +Asymmetric signature: RSA PKCS#1 v1.5 SHA-256 +asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN + +Asymmetric signature: RSA PSS SHA-256 +asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS + +Asymmetric signature: SHA-256 + randomized DSA SHA-256 using SHA-256 +asymmetric_signature_algorithm:PSA_ALG_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA + +Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 +asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC + +Asymmetric signature: randomized ECDSA (no hashing) +asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA + +Asymmetric signature: SHA-256 + randomized ECDSA +asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA + +Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 +asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC + +Asymmetric encryption: RSA PKCS#1 v1.5 +asymmetric_encryption_algorithm:PSA_ALG_RSA_PKCS1V15_CRYPT:0 + +Asymmetric encryption: RSA OAEP using SHA-256 +asymmetric_encryption_algorithm:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):ALG_IS_RSA_OAEP + +Key derivation: HKDF using SHA-256 +key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF + diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 51f7a5ef5..d25aace10 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -10,9 +10,241 @@ #include "psa/crypto.h" +/* Flags for algorithm classification macros. There is a flag for every + * algorithm classification macro PSA_ALG_IS_xxx except for the + * category test macros, which are hard-coded in each + * category-specific function. The name of the flag is the name of the + * classification macro without the PSA_ prefix. */ +#define ALG_IS_VENDOR_DEFINED ( 1u << 0 ) +#define ALG_IS_HMAC ( 1u << 1 ) +#define ALG_IS_BLOCK_CIPHER_MAC ( 1u << 2 ) +#define ALG_IS_STREAM_CIPHER ( 1u << 3 ) +#define ALG_IS_RSA_PKCS1V15_SIGN ( 1u << 4 ) +#define ALG_IS_RSA_PSS ( 1u << 5 ) +#define ALG_IS_DSA ( 1u << 6 ) +#define ALG_DSA_IS_DETERMINISTIC ( 1u << 7 ) +#define ALG_IS_DETERMINISTIC_DSA ( 1u << 8 ) +#define ALG_IS_RANDOMIZED_DSA ( 1u << 9 ) +#define ALG_IS_ECDSA ( 1u << 10 ) +#define ALG_ECDSA_IS_DETERMINISTIC ( 1u << 11 ) +#define ALG_IS_DETERMINISTIC_ECDSA ( 1u << 12 ) +#define ALG_IS_RANDOMIZED_ECDSA ( 1u << 13 ) +#define ALG_IS_RSA_OAEP ( 1u << 14 ) +#define ALG_IS_HKDF ( 1u << 15 ) + +#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \ + TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) ) + +void algorithm_classification( psa_algorithm_t alg, unsigned flags ) +{ + TEST_CLASSIFICATION_MACRO( ALG_IS_VENDOR_DEFINED, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_HMAC, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_BLOCK_CIPHER_MAC, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_STREAM_CIPHER, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PKCS1V15_SIGN, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_PSS, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_DSA, alg, flags ); + if ( PSA_ALG_IS_DSA( alg ) ) + TEST_CLASSIFICATION_MACRO( ALG_DSA_IS_DETERMINISTIC, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_DSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_DSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_ECDSA, alg, flags ); + if ( PSA_ALG_IS_ECDSA( alg ) ) + TEST_CLASSIFICATION_MACRO( ALG_ECDSA_IS_DETERMINISTIC, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_DETERMINISTIC_ECDSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RANDOMIZED_ECDSA, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags ); +exit: ; +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_PSA_CRYPTO_C * END_DEPENDENCIES */ + +/* BEGIN_CASE */ +void hash_algorithm( int alg_arg, int length_arg ) +{ + psa_algorithm_t alg = alg_arg; + size_t length = length_arg; + psa_algorithm_t hmac_alg = PSA_ALG_HMAC( alg ); + psa_algorithm_t rsa_pkcs1v15_sign_alg = PSA_ALG_RSA_PKCS1V15_SIGN( alg ); + psa_algorithm_t rsa_pss_alg = PSA_ALG_RSA_PSS( alg ); + psa_algorithm_t dsa_alg = PSA_ALG_DSA( alg ); + psa_algorithm_t deterministic_dsa_alg = PSA_ALG_DETERMINISTIC_DSA( alg ); + psa_algorithm_t ecdsa_alg = PSA_ALG_ECDSA( alg ); + psa_algorithm_t deterministic_ecdsa_alg = PSA_ALG_DETERMINISTIC_ECDSA( alg ); + psa_algorithm_t rsa_oaep_alg = PSA_ALG_RSA_OAEP( alg ); + psa_algorithm_t hkdf_alg = PSA_ALG_HKDF( alg ); + + /* Algorithm classification */ + TEST_ASSERT( PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, 0 ); + + /* Dependent algorithms */ + TEST_ASSERT( PSA_ALG_HMAC_GET_HASH( hmac_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( rsa_pkcs1v15_sign_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( rsa_pss_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( dsa_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( deterministic_dsa_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( ecdsa_alg ) == alg ); + TEST_ASSERT( PSA_ALG_SIGN_GET_HASH( deterministic_ecdsa_alg ) == alg ); + TEST_ASSERT( PSA_ALG_RSA_OAEP_GET_HASH( rsa_oaep_alg ) == alg ); + TEST_ASSERT( PSA_ALG_HKDF_GET_HASH( hkdf_alg ) == alg ); + + /* Hash length and block size */ + TEST_ASSERT( length == PSA_HASH_SIZE( alg ) ); + TEST_ASSERT( length <= PSA_HASH_MAX_SIZE ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mac_algorithm( int alg_arg, int classification_flags, + int length_arg, + int key_type_arg, int key_bits_arg ) +{ + psa_algorithm_t alg = alg_arg; + size_t length = length_arg; + size_t key_type = key_type_arg; + size_t key_bits = key_bits_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); + + /* Length */ + TEST_ASSERT( length == PSA_MAC_FINAL_SIZE( key_type, key_bits, alg ) ); + TEST_ASSERT( length <= PSA_MAC_MAX_SIZE ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void cipher_algorithm( int alg_arg, int classification_flags ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_algorithm( int alg_arg, int classification_flags, + int tag_length_arg ) +{ + psa_algorithm_t alg = alg_arg; + size_t tag_length = tag_length_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); + + /* Tag length */ + TEST_ASSERT( tag_length == PSA_AEAD_TAG_SIZE( alg ) ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void asymmetric_signature_algorithm( int alg_arg, int classification_flags ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void asymmetric_encryption_algorithm( int alg_arg, int classification_flags ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void key_agreement_algorithm( int alg_arg, int classification_flags ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void key_derivation_algorithm( int alg_arg, int classification_flags ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) ); + algorithm_classification( alg, classification_flags ); +} +/* END_CASE */ + From 49cd3299089843bb16485e938a928393c6c3dfba Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Aug 2018 18:43:09 +0200 Subject: [PATCH 08/11] Key type validation tests For all key types, validate feature test macros (PSA_KEY_TYPE_IS_xxx). For asymmetric keys (public key or key pair), validate the corresponding public/pair type. For ECC keys, validate GET_CURVE. --- .../test_suite_psa_crypto_metadata.data | 122 ++++++++++++++++++ .../test_suite_psa_crypto_metadata.function | 81 ++++++++++++ 2 files changed, 203 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index d1a5986d8..714d094f2 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -181,3 +181,125 @@ asymmetric_encryption_algorithm:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):ALG_IS_RSA_O Key derivation: HKDF using SHA-256 key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF +Key type: raw data +key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED + +Key type: HMAC +key_type:PSA_KEY_TYPE_HMAC:KEY_TYPE_IS_UNSTRUCTURED + +Key type: secret for key derivation +key_type:PSA_KEY_TYPE_DERIVE:KEY_TYPE_IS_UNSTRUCTURED + +Key type: AES +key_type:PSA_KEY_TYPE_AES:KEY_TYPE_IS_UNSTRUCTURED + +Key type: DES +key_type:PSA_KEY_TYPE_DES:KEY_TYPE_IS_UNSTRUCTURED + +Key type: Camellia +key_type:PSA_KEY_TYPE_CAMELLIA:KEY_TYPE_IS_UNSTRUCTURED + +Key type: ARC4 +key_type:PSA_KEY_TYPE_ARC4:KEY_TYPE_IS_UNSTRUCTURED + +Key type: RSA public key +key_type:PSA_KEY_TYPE_RSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_RSA + +Key type: RSA key pair +key_type:PSA_KEY_TYPE_RSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_RSA + +Key type: DSA public key +key_type:PSA_KEY_TYPE_DSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_DSA + +Key type: DSA key pair +key_type:PSA_KEY_TYPE_DSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_DSA + +ECC key types: sect163k1 +ecc_key_types:PSA_ECC_CURVE_SECT163K1 + +ECC key types: sect163r1 +ecc_key_types:PSA_ECC_CURVE_SECT163R1 + +ECC key types: sect163r2 +ecc_key_types:PSA_ECC_CURVE_SECT163R2 + +ECC key types: sect193r1 +ecc_key_types:PSA_ECC_CURVE_SECT193R1 + +ECC key types: sect193r2 +ecc_key_types:PSA_ECC_CURVE_SECT193R2 + +ECC key types: sect233k1 +ecc_key_types:PSA_ECC_CURVE_SECT233K1 + +ECC key types: sect233r1 +ecc_key_types:PSA_ECC_CURVE_SECT233R1 + +ECC key types: sect239k1 +ecc_key_types:PSA_ECC_CURVE_SECT239K1 + +ECC key types: sect283k1 +ecc_key_types:PSA_ECC_CURVE_SECT283K1 + +ECC key types: sect283r1 +ecc_key_types:PSA_ECC_CURVE_SECT283R1 + +ECC key types: sect409k1 +ecc_key_types:PSA_ECC_CURVE_SECT409K1 + +ECC key types: sect409r1 +ecc_key_types:PSA_ECC_CURVE_SECT409R1 + +ECC key types: sect571k1 +ecc_key_types:PSA_ECC_CURVE_SECT571K1 + +ECC key types: sect571r1 +ecc_key_types:PSA_ECC_CURVE_SECT571R1 + +ECC key types: secp160k1 +ecc_key_types:PSA_ECC_CURVE_SECP160K1 + +ECC key types: secp160r1 +ecc_key_types:PSA_ECC_CURVE_SECP160R1 + +ECC key types: secp160r2 +ecc_key_types:PSA_ECC_CURVE_SECP160R2 + +ECC key types: secp192k1 +ecc_key_types:PSA_ECC_CURVE_SECP192K1 + +ECC key types: secp192r1 +ecc_key_types:PSA_ECC_CURVE_SECP192R1 + +ECC key types: secp224k1 +ecc_key_types:PSA_ECC_CURVE_SECP224K1 + +ECC key types: secp224r1 +ecc_key_types:PSA_ECC_CURVE_SECP224R1 + +ECC key types: secp256k1 +ecc_key_types:PSA_ECC_CURVE_SECP256K1 + +ECC key types: secp256r1 +ecc_key_types:PSA_ECC_CURVE_SECP256R1 + +ECC key types: secp384r1 +ecc_key_types:PSA_ECC_CURVE_SECP384R1 + +ECC key types: secp521r1 +ecc_key_types:PSA_ECC_CURVE_SECP521R1 + +ECC key types: Brainpool P256R1 +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P256R1 + +ECC key types: Brainpool P384R1 +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P384R1 + +ECC key types: Brainpool P512R1 +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P512R1 + +ECC key types: Curve25519 +ecc_key_types:PSA_ECC_CURVE_CURVE25519 + +ECC key types: Curve448 +ecc_key_types:PSA_ECC_CURVE_CURVE448 diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index d25aace10..0b8fba075 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -32,6 +32,18 @@ #define ALG_IS_RSA_OAEP ( 1u << 14 ) #define ALG_IS_HKDF ( 1u << 15 ) +/* Flags for key type classification macros. There is a flag for every + * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that + * are tested as derived from other macros. The name of the flag is + * the name of the classification macro without the PSA_ prefix. */ +#define KEY_TYPE_IS_VENDOR_DEFINED ( 1u << 0 ) +#define KEY_TYPE_IS_UNSTRUCTURED ( 1u << 1 ) +#define KEY_TYPE_IS_PUBLIC_KEY ( 1u << 2 ) +#define KEY_TYPE_IS_KEYPAIR ( 1u << 3 ) +#define KEY_TYPE_IS_RSA ( 1u << 4 ) +#define KEY_TYPE_IS_DSA ( 1u << 5 ) +#define KEY_TYPE_IS_ECC ( 1u << 6 ) + #define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \ TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) ) @@ -58,6 +70,30 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags ) exit: ; } +void key_type_classification( psa_key_type_t type, unsigned flags ) +{ + /* Macros tested based on the test case parameter */ + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_VENDOR_DEFINED, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_UNSTRUCTURED, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_PUBLIC_KEY, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEYPAIR, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags ); + + /* Macros with derived semantics */ + TEST_ASSERT( PSA_KEY_TYPE_IS_ASYMMETRIC( type ) == + ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) || + PSA_KEY_TYPE_IS_KEYPAIR( type ) ) ); + TEST_ASSERT( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) == + ( PSA_KEY_TYPE_IS_ECC( type ) && + PSA_KEY_TYPE_IS_KEYPAIR( type ) ) ); + TEST_ASSERT( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) == + ( PSA_KEY_TYPE_IS_ECC( type ) && + PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) ); + +exit: ; +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -248,3 +284,48 @@ void key_derivation_algorithm( int alg_arg, int classification_flags ) } /* END_CASE */ +/* BEGIN_CASE */ +void key_type( int type_arg, int classification_flags ) +{ + psa_key_type_t type = type_arg; + + key_type_classification( type, classification_flags ); + + /* For asymmetric types, check the corresponding pair/public type */ + if( classification_flags & KEY_TYPE_IS_PUBLIC_KEY ) + { + psa_key_type_t pair_type = PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type ); + TEST_ASSERT( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( pair_type ) == type ); + key_type_classification( pair_type, + ( classification_flags + & ~KEY_TYPE_IS_PUBLIC_KEY ) + | KEY_TYPE_IS_KEYPAIR ); + TEST_ASSERT( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type ) == type ); + } + if( classification_flags & KEY_TYPE_IS_KEYPAIR ) + { + psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type ); + TEST_ASSERT( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( public_type ) == type ); + key_type_classification( public_type, + ( classification_flags + & ~KEY_TYPE_IS_KEYPAIR ) + | KEY_TYPE_IS_PUBLIC_KEY ); + TEST_ASSERT( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type ) == type ); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecc_key_types( int curve_arg ) +{ + psa_ecc_curve_t curve = curve_arg; + psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ); + psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEYPAIR( curve ); + + test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY ); + test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEYPAIR ); + + TEST_ASSERT( PSA_KEY_TYPE_GET_CURVE( public_type ) == curve ); + TEST_ASSERT( PSA_KEY_TYPE_GET_CURVE( pair_type ) == curve ); +} +/* END_CASE */ From d9c8260f23527d896945fd73e94775198b6f8e19 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Sep 2018 13:58:36 +0200 Subject: [PATCH 09/11] Add dependencies to metadata validation tests If some algorithms are excluded in the build, it's ok for the corresponding macros not to give the correct results. Therefore the corresponding test cases should depend on the implementation of the algorithm. For example, it's ok for PSA_HASH_MAX_SIZE to be less than PSA_HASH_SIZE(PSA_ALG_SHA_512) if we build without SHA-512 support, and we indeed do this. It's even ok for an implementation to return 0 for PSA_ALG_IS_HASH(PSA_ALG_SHA_512) if it doesn't support SHA-512; we return 1 anyway but the tests are less implementation-specific if we don't enforce it. This commit adds dependencies on symbols that don't exist in Mbed TLS, for algorithms that Mbed TLS doesn't implement. These are: MBEDTLS_SHA512_256 for SHA-512/256, MBEDTLS_SHA3_C for SHA-3, MBEDTLS_DSA_C and MBEDTLS_DSA_DETERMINISTIC for DSA, and MBEDTLS_ECP_DP_xxx_ENABLED for elliptic curves that have a PSA encoding but are not supported in Mbed TLS. --- .../test_suite_psa_crypto_metadata.data | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 714d094f2..552e83160 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -1,184 +1,245 @@ Hash: MD2 +depends_on:MBEDTLS_MD2_C hash_algorithm:PSA_ALG_MD2:16 Hash: MD4 +depends_on:MBEDTLS_MD4_C hash_algorithm:PSA_ALG_MD4:16 Hash: MD5 +depends_on:MBEDTLS_MD5_C hash_algorithm:PSA_ALG_MD5:16 Hash: RIPEMD160 +depends_on:MBEDTLS_RIPEMD160_C hash_algorithm:PSA_ALG_RIPEMD160:20 Hash: SHA-1 +depends_on:MBEDTLS_SHA1_C hash_algorithm:PSA_ALG_SHA_1:20 Hash: SHA-2 SHA-224 +depends_on:MBEDTLS_SHA256_C hash_algorithm:PSA_ALG_SHA_224:28 Hash: SHA-2 SHA-256 +depends_on:MBEDTLS_SHA256_C hash_algorithm:PSA_ALG_SHA_256:32 Hash: SHA-2 SHA-384 +depends_on:MBEDTLS_SHA512_C hash_algorithm:PSA_ALG_SHA_384:48 Hash: SHA-2 SHA-512 +depends_on:MBEDTLS_SHA512_C hash_algorithm:PSA_ALG_SHA_512:64 Hash: SHA-2 SHA-512/224 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 hash_algorithm:PSA_ALG_SHA_512_224:28 Hash: SHA-2 SHA-512/256 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 hash_algorithm:PSA_ALG_SHA_512_256:32 Hash: SHA-3 SHA3-224 +depends_on:MBEDTLS_SHA3_C hash_algorithm:PSA_ALG_SHA3_224:28 Hash: SHA-3 SHA3-256 +depends_on:MBEDTLS_SHA3_C hash_algorithm:PSA_ALG_SHA3_256:32 Hash: SHA-3 SHA3-384 +depends_on:MBEDTLS_SHA3_C hash_algorithm:PSA_ALG_SHA3_384:48 Hash: SHA-3 SHA3-512 +depends_on:MBEDTLS_SHA3_C hash_algorithm:PSA_ALG_SHA3_512:64 MAC: HMAC-MD2 +depends_on:MBEDTLS_MD2_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):ALG_IS_HMAC:16:PSA_KEY_TYPE_HMAC:128 MAC: HMAC-MD4 +depends_on:MBEDTLS_MD4_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD4 ):ALG_IS_HMAC:16:PSA_KEY_TYPE_HMAC:128 MAC: HMAC-MD5 +depends_on:MBEDTLS_MD5_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):ALG_IS_HMAC:16:PSA_KEY_TYPE_HMAC:128 MAC: HMAC-RIPEMD160 +depends_on:MBEDTLS_RIPEMD160_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_RIPEMD160 ):ALG_IS_HMAC:20:PSA_KEY_TYPE_HMAC:160 MAC: HMAC-SHA-1 +depends_on:MBEDTLS_SHA1_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_1 ):ALG_IS_HMAC:20:PSA_KEY_TYPE_HMAC:160 MAC: HMAC-SHA-224 +depends_on:MBEDTLS_SHA256_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_224 ):ALG_IS_HMAC:28:PSA_KEY_TYPE_HMAC:224 MAC: HMAC-SHA-256 +depends_on:MBEDTLS_SHA256_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_256 ):ALG_IS_HMAC:32:PSA_KEY_TYPE_HMAC:256 MAC: HMAC-SHA-384 +depends_on:MBEDTLS_SHA512_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_384 ):ALG_IS_HMAC:48:PSA_KEY_TYPE_HMAC:384 MAC: HMAC-SHA-512 +depends_on:MBEDTLS_SHA512_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):ALG_IS_HMAC:64:PSA_KEY_TYPE_HMAC:512 MAC: HMAC-SHA-512/224 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):ALG_IS_HMAC:28:PSA_KEY_TYPE_HMAC:224 MAC: HMAC-SHA-512/256 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):ALG_IS_HMAC:32:PSA_KEY_TYPE_HMAC:256 MAC: HMAC-SHA3-224 +depends_on:MBEDTLS_SHA3_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):ALG_IS_HMAC:28:PSA_KEY_TYPE_HMAC:224 MAC: HMAC-SHA3-256 +depends_on:MBEDTLS_SHA3_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):ALG_IS_HMAC:32:PSA_KEY_TYPE_HMAC:256 MAC: HMAC-SHA3-384 +depends_on:MBEDTLS_SHA3_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):ALG_IS_HMAC:48:PSA_KEY_TYPE_HMAC:384 MAC: HMAC-SHA3-512 +depends_on:MBEDTLS_SHA3_C mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):ALG_IS_HMAC:64:PSA_KEY_TYPE_HMAC:512 MAC: CBC_MAC-AES-128 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 MAC: CBC_MAC-AES-192 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192 MAC: CBC_MAC-AES-256 +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256 MAC: CBC_MAC-3DES +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_C mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192 MAC: CMAC-AES-128 +depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 MAC: CMAC-AES-192 +depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192 MAC: CMAC-AES-256 +depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256 MAC: CMAC-3DES +depends_on:MBEDTLS_DES_C:MBEDTLS_CMAC_C mac_algorithm:PSA_ALG_CMAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192 MAC: GMAC-AES-128 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 MAC: GMAC-AES-192 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192 MAC: GMAC-AES-256 +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C mac_algorithm:PSA_ALG_GMAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256 Cipher: ARC4 +depends_on:MBEDTLS_ARC4_C cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER Cipher: CTR +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CTR cipher_algorithm:PSA_ALG_CTR:ALG_IS_STREAM_CIPHER Cipher: CFB +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CFB cipher_algorithm:PSA_ALG_CFB:ALG_IS_STREAM_CIPHER Cipher: OFB +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_OFB cipher_algorithm:PSA_ALG_OFB:ALG_IS_STREAM_CIPHER Cipher: CBC-nopad +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC cipher_algorithm:PSA_ALG_CBC_NO_PADDING:0 Cipher: CBC-PKCS#7 +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 cipher_algorithm:PSA_ALG_CBC_PKCS7:0 Cipher: XTS +depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_XTS cipher_algorithm:PSA_ALG_XTS:0 AEAD: CCM +depends_on:MBEDTLS_CCM_C aead_algorithm:PSA_ALG_CCM:0:16 AEAD: GCM +depends_on:MBEDTLS_GCM_C aead_algorithm:PSA_ALG_GCM:0:16 Asymmetric signature: RSA PKCS#1 v1.5 raw +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:ALG_IS_RSA_PKCS1V15_SIGN Asymmetric signature: RSA PKCS#1 v1.5 SHA-256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):ALG_IS_RSA_PKCS1V15_SIGN Asymmetric signature: RSA PSS SHA-256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS Asymmetric signature: SHA-256 + randomized DSA SHA-256 using SHA-256 +depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 +depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C:MBEDTLS_DSA_DETERMINISTIC asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC Asymmetric signature: randomized ECDSA (no hashing) +depends_on:MBEDTLS_ECDSA_C asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA Asymmetric signature: SHA-256 + randomized ECDSA +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC Asymmetric encryption: RSA PKCS#1 v1.5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 asymmetric_encryption_algorithm:PSA_ALG_RSA_PKCS1V15_CRYPT:0 Asymmetric encryption: RSA OAEP using SHA-256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C asymmetric_encryption_algorithm:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):ALG_IS_RSA_OAEP Key derivation: HKDF using SHA-256 +depends_on:MBEDTLS_SHA256_C key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF Key type: raw data @@ -191,115 +252,153 @@ Key type: secret for key derivation key_type:PSA_KEY_TYPE_DERIVE:KEY_TYPE_IS_UNSTRUCTURED Key type: AES +depends_on:MBEDTLS_AES_C key_type:PSA_KEY_TYPE_AES:KEY_TYPE_IS_UNSTRUCTURED Key type: DES +depends_on:MBEDTLS_DES_C key_type:PSA_KEY_TYPE_DES:KEY_TYPE_IS_UNSTRUCTURED Key type: Camellia +depends_on:MBEDTLS_CAMELLIA_C key_type:PSA_KEY_TYPE_CAMELLIA:KEY_TYPE_IS_UNSTRUCTURED Key type: ARC4 +depends_on:MBEDTLS_ARC4_C key_type:PSA_KEY_TYPE_ARC4:KEY_TYPE_IS_UNSTRUCTURED Key type: RSA public key +depends_on:MBEDTLS_RSA_C key_type:PSA_KEY_TYPE_RSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_RSA Key type: RSA key pair +depends_on:MBEDTLS_RSA_C key_type:PSA_KEY_TYPE_RSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_RSA Key type: DSA public key +depends_on:MBEDTLS_DSA_C key_type:PSA_KEY_TYPE_DSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_DSA Key type: DSA key pair +depends_on:MBEDTLS_DSA_C key_type:PSA_KEY_TYPE_DSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_DSA ECC key types: sect163k1 +depends_on:MBEDTLS_ECP_DP_SECT163K1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT163K1 ECC key types: sect163r1 +depends_on:MBEDTLS_ECP_DP_SECT163R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT163R1 ECC key types: sect163r2 +depends_on:MBEDTLS_ECP_DP_SECT163R2_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT163R2 ECC key types: sect193r1 +depends_on:MBEDTLS_ECP_DP_SECT193R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT193R1 ECC key types: sect193r2 +depends_on:MBEDTLS_ECP_DP_SECT193R2_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT193R2 ECC key types: sect233k1 +depends_on:MBEDTLS_ECP_DP_SECT233K1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT233K1 ECC key types: sect233r1 +depends_on:MBEDTLS_ECP_DP_SECT233R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT233R1 ECC key types: sect239k1 +depends_on:MBEDTLS_ECP_DP_SECT239K1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT239K1 ECC key types: sect283k1 +depends_on:MBEDTLS_ECP_DP_SECT283K1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT283K1 ECC key types: sect283r1 +depends_on:MBEDTLS_ECP_DP_SECT283R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT283R1 ECC key types: sect409k1 +depends_on:MBEDTLS_ECP_DP_SECT409K1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT409K1 ECC key types: sect409r1 +depends_on:MBEDTLS_ECP_DP_SECT409R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT409R1 ECC key types: sect571k1 +depends_on:MBEDTLS_ECP_DP_SECT571K1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT571K1 ECC key types: sect571r1 +depends_on:MBEDTLS_ECP_DP_SECT571R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECT571R1 ECC key types: secp160k1 +depends_on:MBEDTLS_ECP_DP_SECP160K1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP160K1 ECC key types: secp160r1 +depends_on:MBEDTLS_ECP_DP_SECP160R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP160R1 ECC key types: secp160r2 +depends_on:MBEDTLS_ECP_DP_SECP160R2_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP160R2 ECC key types: secp192k1 +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP192K1 ECC key types: secp192r1 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP192R1 ECC key types: secp224k1 +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP224K1 ECC key types: secp224r1 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP224R1 ECC key types: secp256k1 +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP256K1 ECC key types: secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP256R1 ECC key types: secp384r1 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP384R1 ECC key types: secp521r1 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecc_key_types:PSA_ECC_CURVE_SECP521R1 ECC key types: Brainpool P256R1 +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P256R1 ECC key types: Brainpool P384R1 +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P384R1 ECC key types: Brainpool P512R1 +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P512R1 ECC key types: Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecc_key_types:PSA_ECC_CURVE_CURVE25519 ECC key types: Curve448 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecc_key_types:PSA_ECC_CURVE_CURVE448 From 3052f53c37a4be1b66fc032cae898097c1f66363 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Sep 2018 14:13:26 +0200 Subject: [PATCH 10/11] Add block sizes to HMAC metadata validation tests --- include/psa/crypto_sizes.h | 3 ++ .../test_suite_psa_crypto_metadata.data | 30 +++++++++---------- .../test_suite_psa_crypto_metadata.function | 21 ++++++++++++- 3 files changed, 38 insertions(+), 16 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 4aa7cd89e..edb240be0 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -58,6 +58,9 @@ * should be the maximum size of a hash supported by the implementation, * in bytes, and must be no smaller than this maximum. */ +/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226, + * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for + * HMAC-SHA3-512. */ #if defined(MBEDTLS_SHA512_C) #define PSA_HASH_MAX_SIZE 64 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 552e83160..ca42d5b9a 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -60,63 +60,63 @@ hash_algorithm:PSA_ALG_SHA3_512:64 MAC: HMAC-MD2 depends_on:MBEDTLS_MD2_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):ALG_IS_HMAC:16:PSA_KEY_TYPE_HMAC:128 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):16:64 MAC: HMAC-MD4 depends_on:MBEDTLS_MD4_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD4 ):ALG_IS_HMAC:16:PSA_KEY_TYPE_HMAC:128 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD4 ):16:64 MAC: HMAC-MD5 depends_on:MBEDTLS_MD5_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):ALG_IS_HMAC:16:PSA_KEY_TYPE_HMAC:128 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):16:64 MAC: HMAC-RIPEMD160 depends_on:MBEDTLS_RIPEMD160_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_RIPEMD160 ):ALG_IS_HMAC:20:PSA_KEY_TYPE_HMAC:160 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_RIPEMD160 ):20:64 MAC: HMAC-SHA-1 depends_on:MBEDTLS_SHA1_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_1 ):ALG_IS_HMAC:20:PSA_KEY_TYPE_HMAC:160 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_1 ):20:64 MAC: HMAC-SHA-224 depends_on:MBEDTLS_SHA256_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_224 ):ALG_IS_HMAC:28:PSA_KEY_TYPE_HMAC:224 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_224 ):28:64 MAC: HMAC-SHA-256 depends_on:MBEDTLS_SHA256_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_256 ):ALG_IS_HMAC:32:PSA_KEY_TYPE_HMAC:256 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_256 ):32:64 MAC: HMAC-SHA-384 depends_on:MBEDTLS_SHA512_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_384 ):ALG_IS_HMAC:48:PSA_KEY_TYPE_HMAC:384 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_384 ):48:128 MAC: HMAC-SHA-512 depends_on:MBEDTLS_SHA512_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):ALG_IS_HMAC:64:PSA_KEY_TYPE_HMAC:512 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):64:128 MAC: HMAC-SHA-512/224 depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):ALG_IS_HMAC:28:PSA_KEY_TYPE_HMAC:224 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):28:128 MAC: HMAC-SHA-512/256 depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):ALG_IS_HMAC:32:PSA_KEY_TYPE_HMAC:256 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):32:128 MAC: HMAC-SHA3-224 depends_on:MBEDTLS_SHA3_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):ALG_IS_HMAC:28:PSA_KEY_TYPE_HMAC:224 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):28:144 MAC: HMAC-SHA3-256 depends_on:MBEDTLS_SHA3_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):ALG_IS_HMAC:32:PSA_KEY_TYPE_HMAC:256 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):32:136 MAC: HMAC-SHA3-384 depends_on:MBEDTLS_SHA3_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):ALG_IS_HMAC:48:PSA_KEY_TYPE_HMAC:384 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):48:104 MAC: HMAC-SHA3-512 depends_on:MBEDTLS_SHA3_C -mac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):ALG_IS_HMAC:64:PSA_KEY_TYPE_HMAC:512 +hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):64:72 MAC: CBC_MAC-AES-128 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 0b8fba075..bbd51717f 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -138,7 +138,7 @@ void hash_algorithm( int alg_arg, int length_arg ) TEST_ASSERT( PSA_ALG_RSA_OAEP_GET_HASH( rsa_oaep_alg ) == alg ); TEST_ASSERT( PSA_ALG_HKDF_GET_HASH( hkdf_alg ) == alg ); - /* Hash length and block size */ + /* Hash length */ TEST_ASSERT( length == PSA_HASH_SIZE( alg ) ); TEST_ASSERT( length <= PSA_HASH_MAX_SIZE ); } @@ -171,6 +171,25 @@ void mac_algorithm( int alg_arg, int classification_flags, } /* END_CASE */ +/* BEGIN_CASE */ +void hmac_algorithm( int alg_arg, + int length_arg, + int block_size_arg ) +{ + psa_algorithm_t alg = alg_arg; + psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg ); + size_t block_size = block_size_arg; + + TEST_ASSERT( PSA_ALG_IS_HASH( hash_alg ) ); + TEST_ASSERT( PSA_ALG_HMAC( hash_alg ) == alg ); + + TEST_ASSERT( block_size <= PSA_HMAC_MAX_HASH_BLOCK_SIZE ); + + test_mac_algorithm( alg_arg, ALG_IS_HMAC, length_arg, + PSA_KEY_TYPE_HMAC, PSA_BYTES_TO_BITS( length_arg ) ); +} +/* END_CASE */ + /* BEGIN_CASE */ void cipher_algorithm( int alg_arg, int classification_flags ) { From fa764b161bdd00e5b244e1be6afc6ef0cf35dbbe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Sep 2018 14:19:57 +0200 Subject: [PATCH 11/11] Add curve sizes to ECC curve metadata validation tests --- .../test_suite_psa_crypto_metadata.data | 60 +++++++++---------- .../test_suite_psa_crypto_metadata.function | 8 ++- 2 files changed, 37 insertions(+), 31 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index ca42d5b9a..c9df6c74e 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -285,120 +285,120 @@ key_type:PSA_KEY_TYPE_DSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_DSA ECC key types: sect163k1 depends_on:MBEDTLS_ECP_DP_SECT163K1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT163K1 +ecc_key_types:PSA_ECC_CURVE_SECT163K1:163 ECC key types: sect163r1 depends_on:MBEDTLS_ECP_DP_SECT163R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT163R1 +ecc_key_types:PSA_ECC_CURVE_SECT163R1:163 ECC key types: sect163r2 depends_on:MBEDTLS_ECP_DP_SECT163R2_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT163R2 +ecc_key_types:PSA_ECC_CURVE_SECT163R2:163 ECC key types: sect193r1 depends_on:MBEDTLS_ECP_DP_SECT193R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT193R1 +ecc_key_types:PSA_ECC_CURVE_SECT193R1:193 ECC key types: sect193r2 depends_on:MBEDTLS_ECP_DP_SECT193R2_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT193R2 +ecc_key_types:PSA_ECC_CURVE_SECT193R2:193 ECC key types: sect233k1 depends_on:MBEDTLS_ECP_DP_SECT233K1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT233K1 +ecc_key_types:PSA_ECC_CURVE_SECT233K1:233 ECC key types: sect233r1 depends_on:MBEDTLS_ECP_DP_SECT233R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT233R1 +ecc_key_types:PSA_ECC_CURVE_SECT233R1:233 ECC key types: sect239k1 depends_on:MBEDTLS_ECP_DP_SECT239K1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT239K1 +ecc_key_types:PSA_ECC_CURVE_SECT239K1:239 ECC key types: sect283k1 depends_on:MBEDTLS_ECP_DP_SECT283K1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT283K1 +ecc_key_types:PSA_ECC_CURVE_SECT283K1:283 ECC key types: sect283r1 depends_on:MBEDTLS_ECP_DP_SECT283R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT283R1 +ecc_key_types:PSA_ECC_CURVE_SECT283R1:283 ECC key types: sect409k1 depends_on:MBEDTLS_ECP_DP_SECT409K1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT409K1 +ecc_key_types:PSA_ECC_CURVE_SECT409K1:409 ECC key types: sect409r1 depends_on:MBEDTLS_ECP_DP_SECT409R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT409R1 +ecc_key_types:PSA_ECC_CURVE_SECT409R1:409 ECC key types: sect571k1 depends_on:MBEDTLS_ECP_DP_SECT571K1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT571K1 +ecc_key_types:PSA_ECC_CURVE_SECT571K1:571 ECC key types: sect571r1 depends_on:MBEDTLS_ECP_DP_SECT571R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECT571R1 +ecc_key_types:PSA_ECC_CURVE_SECT571R1:571 ECC key types: secp160k1 depends_on:MBEDTLS_ECP_DP_SECP160K1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP160K1 +ecc_key_types:PSA_ECC_CURVE_SECP160K1:160 ECC key types: secp160r1 depends_on:MBEDTLS_ECP_DP_SECP160R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP160R1 +ecc_key_types:PSA_ECC_CURVE_SECP160R1:160 ECC key types: secp160r2 depends_on:MBEDTLS_ECP_DP_SECP160R2_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP160R2 +ecc_key_types:PSA_ECC_CURVE_SECP160R2:160 ECC key types: secp192k1 depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP192K1 +ecc_key_types:PSA_ECC_CURVE_SECP192K1:192 ECC key types: secp192r1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP192R1 +ecc_key_types:PSA_ECC_CURVE_SECP192R1:192 ECC key types: secp224k1 depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP224K1 +ecc_key_types:PSA_ECC_CURVE_SECP224K1:224 ECC key types: secp224r1 depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP224R1 +ecc_key_types:PSA_ECC_CURVE_SECP224R1:224 ECC key types: secp256k1 depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP256K1 +ecc_key_types:PSA_ECC_CURVE_SECP256K1:256 ECC key types: secp256r1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP256R1 +ecc_key_types:PSA_ECC_CURVE_SECP256R1:256 ECC key types: secp384r1 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP384R1 +ecc_key_types:PSA_ECC_CURVE_SECP384R1:384 ECC key types: secp521r1 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_SECP521R1 +ecc_key_types:PSA_ECC_CURVE_SECP521R1:521 ECC key types: Brainpool P256R1 depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P256R1 +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P256R1:256 ECC key types: Brainpool P384R1 depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P384R1 +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P384R1:384 ECC key types: Brainpool P512R1 depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P512R1 +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P512R1:512 ECC key types: Curve25519 depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecc_key_types:PSA_ECC_CURVE_CURVE25519 +ecc_key_types:PSA_ECC_CURVE_CURVE25519:255 ECC key types: Curve448 depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecc_key_types:PSA_ECC_CURVE_CURVE448 +ecc_key_types:PSA_ECC_CURVE_CURVE448:448 diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index bbd51717f..ca9d5576a 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -335,9 +335,10 @@ void key_type( int type_arg, int classification_flags ) /* END_CASE */ /* BEGIN_CASE */ -void ecc_key_types( int curve_arg ) +void ecc_key_types( int curve_arg, int curve_bits_arg ) { psa_ecc_curve_t curve = curve_arg; + size_t curve_bits = curve_bits_arg; psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ); psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEYPAIR( curve ); @@ -346,5 +347,10 @@ void ecc_key_types( int curve_arg ) TEST_ASSERT( PSA_KEY_TYPE_GET_CURVE( public_type ) == curve ); TEST_ASSERT( PSA_KEY_TYPE_GET_CURVE( pair_type ) == curve ); + + /* Validate that the bit size is less than the maximum ECC bit size + * in this implementation. There's no parameter that should be equal + * to curve_bits and can be validated without creating a key. */ + TEST_ASSERT( curve_bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS ); } /* END_CASE */