TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
crypto_sec_interface_testsuite.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
10 #include "tfm_api.h"
11 #include "../crypto_tests_common.h"
12 
13 /* List of tests */
14 static void tfm_crypto_test_5001(struct test_result_t *ret);
15 #ifdef TFM_CRYPTO_TEST_ALG_CBC
16 static void tfm_crypto_test_5002(struct test_result_t *ret);
17 #endif /* TFM_CRYPTO_TEST_ALG_CBC */
18 #ifdef TFM_CRYPTO_TEST_ALG_CFB
19 static void tfm_crypto_test_5003(struct test_result_t *ret);
20 #endif /* TFM_CRYPTO_TEST_ALG_CFB */
21 #ifdef TFM_CRYPTO_TEST_ALG_CTR
22 static void tfm_crypto_test_5005(struct test_result_t *ret);
23 #endif /* TFM_CRYPTO_TEST_ALG_CTR */
24 static void tfm_crypto_test_5007(struct test_result_t *ret);
25 static void tfm_crypto_test_5008(struct test_result_t *ret);
26 #ifdef TFM_CRYPTO_TEST_ALG_CFB
27 static void tfm_crypto_test_5009(struct test_result_t *ret);
28 #endif /* TFM_CRYPTO_TEST_ALG_CFB */
29 static void tfm_crypto_test_5010(struct test_result_t *ret);
30 static void tfm_crypto_test_5011(struct test_result_t *ret);
31 static void tfm_crypto_test_5012(struct test_result_t *ret);
32 #ifdef TFM_CRYPTO_TEST_ALG_SHA_512
33 static void tfm_crypto_test_5013(struct test_result_t *ret);
34 static void tfm_crypto_test_5014(struct test_result_t *ret);
35 #endif /* TFM_CRYPTO_TEST_ALG_SHA_512 */
36 static void tfm_crypto_test_5019(struct test_result_t *ret);
37 static void tfm_crypto_test_5020(struct test_result_t *ret);
38 #ifdef TFM_CRYPTO_TEST_ALG_SHA_512
39 static void tfm_crypto_test_5021(struct test_result_t *ret);
40 static void tfm_crypto_test_5022(struct test_result_t *ret);
41 #endif /* TFM_CRYPTO_TEST_ALG_SHA_512 */
42 static void tfm_crypto_test_5024(struct test_result_t *ret);
43 #ifdef TFM_CRYPTO_TEST_ALG_CCM
44 static void tfm_crypto_test_5030(struct test_result_t *ret);
45 #endif /* TFM_CRYPTO_TEST_ALG_CCM */
46 #ifdef TFM_CRYPTO_TEST_ALG_GCM
47 static void tfm_crypto_test_5031(struct test_result_t *ret);
48 #endif /* TFM_CRYPTO_TEST_ALG_GCM */
49 static void tfm_crypto_test_5032(struct test_result_t *ret);
50 static void tfm_crypto_test_5033(struct test_result_t *ret);
51 static void tfm_crypto_test_5034(struct test_result_t *ret);
52 static void tfm_crypto_test_5035(struct test_result_t *ret);
53 #ifdef TFM_CRYPTO_TEST_ALG_CCM
54 static void tfm_crypto_test_5036(struct test_result_t *ret);
55 #endif /* TFM_CRYPTO_TEST_ALG_CCM */
56 static void tfm_crypto_test_5037(struct test_result_t *ret);
57 static void tfm_crypto_test_5038(struct test_result_t *ret);
58 #ifdef TFM_CRYPTO_TEST_HKDF
59 static void tfm_crypto_test_5039(struct test_result_t *ret);
60 #endif /* TFM_CRYPTO_TEST_HKDF */
61 
62 static struct test_t crypto_tests[] = {
63  {&tfm_crypto_test_5001, "TFM_CRYPTO_TEST_5001",
64  "Secure Key management interface", {TEST_PASSED} },
65 #ifdef TFM_CRYPTO_TEST_ALG_CBC
66  {&tfm_crypto_test_5002, "TFM_CRYPTO_TEST_5002",
67  "Secure Symmetric encryption (AES-128-CBC) interface", {TEST_PASSED} },
68 #endif /* TFM_CRYPTO_TEST_ALG_CBC */
69 #ifdef TFM_CRYPTO_TEST_ALG_CFB
70  {&tfm_crypto_test_5003, "TFM_CRYPTO_TEST_5003",
71  "Secure Symmetric encryption (AES-128-CFB) interface", {TEST_PASSED} },
72 #endif /* TFM_CRYPTO_TEST_ALG_CFB */
73 #ifdef TFM_CRYPTO_TEST_ALG_CTR
74  {&tfm_crypto_test_5005, "TFM_CRYPTO_TEST_5005",
75  "Secure Symmetric encryption (AES-128-CTR) interface", {TEST_PASSED} },
76 #endif /* TFM_CRYPTO_TEST_ALG_CTR */
77  {&tfm_crypto_test_5007, "TFM_CRYPTO_TEST_5007",
78  "Secure Symmetric encryption invalid cipher", {TEST_PASSED} },
79  {&tfm_crypto_test_5008, "TFM_CRYPTO_TEST_5008",
80  "Secure Symmetric encryption invalid cipher (AES-152)", {TEST_PASSED} },
81 #ifdef TFM_CRYPTO_TEST_ALG_CFB
82  {&tfm_crypto_test_5009, "TFM_CRYPTO_TEST_5009",
83  "Secure Symmetric encryption invalid cipher (HMAC-128-CFB)", {TEST_PASSED} },
84 #endif /* TFM_CRYPTO_TEST_ALG_CFB */
85  {&tfm_crypto_test_5010, "TFM_CRYPTO_TEST_5010",
86  "Secure Unsupported Hash (SHA-1) interface", {TEST_PASSED} },
87  {&tfm_crypto_test_5011, "TFM_CRYPTO_TEST_5011",
88  "Secure Hash (SHA-224) interface", {TEST_PASSED} },
89  {&tfm_crypto_test_5012, "TFM_CRYPTO_TEST_5012",
90  "Secure Hash (SHA-256) interface", {TEST_PASSED} },
91 #ifdef TFM_CRYPTO_TEST_ALG_SHA_512
92  {&tfm_crypto_test_5013, "TFM_CRYPTO_TEST_5013",
93  "Secure Hash (SHA-384) interface", {TEST_PASSED} },
94  {&tfm_crypto_test_5014, "TFM_CRYPTO_TEST_5014",
95  "Secure Hash (SHA-512) interface", {TEST_PASSED} },
96 #endif /* TFM_CRYPTO_TEST_ALG_SHA_512 */
97  {&tfm_crypto_test_5019, "TFM_CRYPTO_TEST_5019",
98  "Secure Unsupported HMAC (SHA-1) interface", {TEST_PASSED} },
99  {&tfm_crypto_test_5020, "TFM_CRYPTO_TEST_5020",
100  "Secure HMAC (SHA-256) interface", {TEST_PASSED} },
101 #ifdef TFM_CRYPTO_TEST_ALG_SHA_512
102  {&tfm_crypto_test_5021, "TFM_CRYPTO_TEST_5021",
103  "Secure HMAC (SHA-384) interface", {TEST_PASSED} },
104  {&tfm_crypto_test_5022, "TFM_CRYPTO_TEST_5022",
105  "Secure HMAC (SHA-512) interface", {TEST_PASSED} },
106 #endif /* TFM_CRYPTO_TEST_ALG_SHA_512 */
107  {&tfm_crypto_test_5024, "TFM_CRYPTO_TEST_5024",
108  "Secure HMAC with long key (SHA-224) interface", {TEST_PASSED} },
109 #ifdef TFM_CRYPTO_TEST_ALG_CCM
110  {&tfm_crypto_test_5030, "TFM_CRYPTO_TEST_5030",
111  "Secure AEAD (AES-128-CCM) interface", {TEST_PASSED} },
112 #endif /* TFM_CRYPTO_TEST_ALG_CCM */
113 #ifdef TFM_CRYPTO_TEST_ALG_GCM
114  {&tfm_crypto_test_5031, "TFM_CRYPTO_TEST_5031",
115  "Secure AEAD (AES-128-GCM) interface", {TEST_PASSED} },
116 #endif /* TFM_CRYPTO_TEST_ALG_GCM */
117  {&tfm_crypto_test_5032, "TFM_CRYPTO_TEST_5032",
118  "Secure key policy interface", {TEST_PASSED} },
119  {&tfm_crypto_test_5033, "TFM_CRYPTO_TEST_5033",
120  "Secure key policy check permissions", {TEST_PASSED} },
121  {&tfm_crypto_test_5034, "TFM_CRYPTO_TEST_5034",
122  "Secure persistent key interface", {TEST_PASSED} },
123  {&tfm_crypto_test_5035, "TFM_CRYPTO_TEST_5035",
124  "Key access control", {TEST_PASSED} },
125 #ifdef TFM_CRYPTO_TEST_ALG_CCM
126  {&tfm_crypto_test_5036, "TFM_CRYPTO_TEST_6036",
127  "Secure AEAD interface with truncated auth tag (AES-128-CCM-8)",
128  {TEST_PASSED} },
129 #endif /* TFM_CRYPTO_TEST_ALG_CCM */
130  {&tfm_crypto_test_5037, "TFM_CRYPTO_TEST_5037",
131  "Secure TLS 1.2 PRF key derivation", {TEST_PASSED} },
132  {&tfm_crypto_test_5038, "TFM_CRYPTO_TEST_5038",
133  "Secure TLS-1.2 PSK-to-MasterSecret key derivation", {TEST_PASSED} },
134 #ifdef TFM_CRYPTO_TEST_HKDF
135  {&tfm_crypto_test_5039, "TFM_CRYPTO_TEST_5039",
136  "Secure HKDF key derivation", {TEST_PASSED} },
137 #endif /* TFM_CRYPTO_TEST_HKDF */
138 };
139 
141 {
142  uint32_t list_size = (sizeof(crypto_tests) / sizeof(crypto_tests[0]));
143 
144  set_testsuite("Crypto secure interface tests (TFM_CRYPTO_TEST_5XXX)",
145  crypto_tests, list_size, p_test_suite);
146 }
147 
157 static void tfm_crypto_test_5001(struct test_result_t *ret)
158 {
160 }
161 
162 #ifdef TFM_CRYPTO_TEST_ALG_CBC
163 static void tfm_crypto_test_5002(struct test_result_t *ret)
164 {
166 }
167 #endif /* TFM_CRYPTO_TEST_ALG_CBC */
168 
169 #ifdef TFM_CRYPTO_TEST_ALG_CFB
170 static void tfm_crypto_test_5003(struct test_result_t *ret)
171 {
173 }
174 #endif /* TFM_CRYPTO_TEST_ALG_CFB */
175 
176 #ifdef TFM_CRYPTO_TEST_ALG_CTR
177 static void tfm_crypto_test_5005(struct test_result_t *ret)
178 {
180 }
181 #endif /* TFM_CRYPTO_TEST_ALG_CTR */
182 
183 static void tfm_crypto_test_5007(struct test_result_t *ret)
184 {
186  16, ret);
187 }
188 
189 static void tfm_crypto_test_5008(struct test_result_t *ret)
190 {
192 }
193 
194 #ifdef TFM_CRYPTO_TEST_ALG_CFB
195 static void tfm_crypto_test_5009(struct test_result_t *ret)
196 {
197  /* HMAC is not a block cipher */
199 }
200 #endif /* TFM_CRYPTO_TEST_ALG_CFB */
201 
202 static void tfm_crypto_test_5010(struct test_result_t *ret)
203 {
205 }
206 
207 static void tfm_crypto_test_5011(struct test_result_t *ret)
208 {
210 }
211 
212 static void tfm_crypto_test_5012(struct test_result_t *ret)
213 {
215 }
216 
217 #ifdef TFM_CRYPTO_TEST_ALG_SHA_512
218 static void tfm_crypto_test_5013(struct test_result_t *ret)
219 {
221 }
222 
223 static void tfm_crypto_test_5014(struct test_result_t *ret)
224 {
226 }
227 #endif /* TFM_CRYPTO_TEST_ALG_SHA_512 */
228 
229 static void tfm_crypto_test_5019(struct test_result_t *ret)
230 {
232  ret);
233 }
234 
235 static void tfm_crypto_test_5020(struct test_result_t *ret)
236 {
238 }
239 
240 #ifdef TFM_CRYPTO_TEST_ALG_SHA_512
241 static void tfm_crypto_test_5021(struct test_result_t *ret)
242 {
244 }
245 
246 static void tfm_crypto_test_5022(struct test_result_t *ret)
247 {
249 }
250 #endif /* TFM_CRYPTO_TEST_ALG_SHA_512 */
251 
252 static void tfm_crypto_test_5024(struct test_result_t *ret)
253 {
255 }
256 
257 #ifdef TFM_CRYPTO_TEST_ALG_CCM
258 static void tfm_crypto_test_5030(struct test_result_t *ret)
259 {
261 }
262 #endif /* TFM_CRYPTO_TEST_ALG_CCM */
263 
264 #ifdef TFM_CRYPTO_TEST_ALG_GCM
265 static void tfm_crypto_test_5031(struct test_result_t *ret)
266 {
268 }
269 #endif /* TFM_CRYPTO_TEST_ALG_GCM */
270 
271 static void tfm_crypto_test_5032(struct test_result_t *ret)
272 {
274 }
275 
276 static void tfm_crypto_test_5033(struct test_result_t *ret)
277 {
279 }
280 
281 static void tfm_crypto_test_5034(struct test_result_t *ret)
282 {
283  psa_persistent_key_test(1, ret);
284 }
285 
291 static void tfm_crypto_test_5035(struct test_result_t *ret)
292 {
293  psa_status_t status;
294  psa_key_handle_t key_handle;
295  const uint8_t data[] = "THIS IS MY KEY1";
296  psa_key_attributes_t key_attributes = psa_key_attributes_init();
297 
298  /* Set key sage and type */
299  psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_EXPORT);
300  psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
301 
302  status = psa_import_key(&key_attributes, data, sizeof(data),
303  &key_handle);
304  if (status != PSA_SUCCESS) {
305  TEST_FAIL("Failed to import key");
306  return;
307  }
308 
309  /* Attempt to destroy the key handle from the Secure Client 2 partition */
312  &key_handle, sizeof(key_handle));
313  if (status != PSA_ERROR_NOT_PERMITTED) {
314  TEST_FAIL("Should not be able to destroy key from another partition");
315  return;
316  }
317 
318  /* Destroy the key */
319  status = psa_destroy_key(key_handle);
320  if (status != PSA_SUCCESS) {
321  TEST_FAIL("Error destroying a key");
322  }
323  return;
324 }
325 
326 #ifdef TFM_CRYPTO_TEST_ALG_CCM
327 static void tfm_crypto_test_5036(struct test_result_t *ret)
328 {
331 
332  psa_aead_test(PSA_KEY_TYPE_AES, alg, ret);
333 }
334 #endif /* TFM_CRYPTO_TEST_ALG_GCM */
335 
336 static void tfm_crypto_test_5037(struct test_result_t *ret)
337 {
339 }
340 
341 static void tfm_crypto_test_5038(struct test_result_t *ret)
342 {
344 }
345 
346 #ifdef TFM_CRYPTO_TEST_HKDF
347 static void tfm_crypto_test_5039(struct test_result_t *ret)
348 {
350 }
351 #endif /* TFM_CRYPTO_TEST_HKDF */
#define PSA_KEY_USAGE_EXPORT
void psa_unsupported_hash_test(const psa_algorithm_t alg, struct test_result_t *ret)
Tests setup of an unsupported hash algorithm.
void psa_key_interface_test(const psa_key_type_t key_type, struct test_result_t *ret)
Tests the key interfaces with different key types.
psa_status_t tfm_secure_client_2_call_test(int32_t id, const void *arg, size_t arg_len)
Calls the test function with the supplied ID within the execution context of the Secure Client 2 part...
void psa_invalid_cipher_test(const psa_key_type_t key_type, const psa_algorithm_t alg, const size_t key_size, struct test_result_t *ret)
Tests invalid key type and algorithm combinations for block ciphers.
#define PSA_SUCCESS
Definition: crypto_values.h:35
#define TEST_FAIL(info_msg)
enum test_suite_err_t set_testsuite(const char *name, struct test_t *test_list, uint32_t size, struct test_suite_t *p_ts)
Sets test suite parameters.
#define PSA_ALG_GCM
#define PSA_ALG_HMAC(hash_alg)
#define PSA_ALG_SHA_256
void psa_mac_test(const psa_algorithm_t alg, uint8_t use_long_key, struct test_result_t *ret)
Tests different MAC algorithms.
#define PSA_ALG_SHA_512
void psa_invalid_key_length_test(struct test_result_t *ret)
Tests invalid key length.
void psa_persistent_key_test(psa_key_id_t key_id, struct test_result_t *ret)
Tests persistent keys.
#define PSA_ALG_SHA_224
void psa_policy_key_interface_test(struct test_result_t *ret)
Tests the policy key interface.
#define psa_import_key
Definition: crypto_spe.h:57
void psa_cipher_test(const psa_key_type_t key_type, const psa_algorithm_t alg, struct test_result_t *ret)
Run block ciphering tests with different algorithms and key types.
#define PSA_ALG_SHA_384
#define PSA_ALG_CBC_NO_PADDING
#define PSA_ALG_TLS12_PRF(hash_alg)
#define PSA_ALG_CFB
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:90
#define PSA_ERROR_NOT_PERMITTED
Definition: crypto_values.h:65
void psa_aead_test(const psa_key_type_t key_type, const psa_algorithm_t alg, struct test_result_t *ret)
Run AEAD tests with different algorithms and key types.
struct test_result_t ret
void psa_unsupported_mac_test(const psa_key_type_t key_type, const psa_algorithm_t alg, struct test_result_t *ret)
Tests setup of an unsupported MAC algorithm.
#define PSA_KEY_TYPE_AES
void psa_key_derivation_test(psa_algorithm_t deriv_alg, struct test_result_t *ret)
Key derivation test.
_unsigned_integral_type_ psa_key_handle_t
Key handle.
Definition: crypto.h:35
#define PSA_ALG_CTR
#define TFM_SECURE_CLIENT_2_ID_CRYPTO_ACCESS_CTRL
#define PSA_KEY_TYPE_HMAC
#define PSA_ALG_HKDF(hash_alg)
#define TRUNCATED_AUTH_TAG_LEN
The length of truncated authentication tag for AEAD algorithm.
#define psa_destroy_key
Definition: crypto_spe.h:59
#define PSA_ALG_CCM
void psa_hash_test(const psa_algorithm_t alg, struct test_result_t *ret)
Tests different hashing algorithms.
#define PSA_ALG_SHA_1
void register_testsuite_s_crypto_interface(struct test_suite_t *p_test_suite)
void psa_policy_invalid_policy_usage_test(struct test_result_t *ret)
Tests invalid policy usage.
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:43
#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg)
#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length)