diff --git a/.astyleignore b/.astyleignore
index 4c81f9d5ce9..57f3ee8ef61 100644
--- a/.astyleignore
+++ b/.astyleignore
@@ -24,6 +24,7 @@ components/802.15.4_RF
components/wifi
components/TARGET_PSA/TARGET_TFM
tools
+components/TARGET_PSA/TESTS
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl
components/TARGET_PSA/services/attestation/qcbor
-components/TARGET_PSA/services/attestation/attestation.h
+components/TARGET_PSA/services/attestation/attestation.h
\ No newline at end of file
diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/psa_attestation_testlist.md b/components/TARGET_PSA/TESTS/compliance_attestation/psa_attestation_testlist.md
new file mode 100644
index 00000000000..d8d7f1053e9
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_attestation/psa_attestation_testlist.md
@@ -0,0 +1,22 @@
+# PSA Initial Attestation Testcase checklist
+
+| Test | Return value | API | Test Algorithm | Test Cases |
+|-----------|--------------------------------------|-------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| test_a001 | PSA_ATTEST_ERR_SUCCESS | psa_initial_attest_get_token()
psa_initial_attest_get_token_size() | 1. Provide correct inputs to API with described challenge sizes
2. Expect API to return this define as return value each time
3. Verify the token | 1. Challenge_size = 32
2. Challenge_size = 48
3. Challenge_size = 64 |
+| | PSA_ATTEST_ERR_INVALID_INPUT | psa_initial_attest_get_token()
psa_initial_attest_get_token_size() | 1. Provide described challenge sizes to the API along with other valid parameters
2. Expect API to return this define as return value each time | 1. Challenge_size is zero
2. Invalid challenge size between 0 and 32
3. Invalid challenge size between 32 and 64
4. Challenge_size is greater than MAX_CHALLENGE_SIZE |
+| | PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW | psa_initial_attest_get_token() | 1. Provide described taken size to the API along with other valid parameters
2. Expect API to return this define as return value each time | Pass the token_size which less than actual/required token size |
+| | PSA_ATTEST_ERR_INIT_FAILED | psa_initial_attest_get_token()
psa_initial_attest_get_token_size() | Can't simulate. Test can't generate stimulus where attestation initialisation fails | |
+| | PSA_ATTEST_ERR_CLAIM_UNAVAILABLE | psa_initial_attest_get_token() | Can't simulate. Test can't generate stimulus where claim can unavailable | |
+| | PSA_ATTEST_ERR_GENERAL | psa_initial_attest_get_token()
psa_initial_attest_get_token_size() | Can't simulate. Test can't generate stimulus where unexpected error happened during API operation | |
+
+## Note
+
+1. In verifying the token, only the data type of claims and presence of the mandatory claims are checked and the values of the claims are not checked.
+2. Checks related to token signature validation will be part of future release
+
+# License
+Arm PSA test suite is distributed under Apache v2.0 License.
+
+--------------
+
+*Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.*
diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/main.c b/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/main.c
new file mode 100644
index 00000000000..0c417d3d526
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_a001(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_a001, COMPLIANCE_TEST_ATTESTATION);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_a001.c b/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_a001.c
new file mode 100644
index 00000000000..1f6276da371
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_a001.c
@@ -0,0 +1,105 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_a001.h"
+#include "test_data.h"
+
+client_test_t test_a001_attestation_list[] = {
+ NULL,
+ psa_initial_attestation_get_token_test,
+ psa_initial_attestation_get_token_size_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_initial_attestation_get_token_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ uint32_t i, status, token_size;
+ uint8_t challenge[PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64+1];
+ uint8_t token_buffer[TOKEN_SIZE];
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ memset(challenge, 0x2a, sizeof(challenge));
+ memset(token_buffer, 0, sizeof(token_buffer));
+
+ status = val->attestation_function(VAL_INITIAL_ATTEST_GET_TOKEN_SIZE,
+ check1[i].challenge_size, &token_size);
+ if (status != PSA_SUCCESS)
+ {
+ if (check1[i].challenge_size != PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32 ||
+ check1[i].challenge_size != PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48 ||
+ check1[i].challenge_size != PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64)
+ {
+ token_size = check1[i].token_size;
+ check1[i].challenge_size = check1[i].actual_challenge_size;
+ }
+ else
+ return status;
+ }
+
+ status = val->attestation_function(VAL_INITIAL_ATTEST_GET_TOKEN, challenge,
+ check1[i].challenge_size, token_buffer, &token_size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(1));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Validate the token */
+ status = val->attestation_function(VAL_INITIAL_ATTEST_VERIFY_TOKEN, challenge,
+ check1[i].challenge_size, token_buffer, token_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(2));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_initial_attestation_get_token_size_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ uint32_t i, status, token_size;
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check2[i].test_desc, 0);
+
+ status = val->attestation_function(VAL_INITIAL_ATTEST_GET_TOKEN_SIZE,
+ check2[i].challenge_size, &token_size);
+
+ TEST_ASSERT_EQUAL(status, check2[i].expected_status, TEST_CHECKPOINT_NUM(1));
+
+ if (check2[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ if (token_size < check2[i].challenge_size)
+ {
+ val->print(PRINT_ERROR, "Token size less than challenge size\n", 0);
+ return VAL_STATUS_INSUFFICIENT_SIZE;
+ }
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_a001.h b/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_a001.h
new file mode 100644
index 00000000000..f4e7024ce5c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_a001.h
@@ -0,0 +1,33 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_A001_CLIENT_TESTS_H_
+#define _TEST_A001_CLIENT_TESTS_H_
+
+#include "val_attestation.h"
+#define test_entry CONCAT(test_entry_, a001)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+#define TOKEN_SIZE 512
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_a001_attestation_list[];
+
+int32_t psa_initial_attestation_get_token_test(security_t caller);
+int32_t psa_initial_attestation_get_token_size_test(security_t caller);
+#endif /* _TEST_A001_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_data.h b/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_data.h
new file mode 100644
index 00000000000..bfeba5549ca
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_data.h
@@ -0,0 +1,103 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_attestation.h"
+
+typedef struct {
+ char test_desc[100];
+ uint32_t challenge_size;
+ uint32_t actual_challenge_size;
+ uint32_t token_size;
+ psa_status_t expected_status;
+} test_data;
+
+
+static test_data check1[] = {
+{"Test psa_initial_attestation_get_token with Challenge 32\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32, TOKEN_SIZE, PSA_SUCCESS
+},
+
+{"Test psa_initial_attestation_get_token with Challenge 48\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48, TOKEN_SIZE, PSA_SUCCESS
+},
+
+{"Test psa_initial_attestation_get_token with Challenge 64\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64, TOKEN_SIZE, PSA_SUCCESS
+},
+
+{"Test psa_initial_attestation_get_token with zero challenge size\n",
+ 0, 0, TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+},
+
+{"Test psa_initial_attestation_get_token with small challenge size\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1,
+ TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+},
+
+{"Test psa_initial_attestation_get_token with invalid challenge size\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32+1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32+1,
+ TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+},
+
+{"Test psa_initial_attestation_get_token with large challenge size\n",
+ MAX_CHALLENGE_SIZE+1, MAX_CHALLENGE_SIZE+1, TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+},
+
+{"Test psa_initial_attestation_get_token with zero as token size\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32,
+ 0, PSA_ATTEST_ERR_INVALID_INPUT
+},
+
+{"Test psa_initial_attestation_get_token with small token size\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32,
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW
+},
+};
+
+static test_data check2[] = {
+{"Test psa_initial_attestation_get_token_size with Challenge 32\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32, TOKEN_SIZE, PSA_SUCCESS
+},
+
+{"Test psa_initial_attestation_get_token_size with Challenge 48\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48, TOKEN_SIZE, PSA_SUCCESS
+},
+
+{"Test psa_initial_attestation_get_token_size with Challenge 64\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64, TOKEN_SIZE, PSA_SUCCESS
+},
+
+{"Test psa_initial_attestation_get_token_size with zero challenge size\n",
+ 0, 0,
+ TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+},
+
+{"Test psa_initial_attestation_get_token_size with small challenge size\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32-1,
+ TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+},
+
+{"Test psa_initial_attestation_get_token_size with invalid challenge size\n",
+ PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32+1, PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32+1,
+ TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+},
+
+{"Test psa_initial_attestation_get_token_size with large challenge size\n",
+ MAX_CHALLENGE_SIZE+1, MAX_CHALLENGE_SIZE+1,
+ TOKEN_SIZE, PSA_ATTEST_ERR_INVALID_INPUT
+},
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_entry.c b/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_entry.c
new file mode 100644
index 00000000000..db253b8e131
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_entry.c
@@ -0,0 +1,52 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_a001.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_INITIAL_ATTESTATION_BASE, 1)
+#define TEST_DESC "Testing initial attestation APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_attestation_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_a001_attestation_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/psa_crypto_testlist.md b/components/TARGET_PSA/TESTS/compliance_crypto/psa_crypto_testlist.md
new file mode 100644
index 00000000000..12def99d6c4
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/psa_crypto_testlist.md
@@ -0,0 +1,574 @@
+# PSA Crypto Testcase checklist
+
+
+
+| Group | Test | Function | Scenario | Return Value | Steps | Test Case |
+|------------------------------|-----------|----------------------------|-----------------------------------------------------------------------------------------------------------------------|---------------------------------|------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Basic | test_c001 | psa_crypto_init | Library initialization | PSA_SUCCESS | Calling this function should return SUCCESS | |
+| | | | Applications must call this function before calling any other function in this module. | PSA_SUCCESS | Try calling crypto operations doing a crypto_init should be successful(can be covered as part of other testcase) | |
+| | | | Applications may call this function more than once. Once a call succeeds, subsequent calls are guaranteed to succeed. | PSA_SUCCESS | Try calling multiple crypto init and should return SUCCESS | |
+| | | | Applications must call this function before calling any other function in this module. | PSA_ERROR_BAD_STATE | Try calling crypto operations without doing a crypto_init should return FAILURE | |
+| | | | | | | |
+| Key Management | test_c002 | psa_import_key | Import a key in binary format. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
+| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
+| | | | | | 5. Import the key data into the key slot | 5. 2048 RSA keypair |
+| | | | | | 6. Get basic metadata about a key | 6. DES 64 bit key |
+| | | | | | 7. Export a key in binary format | 7. Triple DES 2-Key |
+| | | | | | 8. Check if original key data matches with the exported data | 8. Triple DES 3-Key |
+| | | | | | | 9. EC Public key |
+| | | | | | | 10. EC keypair |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with incorrect key type | Incorrect key type |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with invalid parameter should return this error | 1. Key data greater than the algorithm size |
+| | | | | | | 2. Incorrect key data size |
+| | | | | | | |
+| | | | | | | |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid key handle should return this error | 1. Invalid key slot 2. Zero key slot |
+| | | | | PSA_ERROR_OCCUPIED_SLOT | Pass the key slot to store data which is already occupied | Already occupied key slot |
+| | test_c003 | psa_export_key | Export a key in binary format | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
+| | | | | | | |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
+| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
+| | | | | | 5. Import the key data into the key slot | 5. 2048 RSA keypair |
+| | | | | | 6. Get basic metadata about a key | 6. DES 64 bit key |
+| | | | | | 7. Export a key in binary format | 7. Triple DES 2-Key |
+| | | | | | 8. Check if original key data matches with the exported data | 8. Triple DES 3-Key |
+| | | | | | | 9. EC Public key |
+| | | | | | | 10. EC keypair |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with buffer size less than required | Less buffer size |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot |
+| | | | | | | 2. Invalid key slot |
+| | | | | PSA_ERROR_BAD_STATE | Calling this function with key policy that cannot be exported | Invalid key policy usage |
+| | | | | PSA_ERROR_EMPTY_SLOT | Calling this function with empty key slot | Empty key slot |
+| | test_c004 | psa_export_public_key | Export a public key or the public part of a key pair in binary format. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 2048 RSA public key |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 2048 RSA keypair |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. EC Public key |
+| | | | | | 4. Set the usage policy on a key slot | 4. EC keypair |
+| | | | | | 5. Import the key data into the key slot | |
+| | | | | | 6. Get basic metadata about a key | |
+| | | | | | 7. Export a key in binary format | |
+| | | | | | 8. Check if original key data matches with the exported data | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
+| | | | | | 4. Set the usage policy on a key slot | 4. DES 64 bit key |
+| | | | | | 5. Import the key data into the key slot | 5. Triple DES 2-Key |
+| | | | | | 6. Get basic metadata about a key | 6. Triple DES 3-Key |
+| | | | | | 7. Export a key in binary format | |
+| | | | | | 8. Check if original key data matches with the exported data | |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with buffer size less than required | Less buffer size |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot |
+| | | | | | | 2. Invalid key slot |
+| | | | | PSA_ERROR_BAD_STATE | Calling this function with key policy that cannot be exported | Invalid key policy usage |
+| | test_c005 | psa_destroy_key | Destroy a key and restore the slot to its default state. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
+| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
+| | | | | | 5. Import the key data into the key slot | 5. 2048 RSA keypair |
+| | | | | | 6. Get basic metadata about a key | 6. DES 64 bit key |
+| | | | | | 7. Destroy a key and restore the slot to its default state | 7. Triple DES 2-Key |
+| | | | | | 8. Check that if the key metadata are destroyed | 8. Triple DES 3-Key |
+| | | | | | | 9. EC Public key |
+| | | | | | | 10. EC keypair |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Invalid key slot |
+| | | | | | | 2. Zero key slot |
+| | | | | | | 3. Empty key slot |
+| | test_c006 | psa_get_key_information | Get basic metadata about a key. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
+| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
+| | | | | | 5. Import the key data into the key slot | 5. 2048 RSA keypair |
+| | | | | | 6. Get basic metadata about a key | 6. DES 64 bit key |
+| | | | | | | 7. Triple DES 2-Key |
+| | | | | | | 8. Triple DES 3-Key |
+| | | | | | | 9. EC Public key |
+| | | | | | | 10. EC keypair |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot |
+| | | | | | | 2. Invalid key slot |
+| | | | | PSA_ERROR_EMPTY_SLOT | Pass the key slot number which has the key type as none | Empty key slot |
+| | NO TEST | psa_key_policy_set_usage | Set the standard fields of a policy structure. | void | Void function. Covered as part of other cases | |
+| | | | | | | |
+| Key Policies | test_c007 | psa_set_key_policy | Set the usage policy on a key slot. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
+| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
+| | | | | | 5. Import the key data into the key slot | 5. 2048 RSA keypair |
+| | | | | | 6. Get the usage policy for a key slot | 6. DES 64 bit key |
+| | | | | | 7. Check if the policy matches the original input | 7. Triple DES 2-Key |
+| | | | | | | 8. Triple DES 3-Key |
+| | | | | | | 9. EC Public key |
+| | | | | | | 10. EC keypair |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Invalid key policy |
+| | | | | | | 2. Zero key slot |
+| | | | | | | 3. Invalid key slot |
+| | | | | PSA_ERROR_OCCUPIED_SLOT | Pass the key slot to store data which is already occupied | Already occupied key slot |
+| | test_c008 | psa_get_key_policy | Get the usage policy for a key slot | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | 2. 24 Byte AES |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte AES |
+| | | | | | 4. Set the usage policy on a key slot | 4. 2048 RSA public key |
+| | | | | | 5. Change the lifetime of a key slot | 5. 2048 RSA keypair |
+| | | | | | 6. Import the key data into the key slot | 6. DES 64 bit key |
+| | | | | | 7. Get the usage policy for a key slot | 7. Triple DES 2-Key |
+| | | | | | 8. Retrieve the usage field of a policy structure | 8. Triple DES 3-Key |
+| | | | | | 9. Retrieve the algorithm field of a policy structure | 9. EC Public key |
+| | | | | | 10. Make sure they match the original value | 10. EC keypair |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid parameter should return this error | 1. Zero key slot |
+| | | | | | | 2. Invalid key slot |
+| | test_c009 | psa_allocate_key | Allocate a key slot for a transient key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Volatile keys |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | |
+| | | | | | 3. Allocate a key slot for a transient key | |
+| | | | | | | |
+| | | | | | | |
+| | | | | | | |
+| | | | | | | |
+| | | | | | | |
+| | | | | PSA_ERROR_INSUFFICIENT_MEMORY | Calling this function with multiple time | |
+| | | | | | | |
+| | | | | | | |
+| | test_c010 | psa_get_key_lifetime | Retrieve the lifetime of a key slot. | PSA_SUCCESS | 1. Initialize the PSA crypto library | Testing only volatile keys as other key types are currently not supported |
+| | | | | | 2. Initialize a key policy structure to a default that forbids all usage of the key | |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | |
+| | | | | | 4. Set the usage policy on a key slot | |
+| | | | | | 5. Change the lifetime of a key slot | |
+| | | | | | 6. Import the key data into the key slot | |
+| | | | | | 7. Get the lifetime of a key slot | |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Zero key slot |
+| | | | | | | 2. Invalid key slot |
+| | | | | | | 3. Empty key slot |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key policy |
+| Message Authentication Codes | test_c011 | psa_hash_start | Start a multipart hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 |
+| | | | | | | 3. MD5 |
+| | | | | | | 4. RIPEMD160 |
+| | | | | | | 5. SHA1 |
+| | | | | | | 6. SHA224 |
+| | | | | | | 7. SHA256 |
+| | | | | | | 8. SHA512 |
+| | | | | | | 9. SHA512_224 |
+| | | | | | | 10. SHA512_256 |
+| | | | | | | 11. SHA3_224 1 |
+| | | | | | | 2. SHA3_256 1 |
+| | | | | | | 3. SHA3_384 1 |
+| | | | | | | 4. SHA3_512 |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function with unsupported algorithm should return error | Invalid hash algorithm |
+| | test_c012 | psa_hash_update | Add a message fragment to a multipart hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 |
+| | | | | | 3. Add a message fragment to a multipart hash operation | 3. MD5 |
+| | | | | | | 4. RIPEMD160 |
+| | | | | | | 5. SHA1 |
+| | | | | | | 6. SHA224 |
+| | | | | | | 7. SHA256 |
+| | | | | | | 8. SHA384 |
+| | | | | | | 9. SHA512 |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function without calling the psa_hash_start() should return error | Inactive operation handle |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with completed operation handle should return error | Completed operation handle |
+| | test_c013 | psa_hash_verify | Finish the calculation of the hash of a message and compare it with an expected value. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 |
+| | | | | | 3. Add a message fragment to a multipart hash operation | 3. MD5 |
+| | | | | | 4. Finish the calculation of the hash of a message and compare it with an expected value | 4. RIPEMD160 |
+| | | | | | | 5. SHA1 |
+| | | | | | | 6. SHA224 |
+| | | | | | | 7. SHA256 |
+| | | | | | | 8. SHA384 |
+| | | | | | | 9. SHA512 |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with inactive operation handle should return error | Inactive operation handle |
+| | | | | PSA_ERROR_INVALID_SIGNATURE | Calling this function with incorrect expected value should return error | 1. Incorrect expected hash value |
+| | | | | | | 2. Incorrect expected hash length |
+| | test_c014 | psa_hash_finish | Finish the calculation of the hash of a message. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 |
+| | | | | | 3. Add a message fragment to a multipart hash operation | 3. MD5 |
+| | | | | | 4. Finish the calculation of the hash of a message | 4. RIPEMD160 |
+| | | | | | 5. Compare it with the expected value | 5. SHA1 |
+| | | | | | | 6. SHA224 |
+| | | | | | | 7. SHA256 |
+| | | | | | | 8. SHA384 |
+| | | | | | | 9. SHA512 |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with an inactive operation handle should return error | Inactive operation handle |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | Calling this function with a hash buffer whose size is less than the algorithm output should return error | Buffer size less than required |
+| | test_c015 | psa_hash_abort | Abort a hash operation. | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. MD2 |
+| | | | | | 2. Start a multipart hash operation | 2. MD4 |
+| | | | | | 3. Abort a hash operation | 3. MD5 |
+| | | | | | | 4. RIPEMD160 |
+| | | | | | | 5. SHA1 |
+| | | | | | | 6. SHA224 |
+| | | | | | | 7. SHA256 |
+| | | | | | | 8. SHA384 |
+| | | | | | | 9. SHA512 |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling psa_hash_finish after calling psa_hash_abort should return error | |
+| Generator | test_c016 | psa_generate_key | Generate a key or key pair | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. AES |
+| | | | | | 2. Initialize a key policy structure | 2. DES |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. ECC |
+| | | | | | 4. Set the usage policy on a key slot | 4. RSA |
+| | | | | | 5. Generate a key or key pair | |
+| | | | | | 6. Get basic metadata about a key | |
+| | | | | | 7. Check if key type and key length matches | |
+| | | | | | 8. Export a key in binary format | |
+| | | | | | 9. Check if the metadata matches | |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid key slot should return this error | Invalid key slot |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with zero as key slot should return this error | Zero as key slot |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with Null extra and Non-Zero extra size should return this error | Null extra and Non-Zero extra size |
+| | | | | PSA_ERROR_OCCUPIED_SLOT | Calling this function with pre-occupied key slot should return this error | Pre-occupied key slot |
+| | | | | PSA_ERROR_NOT_SUPPORTED | Calling this function to generate only public key should return this error | Key type as public key |
+| | test_c017 | psa_generate_random | Generate random bytes | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte data |
+| | | | | | 2. Generate random bytes | 2. 24 Byte data |
+| | | | | | 3. Check that if generated data are Non-Zero | 3. 32 Byte data |
+| | | | | | | 4. 64 Byte data |
+| | | | | | | 5. 128 Byte data |
+| | | | | | | 6. 256 Byte data |
+| | | | | | | 7. 512 Byte data |
+| | | | | | | 8. 1000 Byte data |
+| | | | | | | 9. 1024 Byte data |
+| | test_c018 | psa_generator_read | Read some data from a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte key |
+| | | | | | 2. Initialize a key policy structure | 2. 32 Byte key |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 8 Byte Key |
+| | | | | | 4. Set the usage policy on a key slot | 4. SHA 256 |
+| | | | | | 5. Import the key data into the key slot | 5. SHA 512 |
+| | | | | | 6. Set up a key derivation operation | 6. SHA 1 |
+| | | | | | 7. Generate random bytes | 7. Output size less than generator capacity |
+| | | | | | 8. Check that if generated data are non-zero | 8. Output size equal to generator capacity |
+| | | | | | 9. Generate random bytes for remaining capacity | 9. Request maximum capacity |
+| | | | | | 10. Check that if generated data are non-zero | |
+| | | | | | 11. Generate random bytes and check that it fails | |
+| | | | | PSA_ERROR_INSUFFICIENT_CAPACITY | Calling this function with output size greater than the current capacity should return this error | output size greater than the current capacity |
+| | | | | PSA_ERROR_INSUFFICIENT_CAPACITY | Calling this function with capacity greater than the allowed capacity should return this error | request maximum capacity +1 |
+| | test_c019 | psa_generator_get_capacity | Retrieve the current capacity of a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Output size less than generator capacity |
+| | | | | | 2. Initialize a key policy structure | 2. Output size equal to generator capacity |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | |
+| | | | | | 4. Set the usage policy on a key slot | |
+| | | | | | 5. Import the key data into the key slot | |
+| | | | | | 6. Set up a key derivation operation | |
+| | | | | | 7. Retrieve the current capacity of a generator | |
+| | | | | | 8. Check that it is equal to the input capacity | |
+| | | | | | 9. Generate random bytes | |
+| | | | | | 10. Retrieve the current capacity of a generator | |
+| | | | | | 11. Check that it is equal to the remaining capacity | |
+| | test_c020 | psa_generator_import_key | Create a symmetric key from data read from a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte AES |
+| | | | | | 2. Initialize a key policy structure | 2. 32 Byte AES |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | |
+| | | | | | 4. Set the usage policy on a key slot | |
+| | | | | | 5. Import the key data into the key slot | |
+| | | | | | 6. Set up a key derivation operation | |
+| | | | | | 7. Initialize a key policy structure for new slot | |
+| | | | | | 8. Set the standard fields of a policy structure | |
+| | | | | | 9. Set the usage policy on a new key slot | |
+| | | | | | 10. Create a symmetric key from data read from a generator | |
+| | | | | | 11. Export a key in binary format | |
+| | | | | | 12. Check that length of the key matches | |
+| | | | | | 13. Check that the key is non-zero | |
+| | | | | | 14. Initialize a key policy structure for new slot | |
+| | | | | | 15. Set the standard fields of a policy structure | |
+| | | | | | 16. Set the usage policy on a new key slot | |
+| | | | | | 17. Create a symmetric key from data read from a generator for the remaining size | |
+| | | | | | 18. Export a key in binary format | |
+| | | | | | 19. Check that length of the key matches | |
+| | | | | | 20. Check that the key is non-zero | |
+| | | | | | 21. Initialize a key policy structure for new slot | |
+| | | | | | 22. Set the standard fields of a policy structure | |
+| | | | | | 23. Set the usage policy on a new key slot | |
+| | | | | | 24. Create a symmetric key from data read from a generator for the some size | |
+| | | | | | Check that it fails | |
+| | | | | PSA_ERROR_INSUFFICIENT_CAPACITY | Calling this function with output greater than capacity should return this error | Output greater than capacity |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | Calling this function with public key algorithm should return this error | 1. RSA public key 2.Invalid key size |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this function with invalid arguments should return this error | 1. Invalid key slot |
+| | | | | | | 2. Zero as key slot |
+| | | | | | | |
+| | | | | PSA_ERROR_OCCUPIED_SLOT | Calling this function with already occupied key slot should return this error | Pre-occupied key slot |
+| | test_c021 | psa_generator_abort | Abort a generator | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Abort |
+| | | | | | 2. Initialize a key policy structure | 2. Multiple |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. Calling generator functions after abort should fail |
+| | | | | | 4. Set the usage policy on a key slot | |
+| | | | | | 5. Import the key data into the key slot | |
+| | | | | | 6. Set the key for a multipart symmetric encryption/decryption operation | |
+| | | | | | 7. Abort a cipher operation | |
+| | | | | | 8. Multiple abort cipher operation should return success | |
+| Key derivation | test_c022 | psa_key_derivation | Set up a key derivation operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 16 Byte data with SHA-256 |
+| | | | | | 2. Initialize a key policy structure | 2. 32 byte data with SHA-512 |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. 32 Byte data with MD-5 |
+| | | | | | 4. Import the key data into the key slot | 4. Salt and label provided as input |
+| | | | | | 5. Set up a key derivation operation | |
+| | | | | | 6. Retrieve the current capacity of a generator | |
+| | | | | | 7. Make sure that the capacity is same as input capacity | |
+| | | | | PSA_INVALID_ARGUMENT | Calling this function with invalid argument should return this error | 1. Invalid algorithm 2. Unsupported generator capacity |
+| | | | | | | 3. Unsupported key type |
+| | | | | PSA_ERROR_INVALID_HANDLE | Calling this functoin wih incorrect key handle | 1. Invalid key handle 2. Zero as key slot |
+| | | | | PSA_ERROR_EMPTY_SLOT | Calling this function with empty key slot should return this error | Empty key slot |
+| Key policies | test_c023 | psa_key_policy_get_usage | Retrieve the usage field of a policy structure | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. Encrypt |
+| | | | | | 2. Initialize a key policy structure | 2. Decrypt |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. Export |
+| | | | | | 4. Retrieve the usage field of a policy structure | 4. Sign |
+| | | | | | 5. Check that usage is same as input | 5. Verify |
+| | | | | | | 6. Derive |
+| AEAD | test_c024 | psa_aead_encrypt | Process an authenticated encryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. CCM - 16B AES - Nounce and additional data |
+| | | | | | 2. Initialize a key policy structure | 2. GCM - 16B AES - NULL Nounce & addi data |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. GCM -16B AES - 12B Nounce & 12B addi data |
+| | | | | | 4. Set the usage policy on a key slot | 4. CCM - 16B AES - 13B Nounce & 8B addi data |
+| | | | | | 5. Import the key data into the key slot | |
+| | | | | | 6. Call aead encrypt | |
+| | | | | | 7. Check if the status is expected | |
+| | | | | | 8. Check if the cipher text is expected length | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. DES key |
+| | | | | | | 2. Unsupported algorithm |
+| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Zero as key slot |
+| | | | | | | 2. Invalid key slot |
+| | | | | PSA_ERROR_NOT_PERMITTED | | 1. Small output buffer size |
+| | | | | | | 2. Invalid key usage |
+| | test_c025 | psa_aead_decrypt | Process an authenticated decryption operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. CCM - 16B AES - Nounce and additional data |
+| | | | | | 2. Initialize a key policy structure | 2. GCM - 16B AES - NULL Nounce & addi data |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. GCM -16B AES - 12B Nounce & 12B addi data |
+| | | | | | 4. Set the usage policy on a key slot | 4. CCM - 16B AES - 13B Nounce & 8B addi data |
+| | | | | | 5. Import the key data into the key slot | |
+| | | | | | 6. Call aead decrypt | |
+| | | | | | 7. Check if the status is expected | |
+| | | | | | 8. Check if the plain text is expected length | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. DES key |
+| | | | | | | 2. Unsupported algorithm |
+| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Zero as key slot |
+| | | | | | | 2. Invalid key slot |
+| | | | | PSA_ERROR_NOT_PERMITTED | | 1. Small output buffer size |
+| | | | | | | 2. Invalid key usage |
+| Message Authentication Codes | test_c026 | psa_mac_sign_setup | Start a multipart MAC calculation operation | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. 64 Byte HMAC |
+| | | | | | 2. Initialize a key policy structure | 2. 16 Byte AES - CMAC |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | |
+| | | | | | 4. Set the usage policy on a key slot | |
+| | | | | | 5. Import the key data into the key slot | |
+| | | | | | 6. Start a multipart MAC calculation operation | |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | 1. 16 Byte AES - GMAC |
+| | | | | | | 2. Incompatible HMAC for CMAC |
+| | | | | | | 3. Bad algorithm (unknown MAC algorithm)
2. Zero key slot |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
+| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot |
+| | test_c040 | psa_asymmetric_decrypt | Decrypt a short message with a private key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 |
+| | | | | | 2. Initialize a key policy structure | 2. RSA KEYPAIR OAEP SHA256 |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. RSA KEYPAIR OAEP SHA256 with label |
+| | | | | | 4. Set the usage policy on a key slot | |
+| | | | | | 5. Import the key data into the key slot | |
+| | | | | | 6. Decrypt a short message with a private key | |
+| | | | | | 7. Check if the output length matches with the expected length | |
+| | | | | | 8. Check if the output matches with the expected data | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type (RSA public key) |
+| | | | | | | 2. Invalid algorithm |
+| | | | | | | 3. Invalid key type (AES Key) |
+| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot 2. Zero key slot |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer |
+| | test_c041 | psa_asymmetric_sign | Sign a hash or short message with a private key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 RAW |
+| | | | | | 2. Initialize a key policy structure | 2. RSA KEYPAIR PKCS1V15 SHA-256 |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. ECDSA KEYPAIR SECP256R1 SHA-256 |
+| | | | | | 4. Set the usage policy on a key slot | |
+| | | | | | 5. Import the key data into the key slot | |
+| | | | | | 6. Sign a hash or short message with a private key | |
+| | | | | | 7. Check if the output length matches with the expected length | |
+| | | | | | 8. Check if the output matches with the expected data | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid key type (RSA public key) |
+| | | | | | | 2. Invalid algorithm |
+| | | | | | | 3. Invalid key type (AES Key) |
+| | | | | | | 4. Wrong hash size |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot 2. Zero key slot |
+| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer |
+| | test_c042 | psa_asymmetric_verify | Verify the signature a hash or short message using a public key | PSA_SUCCESS | 1. Initialize the PSA crypto library | 1. RSA KEYPAIR PKCS1V15 RAW |
+| | | | | | 2. Initialize a key policy structure | 2. RSA KEYPAIR PKCS1V15 SHA-256 |
+| | | | | | 3. Allocate a key slot for a transient key and set the standard fields of a policy structure | 3. ECDSA KEYPAIR SECP256R1 SHA-256 |
+| | | | | | 4. Set the key data based on key type | 4. RSA public key |
+| | | | | | 5. Set the usage policy on a key slot | 5. EC public key |
+| | | | | | 6. Import the key data into the key slot | |
+| | | | | | 7. Verify the signature a hash or short message using a public key | |
+| | | | | PSA_ERROR_INVALID_ARGUMENT | | 1. Invalid algorithm |
+| | | | | | | 2. Wrong hash size |
+| | | | | PSA_ERROR_INVALID_HANDLE | | 1. Invalid key slot 2. Zero key slot |
+| | | | | PSA_ERROR_INVALID_SIGNATURE | | Wrong signature size |
+| | | | | | | Wrong signature |
+| | | | | PSA_ERROR_EMPTY_SLOT | | Empty key slot |
+| | | | | PSA_ERROR_NOT_PERMITTED | | Invalid usage |
+| | | | | PSA_ERROR_NOT_SUPPORTED | | Invalid key type (AES Key) |
+| | | | | PSA_ERROR_BUFFER_TOO_SMALL | | Small output buffer |
+
+## License
+Arm PSA test suite is distributed under Apache v2.0 License.
+
+--------------
+
+*Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.*
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/main.c
new file mode 100644
index 00000000000..d53cc88e8d5
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c001(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c001, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/test_c001.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/test_c001.c
new file mode 100644
index 00000000000..0b334fcf74e
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/test_c001.c
@@ -0,0 +1,73 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c001.h"
+
+client_test_t test_c001_crypto_list[] = {
+ NULL,
+ psa_generate_random_without_init_test,
+ psa_crypto_init_test,
+ multiple_psa_crypto_init_test,
+ NULL,
+};
+
+int32_t psa_generate_random_without_init_test(security_t caller)
+{
+ uint8_t output[GENERATE_SIZE];
+ int32_t status;
+
+ val->print(PRINT_TEST, "[Check 1] Test calling crypto functions before psa_crypto_init\n", 0);
+
+ /* Generate random bytes */
+ status = val->crypto_function(VAL_CRYPTO_GENERATE_RANDOM, output, GENERATE_SIZE);
+ if (status == PSA_SUCCESS)
+ return RESULT_SKIP(VAL_STATUS_INIT_ALREADY_DONE);
+ else
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(1));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_crypto_init_test(security_t caller)
+{
+ int32_t status;
+
+ val->print(PRINT_TEST, "[Check 2] Test psa_crypto_init\n", 0);
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t multiple_psa_crypto_init_test(security_t caller)
+{
+ int32_t i, status;
+
+ val->print(PRINT_TEST, "[Check 3] Test multiple psa_crypto_init \n", 0);
+ for (i = 0; i < 5; i++)
+ {
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/test_c001.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/test_c001.h
new file mode 100644
index 00000000000..02a8c6b90af
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/test_c001.h
@@ -0,0 +1,34 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C001_CLIENT_TESTS_H_
+#define _TEST_C001_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c001)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+#define GENERATE_SIZE 32
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c001_crypto_list[];
+
+int32_t psa_crypto_init_test(security_t caller);
+int32_t multiple_psa_crypto_init_test(security_t caller);
+int32_t psa_generate_random_without_init_test(security_t caller);
+#endif /* _TEST_C001_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/test_entry.c
new file mode 100644
index 00000000000..e1ba064ca05
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c001/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c001.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 1)
+#define TEST_DESC "Testing psa_crypto_init API: Basic\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_LOW_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_client_tests_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c001_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/main.c
new file mode 100644
index 00000000000..ca02c740fb9
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c002(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c002, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_c002.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_c002.c
new file mode 100644
index 00000000000..19e1c44fc13
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_c002.c
@@ -0,0 +1,217 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c002.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c002_crypto_list[] = {
+ NULL,
+ psa_import_key_test,
+ psa_import_key_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_import_key_test(security_t caller)
+{
+ uint32_t length, i;
+ uint8_t data[BUFFER_SIZE];
+ const uint8_t *key_data;
+ psa_key_policy_t policy;
+ psa_key_type_t key_type;
+ size_t bits;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Get basic metadata about a key */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
+ &key_type, &bits);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
+
+ TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle, data,
+ BUFFER_SIZE, &length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(10));
+
+ if (PSA_KEY_TYPE_IS_UNSTRUCTURED(check1[i].key_type))
+ {
+ TEST_ASSERT_MEMCMP(data, check1[i].key_data, length, TEST_CHECKPOINT_NUM(11));
+ }
+ else if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type) || PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ TEST_ASSERT_MEMCMP(key_data, data, length, TEST_CHECKPOINT_NUM(12));
+ }
+ else
+ {
+ return VAL_STATUS_INVALID;
+ }
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_import_key_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+ psa_key_handle_t invalid_key_handle;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] Test psa_import_key with already occupied key slot\n",
+ g_test_count++);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ memset(&invalid_key_handle, 0xDEADDEAD, sizeof(invalid_key_handle));
+ /* Set the usage policy on a key slot */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
+ check2[i].key_type, check2[i].key_data, check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the occupied key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
+ check2[i].key_type, check2[i].key_data, check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_OCCUPIED_SLOT, TEST_CHECKPOINT_NUM(5));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_import_key with zero as key handle\n",
+ g_test_count++);
+ /* Import the key data with zero as key handle */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, 0, check2[i].key_type,
+ check2[i].key_data, check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_import_key with destroyed handle\n",
+ g_test_count++);
+ /* Destroy the handle */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Import the key data with destroyed handle */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
+ check2[i].key_type, check2[i].key_data, check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(8));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_import_key with unallocated key handle\n",
+ g_test_count++);
+ /* Import the key data with unallocated key handle */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, invalid_key_handle, check2[i].key_type,
+ check2[i].key_data, check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_c002.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_c002.h
new file mode 100644
index 00000000000..4081d294fec
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_c002.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C002_CLIENT_TESTS_H_
+#define _TEST_C002_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c002)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c002_crypto_list[];
+
+int32_t psa_import_key_test(security_t caller);
+int32_t psa_import_key_negative_test(security_t caller);
+#endif /* _TEST_C002_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_data.h
new file mode 100644
index 00000000000..aaa6840baf3
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_data.h
@@ -0,0 +1,299 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_import_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_import_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
+ AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_import_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_import_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, 270, PSA_SUCCESS
+},
+
+{"Test psa_import_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+ {0},
+ 1193, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, 1193, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_import_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_import_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_import_key with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECDSA
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_import_key with EC Public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+ {0},
+ 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 256, 65, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_import_key with EC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ {0},
+ 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 224, 28, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES
+{"Test psa_import_key with key data greater than the algorithm size\n", 11, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_34B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_34B_KEY_SIZE), AES_34B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_import_key with incorrect key data size\n", 12, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90},
+AES_18B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+BYTES_TO_BITS(AES_18B_KEY_SIZE), AES_18B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+{"Test psa_import_key with incorrect key type\n", 13, PSA_KEY_TYPE_VENDOR_FLAG,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
+AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_ERROR_NOT_SUPPORTED,
+},
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_import_key negative cases\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_OCCUPIED_SLOT
+},
+#endif
+#endif
+
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_entry.c
new file mode 100644
index 00000000000..6f31df0d33e
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c002/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c002.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 2)
+#define TEST_DESC "Testing crypto key management APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c002_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/main.c
new file mode 100644
index 00000000000..e30c469953d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c003(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c003, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_c003.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_c003.c
new file mode 100644
index 00000000000..e25d80dd844
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_c003.c
@@ -0,0 +1,220 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c003.h"
+#include "test_data.h"
+
+client_test_t test_c003_crypto_list[] = {
+ NULL,
+ psa_export_key_test,
+ psa_export_key_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+
+int32_t psa_export_key_test(security_t caller)
+{
+ uint32_t length, i;
+ const uint8_t *key_data;
+ psa_key_policy_t policy;
+ psa_key_type_t key_type;
+ size_t bits;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Get basic metadata about a key */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
+ &key_type, &bits);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
+
+ TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle, data,
+ check1[i].buffer_size, &length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(10));
+
+ /* Check if original key data matches with the exported data */
+ if (PSA_KEY_TYPE_IS_UNSTRUCTURED(check1[i].key_type))
+ {
+ TEST_ASSERT_MEMCMP(check1[i].key_data, data, length, TEST_CHECKPOINT_NUM(11));
+ }
+ else if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type) || PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ TEST_ASSERT_MEMCMP(key_data, data, length, TEST_CHECKPOINT_NUM(12));
+ }
+ else
+ {
+ return VAL_STATUS_INVALID;
+ }
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_export_key_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ uint32_t i, length;
+ int32_t status;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_export_key with unallocated key handle\n",
+ g_test_count++);
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check2[i].key_handle, data,
+ check2[i].key_length, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_export_key with empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check2[i].key_handle, data,
+ check2[i].key_length, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(5));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_export_key with zero as key handle\n",
+ g_test_count++);
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, 0, data,
+ check2[i].key_length, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_export_key with destroyed key handle\n",
+ g_test_count++);
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
+ check2[i].key_type, check2[i].key_data, check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Destroy the key handle */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check2[i].key_handle, data,
+ check2[i].key_length, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(10));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_c003.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_c003.h
new file mode 100644
index 00000000000..4d8a4d6c984
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_c003.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C003_CLIENT_TESTS_H_
+#define _TEST_C003_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c003)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c003_crypto_list[];
+
+int32_t psa_export_key_test(security_t caller);
+int32_t psa_export_key_negative_test(security_t caller);
+#endif /* _TEST_C003_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_data.h
new file mode 100644
index 00000000000..c5832c7d824
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_data.h
@@ -0,0 +1,289 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ size_t buffer_size;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_export_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_export_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
+ AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_export_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_export_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
+ 2048, 270, PSA_SUCCESS
+},
+
+{"Test psa_export_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+ {0},
+ 1193, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
+ 2048, 1193, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_export_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_export_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_export_key with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_export_key with EC Public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+ {0},
+ 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
+ 256, 65, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_export_key with EC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ {0},
+ 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
+ 224, 28, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_export_key with key policy verify\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_NOT_PERMITTED
+},
+
+{"Test psa_export_key with less buffer size\n", 12, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, 14,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_export_key negative case\n", 13, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_entry.c
new file mode 100644
index 00000000000..8b501599f22
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c003/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c003.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 3)
+#define TEST_DESC "Testing crypto key management APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c003_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/main.c
new file mode 100644
index 00000000000..448b4c16320
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c004(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c004, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_c004.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_c004.c
new file mode 100644
index 00000000000..fceade54b48
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_c004.c
@@ -0,0 +1,258 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c004.h"
+#include "test_data.h"
+
+client_test_t test_c004_crypto_list[] = {
+ NULL,
+ test_psa_export_public_key,
+ test_psa_export_public_key_handle,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+
+int32_t test_psa_export_public_key(security_t caller)
+{
+ uint32_t length, i;
+ const uint8_t *key_data;
+ psa_key_policy_t policy;
+ psa_key_type_t key_type;
+ size_t bits;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Get basic metadata about a key */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
+ &key_type, &bits);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
+
+ TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, check1[i].key_handle, data,
+ check1[i].buffer_size, &length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(10));
+
+ /* Check if original key data matches with the exported data */
+ if (PSA_KEY_TYPE_IS_UNSTRUCTURED(check1[i].key_type))
+ {
+ TEST_ASSERT_MEMCMP(check1[i].key_data, data, length, TEST_CHECKPOINT_NUM(11));
+ }
+ else if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type) || PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ key_data = expected_rsa_256_pubprv;
+
+ else if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = expected_ec_pubprv;
+
+ TEST_ASSERT_MEMCMP(key_data, data, length, TEST_CHECKPOINT_NUM(12));
+ }
+ else
+ {
+ return VAL_STATUS_INVALID;
+ }
+ }
+
+ return VAL_STATUS_SUCCESS;
+
+}
+
+int32_t test_psa_export_public_key_handle(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ uint32_t i, length;
+ int32_t status;
+ const uint8_t *key_data;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] Test psa_export_key with unallocated key handle\n",
+ g_test_count++);
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, check2[i].key_handle, data,
+ check2[i].key_length, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_export_key with empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, check2[i].key_handle, data,
+ check2[i].key_length, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(5));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_export_key with zero as key handle\n",
+ g_test_count++);
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, 0, data,
+ check2[i].key_length, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_export_key with destroyed key handle\n",
+ g_test_count++);
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ if (PSA_KEY_TYPE_IS_RSA(check2[i].key_type))
+ {
+ if (check2[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check2[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check2[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check2[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check2[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check2[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check2[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check2[i].key_data;
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
+ check2[i].key_type, key_data, check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Destroy the key handle */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_PUBLIC_KEY, check2[i].key_handle, data,
+ check2[i].key_length, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(10));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_c004.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_c004.h
new file mode 100644
index 00000000000..c24ec82b4f5
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_c004.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C004_CLIENT_TESTS_H_
+#define _TEST_C004_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c004)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c004_crypto_list[];
+
+int32_t test_psa_export_public_key(security_t caller);
+int32_t test_psa_export_public_key_handle(security_t caller);
+#endif /* _TEST_C004_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_data.h
new file mode 100644
index 00000000000..66dae2a2b55
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_data.h
@@ -0,0 +1,312 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ size_t buffer_size;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+static const uint8_t expected_rsa_256_pubprv[] = {
+0x30, 0x82,
+0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41,
+0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xC6, 0x45, 0xAE,
+0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, 0x4E, 0xD6, 0xF6, 0x1C, 0x88,
+0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7,
+0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 0x2F, 0x7C,
+0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 0xBA, 0xE0, 0x21, 0xE5, 0x72,
+0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F,
+0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, 0x64,
+0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 0xAE, 0x00, 0xA0, 0x63,
+0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73, 0xA6, 0x8C, 0x18, 0xA9, 0x02,
+0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4,
+0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, 0xA6, 0xF3, 0xE8,
+0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, 0xFD, 0x66, 0x51, 0x0C, 0xBD,
+0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89,
+0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 0xBC, 0xE1,
+0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 0x78, 0x0F, 0x44, 0x37, 0x30,
+0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73,
+0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, 0x69,
+0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, 0x22, 0xA7,
+0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, 0xD2, 0x96, 0xDF, 0xD9, 0xD0,
+0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t expected_ec_pubprv[] = {
+0x04, 0x16, 0x93, 0xa2, 0x90, 0xf7, 0xf0, 0xb5, 0x71, 0xfe, 0x2b, 0x41, 0xd5,
+0xd8, 0x4b, 0x01, 0x32, 0x76, 0x31, 0xf4, 0xa8, 0x60, 0xf9, 0x95, 0xfa, 0x33,
+0x2c, 0x09, 0x7f, 0x54, 0x19, 0x2b, 0xb1, 0x0f, 0x00, 0x11, 0x3f, 0x2a, 0xff,
+0xb1, 0x3c, 0x1a, 0x24, 0xce, 0x44, 0x91, 0x45, 0x71, 0xa9, 0x54, 0x40, 0xae,
+0x01, 0x4a, 0x00, 0xcb, 0xf7};
+
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_export_public_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_export_public_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
+ AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_export_public_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_export_public_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
+ 2048, 270, PSA_SUCCESS
+},
+
+{"Test psa_export_public_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+ {0},
+ 1193, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
+ 2048, 270, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_export_public_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_export_public_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_export_public_key with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, BUFFER_SIZE,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_export_public_key with EC Public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+ {0},
+ 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
+ 256, 65, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_export_public_key with EC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ {0},
+ 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, BUFFER_SIZE,
+ 224, 57, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA
+{"Test psa_export_public_key with less buffer size\n", 12, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0},
+270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, 200,
+2048, 270, PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA
+{"Test psa_export_public_key negative case\n", 13, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, BUFFER_SIZE,
+ 2048, 270, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_entry.c
new file mode 100644
index 00000000000..7b8fdc92778
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c004/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c004.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 4)
+#define TEST_DESC "Testing crypto key management APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c004_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/main.c
new file mode 100644
index 00000000000..82aba846074
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c005(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c005, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_c005.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_c005.c
new file mode 100644
index 00000000000..f58819291fc
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_c005.c
@@ -0,0 +1,182 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c005.h"
+#include "test_data.h"
+
+client_test_t test_c005_crypto_list[] = {
+ NULL,
+ psa_destroy_key_test,
+ psa_destroy_invalid_key_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_destroy_key_test(security_t caller)
+{
+ uint32_t i;
+ const uint8_t *key_data;
+ psa_key_policy_t policy;
+ psa_key_type_t key_type;
+ size_t bits;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ key_type = 0;
+ bits = 0;
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Get basic metadata about a key */
+ TEST_ASSERT_EQUAL(val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
+ &key_type, &bits),
+ PSA_SUCCESS,
+ TEST_CHECKPOINT_NUM(6));
+
+ TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
+
+ TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
+
+ /* Destroy a key and restore the slot to its default state */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+
+ /* Get basic metadata about a key */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
+ &key_type, &bits);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(10));
+
+ /* Check that if the key metadata are destroyed */
+ TEST_ASSERT_NOT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_NOT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(12));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_destroy_invalid_key_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] Test psa_destroy_key with unallocated key handle\n",
+ g_test_count++);
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Destroy a key and restore the slot to its default state */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_destroy_key with zero as key handle\n",
+ g_test_count++);
+ /* Destroy a key and restore the slot to its default state */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, 0);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_destroy_key with empty key handle\n",
+ g_test_count++);
+ /* Destroy a key and restore the slot to its default state */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Destroy a key and restore the slot to its default state */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_c005.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_c005.h
new file mode 100644
index 00000000000..d191aede395
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_c005.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C005_CLIENT_TESTS_H_
+#define _TEST_C005_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c005)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c005_crypto_list[];
+
+int32_t psa_destroy_key_test(security_t caller);
+int32_t psa_destroy_invalid_key_test(security_t caller);
+#endif /* _TEST_C005_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_data.h
new file mode 100644
index 00000000000..bab27f248cc
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_data.h
@@ -0,0 +1,274 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_destroy_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_destroy_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
+ AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_destroy_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_destroy_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, 270, PSA_SUCCESS
+},
+
+{"Test psa_destroy_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+ {0},
+ 1193, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, 1193, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_destroy_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_destroy_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_destroy_key with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECDSA
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_destroy_key with EC Public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+ {0},
+ 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 256, 65, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_destroy_key with EC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ {0},
+ 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
+ 224, 28, PSA_SUCCESS
+},
+#endif
+#endif
+};
+
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_destroy_key negative case\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_entry.c
new file mode 100644
index 00000000000..9559f136c5d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c005/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c005.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 5)
+#define TEST_DESC "Testing crypto key management APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c005_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/main.c
new file mode 100644
index 00000000000..32d951a3189
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c006(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c006, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_c006.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_c006.c
new file mode 100644
index 00000000000..ca6d5258bec
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_c006.c
@@ -0,0 +1,178 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c006.h"
+#include "test_data.h"
+
+client_test_t test_c006_crypto_list[] = {
+ NULL,
+ psa_get_key_information_test,
+ psa_get_key_information_invalid_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_get_key_information_test(security_t caller)
+{
+ int32_t i, status;
+ const uint8_t *key_data;
+ psa_key_policy_t policy;
+ psa_key_type_t key_type;
+ size_t bits;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Get basic metadata about a key */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
+ &key_type, &bits);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
+
+ TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_get_key_information_invalid_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] Test psa_get_key_information with unallocated"
+ " key handle\n", g_test_count++);
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Get basic metadata about a key */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check2[i].key_handle,
+ &check2[i].key_type, &check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_get_key_information with zero as"
+ " key handle\n", g_test_count++);
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, 0,
+ &check2[i].key_type, &check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_get_key_information with empty key handle\n",
+ g_test_count++);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Get basic metadata about a key */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check2[i].key_handle,
+ &check2[i].key_type, &check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(6));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_get_key_information with destroyed"
+ " key handle\n", g_test_count++);
+ /* Destroy a key and restore the slot to its default state */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Get basic metadata about a key */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check2[i].key_handle,
+ &check2[i].key_type, &check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(8));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_c006.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_c006.h
new file mode 100644
index 00000000000..f8d834bffda
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_c006.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C006_CLIENT_TESTS_H_
+#define _TEST_C006_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c006)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c006_crypto_list[];
+
+int32_t psa_get_key_information_test(security_t caller);
+int32_t psa_get_key_information_invalid_test(security_t caller);
+#endif /* _TEST_C006_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_data.h
new file mode 100644
index 00000000000..e4ae0774305
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_data.h
@@ -0,0 +1,273 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_get_key_information 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_get_key_information 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
+ AES_24B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_get_key_information 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_get_key_information 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, 270, PSA_SUCCESS
+},
+
+{"Test psa_get_key_information with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+ {0},
+ 1193, PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, 1193, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_get_key_information with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_get_key_information with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_get_key_information with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECDSA
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_get_key_information with EC Public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+ {0},
+ 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 256, 65, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_get_key_information with EC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ {0},
+ 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 224, 28, PSA_SUCCESS
+},
+#endif
+#endif
+};
+
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_get_key_information negative cases\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_entry.c
new file mode 100644
index 00000000000..983ee819d12
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c006/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c006.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 6)
+#define TEST_DESC "Testing crypto key management APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c006_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/main.c
new file mode 100644
index 00000000000..ff4047dfea5
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c007(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c007, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_c007.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_c007.c
new file mode 100644
index 00000000000..82a77c27781
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_c007.c
@@ -0,0 +1,188 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c007.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c007_crypto_list[] = {
+ NULL,
+ psa_set_key_policy_test,
+ psa_set_key_policy_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_set_key_policy_test(security_t caller)
+{
+ const uint8_t *key_data;
+ psa_key_policy_t policy, expected_policy;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
+ {
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Get the usage policy for a key slot */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, check1[i].key_handle,
+ &expected_policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Check if the usage is same as programmed */
+ TEST_ASSERT_EQUAL(expected_policy.usage, check1[i].usage, TEST_CHECKPOINT_NUM(7));
+
+ /* Check if the algorithm is same as programmed */
+ TEST_ASSERT_EQUAL(expected_policy.alg, check1[i].key_alg, TEST_CHECKPOINT_NUM(8));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_set_key_policy_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] Test psa_set_key_policy with unallocated key handle\n",
+ g_test_count++);
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the usage policy on a key slot */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_set_key_policy with zero as key handle\n",
+ g_test_count++);
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, 0, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Set the usage policy on a key slot */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+ val->print(PRINT_TEST, "[Check %d] Test psa_set_key_policy with already occupied handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle,
+ check2[i].key_type, check2[i].key_data, check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_OCCUPIED_SLOT, TEST_CHECKPOINT_NUM(8));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_c007.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_c007.h
new file mode 100644
index 00000000000..ee5635f061c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_c007.h
@@ -0,0 +1,32 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C007_CLIENT_TESTS_H_
+#define _TEST_C007_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c007)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c007_crypto_list[];
+
+int32_t psa_set_key_policy_test(security_t caller);
+int32_t psa_set_key_policy_negative_test(security_t caller);
+#endif /* _TEST_C007_CLIENT_TESTS_H_ */
+
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_data.h
new file mode 100644
index 00000000000..183c3b56f8c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_data.h
@@ -0,0 +1,285 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_set_key_policy 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_set_key_policy 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
+ AES_24B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_set_key_policy 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_set_key_policy 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, 270, PSA_SUCCESS
+},
+
+{"Test psa_set_key_policy with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+ {0},
+ 1193, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, 1193, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_set_key_policy with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_set_key_policy with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_set_key_policy with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECDSA
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_set_key_policy with EC Public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+ {0},
+ 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 256, 65, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_set_key_policy with EC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ {0},
+ 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 224, 28, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_set_key_policy with invalid usage\n", 13, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+AES_16B_KEY_SIZE, PSA_KEY_USAGE_INVALID, PSA_ALG_CTR,
+BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
+
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_set_key_policy negative case\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_OCCUPIED_SLOT
+},
+#endif
+#endif
+
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_entry.c
new file mode 100644
index 00000000000..c1fbe5381e8
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c007/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c007.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 7)
+#define TEST_DESC "Testing crypto key management APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c007_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/main.c
new file mode 100644
index 00000000000..8c0aaf52c7c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c008(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c008, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_c008.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_c008.c
new file mode 100644
index 00000000000..05ce0f81263
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_c008.c
@@ -0,0 +1,181 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c008.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c008_crypto_list[] = {
+ NULL,
+ psa_get_key_policy_test,
+ psa_get_key_policy_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_get_key_policy_test(security_t caller)
+{
+ const uint8_t *key_data;
+ psa_key_policy_t policy, expected_policy;
+ psa_key_usage_t expected_usage;
+ psa_algorithm_t expected_alg;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Get the usage policy for a key slot */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, check1[i].key_handle,
+ &expected_policy);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ TEST_ASSERT_EQUAL(expected_policy.usage, check1[i].usage, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(expected_policy.alg, check1[i].key_alg, TEST_CHECKPOINT_NUM(8));
+
+ /* Retrieve the usage field of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_GET_USAGE, &policy, &expected_usage);
+
+ /* Retrieve the algorithm field of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_GET_ALGORITHM, &policy, &expected_alg);
+
+ TEST_ASSERT_EQUAL(expected_usage, check1[i].usage, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(expected_alg, check1[i].key_alg, TEST_CHECKPOINT_NUM(10));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_get_key_policy_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check2[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_get_key_policy with unallocated key handle\n",
+ g_test_count++);
+ /* Get the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, check2[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_get_key_policy with zero as key handle\n",
+ g_test_count++);
+ /* Get the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, 0, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_get_key_policy with empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Get the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_POLICY, check2[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_c008.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_c008.h
new file mode 100644
index 00000000000..a67628dbbed
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_c008.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C008_CLIENT_TESTS_H_
+#define _TEST_C008_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c008)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c008_crypto_list[];
+
+int32_t psa_get_key_policy_test(security_t caller);
+int32_t psa_get_key_policy_negative_test(security_t caller);
+#endif /* _TEST_C008_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_data.h
new file mode 100644
index 00000000000..90a9d91bad1
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_data.h
@@ -0,0 +1,272 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_get_key_policy 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_get_key_policy 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
+ AES_24B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_get_key_policy 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_get_key_policy 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, 270, PSA_SUCCESS
+},
+
+{"Test psa_get_key_policy with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+ {0},
+ 1193, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, 1193, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_get_key_policy with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_get_key_policy with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_get_key_policy with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECDSA
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_get_key_policy with EC Public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+ {0},
+ 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 256, 65, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_get_key_policy with EC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ {0},
+ 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_ECDSA_ANY,
+ 224, 28, PSA_SUCCESS
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_get_key_policy negative cases\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_entry.c
new file mode 100644
index 00000000000..59f3a24af43
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c008/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c008.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 8)
+#define TEST_DESC "Testing crypto key management APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c008_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/main.c
new file mode 100644
index 00000000000..4ad093b4f2c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c009(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c009, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_c009.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_c009.c
new file mode 100644
index 00000000000..aa4af1525c9
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_c009.c
@@ -0,0 +1,85 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c009.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+#define MAX_KEYS 100
+
+client_test_t test_c009_crypto_list[] = {
+ NULL,
+ psa_allocate_key_test,
+ psa_allocate_key_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_allocate_key_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_allocate_key_negative_test(security_t caller)
+{
+ int32_t i, status;
+ psa_key_handle_t key_handle[MAX_KEYS];
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ val->print(PRINT_TEST, "[Check %d] Testing the insufficient memory\n", g_test_count++);
+
+ for (i = 0; i < MAX_KEYS; i++)
+ {
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &key_handle[i]);
+ if (status != PSA_SUCCESS)
+ break;
+ }
+
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_MEMORY, TEST_CHECKPOINT_NUM(2));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_c009.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_c009.h
new file mode 100644
index 00000000000..f5e758ba787
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_c009.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C009_CLIENT_TESTS_H_
+#define _TEST_C009_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c009)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c009_crypto_list[];
+
+int32_t psa_allocate_key_test(security_t caller);
+int32_t psa_allocate_key_negative_test(security_t caller);
+#endif /* _TEST_C009_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_data.h
new file mode 100644
index 00000000000..4a859864893
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_data.h
@@ -0,0 +1,86 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ size_t key_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_AES_128
+{"Test psa_allocate_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+ AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_allocate_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+ AES_24B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_allocate_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+ AES_32B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_allocate_key 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ 294, PSA_SUCCESS
+},
+
+{"Test psa_allocate_key with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+ 1193, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_allocate_key with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
+ DES_8B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_allocate_key with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
+ DES3_2KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_allocate_key with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
+ DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP192R1
+{"Test psa_allocate_key with EC Public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | PSA_ECC_CURVE_SECP192R1,
+ 75, PSA_SUCCESS
+},
+
+{"Test psa_allocate_key with EC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEYPAIR_BASE | PSA_ECC_CURVE_SECP192R1,
+ 97, PSA_SUCCESS
+},
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_entry.c
new file mode 100644
index 00000000000..93a0abe1808
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c009/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c009.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 9)
+#define TEST_DESC "Testing crypto key management APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c009_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/main.c
new file mode 100644
index 00000000000..57bdac9050a
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c010(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c010, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_c010.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_c010.c
new file mode 100644
index 00000000000..24e335ec39f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_c010.c
@@ -0,0 +1,168 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c010.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c010_crypto_list[] = {
+ NULL,
+ psa_get_key_lifetime_test,
+ psa_get_key_lifetime_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_get_key_lifetime_test(security_t caller)
+{
+ const uint8_t *key_data;
+ psa_key_policy_t policy;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_lifetime_t lifetime;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Set the key data buffer to the input base on algorithm */
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Get the lifetime of a key slot */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, check1[i].key_handle, &lifetime);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ TEST_ASSERT_EQUAL(lifetime, check1[i].lifetime, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_get_key_lifetime_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ psa_key_lifetime_t lifetime;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_get_key_lifetime with invalid key handle\n",
+ g_test_count++);
+ /* Get the lifetime of a key slot */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, check2[i].key_handle, &lifetime);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_get_key_lifetime with zero as key handle\n",
+ g_test_count++);
+ /* Get the lifetime of a key slot */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, 0, &lifetime);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_get_key_lifetime with empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Get the lifetime of a key slot */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_LIFETIME, check2[i].key_handle, &lifetime);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_c010.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_c010.h
new file mode 100644
index 00000000000..03308e8a231
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_c010.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C010_CLIENT_TESTS_H_
+#define _TEST_C010_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c010)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c010_crypto_list[];
+
+int32_t psa_get_key_lifetime_test(security_t caller);
+int32_t psa_get_key_lifetime_negative_test(security_t caller);
+#endif /* _TEST_C010_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_data.h
new file mode 100644
index 00000000000..e8c7b2da188
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_data.h
@@ -0,0 +1,275 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[34];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_key_lifetime_t lifetime;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_get_key_lifetime 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ PSA_KEY_LIFETIME_VOLATILE, BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef NO_SUPPORT
+/* PSA crypto doesn't support these test scenarios */
+{"Test psa_get_key_lifetime 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9},
+ AES_24B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+ PSA_KEY_LIFETIME_PERSISTENT, BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+},
+
+{"Test psa_get_key_lifetime 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
+ PSA_KEY_LIFETIME_WRITE_ONCE, BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_get_key_lifetime 2048 RSA public key\n", 4, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ {0},
+ 270, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ PSA_KEY_LIFETIME_VOLATILE, 2048, 270, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef NO_SUPPORT
+/* PSA crypto doesn't support these test scenarios */
+{"Test psa_get_key_lifetime with RSA 2048 keypair\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+ {0},
+ 1193, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ PSA_KEY_LIFETIME_PERSISTENT, 2048, 1193, PSA_SUCCESS
+},
+
+{"Test psa_get_key_lifetime with DES 64 bit key\n", 6, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ PSA_KEY_LIFETIME_WRITE_ONCE, BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_get_key_lifetime with Triple DES 2-Key\n", 7, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ PSA_KEY_LIFETIME_VOLATILE, BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef NO_SUPPORT
+/* PSA crypto doesn't support these test scenarios */
+{"Test psa_get_key_lifetime with Triple DES 3-Key\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ PSA_KEY_LIFETIME_PERSISTENT, BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_get_key_lifetime with EC Public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+ {0},
+ 65, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
+ PSA_KEY_LIFETIME_VOLATILE, 256, 65, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_get_key_lifetime with EC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ {0},
+ 28, PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
+ PSA_KEY_LIFETIME_VOLATILE, 224, 28, PSA_SUCCESS
+},
+#endif
+#endif
+
+};
+
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_get_key_lifetime with negative cases\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR, PSA_KEY_LIFETIME_VOLATILE,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_entry.c
new file mode 100644
index 00000000000..23012e9f730
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c010/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c010.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 10)
+#define TEST_DESC "Testing crypto key management APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c010_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/main.c
new file mode 100644
index 00000000000..6f87397f8ec
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c011(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c011, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_c011.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_c011.c
new file mode 100644
index 00000000000..7e4b4dffa8f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_c011.c
@@ -0,0 +1,62 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c011.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c011_crypto_list[] = {
+ NULL,
+ psa_hash_setup_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_hash_setup_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_hash_operation_t operation;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3));
+
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_c011.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_c011.h
new file mode 100644
index 00000000000..3b334449a39
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_c011.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C011_CLIENT_TESTS_H_
+#define _TEST_C011_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c011)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c011_crypto_list[];
+
+int32_t psa_hash_setup_test(security_t caller);
+int32_t psa_get_key_lifetime_negative_test(security_t caller);
+#endif /* _TEST_C011_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_data.h
new file mode 100644
index 00000000000..fab7bd59f29
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_data.h
@@ -0,0 +1,120 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[50];
+ psa_algorithm_t alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_MD2
+{"Test psa_hash_setup with MD2 algorithm\n",
+ PSA_ALG_MD2, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD4
+{"Test psa_hash_setup with MD4 algorithm\n",
+ PSA_ALG_MD4, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD5
+{"Test psa_hash_setup with MD5 algorithm\n",
+ PSA_ALG_MD5, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_RIPEMD160
+{"Test psa_hash_setup with RIPEMD160 algorithm\n",
+ PSA_ALG_RIPEMD160, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA1
+{"Test psa_hash_setup with SHA1 algorithm\n",
+ PSA_ALG_SHA_1, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_hash_setup with SHA224 algorithm\n",
+ PSA_ALG_SHA_224, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_hash_setup with SHA256 algorithm\n",
+ PSA_ALG_SHA_256, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA384
+{"Test psa_hash_setup with SHA384 algorithm\n",
+ PSA_ALG_SHA_384, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_hash_setup with SHA512 algorithm\n",
+ PSA_ALG_SHA_512, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512_224
+{"Test psa_hash_setup with SHA512_224 algorithm\n",
+ PSA_ALG_SHA_512_224, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512_256
+{"Test psa_hash_setup with SHA512_256 algorithm\n",
+ PSA_ALG_SHA_512_256, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA3_224
+{"Test psa_hash_setup with SHA3_224 algorithm\n",
+ PSA_ALG_SHA3_224, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA3_256
+{"Test psa_hash_setup with SHA3_256 algorithm\n",
+ PSA_ALG_SHA3_256, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA3_384
+{"Test psa_hash_setup with SHA3_384 algorithm\n",
+ PSA_ALG_SHA3_384, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA3_512
+{"Test psa_hash_setup with SHA3_512 algorithm\n",
+ PSA_ALG_SHA3_512, PSA_SUCCESS,
+},
+#endif
+
+{"Test psa_hash_setup with Invalid algorithm\n",
+ PSA_ALG_INVALID, PSA_ERROR_INVALID_ARGUMENT,
+},
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_entry.c
new file mode 100644
index 00000000000..33d5730d377
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c011/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c011.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 11)
+#define TEST_DESC "Testing crypto hash functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c011_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/main.c
new file mode 100644
index 00000000000..58954b7293d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/main.c
@@ -0,0 +1,10 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+#include "unity/unity.h"
+
+void test_entry_c012(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c012, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_c012.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_c012.c
new file mode 100644
index 00000000000..5a3181cb993
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_c012.c
@@ -0,0 +1,148 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c012.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c012_crypto_list[] = {
+ NULL,
+ psa_hash_update_test,
+ psa_hash_update_invalid_handle,
+ psa_hash_update_with_completed_handle,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_hash_update_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_hash_operation_t operation;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Add a message fragment to a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &operation,
+ check1[i].input, check1[i].input_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_hash_update_invalid_handle(security_t caller)
+{
+ psa_hash_operation_t operation;
+ uint8_t input[] = "Hello World";
+ size_t input_length = sizeof(input)/sizeof(input[0]);
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "Test psa_hash_update without hash setup\n", 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Add a message fragment to a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &operation, input, input_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(3));
+
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_hash_update_with_completed_handle(security_t caller)
+{
+ psa_hash_operation_t operation;
+ uint8_t input[] = {0xbd};
+ size_t input_length = sizeof(input)/sizeof(input[0]);
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ uint8_t hash[] = {0x68, 0x32, 0x57, 0x20, 0xAA, 0xBD, 0x7C, 0x82, 0xF3, 0x0F,
+ 0x55, 0x4B, 0x31, 0x3D, 0x05, 0x70, 0xC9, 0x5A, 0xCC, 0xBB,
+ 0x7D, 0xC4, 0xB5, 0xAA, 0xE1, 0x12, 0x04, 0xC0, 0x8F, 0xFE,
+ 0x73, 0x2B};
+ size_t hash_length = sizeof(hash)/sizeof(hash[0]);
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "Test psa_hash_update with completed opertaion handle \n", 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Add a message fragment to a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &operation,
+ input, input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Finish the calculation of the hash of a message and compare it with an expected value*/
+ status = val->crypto_function(VAL_CRYPTO_HASH_VERIFY, &operation, hash, hash_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Add a message fragment to a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &operation, input, input_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(6));
+
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_c012.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_c012.h
new file mode 100644
index 00000000000..ca3622033b6
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_c012.h
@@ -0,0 +1,32 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C012_CLIENT_TESTS_H_
+#define _TEST_C012_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c012)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c012_crypto_list[];
+
+int32_t psa_hash_update_test(security_t caller);
+int32_t psa_hash_update_invalid_handle(security_t caller);
+int32_t psa_hash_update_with_completed_handle(security_t caller);
+#endif /* _TEST_C012_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_data.h
new file mode 100644
index 00000000000..f5c4f5213cb
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_data.h
@@ -0,0 +1,82 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[50];
+ psa_algorithm_t alg;
+ char input[15];
+ size_t input_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_MD2
+{"Test psa_hash_update with MD2 algorithm\n",
+ PSA_ALG_MD2, "Hello World", 11, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD4
+{"Test psa_hash_update with MD4 algorithm\n",
+ PSA_ALG_MD4, "Hello World", 11, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD5
+{"Test psa_hash_update with MD5 algorithm\n",
+ PSA_ALG_MD5, "Hello World", 11, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_RIPEMD160
+{"Test psa_hash_update with RIPEMD160 algorithm\n",
+ PSA_ALG_RIPEMD160, "Hello World", 11, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA1
+{"Test psa_hash_update with SHA1 algorithm\n",
+ PSA_ALG_SHA_1, "Hello World", 11, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_hash_update with SHA224 algorithm\n",
+ PSA_ALG_SHA_224, "Hello World", 11, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_hash_update with SHA256 algorithm\n",
+ PSA_ALG_SHA_256, "Hello World", 11, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA384
+{"Test psa_hash_update with SHA384 algorithm\n",
+ PSA_ALG_SHA_384, "Hello World", 11, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_hash_update with SHA512 algorithm\n",
+ PSA_ALG_SHA_512, "Hello World", 11, PSA_SUCCESS,
+},
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_entry.c
new file mode 100644
index 00000000000..cae09041174
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c012/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c012.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 12)
+#define TEST_DESC "Testing crypto hash functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c012_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/main.c
new file mode 100644
index 00000000000..0fe55816af7
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c013(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c013, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_c013.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_c013.c
new file mode 100644
index 00000000000..ccec9ca22c2
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_c013.c
@@ -0,0 +1,135 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c013.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c013_crypto_list[] = {
+ NULL,
+ psa_hash_verify_test,
+ psa_hash_verify_inactive_operation_handle,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_hash_verify_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_hash_operation_t operation;
+ const char *hash;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (check1[i].alg == PSA_ALG_SHA_384)
+ hash = sha384_hash;
+ else if (check1[i].alg == PSA_ALG_SHA_512)
+ hash = sha512_hash;
+ else
+ hash = check1[i].hash;
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Add a message fragment to a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &operation,
+ &check1[i].input, check1[i].input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Finish the calculation of the hash of a message and compare it with an expected value*/
+ status = val->crypto_function(VAL_CRYPTO_HASH_VERIFY, &operation, hash,
+ check1[i].hash_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_hash_verify_inactive_operation_handle(security_t caller)
+{
+ psa_hash_operation_t operation, invalid_operation;
+ char input = 0xbd;
+ size_t input_length = 1;
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ size_t hash_length = PSA_HASH_SIZE(alg);
+ char hash[] = {0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f,
+ 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70, 0xc9, 0x5a, 0xcc, 0xbb,
+ 0x7d, 0xc4, 0xb5, 0xaa, 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe,
+ 0x73, 0x2b};
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "test psa_hash_verify with inactive & invalid operation handle\n", 0);
+ memset(&operation, 0, sizeof(operation));
+ memset(&invalid_operation, 0, sizeof(invalid_operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Add a message fragment to a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &operation,
+ &input, input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Finish the calculation of the hash of a message and compare it with an expected value*/
+ status = val->crypto_function(VAL_CRYPTO_HASH_VERIFY, &operation, hash, hash_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Retry the operation with completed operation handle */
+ status = val->crypto_function(VAL_CRYPTO_HASH_VERIFY, &operation, hash, hash_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(6));
+
+ /* Retry the operation with invalid operation handle */
+ status = val->crypto_function(VAL_CRYPTO_HASH_VERIFY, &invalid_operation, hash, hash_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(7));
+
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_c013.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_c013.h
new file mode 100644
index 00000000000..5135dda7d61
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_c013.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C013_CLIENT_TESTS_H_
+#define _TEST_C013_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c013)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c013_crypto_list[];
+
+int32_t psa_hash_verify_test(security_t caller);
+int32_t psa_hash_verify_inactive_operation_handle(security_t caller);
+#endif /* _TEST_C013_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_data.h
new file mode 100644
index 00000000000..520309a6aa6
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_data.h
@@ -0,0 +1,131 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[50];
+ psa_algorithm_t alg;
+ char input;
+ size_t input_length;
+ char hash[32];
+ size_t hash_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const char sha384_hash[] = {
+0x43, 0x72, 0xe3, 0x8a, 0x92, 0xa2, 0x8b, 0x5d, 0x2c, 0x39, 0x1e, 0x62,
+0x45, 0x2a, 0x86, 0xd5, 0x0e, 0x02, 0x67, 0x22, 0x8b, 0xe1, 0x76, 0xc7, 0x7d, 0x24, 0x02, 0xef,
+0xfe, 0x9f, 0xa5, 0x0d, 0xe4, 0x07, 0xbb, 0xb8, 0x51, 0xb3, 0x7d, 0x59, 0x04, 0xab, 0xa2, 0xde,
+0xde, 0x74, 0xda, 0x2a};
+
+static const char sha512_hash[] = {
+0x29, 0x6e, 0x22, 0x67, 0xd7, 0x4c, 0x27, 0x8d, 0xaa, 0xaa, 0x94, 0x0d,
+0x17, 0xb0, 0xcf, 0xb7, 0x4a, 0x50, 0x83, 0xf8, 0xe0, 0x69, 0x72, 0x6d, 0x8c, 0x84, 0x1c, 0xbe,
+0x59, 0x6e, 0x04, 0x31, 0xcb, 0x77, 0x41, 0xa5, 0xb5, 0x0f, 0x71, 0x66, 0x6c, 0xfd, 0x54, 0xba,
+0xcb, 0x7b, 0x00, 0xae, 0xa8, 0x91, 0x49, 0x9c, 0xf4, 0xef, 0x6a, 0x03, 0xc8, 0xa8, 0x3f, 0xe3,
+0x7c, 0x3f, 0x7b, 0xaf};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_MD2
+{"Test psa_hash_verify with MD2 algorithm\n",
+ PSA_ALG_MD2, 0xbd, 1,
+ {0x8c, 0x9c, 0x17, 0x66, 0x5d, 0x25, 0xb3, 0x5f, 0xc4, 0x13, 0xc4, 0x18, 0x05, 0xc6, 0x79, 0xcf},
+ 16, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD4
+{"Test psa_hash_verify with MD4 algorithm\n",
+ PSA_ALG_MD4, 0xbd, 1,
+ {0x18, 0xc3, 0x3f, 0x97, 0x29, 0x7e, 0xfe, 0x5f, 0x8a, 0x73, 0x22, 0x58, 0x28, 0x9f, 0xda, 0x25},
+ 16, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD5
+{"Test psa_hash_verify with MD5 algorithm\n",
+ PSA_ALG_MD5, 0xbd, 1,
+ {0xab, 0xae, 0x57, 0xcb, 0x56, 0x2e, 0xcf, 0x29, 0x5b, 0x4a, 0x37, 0xa7, 0x6e, 0xfe, 0x61, 0xfb},
+ 16, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_RIPEMD160
+{"Test psa_hash_verify with RIPEMD160 algorithm\n",
+ PSA_ALG_RIPEMD160, 0xbd, 1,
+ {0x50, 0x89, 0x26, 0x5e, 0xe5, 0xd9, 0xaf, 0x75, 0xd1, 0x2d, 0xbf, 0x7e, 0xa2, 0xf2, 0x7d, 0xbd,
+ 0xee, 0x43, 0x5b, 0x37},
+ 20, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA1
+{"Test psa_hash_verify with SHA1 algorithm\n",
+ PSA_ALG_SHA_1, 0xbd, 1,
+ {0x90, 0x34, 0xaa, 0xf4, 0x51, 0x43, 0x99, 0x6a, 0x2b, 0x14, 0x46, 0x5c, 0x35, 0x2a, 0xb0, 0xc6,
+ 0xfa, 0x26, 0xb2, 0x21},
+ 20, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_hash_verify with SHA224 algorithm\n",
+ PSA_ALG_SHA_224, 0xbd, 1,
+ {0xb1, 0xe4, 0x6b, 0xb9, 0xef, 0xe4, 0x5a, 0xf5, 0x54, 0x36, 0x34, 0x49, 0xc6, 0x94, 0x5a, 0x0d,
+ 0x61, 0x69, 0xfc, 0x3a, 0x5a, 0x39, 0x6a, 0x56, 0xcb, 0x97, 0xcb, 0x57},
+ 28, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_hash_verify with SHA256 algorithm\n",
+ PSA_ALG_SHA_256, 0xbd, 1,
+ {0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70,
+ 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa, 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b},
+ 32, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA384
+{"Test psa_hash_verify with SHA384 algorithm\n",
+ PSA_ALG_SHA_384, 0xbd, 1, {0}, 48, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_hash_verify with SHA512 algorithm\n",
+ PSA_ALG_SHA_512, 0xbd, 1, {0}, 64, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_hash_verify with incorrect expected hash\n",
+ PSA_ALG_SHA_256, 0xbd, 1,
+ {0x68, 0x32, 0x57, 0x20, 0xab, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70,
+ 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa, 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x78},
+ 32, PSA_ERROR_INVALID_SIGNATURE,
+},
+
+{"Test psa_hash_verify with incorrect hash length\n",
+ PSA_ALG_SHA_256, 0xbd, 1,
+ {0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70,
+ 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa, 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b},
+ 31, PSA_ERROR_INVALID_SIGNATURE,
+},
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_entry.c
new file mode 100644
index 00000000000..99ca4d2f8ad
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c013/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c013.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 13)
+#define TEST_DESC "Testing crypto hash functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c013_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/main.c
new file mode 100644
index 00000000000..c114c363a69
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c014(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c014, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_c014.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_c014.c
new file mode 100644
index 00000000000..48e3c5ab72f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_c014.c
@@ -0,0 +1,186 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c014.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c014_crypto_list[] = {
+ NULL,
+ psa_hash_finish_test,
+ psa_hash_finish_inactive_operation_handle,
+ psa_hash_finish_invalid_hash_buffer_size,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_hash_finish_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_hash_operation_t operation;
+ const char *expected_hash;
+ char hash[HASH_64B];
+ size_t hash_length, hash_size = sizeof(hash)/sizeof(hash[0]);
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ if (check1[i].alg == PSA_ALG_SHA_384)
+ expected_hash = sha384_hash;
+ else if (check1[i].alg == PSA_ALG_SHA_512)
+ expected_hash = sha512_hash;
+ else
+ expected_hash = check1[i].hash;
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Add a message fragment to a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &operation,
+ &check1[i].input, check1[i].input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Finish the calculation of the hash of a message */
+ status = val->crypto_function(VAL_CRYPTO_HASH_FINISH, &operation, hash, hash_size,
+ &hash_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ continue;
+ }
+
+ TEST_ASSERT_EQUAL(hash_length, PSA_HASH_SIZE(check1[i].alg), TEST_CHECKPOINT_NUM(7));
+
+ TEST_ASSERT_MEMCMP(hash, expected_hash, hash_length, TEST_CHECKPOINT_NUM(8));
+
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_hash_finish_inactive_operation_handle(security_t caller)
+{
+ psa_hash_operation_t operation;
+ char input = 0xbd;
+ size_t input_length = 1;
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ char hash[HASH_64B];
+ size_t hash_length, hash_size = sizeof(hash)/sizeof(hash[0]);
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "test psa_hash_finish with inactive operation handle\n", 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Add a message fragment to a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &operation,
+ &input, input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Finish the calculation of the hash of a message */
+ status = val->crypto_function(VAL_CRYPTO_HASH_FINISH, &operation, hash, hash_size,
+ &hash_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Retry the operation with completed operation handle */
+ status = val->crypto_function(VAL_CRYPTO_HASH_FINISH, &operation, hash, hash_size,
+ &hash_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(6));
+
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_hash_finish_invalid_hash_buffer_size(security_t caller)
+{
+ psa_hash_operation_t operation;
+ char input = 0xbd;
+ size_t input_length = 1;
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ char hash[HASH_64B];
+ size_t hash_length, hash_size = 10;
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "test psa_hash_finish with invalid hash buffer size\n", 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Add a message fragment to a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &operation, &input, input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Finish the calculation of the hash of a message */
+ status = val->crypto_function(VAL_CRYPTO_HASH_FINISH, &operation, hash, hash_size,
+ &hash_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BUFFER_TOO_SMALL, TEST_CHECKPOINT_NUM(5));
+
+ /*Abort the hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_c014.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_c014.h
new file mode 100644
index 00000000000..348e07c41f1
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_c014.h
@@ -0,0 +1,32 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C014_CLIENT_TESTS_H_
+#define _TEST_C014_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c014)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c014_crypto_list[];
+
+int32_t psa_hash_finish_test(security_t caller);
+int32_t psa_hash_finish_inactive_operation_handle(security_t caller);
+int32_t psa_hash_finish_invalid_hash_buffer_size(security_t caller);
+#endif /* _TEST_C014_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_data.h
new file mode 100644
index 00000000000..fb0fdb40459
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_data.h
@@ -0,0 +1,115 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[50];
+ psa_algorithm_t alg;
+ char input;
+ size_t input_length;
+ char hash[32];
+ size_t hash_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const char sha384_hash[] = {
+0x43, 0x72, 0xe3, 0x8a, 0x92, 0xa2, 0x8b, 0x5d, 0x2c, 0x39, 0x1e, 0x62,
+0x45, 0x2a, 0x86, 0xd5, 0x0e, 0x02, 0x67, 0x22, 0x8b, 0xe1, 0x76, 0xc7, 0x7d, 0x24, 0x02, 0xef,
+0xfe, 0x9f, 0xa5, 0x0d, 0xe4, 0x07, 0xbb, 0xb8, 0x51, 0xb3, 0x7d, 0x59, 0x04, 0xab, 0xa2, 0xde,
+0xde, 0x74, 0xda, 0x2a};
+
+static const char sha512_hash[] = {
+0x29, 0x6e, 0x22, 0x67, 0xd7, 0x4c, 0x27, 0x8d, 0xaa, 0xaa, 0x94, 0x0d,
+0x17, 0xb0, 0xcf, 0xb7, 0x4a, 0x50, 0x83, 0xf8, 0xe0, 0x69, 0x72, 0x6d, 0x8c, 0x84, 0x1c, 0xbe,
+0x59, 0x6e, 0x04, 0x31, 0xcb, 0x77, 0x41, 0xa5, 0xb5, 0x0f, 0x71, 0x66, 0x6c, 0xfd, 0x54, 0xba,
+0xcb, 0x7b, 0x00, 0xae, 0xa8, 0x91, 0x49, 0x9c, 0xf4, 0xef, 0x6a, 0x03, 0xc8, 0xa8, 0x3f, 0xe3,
+0x7c, 0x3f, 0x7b, 0xaf};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_MD2
+{"Test psa_hash_finish with MD2 algorithm\n",
+ PSA_ALG_MD2, 0xbd, 1,
+ {0x8c, 0x9c, 0x17, 0x66, 0x5d, 0x25, 0xb3, 0x5f, 0xc4, 0x13, 0xc4, 0x18, 0x05, 0xc6, 0x79, 0xcf},
+ 16, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD4
+{"Test psa_hash_finish with MD4 algorithm\n",
+ PSA_ALG_MD4, 0xbd, 1,
+ {0x18, 0xc3, 0x3f, 0x97, 0x29, 0x7e, 0xfe, 0x5f, 0x8a, 0x73, 0x22, 0x58, 0x28, 0x9f, 0xda, 0x25},
+ 16, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD5
+{"Test psa_hash_finish with MD5 algorithm\n",
+ PSA_ALG_MD5, 0xbd, 1,
+ {0xab, 0xae, 0x57, 0xcb, 0x56, 0x2e, 0xcf, 0x29, 0x5b, 0x4a, 0x37, 0xa7, 0x6e, 0xfe, 0x61, 0xfb},
+ 16, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_RIPEMD160
+{"Test psa_hash_finish with RIPEMD160 algorithm\n",
+ PSA_ALG_RIPEMD160, 0xbd, 1,
+ {0x50, 0x89, 0x26, 0x5e, 0xe5, 0xd9, 0xaf, 0x75, 0xd1, 0x2d, 0xbf, 0x7e, 0xa2, 0xf2, 0x7d, 0xbd,
+ 0xee, 0x43, 0x5b, 0x37},
+ 20, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA1
+{"Test psa_hash_finish with SHA1 algorithm\n",
+ PSA_ALG_SHA_1, 0xbd, 1,
+ {0x90, 0x34, 0xaa, 0xf4, 0x51, 0x43, 0x99, 0x6a, 0x2b, 0x14, 0x46, 0x5c, 0x35, 0x2a, 0xb0, 0xc6,
+ 0xfa, 0x26, 0xb2, 0x21},
+ 20, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_hash_finish with SHA224 algorithm\n",
+ PSA_ALG_SHA_224, 0xbd, 1,
+ {0xb1, 0xe4, 0x6b, 0xb9, 0xef, 0xe4, 0x5a, 0xf5, 0x54, 0x36, 0x34, 0x49, 0xc6, 0x94, 0x5a, 0x0d,
+ 0x61, 0x69, 0xfc, 0x3a, 0x5a, 0x39, 0x6a, 0x56, 0xcb, 0x97, 0xcb, 0x57},
+ 28, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_hash_finish with SHA256 algorithm\n",
+ PSA_ALG_SHA_256, 0xbd, 1,
+ {0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82, 0xf3, 0x0f, 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70,
+ 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa, 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b},
+ 32, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA384
+{"Test psa_hash_finish with SHA384 algorithm\n",
+ PSA_ALG_SHA_384, 0xbd, 1, {0}, 48, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_hash_finish with SHA512 algorithm\n",
+ PSA_ALG_SHA_512, 0xbd, 1, {0}, 64, PSA_SUCCESS,
+},
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_entry.c
new file mode 100644
index 00000000000..3934edc87df
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c014/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c014.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 14)
+#define TEST_DESC "Testing crypto hash functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c014_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/main.c
new file mode 100644
index 00000000000..7f722a337d3
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c015(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c015, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_c015.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_c015.c
new file mode 100644
index 00000000000..208d7b563f9
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_c015.c
@@ -0,0 +1,110 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c015.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c015_crypto_list[] = {
+ NULL,
+ psa_hash_abort_test,
+ psa_hash_abort_before_operation_finish,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_hash_abort_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_hash_operation_t operation;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, check1[i].alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Abort a hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
+
+ /* Multiple hash abort should succeed */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_hash_abort_before_operation_finish(security_t caller)
+{
+ psa_hash_operation_t operation;
+ char input = 0xbd;
+ size_t input_length = 1;
+ psa_algorithm_t alg = PSA_ALG_SHA_256;
+ char hash[HASH_64B];
+ size_t hash_length, hash_size = sizeof(hash)/sizeof(hash[0]);
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "Test psa_hash_finish after calling psa_hash_abort\n", 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Start a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_SETUP, &operation, alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Add a message fragment to a multipart hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_UPDATE, &operation, &input, input_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Abort a hash operation */
+ status = val->crypto_function(VAL_CRYPTO_HASH_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Finish the calculation of the hash of a message */
+ status = val->crypto_function(VAL_CRYPTO_HASH_FINISH, &operation, hash, hash_size,
+ &hash_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(6));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_c015.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_c015.h
new file mode 100644
index 00000000000..bf435c2c078
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_c015.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C015_CLIENT_TESTS_H_
+#define _TEST_C015_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c015)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c015_crypto_list[];
+
+int32_t psa_hash_abort_test(security_t caller);
+int32_t psa_hash_abort_before_operation_finish(security_t caller);
+#endif /* _TEST_C015_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_data.h
new file mode 100644
index 00000000000..98ec64c7dbf
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_data.h
@@ -0,0 +1,80 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[50];
+ psa_algorithm_t alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_MD2
+{"Test psa_hash_abort with MD2 algorithm\n",
+ PSA_ALG_MD2, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD4
+{"Test psa_hash_abort with MD4 algorithm\n",
+ PSA_ALG_MD4, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_MD5
+{"Test psa_hash_abort with MD5 algorithm\n",
+ PSA_ALG_MD5, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_RIPEMD160
+{"Test psa_hash_abort with RIPEMD160 algorithm\n",
+ PSA_ALG_RIPEMD160, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA1
+{"Test psa_hash_abort with SHA1 algorithm\n",
+ PSA_ALG_SHA_1, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_hash_abort with SHA224 algorithm\n",
+ PSA_ALG_SHA_224, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_hash_abort with SHA256 algorithm\n",
+ PSA_ALG_SHA_256, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA384
+{"Test psa_hash_abort with SHA384 algorithm\n",
+ PSA_ALG_SHA_384, PSA_SUCCESS,
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_hash_abort with SHA512 algorithm\n",
+ PSA_ALG_SHA_512, PSA_SUCCESS,
+},
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_entry.c
new file mode 100644
index 00000000000..b403a9553a0
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c015/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c015.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 15)
+#define TEST_DESC "Testing crypto hash functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c015_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/main.c
new file mode 100644
index 00000000000..40711d457ce
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c016(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c016, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_c016.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_c016.c
new file mode 100644
index 00000000000..5862ba563b7
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_c016.c
@@ -0,0 +1,174 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c016.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c016_crypto_list[] = {
+ NULL,
+ psa_generate_key_test,
+ psa_generate_key_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+
+int32_t psa_generate_key_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ uint32_t i, length;
+ psa_key_policy_t policy;
+ psa_key_type_t key_type;
+ size_t bits;
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Generate a key or key pair */
+ status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].bits, check1[i].extra, check1[i].extra_size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Get basic metadata about a key */
+ status = val->crypto_function(VAL_CRYPTO_GET_KEY_INFORMATION, check1[i].key_handle,
+ &key_type, &bits);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ TEST_ASSERT_EQUAL(key_type, check1[i].key_type, TEST_CHECKPOINT_NUM(7));
+
+ TEST_ASSERT_EQUAL(bits, check1[i].expected_bit_length, TEST_CHECKPOINT_NUM(8));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle, data,
+ BUFFER_SIZE, &length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+
+ TEST_ASSERT_EQUAL(length, check1[i].expected_key_length, TEST_CHECKPOINT_NUM(10));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_generate_key_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ uint32_t i;
+ psa_key_policy_t policy;
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_generate_key with unallocated key handle\n",
+ g_test_count++);
+ /* Generate a key or key pair */
+ status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check2[i].key_handle,
+ check2[i].key_type, check2[i].bits, check2[i].extra, check2[i].extra_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_generate_key with zero as key handle\n",
+ g_test_count++);
+ /* Generate a key or key pair */
+ status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, 0, check2[i].key_type,
+ check2[i].bits, check2[i].extra, check2[i].extra_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_generate_key with pre-occupied key handle\n",
+ g_test_count++);
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Generate a key or key pair */
+ status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check2[i].key_handle,
+ check2[i].key_type, check2[i].bits, check2[i].extra, check2[i].extra_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Generate a key or key pair */
+ status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check2[i].key_handle,
+ check2[i].key_type, check2[i].bits, check2[i].extra, check2[i].extra_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_OCCUPIED_SLOT, TEST_CHECKPOINT_NUM(8));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_generate_key with destroyed key handle\n",
+ g_test_count++);
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Generate a key or key pair */
+ status = val->crypto_function(VAL_CRYPTO_GENERATE_KEY, check2[i].key_handle,
+ check2[i].key_type, check2[i].bits, check2[i].extra, check2[i].extra_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(10));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_c016.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_c016.h
new file mode 100644
index 00000000000..7697b911cac
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_c016.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C016_CLIENT_TESTS_H_
+#define _TEST_C016_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c016)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c016_crypto_list[];
+
+int32_t psa_generate_key_test(security_t caller);
+int32_t psa_generate_key_negative_test(security_t caller);
+#endif /* _TEST_C016_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_data.h
new file mode 100644
index 00000000000..8bcd0877d9f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_data.h
@@ -0,0 +1,145 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ size_t bits;
+ void *extra;
+ size_t extra_size;
+ uint32_t expected_bit_length;
+ uint32_t expected_key_length;
+ psa_status_t expected_status;
+} test_data;
+
+#ifdef FUTURE_SUPPORT
+static uint32_t rsa_extra = 3;
+#endif
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_generate_key 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), NULL, 0,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_generate_key 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), NULL, 0,
+ BYTES_TO_BITS(AES_24B_KEY_SIZE), AES_24B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_generate_key 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), NULL, 0,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), AES_32B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_generate_key with DES 64 bit key\n", 4, PSA_KEY_TYPE_DES,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), NULL, 0,
+ BYTES_TO_BITS(DES_8B_KEY_SIZE), DES_8B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_generate_key with Triple DES 2-Key\n", 5, PSA_KEY_TYPE_DES,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), NULL, 0,
+ BYTES_TO_BITS(DES3_2KEY_SIZE), DES3_2KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_generate_key with Triple DES 3-Key\n", 6, PSA_KEY_TYPE_DES,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), NULL, 0,
+ BYTES_TO_BITS(DES3_3KEY_SIZE), DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_generate_key with Null extra and Non-Zero extra size\n", 7, PSA_KEY_TYPE_AES,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), NULL, sizeof(uint32_t),
+ 0, 0, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef FUTURE_SUPPORT
+{"Test psa_generate_key with RSA 2048 Keypair\n", 8, PSA_KEY_TYPE_RSA_KEYPAIR,
+ PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, NULL, 0,
+ 2048, 1193, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
+{"Test psa_generate_key with ECC KeyPair\n", 9,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1),
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION,
+ 224, NULL, 0,
+ 224, 28, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef FUTURE_SUPPORT
+{"Test psa_generate_key with Non-Null extra for 32 Byte AES key\n", 10, PSA_KEY_TYPE_AES,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_32B_KEY_SIZE), &rsa_extra, sizeof(uint32_t),
+ 0, 0, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_generate_key with RSA 2048 Public key\n", 11, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+ PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+ 2048, NULL, 0,
+ 2048, 1193, PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_generate_key negative cases\n", 12, PSA_KEY_TYPE_AES,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), NULL, 0,
+ BYTES_TO_BITS(AES_16B_KEY_SIZE), AES_16B_KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_entry.c
new file mode 100644
index 00000000000..3957dd6d6eb
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c016/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c016.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 16)
+#define TEST_DESC "Testing crypto generator functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c016_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/main.c
new file mode 100644
index 00000000000..42b89b3e771
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c017(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c017, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_c017.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_c017.c
new file mode 100644
index 00000000000..10387b8d7c6
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_c017.c
@@ -0,0 +1,74 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c017.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c017_crypto_list[] = {
+ NULL,
+ psa_generate_random_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_generate_random_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ uint32_t i, j, data_sum;
+ uint8_t data[BUFFER_SIZE] = {0};
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Generate random bytes */
+ status = val->crypto_function(VAL_CRYPTO_GENERATE_RANDOM, data, check1[i].size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(3));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ data_sum = 0;
+ /* Check that if generated data are zero */
+ for (j = 0; j < check1[i].size; j++)
+ {
+ data_sum += data[j];
+ data[j] = 0;
+ }
+
+ if (check1[i].size != 0)
+ TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(4));
+ else
+ TEST_ASSERT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(5));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_c017.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_c017.h
new file mode 100644
index 00000000000..ee8c4efbf3f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_c017.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C017_CLIENT_TESTS_H_
+#define _TEST_C017_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c017)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c017_crypto_list[];
+
+int32_t psa_generate_random_test(security_t caller);
+#endif /* _TEST_C017_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_data.h
new file mode 100644
index 00000000000..4e0c46cfa0d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_data.h
@@ -0,0 +1,56 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ size_t size;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+{"Test psa_generate_random to get 0 Byte data\n", 0, PSA_SUCCESS
+},
+
+{"Test psa_generate_random to get 16 Byte data\n", 16, PSA_SUCCESS
+},
+
+{"Test psa_generate_random to get 24 Byte data\n", 24, PSA_SUCCESS
+},
+
+{"Test psa_generate_random to get 32 Byte data\n", 32, PSA_SUCCESS
+},
+
+{"Test psa_generate_random to get 64 Byte data\n", 64, PSA_SUCCESS
+},
+
+{"Test psa_generate_random to get 128 Byte data\n", 128, PSA_SUCCESS
+},
+
+{"Test psa_generate_random to get 256 Byte data\n", 256, PSA_SUCCESS
+},
+
+{"Test psa_generate_random to get 512 Byte data\n", 512, PSA_SUCCESS
+},
+
+{"Test psa_generate_random to get 1000 Byte data\n", 100, PSA_SUCCESS
+},
+
+{"Test psa_generate_random to get 1024 Byte data\n", 1024, PSA_SUCCESS
+},
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_entry.c
new file mode 100644
index 00000000000..500d2ec664c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c017/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c017.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 17)
+#define TEST_DESC "Testing crypto generator functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c017_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/main.c
new file mode 100644
index 00000000000..b21ffb85dfd
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c018(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c018, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_c018.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_c018.c
new file mode 100644
index 00000000000..971c6de33f2
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_c018.c
@@ -0,0 +1,146 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c018.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c018_crypto_list[] = {
+ NULL,
+ psa_generator_read_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE_HIGH];
+
+int32_t psa_generator_read_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ uint32_t i, j, data_sum, remaining_size;
+ psa_key_policy_t policy;
+ psa_crypto_generator_t generator, invalid_generator;
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ memset(&generator, 0, sizeof(generator));
+ memset(&invalid_generator, 0xDEADEAD, sizeof(invalid_generator));
+ memset(data, 0, sizeof(data));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set up a key derivation operation. Using this function to initialize the generate as
+ * XOR or PRNG generator initialization is not implemented.
+ */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator, check1[i].key_handle,
+ check1[i].key_alg, &check1[i].salt, check1[i].salt_length, &check1[i].label,
+ check1[i].label_length, check1[i].capacity);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Read some data from a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, data,
+ check1[i].size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ continue;
+ }
+
+ data_sum = 0;
+ /* Check that if generated data are zero */
+ for (j = 0; j < check1[i].size; j++)
+ {
+ data_sum += data[j];
+ }
+
+ memset(data, 0, sizeof(data));
+ TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(9));
+
+ remaining_size = check1[i].capacity - check1[i].size;
+ if (remaining_size > 0)
+ {
+ /* Read some data from a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator,
+ data, remaining_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ data_sum = 0;
+ /* Check that if generated data are zero */
+ for (j = 0; j < remaining_size; j++)
+ {
+ data_sum += data[j];
+ }
+
+ memset(data, 0, sizeof(data));
+ TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(11));
+
+ /* Read some data from a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator,
+ data, check1[i].size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_CAPACITY, TEST_CHECKPOINT_NUM(12));
+ }
+
+ /* Read data using invalid generator handle */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &invalid_generator,
+ data, 1);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(13));
+
+ /* Abort a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_c018.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_c018.h
new file mode 100644
index 00000000000..34f72c8db53
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_c018.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C018_CLIENT_TESTS_H_
+#define _TEST_C018_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c018)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c018_crypto_list[];
+
+int32_t psa_generator_read_test(security_t caller);
+#endif /* _TEST_C018_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_data.h
new file mode 100644
index 00000000000..9506e173ab7
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_data.h
@@ -0,0 +1,97 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t salt[16];
+ size_t salt_length;
+ uint8_t label[16];
+ size_t label_length;
+ size_t capacity;
+ size_t size;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+/* Covers the following cases
+ * - 16 Byte key
+ * - SHA 256
+ * - Output size less than generator capacity
+ */
+#ifdef ARCH_TEST_HKDF
+#ifdef ARCH_TEST_SHA256
+{"Test psa_generator_read to get 16 Byte data with SHA-256\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ {0}, 0, {0}, 0, 32,
+ 16, PSA_SUCCESS
+},
+#endif
+/* Covers the following cases
+ * - 32 Byte key
+ * - SHA 512
+ * - Output size equal to generator capacity
+ */
+#ifdef ARCH_TEST_SHA512
+{"Test psa_generator_read to get 32 Byte data with SHA-512\n", 2, PSA_KEY_TYPE_DERIVE,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_512),
+ {0}, 0, {0}, 0, 64,
+ 64, PSA_SUCCESS
+},
+#endif
+
+/* Covers the following cases
+ * - 8 Byte Key
+ * - SHA 1
+ * - Output size greater than the generator capacity
+ */
+#ifdef ARCH_TEST_SHA1
+{"Test psa_generator_read to get 8 Byte data with SHA-1\n", 3, PSA_KEY_TYPE_DERIVE,
+{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_1),
+ {0}, 0, {0}, 0, 64,
+ 70, PSA_ERROR_INSUFFICIENT_CAPACITY
+},
+
+{"Test psa_generator_read to request maximum capacity\n", 4, PSA_KEY_TYPE_DERIVE,
+{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_1),
+ {0}, 0, {0}, 0, (255 * 20),
+ (255 * 20), PSA_SUCCESS
+},
+
+{"Test psa_generator_read to request maximum capacity +1\n", 5, PSA_KEY_TYPE_DERIVE,
+{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_1),
+ {0}, 0, {0}, 0, (255 * 20),
+ ((255 * 20) + 1), PSA_ERROR_INSUFFICIENT_CAPACITY
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_entry.c
new file mode 100644
index 00000000000..4ae7f2d95ca
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c018/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c018.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 18)
+#define TEST_DESC "Testing crypto generator functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c018_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/main.c
new file mode 100644
index 00000000000..2f757a48713
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c019(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c019, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_c019.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_c019.c
new file mode 100644
index 00000000000..c110892cc56
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_c019.c
@@ -0,0 +1,121 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c019.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c019_crypto_list[] = {
+ NULL,
+ psa_get_generator_capacity_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+
+int32_t psa_get_generator_capacity_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ uint32_t i, remaining_size;
+ size_t capacity;
+ psa_key_policy_t policy;
+ psa_crypto_generator_t generator;
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ memset(&generator, 0, sizeof(generator));
+ memset(data, 0, sizeof(data));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set up a key derivation operation. Using this function to initialize the generate as
+ * XOR or PRNG generator initialization is not implemented.
+ */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator, check1[i].key_handle,
+ check1[i].key_alg, check1[i].salt, check1[i].salt_length, check1[i].label,
+ check1[i].label_length, check1[i].capacity);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Retrieve the current capacity of a generator */
+ status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ continue;
+ }
+
+ TEST_ASSERT_EQUAL(capacity, check1[i].capacity, TEST_CHECKPOINT_NUM(9));
+
+ /* Generate random bytes */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, data,
+ check1[i].size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ remaining_size = check1[i].capacity - check1[i].size;
+
+ /* Retrieve the current capacity of a generator */
+ status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+
+ TEST_ASSERT_EQUAL(capacity, remaining_size, TEST_CHECKPOINT_NUM(12));
+
+ /* Abort a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_c019.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_c019.h
new file mode 100644
index 00000000000..da29369cf93
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_c019.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C019_CLIENT_TESTS_H_
+#define _TEST_C019_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c019)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c019_crypto_list[];
+
+int32_t psa_get_generator_capacity_test(security_t caller);
+#endif /* _TEST_C019_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_data.h
new file mode 100644
index 00000000000..592d03e4ca3
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_data.h
@@ -0,0 +1,70 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t salt[16];
+ size_t salt_length;
+ uint8_t label[16];
+ size_t label_length;
+ size_t capacity;
+ size_t size;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+/* Covers the following cases
+ * - 16 Byte key
+ * - SHA 256
+ * - Output size less than generator capacity
+ */
+#ifdef ARCH_TEST_HKDF
+#ifdef ARCH_TEST_SHA256
+{"Test psa_generator_get_capacity to get 16 Byte data with SHA-256\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ {0}, 0, {0}, 0, 32,
+ 16, PSA_SUCCESS
+},
+#endif
+
+/* Covers the following cases
+ * - 32 Byte key
+ * - SHA 512
+ * - Output size equal to generator capacity
+ */
+#ifdef ARCH_TEST_SHA512
+{"Test psa_generator_get_capacity to get 32 Byte data with SHA-512\n", 2, PSA_KEY_TYPE_DERIVE,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_512),
+ {0}, 0, {0}, 0, 64,
+ 64, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_entry.c
new file mode 100644
index 00000000000..b1c5b1502ea
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c019/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c019.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 19)
+#define TEST_DESC "Testing crypto generator functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c019_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/main.c
new file mode 100644
index 00000000000..9cd6dddc14c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c020(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c020, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_c020.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_c020.c
new file mode 100644
index 00000000000..700c3de0416
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_c020.c
@@ -0,0 +1,302 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c020.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+#define SLOT_1 0
+#define SLOT_2 1
+#define SLOT_3 2
+#define SLOT_4 3
+
+client_test_t test_c020_crypto_list[] = {
+ NULL,
+ psa_generator_import_key_test,
+ psa_generator_import_key_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+static psa_crypto_generator_t generator;
+
+int32_t psa_generator_import_key_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ uint32_t i, j, data_sum, remaining_size, length = 0;
+ uint32_t salt = 0, label = 0;
+ size_t salt_length = 0, label_length = 0;
+ psa_key_policy_t policy;
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ memset(&generator, 0, sizeof(generator));
+ memset(data, 0, sizeof(data));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage[SLOT_1],
+ check1[i].key_alg[SLOT_1]);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_1]);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_1],
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle[SLOT_1],
+ check1[i].key_type[SLOT_1], check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Set up a key derivation operation. Using this function to initialize the generate as
+ * XOR or PRNG generator initialization is not implemented.
+ */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
+ check1[i].key_handle[SLOT_1], check1[i].key_alg[SLOT_1], &salt, salt_length,
+ &label, label_length, check1[i].capacity);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage[SLOT_2],
+ check1[i].key_alg[SLOT_2]);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_2]);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_2],
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Create a symmetric key from data read from a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, check1[i].key_handle[SLOT_2],
+ check1[i].key_type[SLOT_2], BYTES_TO_BITS(check1[i].size), &generator);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ continue;
+ }
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle[SLOT_2], data,
+ BUFFER_SIZE, &length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ TEST_ASSERT_EQUAL(length, check1[i].size, TEST_CHECKPOINT_NUM(10));
+
+ data_sum = 0;
+ /* Check that if generated data are zero */
+ for (j = 0; j < check1[i].size; j++)
+ {
+ data_sum += data[j];
+ }
+
+ memset(data, 0, sizeof(data));
+ TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(12));
+
+ remaining_size = check1[i].capacity - check1[i].size;
+ if (remaining_size > 0)
+ {
+ length = 0;
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage[SLOT_2],
+ check1[i].key_alg[SLOT_2]);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_3]);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_3],
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+
+ /* Create a symmetric key from data read from a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY,
+ check1[i].key_handle[SLOT_3], check1[i].key_type[SLOT_2],
+ BYTES_TO_BITS(check1[i].size), &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+
+ /* Export a key in binary format */
+ status = val->crypto_function(VAL_CRYPTO_EXPORT_KEY, check1[i].key_handle[SLOT_3], data,
+ BUFFER_SIZE, &length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
+
+ TEST_ASSERT_EQUAL(length, remaining_size, TEST_CHECKPOINT_NUM(15));
+
+ data_sum = 0;
+ /* Check that if generated data are zero */
+ for (j = 0; j < remaining_size; j++)
+ {
+ data_sum += data[j];
+ }
+
+ memset(data, 0, sizeof(data));
+ TEST_ASSERT_NOT_EQUAL(data_sum, 0, TEST_CHECKPOINT_NUM(16));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage[SLOT_2],
+ check1[i].key_alg[SLOT_2]);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle[SLOT_4]);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle[SLOT_4],
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(17));
+
+ /* Create a symmetric key from data read from a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY,
+ check1[i].key_handle[SLOT_4], check1[i].key_type[SLOT_2],
+ BYTES_TO_BITS(check1[i].size), &generator);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INSUFFICIENT_CAPACITY, TEST_CHECKPOINT_NUM(18));
+ }
+
+ /* Abort a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(19));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_generator_import_key_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ uint32_t salt = 0, label = 0;
+ size_t salt_length = 0, label_length = 0;
+ uint8_t data[BUFFER_SIZE];
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ memset(&generator, 0, sizeof(generator));
+ memset(data, 0, sizeof(data));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage[SLOT_1],
+ check2[i].key_alg[SLOT_1]);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle[SLOT_1]);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle[SLOT_1],
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check2[i].key_handle[SLOT_1],
+ check2[i].key_type[SLOT_1], check2[i].key_data, check2[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set up a key derivation operation. Using this function to initialize the generate as
+ * XOR or PRNG generator initialization is not implemented.
+ */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
+ check2[i].key_handle[SLOT_1], check2[i].key_alg[SLOT_1], &salt, salt_length,
+ &label, label_length, check2[i].capacity);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_generator_import_key with invalid handle\n",
+ g_test_count++);
+ /* Create a symmetric key from data read from a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, check2[i].key_handle[SLOT_2],
+ check2[i].key_type[SLOT_2], check2[i].size, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_generator_import_key with zero handle\n",
+ g_test_count++);
+ /* Create a symmetric key from data read from a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, ZERO_KEY_SLOT,
+ check2[i].key_type[SLOT_2], check2[i].size, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_generator_import_key with"
+ " pre-occupied key slot\n", g_test_count++);
+ /* Create a symmetric key from data read from a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_IMPORT_KEY, check2[i].key_handle[SLOT_1],
+ check2[i].key_type[SLOT_2], check2[i].size, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_OCCUPIED_SLOT, TEST_CHECKPOINT_NUM(9));
+
+ /* Abort a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_c020.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_c020.h
new file mode 100644
index 00000000000..9584befd420
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_c020.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C020_CLIENT_TESTS_H_
+#define _TEST_C020_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c020)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c020_crypto_list[];
+
+int32_t psa_generator_import_key_test(security_t caller);
+int32_t psa_generator_import_key_negative_test(security_t caller);
+#endif /* _TEST_C020_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_data.h
new file mode 100644
index 00000000000..95fe77b7717
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_data.h
@@ -0,0 +1,122 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle[4];
+ psa_key_type_t key_type[2];
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage[2];
+ psa_algorithm_t key_alg[2];
+ size_t capacity;
+ size_t size;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HKDF
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_SHA256
+{"Test psa_generator_import_key for 16 Byte AES Key\n", {1, 2, 3, 4},
+{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_AES},
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
+ {PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_ALG_CTR},
+ 32, 16, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_SHA512
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_generator_import_key for Triple DES 3-Key\n", {5, 6, 7, 8},
+{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_DES},
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
+{PSA_ALG_HKDF(PSA_ALG_SHA_512), PSA_ALG_CTR},
+ DES3_3KEY_SIZE, DES3_3KEY_SIZE, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_SHA1
+#ifdef ARCH_TEST_AES
+{"Test psa_generator_import_key output greater than capacity\n", {9, 10, 11, 12},
+{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_AES},
+{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
+{PSA_ALG_HKDF(PSA_ALG_SHA_1), PSA_ALG_CTR},
+ 64, 80, PSA_ERROR_INSUFFICIENT_CAPACITY
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_SHA256
+#ifdef ARCH_TEST_RSA
+{"Test psa_generator_import_key for RSA Public Key - Invalid type\n", {13, 14, 15, 16},
+{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_RSA_PUBLIC_KEY},
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
+{PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_ALG_CTR},
+ 32, 16, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_SHA256
+#ifdef ARCH_TEST_AES_128
+{"Test psa_generator_import_key for invalid byte for generation\n", {20, 21, 22, 23},
+{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_AES},
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
+{PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_ALG_CTR},
+ 32, 10, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_HKDF
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_SHA256
+{"Test psa_generator_import_key negative cases\n",
+{17, 18, 18, 18},
+{PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_AES},
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, {PSA_KEY_USAGE_DERIVE, PSA_KEY_USAGE_EXPORT},
+{PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_ALG_CTR},
+ 32, BYTES_TO_BITS(8), PSA_ERROR_INVALID_HANDLE
+},
+#endif
+#endif
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_entry.c
new file mode 100644
index 00000000000..c109392ce4d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c020/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c020.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 20)
+#define TEST_DESC "Testing crypto generator functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c020_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/main.c
new file mode 100644
index 00000000000..bfc314683d8
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c021(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c021, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_c021.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_c021.c
new file mode 100644
index 00000000000..64619d1cc52
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_c021.c
@@ -0,0 +1,111 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c021.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c021_crypto_list[] = {
+ NULL,
+ psa_generator_abort_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+
+int32_t psa_generator_abort_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+ psa_crypto_generator_t generator;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ memset(&generator, 0, sizeof(generator));
+ memset(data, 0, sizeof(data));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_generator_abort on empty generator\n",
+ g_test_count++);
+ /* Abort an empty generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set up a key derivation operation. Using this function to initialize the generate as
+ * XOR or PRNG generator initialization is not implemented.
+ */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator, check1[i].key_handle,
+ check1[i].key_alg, check1[i].salt, check1[i].salt_length, check1[i].label,
+ check1[i].label_length, check1[i].capacity);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Abort the generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Generate random bytes */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, data, check1[i].size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(8));
+
+ val->print(PRINT_TEST, "[Check %d] Multiple psa_generator_abort test\n", g_test_count++);
+ /* Abort the generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Abort the generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_c021.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_c021.h
new file mode 100644
index 00000000000..77b0783d070
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_c021.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C021_CLIENT_TESTS_H_
+#define _TEST_C021_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c021)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c021_crypto_list[];
+
+int32_t psa_generator_abort_test(security_t caller);
+#endif /* _TEST_C021_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_data.h
new file mode 100644
index 00000000000..6f42e9e4ccb
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_data.h
@@ -0,0 +1,51 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t salt[16];
+ size_t salt_length;
+ uint8_t label[16];
+ size_t label_length;
+ size_t capacity;
+ size_t size;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HKDF
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_SHA256
+{"Test psa_generator_abort\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ {0}, 0, {0}, 0, 32,
+ 16, PSA_SUCCESS
+},
+#endif
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_entry.c
new file mode 100644
index 00000000000..621cd978563
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c021/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c021.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 21)
+#define TEST_DESC "Testing crypto generator functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c021_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/main.c
new file mode 100644
index 00000000000..43655771d7a
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c022(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c022, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_c022.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_c022.c
new file mode 100644
index 00000000000..8f8ac601f90
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_c022.c
@@ -0,0 +1,188 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c022.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+
+client_test_t test_c022_crypto_list[] = {
+ NULL,
+ psa_key_derivation_test,
+ psa_key_derivation_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+
+int32_t psa_key_derivation_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t capacity;
+ psa_key_policy_t policy;
+ psa_crypto_generator_t generator;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ memset(&generator, 0, sizeof(generator));
+ memset(data, 0, sizeof(data));
+ capacity = 0;
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Set up a key derivation operation. Using this function to initialize the generate as
+ * XOR or PRNG generator initialization is not implemented.
+ */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
+ check1[i].key_handle, check1[i].key_alg, check1[i].salt,
+ check1[i].salt_length, check1[i].label, check1[i].label_length,
+ check1[i].capacity);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(5));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort the generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ continue;
+ }
+
+ /* Retrieve the current capacity of a generator */
+ status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ TEST_ASSERT_EQUAL(capacity, check1[i].capacity, TEST_CHECKPOINT_NUM(8));
+
+ /* Abort the generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_key_derivation_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+ psa_key_handle_t empty_key_handle;
+ psa_crypto_generator_t generator;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ memset(&generator, 0, sizeof(generator));
+ memset(data, 0, sizeof(data));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with invalid key handle\n",
+ g_test_count++);
+ /* Set up a key derivation operation. Using this function to initialize the generate as
+ * XOR or PRNG generator initialization is not implemented.
+ */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
+ check2[i].key_handle, check2[i].key_alg, check2[i].salt,
+ check2[i].salt_length, check2[i].label, check2[i].label_length,
+ check2[i].capacity);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(6));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with zero as key handle\n",
+ g_test_count++);
+ /* Set up a key derivation operation. Using this function to initialize the generate as
+ * XOR or PRNG generator initialization is not implemented.
+ */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
+ 0, check2[i].key_alg, check2[i].salt,
+ check2[i].salt_length, check2[i].label, check2[i].label_length,
+ check2[i].capacity);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(7));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_key_derivation with empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &empty_key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, empty_key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Set up a key derivation operation. Using this function to initialize the generate as
+ * XOR or PRNG generator initialization is not implemented.
+ */
+ status = val->crypto_function(VAL_CRYPTO_KEY_DERIVATION, &generator,
+ empty_key_handle, check2[i].key_alg, check2[i].salt,
+ check2[i].salt_length, check2[i].label, check2[i].label_length,
+ check2[i].capacity);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(10));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_c022.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_c022.h
new file mode 100644
index 00000000000..1339ec79655
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_c022.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C022_CLIENT_TESTS_H_
+#define _TEST_C022_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c022)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c022_crypto_list[];
+
+int32_t psa_key_derivation_test(security_t caller);
+int32_t psa_key_derivation_negative_test(security_t caller);
+#endif /* _TEST_C022_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_data.h
new file mode 100644
index 00000000000..ecd5cded19d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_data.h
@@ -0,0 +1,136 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ const uint8_t salt[16];
+ size_t salt_length;
+ const uint8_t label[16];
+ size_t label_length;
+ size_t capacity;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HKDF
+#ifdef ARCH_TEST_SHA256
+{"Test psa_key_derivation to get 16 Byte data with SHA-256\n", 1, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ {0}, 0, {0}, 0, 32,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_key_derivation to get 32 Byte data with SHA-512\n", 2, PSA_KEY_TYPE_DERIVE,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_512),
+ {0}, 0, {0}, 0, 64,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_MD5
+{"Test psa_key_derivation to get 32 Byte data with MD-5\n", 3, PSA_KEY_TYPE_DERIVE,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_MD5),
+ {0}, 0, {0}, 0, 64,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_key_derivation to get 16 Byte data with salt and label\n", 4, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ "abcdefghijklmnop", 16, "This is a label", 15, 32,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA1
+{"Test psa_key_derivation with too large capacity for alg and key\n", 6, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_1),
+ {0}, 0, {0}, 0, 5200,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_key_derivation with unsupported key type\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ {0}, 0, {0}, 0, 32,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_key_derivation with incorrect usage\n", 12, PSA_KEY_TYPE_DERIVE,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+ {0}, 0, {0}, 0, 32,
+ PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
+{"Test psa_key_derivation with invalid algorithm\n", 5, PSA_KEY_TYPE_DERIVE,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ {0}, 0, {0}, 0, 64,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_HKDF
+#ifdef ARCH_TEST_SHA512
+{"Test psa_key_derivation to get 32 Byte data with SHA-512\n", 13, PSA_KEY_TYPE_DERIVE,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE},
+ AES_32B_KEY_SIZE, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_512),
+ {0}, 0, {0}, 0, 64,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_entry.c
new file mode 100644
index 00000000000..2d7e7981bd5
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c022/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c022.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 22)
+#define TEST_DESC "Testing crypto generator functions APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c022_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/main.c
new file mode 100644
index 00000000000..a30a203b474
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c023(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c023, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_c023.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_c023.c
new file mode 100644
index 00000000000..9c786dcf7b4
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_c023.c
@@ -0,0 +1,68 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c023.h"
+#include "test_data.h"
+#include "val_crypto.h"
+
+client_test_t test_c023_crypto_list[] = {
+ NULL,
+ psa_key_policy_get_usage_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_key_policy_get_usage_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+ psa_key_usage_t usage;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Retrieve the usage field of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_GET_USAGE, &policy, &usage);
+
+ TEST_ASSERT_EQUAL(usage, check1[i].usage, TEST_CHECKPOINT_NUM(3));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_c023.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_c023.h
new file mode 100644
index 00000000000..43c40e4de64
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_c023.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C023_CLIENT_TESTS_H_
+#define _TEST_C023_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c023)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c023_crypto_list[];
+
+int32_t psa_key_policy_get_usage_test(security_t caller);
+#endif /* _TEST_C023_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_data.h
new file mode 100644
index 00000000000..2ef937cc945
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_data.h
@@ -0,0 +1,55 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HKDF
+#ifdef ARCH_TEST_SHA256
+{"Test psa_key_policy_get_usage with usage as encrypt\n",
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+},
+
+{"Test psa_key_policy_get_usage with usage as decrypt\n",
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+},
+
+{"Test psa_key_policy_get_usage with usage as derive\n",
+ PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+},
+
+{"Test psa_key_policy_get_usage with usage as export\n",
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+},
+
+{"Test psa_key_policy_get_usage with usage as sign\n",
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+},
+
+{"Test psa_key_policy_get_usage with usage as verify\n",
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+},
+#endif
+#endif
+
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_entry.c
new file mode 100644
index 00000000000..d177a9db5b7
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c023/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c023.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 23)
+#define TEST_DESC "Testing crypto key management APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c023_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/main.c
new file mode 100644
index 00000000000..cbaac02d6dc
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c024(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c024, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_c024.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_c024.c
new file mode 100644
index 00000000000..a375efee635
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_c024.c
@@ -0,0 +1,205 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c024.h"
+#include "test_data.h"
+
+client_test_t test_c024_crypto_list[] = {
+ NULL,
+ psa_aead_encrypt_test,
+ psa_aead_encrypt_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+static bool_t is_buffer_empty(uint8_t *buffer, size_t size)
+{
+ int i;
+
+ for (i = 0; i < size; i++)
+ {
+ if (buffer[i] != 0)
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+int32_t psa_aead_encrypt_test(security_t caller)
+{
+ int32_t i, status;
+ uint8_t ciphertext[BUFFER_SIZE];
+ psa_key_policy_t policy;
+ size_t ciphertext_length;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ uint8_t *nonce, *additional_data;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ memset(ciphertext, 0, sizeof(ciphertext));
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ if (is_buffer_empty(check1[i].nonce, check1[i].nonce_length) == TRUE)
+ nonce = NULL;
+ else
+ nonce = check1[i].nonce;
+
+ if (is_buffer_empty(check1[i].additional_data, check1[i].additional_data_length) == TRUE)
+ additional_data = NULL;
+ else
+ additional_data = check1[i].additional_data;
+
+ /* Process an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT, check1[i].key_handle,
+ check1[i].key_alg, nonce, check1[i].nonce_length, additional_data,
+ check1[i].additional_data_length, check1[i].plaintext,
+ check1[i].plaintext_length, ciphertext, check1[i].ciphertext_size,
+ &ciphertext_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Check if the length matches */
+ TEST_ASSERT_EQUAL(ciphertext_length,
+ check1[i].expected_ciphertext_length,
+ TEST_CHECKPOINT_NUM(7));
+
+ /* Check if the data matches */
+ TEST_ASSERT_MEMCMP(ciphertext, check1[i].expected_ciphertext, ciphertext_length,
+ TEST_CHECKPOINT_NUM(8));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_aead_encrypt_negative_test(security_t caller)
+{
+ int32_t i, status;
+ uint8_t ciphertext[BUFFER_SIZE];
+ psa_key_policy_t policy;
+ size_t ciphertext_length;
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ uint8_t *nonce, *additional_data;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ if (is_buffer_empty(check2[i].nonce, check2[i].nonce_length) == TRUE)
+ nonce = NULL;
+ else
+ nonce = check2[i].nonce;
+
+ if (is_buffer_empty(check2[i].additional_data, check2[i].additional_data_length) == TRUE)
+ additional_data = NULL;
+ else
+ additional_data = check2[i].additional_data;
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - invalid key handle\n",
+ g_test_count++);
+ /* Process an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT, check2[i].key_handle,
+ check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
+ check2[i].additional_data_length, check2[i].plaintext,
+ check2[i].plaintext_length, ciphertext, check2[i].ciphertext_size,
+ &ciphertext_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - zero as key handle\n",
+ g_test_count++);
+ /* Process an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT, 0,
+ check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
+ check2[i].additional_data_length, check2[i].plaintext,
+ check2[i].plaintext_length, ciphertext, check2[i].ciphertext_size,
+ &ciphertext_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_aead_encrypt - empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Process an authenticated encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_ENCRYPT, check2[i].key_handle,
+ check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
+ check2[i].additional_data_length, check2[i].plaintext,
+ check2[i].plaintext_length, ciphertext, check2[i].ciphertext_size,
+ &ciphertext_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_c024.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_c024.h
new file mode 100644
index 00000000000..5060e3e953f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_c024.h
@@ -0,0 +1,32 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C024_CLIENT_TESTS_H_
+#define _TEST_C024_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c024)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c024_crypto_list[];
+
+int32_t psa_aead_encrypt_test(security_t caller);
+int32_t psa_aead_encrypt_negative_test(security_t caller);
+
+#endif /* _TEST_C024_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_data.h
new file mode 100644
index 00000000000..9f52ecb8de2
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_data.h
@@ -0,0 +1,180 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+#define EMPTY_KEY_SLOT 31
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t nonce[16];
+ size_t nonce_length;
+ uint8_t additional_data[32];
+ size_t additional_data_length;
+ uint8_t plaintext[30];
+ size_t plaintext_length;
+ uint8_t expected_ciphertext[45];
+ size_t ciphertext_size;
+ size_t expected_ciphertext_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_encrypt - CCM - 16B AES - 13B nounce & 8B addi data\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+{0x00, 0x41, 0x2B, 0x4E, 0xA9, 0xCD, 0xBE, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA},
+ 13,
+{0x0B, 0xE1, 0xA8, 0x8B, 0xAC, 0xE0, 0x18, 0xB1}, 8,
+{0x08, 0xE8, 0xCF, 0x97, 0xD8, 0x20, 0xEA, 0x25, 0x84, 0x60, 0xE9, 0x6A, 0xD9,
+ 0xCF, 0x52, 0x89, 0x05, 0x4D, 0x89, 0x5C, 0xEA, 0xC4, 0x7C}, 23,
+{0x4C, 0xB9, 0x7F, 0x86, 0xA2, 0xA4, 0x68, 0x9A, 0x87, 0x79, 0x47, 0xAB, 0x80,
+ 0x91, 0xEF, 0x53, 0x86, 0xA6, 0xFF, 0xBD, 0xD0, 0x80, 0xF8, 0x12, 0x03, 0x33,
+ 0xD1, 0xFC, 0xB6, 0x91, 0xF3, 0x40, 0x6C, 0xBF, 0x53, 0x1F, 0x83, 0xA4, 0xD8},
+ BUFFER_SIZE, 39, PSA_SUCCESS
+},
+
+{"Test psa_aead_encrypt - AES-CCM\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+ 13,
+{0x40, 0xa2, 0x7c, 0x1d, 0x1e, 0x23, 0xea, 0x3d, 0xbe, 0x80, 0x56, 0xb2, 0x77,
+ 0x48, 0x61, 0xa4, 0xa2, 0x01, 0xcc, 0xe4, 0x9f, 0x19, 0x99, 0x7d, 0x19, 0x20,
+ 0x6d, 0x8c, 0x8a, 0x34, 0x39, 0x51}, 32,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef}, 24,
+{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6,
+ 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0xd8, 0x0e,
+ 0x8b, 0xf8, 0x0f, 0x4a, 0x46, 0xca, 0xb0, 0x6d, 0x43, 0x13, 0xf0, 0xdb, 0x9b,
+ 0xe9}, BUFFER_SIZE, 40, PSA_SUCCESS
+},
+
+{"Test psa_aead_encrypt - AES-CCM 24 bytes Tag length = 4\n", 3, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+ 13,
+{0x40, 0xa2, 0x7c, 0x1d, 0x1e, 0x23, 0xea, 0x3d, 0xbe, 0x80, 0x56, 0xb2, 0x77,
+ 0x48, 0x61, 0xa4, 0xa2, 0x01, 0xcc, 0xe4, 0x9f, 0x19, 0x99, 0x7d, 0x19, 0x20,
+ 0x6d, 0x8c, 0x8a, 0x34, 0x39, 0x51}, 32,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef}, 24,
+{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6,
+ 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0x64, 0x3b,
+ 0x4f, 0x39},
+ BUFFER_SIZE, 28, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_encrypt - GCM - 16B AES - 12B Nounce & 12B addi data\n",
+4, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM,
+{0x57, 0x69, 0x0e, 0x43, 0x4e, 0x28, 0x00, 0x00, 0xa2, 0xfc, 0xa1, 0xa3}, 12,
+{0x42, 0xf6, 0x7e, 0x3f, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}, 12,
+{0x45, 0x00, 0x00, 0x1c, 0x42, 0xa2, 0x00, 0x00, 0x80, 0x01, 0x44, 0x1f, 0x40,
+ 0x67, 0x93, 0xb6, 0xe0, 0x00, 0x00, 0x02, 0x0a, 0x00, 0xf5, 0xff, 0x01, 0x02,
+ 0x02, 0x01}, 28,
+{0xFB, 0xA2, 0xCA, 0x84, 0x5E, 0x5D, 0xF9, 0xF0, 0xF2, 0x2C, 0x3E, 0x6E, 0x86,
+ 0xDD, 0x83, 0x1E, 0x1F, 0xC6, 0x57, 0x92, 0xCD, 0x1A, 0xF9, 0x13, 0x0E, 0x13,
+ 0x79, 0xED, 0x36, 0x9F, 0x07, 0x1F, 0x35, 0xE0, 0x34, 0xBE, 0x95, 0xF1, 0x12,
+ 0xE4, 0xE7, 0xD0, 0x5D, 0x35},
+ BUFFER_SIZE, 44, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_aead_encrypt - DES Key\n", 5, PSA_KEY_TYPE_DES,
+{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CCM,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B}, 12,
+{0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, 0x20, 0xC3, 0x3C, 0x49, 0xFD, 0x70}, 12,
+{0xB9, 0x6B, 0x49, 0xE2, 0x1D, 0x62, 0x17, 0x41, 0x63, 0x28, 0x75, 0xDB, 0x7F,
+ 0x6C, 0x92, 0x43, 0xD2, 0xD7, 0xC2}, 19,
+{0}, BUFFER_SIZE, 0, PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CIPER_MODE_CFB
+{"Test psa_aead_encrypt - Unsupported Algorithm\n", 6, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CFB,
+{0}, 13, {0}, 0, "hello world", 11,
+{0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7,
+ 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB,
+ 0x4E},
+ BUFFER_SIZE, 27, PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_GCM
+{"Test psa_aead_encrypt - Invalid key usage\n", 7, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_GCM,
+{0}, 13, {0}, 0, "hello world", 11,
+{0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7,
+ 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB,
+ 0x4E},
+ BUFFER_SIZE, 27, PSA_ERROR_NOT_PERMITTED
+},
+
+{"Test psa_aead_encrypt - Small output buffer size\n", 8, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_GCM,
+{0}, 13, {0}, 0, "hello world", 11,
+{0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7,
+ 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB,
+ 0x4E},
+ 10, 27, PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_encrypt - Negative case\n", 9, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM,
+{0}, 13, {0}, 0, "hello world", 11,
+{0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7,
+ 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB,
+ 0x4E},
+ BUFFER_SIZE, 27, PSA_ERROR_EMPTY_SLOT
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_entry.c
new file mode 100644
index 00000000000..caf74156de4
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c024/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c024.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 24)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c024_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/main.c
new file mode 100644
index 00000000000..3919ac4c946
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c025(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c025, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_c025.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_c025.c
new file mode 100644
index 00000000000..f1bcc5c2390
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_c025.c
@@ -0,0 +1,199 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c025.h"
+#include "test_data.h"
+
+client_test_t test_c025_crypto_list[] = {
+ NULL,
+ psa_aead_decrypt_test,
+ psa_aead_decrypt_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+static bool_t is_buffer_empty(uint8_t *buffer, size_t size)
+{
+ int i;
+
+ for (i = 0; i < size; i++)
+ {
+ if (buffer[i] != 0)
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+int32_t psa_aead_decrypt_test(security_t caller)
+{
+ int32_t i, status;
+ uint8_t plaintext[BUFFER_SIZE];
+ psa_key_policy_t policy;
+ size_t plaintext_length;
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ uint8_t *nonce, *additional_data;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ memset(plaintext, 0, sizeof(plaintext));
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ if (is_buffer_empty(check1[i].nonce, check1[i].nonce_length) == TRUE)
+ nonce = NULL;
+ else
+ nonce = check1[i].nonce;
+
+ if (is_buffer_empty(check1[i].additional_data, check1[i].additional_data_length) == TRUE)
+ additional_data = NULL;
+ else
+ additional_data = check1[i].additional_data;
+
+ /* Process an authenticated decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT, check1[i].key_handle,
+ check1[i].key_alg, nonce, check1[i].nonce_length, additional_data,
+ check1[i].additional_data_length, check1[i].ciphertext, check1[i].ciphertext_size,
+ plaintext, check1[i].plaintext_size, &plaintext_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Check if the length matches */
+ TEST_ASSERT_EQUAL(plaintext_length, check1[i].expected_plaintext_length,
+ TEST_CHECKPOINT_NUM(7));
+
+ /* Check if the data matches */
+ TEST_ASSERT_MEMCMP(plaintext, check1[i].expected_plaintext, plaintext_length,
+ TEST_CHECKPOINT_NUM(8));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_aead_decrypt_negative_test(security_t caller)
+{
+ int32_t i, status;
+ uint8_t plaintext[BUFFER_SIZE];
+ psa_key_policy_t policy;
+ size_t plaintext_length;
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ uint8_t *nonce, *additional_data;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ if (is_buffer_empty(check2[i].nonce, check2[i].nonce_length) == TRUE)
+ nonce = NULL;
+ else
+ nonce = check2[i].nonce;
+
+ if (is_buffer_empty(check2[i].additional_data, check2[i].additional_data_length) == TRUE)
+ additional_data = NULL;
+ else
+ additional_data = check2[i].additional_data;
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - invalid key handle\n",
+ g_test_count++);
+ /* Process an authenticated decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT, check2[i].key_handle,
+ check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
+ check2[i].additional_data_length, check2[i].ciphertext, check2[i].ciphertext_size,
+ plaintext, check2[i].plaintext_size, &plaintext_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - zero as key handle\n",
+ g_test_count++);
+ /* Process an authenticated decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT, 0,
+ check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
+ check2[i].additional_data_length, check2[i].ciphertext, check2[i].ciphertext_size,
+ plaintext, check2[i].plaintext_size, &plaintext_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_aead_decrypt - empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Process an authenticated decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_DECRYPT, check2[i].key_handle,
+ check2[i].key_alg, nonce, check2[i].nonce_length, additional_data,
+ check2[i].additional_data_length, check2[i].ciphertext, check2[i].ciphertext_size,
+ plaintext, check2[i].plaintext_size, &plaintext_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_c025.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_c025.h
new file mode 100644
index 00000000000..5b0667b8381
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_c025.h
@@ -0,0 +1,32 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C025_CLIENT_TESTS_H_
+#define _TEST_C025_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c025)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c025_crypto_list[];
+
+int32_t psa_aead_decrypt_test(security_t caller);
+int32_t psa_aead_decrypt_negative_test(security_t caller);
+
+#endif /* _TEST_C025_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_data.h
new file mode 100644
index 00000000000..4ad0e17d403
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_data.h
@@ -0,0 +1,209 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+#define EMPTY_KEY_SLOT 31
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t nonce[16];
+ size_t nonce_length;
+ uint8_t additional_data[32];
+ size_t additional_data_length;
+ uint8_t expected_plaintext[30];
+ size_t plaintext_size;
+ uint8_t ciphertext[45];
+ size_t ciphertext_size;
+ size_t expected_plaintext_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CCM
+{"Test psa_aead_decrypt - CCM - 16B AES - 13B nounce & 8B addi data\n", 1, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM,
+{0x00, 0x41, 0x2B, 0x4E, 0xA9, 0xCD, 0xBE, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA},
+ 13,
+{0x0B, 0xE1, 0xA8, 0x8B, 0xAC, 0xE0, 0x18, 0xB1}, 8,
+{0x08, 0xE8, 0xCF, 0x97, 0xD8, 0x20, 0xEA, 0x25, 0x84, 0x60, 0xE9, 0x6A, 0xD9,
+ 0xCF, 0x52, 0x89, 0x05, 0x4D, 0x89, 0x5C, 0xEA, 0xC4, 0x7C}, BUFFER_SIZE,
+{0x4C, 0xB9, 0x7F, 0x86, 0xA2, 0xA4, 0x68, 0x9A, 0x87, 0x79, 0x47, 0xAB, 0x80,
+ 0x91, 0xEF, 0x53, 0x86, 0xA6, 0xFF, 0xBD, 0xD0, 0x80, 0xF8, 0x12, 0x03, 0x33,
+ 0xD1, 0xFC, 0xB6, 0x91, 0xF3, 0x40, 0x6C, 0xBF, 0x53, 0x1F, 0x83, 0xA4, 0xD8},
+ 39, 23, PSA_SUCCESS
+},
+
+{"Test psa_aead_encrypt - AES-CCM\n", 2, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM,
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+ 13,
+{0x40, 0xa2, 0x7c, 0x1d, 0x1e, 0x23, 0xea, 0x3d, 0xbe, 0x80, 0x56, 0xb2, 0x77,
+ 0x48, 0x61, 0xa4, 0xa2, 0x01, 0xcc, 0xe4, 0x9f, 0x19, 0x99, 0x7d, 0x19, 0x20,
+ 0x6d, 0x8c, 0x8a, 0x34, 0x39, 0x51}, 32,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef}, BUFFER_SIZE,
+{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6,
+ 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0xd8, 0x0e,
+ 0x8b, 0xf8, 0x0f, 0x4a, 0x46, 0xca, 0xb0, 0x6d, 0x43, 0x13, 0xf0, 0xdb, 0x9b,
+ 0xe9}, 40, 24, PSA_SUCCESS
+},
+
+{"Test psa_aead_encrypt - AES-CCM 24 bytes Tag length = 4\n", 3, PSA_KEY_TYPE_AES,
+{0x41, 0x89, 0x35, 0x1B, 0x5C, 0xAE, 0xA3, 0x75, 0xA0, 0x29, 0x9E, 0x81, 0xC6,
+ 0x21, 0xBF, 0x43}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT,
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_CCM, 4),
+{0x48, 0xc0, 0x90, 0x69, 0x30, 0x56, 0x1e, 0x0a, 0xb0, 0xef, 0x4c, 0xd9, 0x72},
+ 13,
+{0x40, 0xa2, 0x7c, 0x1d, 0x1e, 0x23, 0xea, 0x3d, 0xbe, 0x80, 0x56, 0xb2, 0x77,
+ 0x48, 0x61, 0xa4, 0xa2, 0x01, 0xcc, 0xe4, 0x9f, 0x19, 0x99, 0x7d, 0x19, 0x20,
+ 0x6d, 0x8c, 0x8a, 0x34, 0x39, 0x51}, 32,
+{0x45, 0x35, 0xd1, 0x2b, 0x43, 0x77, 0x92, 0x8a, 0x7c, 0x0a, 0x61, 0xc9, 0xf8,
+ 0x25, 0xa4, 0x86, 0x71, 0xea, 0x05, 0x91, 0x07, 0x48, 0xc8, 0xef}, BUFFER_SIZE,
+{0x26, 0xc5, 0x69, 0x61, 0xc0, 0x35, 0xa7, 0xe4, 0x52, 0xcc, 0xe6, 0x1b, 0xc6,
+ 0xee, 0x22, 0x0d, 0x77, 0xb3, 0xf9, 0x4d, 0x18, 0xfd, 0x10, 0xb6, 0x64, 0x3b,
+ 0x4f, 0x39},
+ 28, 24, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_GCM
+{"Test psa_aead_decrypt - GCM - 16B AES - 12B Nounce & 12B addi data\n", 4, PSA_KEY_TYPE_AES,
+{0x3d, 0xe0, 0x98, 0x74, 0xb3, 0x88, 0xe6, 0x49, 0x19, 0x88, 0xd0, 0xc3, 0x60,
+ 0x7e, 0xae, 0x1f}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_GCM,
+{0x57, 0x69, 0x0e, 0x43, 0x4e, 0x28, 0x00, 0x00, 0xa2, 0xfc, 0xa1, 0xa3}, 12,
+{0x42, 0xf6, 0x7e, 0x3f, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}, 12,
+{0x45, 0x00, 0x00, 0x1c, 0x42, 0xa2, 0x00, 0x00, 0x80, 0x01, 0x44, 0x1f, 0x40,
+ 0x67, 0x93, 0xb6, 0xe0, 0x00, 0x00, 0x02, 0x0a, 0x00, 0xf5, 0xff, 0x01, 0x02,
+ 0x02, 0x01}, BUFFER_SIZE,
+{0xFB, 0xA2, 0xCA, 0x84, 0x5E, 0x5D, 0xF9, 0xF0, 0xF2, 0x2C, 0x3E, 0x6E, 0x86,
+ 0xDD, 0x83, 0x1E, 0x1F, 0xC6, 0x57, 0x92, 0xCD, 0x1A, 0xF9, 0x13, 0x0E, 0x13,
+ 0x79, 0xED, 0x36, 0x9F, 0x07, 0x1F, 0x35, 0xE0, 0x34, 0xBE, 0x95, 0xF1, 0x12,
+ 0xE4, 0xE7, 0xD0, 0x5D, 0x35},
+ 44, 28, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CCM
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_aead_decrypt - DES Key\n", 5, PSA_KEY_TYPE_DES,
+{0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B}, 12,
+{0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, 0x20, 0xC3, 0x3C, 0x49, 0xFD, 0x70}, 12,
+{0xB9, 0x6B, 0x49, 0xE2, 0x1D, 0x62, 0x17, 0x41, 0x63, 0x28, 0x75, 0xDB, 0x7F,
+ 0x6C, 0x92, 0x43, 0xD2, 0xD7, 0xC2}, BUFFER_SIZE,
+{0}, 11, 0, PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CIPER_MODE_CFB
+{"Test psa_aead_decrypt - Unsupported Algorithm\n", 6, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CFB,
+{0}, 13, {0}, 0, "hello world", BUFFER_SIZE,
+{0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7,
+ 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB,
+ 0x4E},
+ 27, 11, PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_GCM
+{"Test psa_aead_decrypt - Invalid key usage\n", 7, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_GCM,
+{0}, 13, {0}, 0, "hello world", BUFFER_SIZE,
+{0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7,
+ 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB,
+ 0x4E},
+ 27, 11, PSA_ERROR_NOT_PERMITTED
+},
+
+{"Test psa_aead_decrypt - Small output buffer size\n", 8, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_GCM,
+{0}, 13, {0}, 0, "hello world", 10,
+{0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7,
+ 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB,
+ 0x4E},
+ 27, 11, PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+
+#ifdef ARCH_TEST_CCM
+{"Test psa_aead_decrypt - Invalid cipher text\n", 9, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM,
+{0x00, 0x41, 0x2B, 0x4E, 0xA9, 0xCD, 0xBE, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA},
+ 13,
+{0x0B, 0xE1, 0xA8, 0x8B, 0xAC, 0xE0, 0x18, 0xB1}, 8,
+{0x08, 0xE8, 0xCF, 0x97, 0xD8, 0x20, 0xEA, 0x25, 0x84, 0x60, 0xE9, 0x6A, 0xD9,
+ 0xCF, 0x52, 0x89, 0x05, 0x4D, 0x89, 0x5C, 0xEA, 0xC4, 0x7C}, BUFFER_SIZE,
+{0x4C, 0xB8, 0x7F, 0x86, 0xA2, 0xA4, 0x68, 0x9A, 0x87, 0x79, 0x47, 0xAB, 0x80,
+ 0x91, 0xEF, 0x53, 0x86, 0xA6, 0xFF, 0xBD, 0xD0, 0x80, 0xF8, 0x12, 0x03, 0x33,
+ 0xD1, 0xFC, 0xB6, 0x91, 0xF3, 0x40, 0x6C, 0xBF, 0x53, 0x1F, 0x83, 0xA4, 0xD8},
+ 39, 23, PSA_ERROR_INVALID_SIGNATURE
+},
+
+{"Test psa_aead_decrypt - Invalid cipher text size\n", 10, PSA_KEY_TYPE_AES,
+{0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF,
+ 0x93, 0xCC, 0x6B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CCM,
+{0x00, 0x41, 0x2B, 0x4E, 0xA9, 0xCD, 0xBE, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA},
+ 13,
+{0x0B, 0xE1, 0xA8, 0x8B, 0xAC, 0xE0, 0x18, 0xB1}, 8,
+{0x08, 0xE8, 0xCF, 0x97, 0xD8, 0x20, 0xEA, 0x25, 0x84, 0x60, 0xE9, 0x6A, 0xD9,
+ 0xCF, 0x52, 0x89, 0x05, 0x4D, 0x89, 0x5C, 0xEA, 0xC4, 0x7C}, BUFFER_SIZE,
+{0x4C, 0xB9, 0x7F, 0x86, 0xA2, 0xA4, 0x68, 0x9A, 0x87, 0x79, 0x47, 0xAB, 0x80,
+ 0x91, 0xEF, 0x53, 0x86, 0xA6, 0xFF, 0xBD, 0xD0, 0x80, 0xF8, 0x12, 0x03, 0x33,
+ 0xD1, 0xFC, 0xB6, 0x91, 0xF3, 0x40, 0x6C, 0xBF, 0x53, 0x1F, 0x83, 0xA4},
+ 38, 23, PSA_ERROR_INVALID_SIGNATURE
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_GCM
+#ifdef ARCH_TEST_AES_128
+{"Test psa_aead_decrypt - Negative cases\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_GCM,
+{0}, 13, {0}, 0, "hello world", BUFFER_SIZE,
+{0x5D, 0xC1, 0x72, 0x23, 0x66, 0x96, 0xFD, 0xFC, 0x93, 0x06, 0x27, 0x52, 0xC7,
+ 0x0A, 0xCB, 0x36, 0x55, 0x30, 0xC9, 0x48, 0x8F, 0x5E, 0xA5, 0xB9, 0x51, 0xFB,
+ 0x4E},
+ 11, 27, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_entry.c
new file mode 100644
index 00000000000..f71ac410df5
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c025/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c025.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 25)
+#define TEST_DESC "Testing crypto AEAD APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c025_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/main.c
new file mode 100644
index 00000000000..ef298086c3a
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c026(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c026, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_c026.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_c026.c
new file mode 100644
index 00000000000..9f43a7ab404
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_c026.c
@@ -0,0 +1,149 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c026.h"
+#include "test_data.h"
+
+client_test_t test_c026_crypto_list[] = {
+ NULL,
+ psa_mac_sign_setup_test,
+ psa_mac_sign_setup_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static psa_mac_operation_t operation;
+
+int32_t psa_mac_sign_setup_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_policy_t policy;
+ int32_t i, status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Start a multipart MAC calculation operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_mac_sign_setup_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ psa_key_policy_t policy;
+ int32_t i, status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_mac_sign_setup with invalid key handle\n",
+ g_test_count++);
+ /* Start a multipart MAC calculation operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
+ check2[i].key_handle, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_mac_sign_setup with zero key handle\n",
+ g_test_count++);
+ /* Start a multipart MAC calculation operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
+ 0, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_mac_sign_setup with empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Start a multipart MAC calculation operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
+ check2[i].key_handle, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_c026.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_c026.h
new file mode 100644
index 00000000000..8d3e052e585
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_c026.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C026_CLIENT_TESTS_H_
+#define _TEST_C026_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c026)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c026_crypto_list[];
+
+int32_t psa_mac_sign_setup_test(security_t caller);
+int32_t psa_mac_sign_setup_negative_test(security_t caller);
+#endif /* _TEST_C026_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_data.h
new file mode 100644
index 00000000000..df4d3a5144f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_data.h
@@ -0,0 +1,155 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+#define EMPTY_KEY_SLOT 31
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[64];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_sign_setup 64 Byte HMAC\n", 1, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
+ 64, PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CMAC
+{"Test psa_mac_sign_setup 16 Byte AES - CMAC\n", 2, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x00},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_GMAC
+{"Test psa_mac_sign_setup 16 Byte AES - GMAC\n", 3, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x00},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_GMAC,
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_CMAC
+#ifdef ARCH_TEST_HMAC
+{"Test psa_mac_sign_setup incompactible HMAC for CMAC\n", 4, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+{"Test psa_mac_sign_setup invalid usage\n", 5, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CMAC,
+ PSA_ERROR_NOT_PERMITTED
+},
+#endif
+
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_sign_setup invalid key type\n", 7, PSA_KEY_TYPE_RAW_DATA,
+{0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B,
+ 0x0B, 0x0B, 0x0B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+#endif
+
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+#ifdef ARCH_TEST_TRUNCATED_MAC
+{"Test psa_mac_sign_setup truncated MAC too large\n", 8, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
+ 64, PSA_KEY_USAGE_SIGN, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33),
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_mac_sign_setup truncated MAC too small\n", 9, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
+ 64, PSA_KEY_USAGE_SIGN, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+{"Test psa_mac_sign_setup bad algorithm (unknown MAC algorithm)\n", 10, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x00},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(0),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_mac_sign_setup bad algorithm (not a MAC algorithm)\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x00},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_CBC_NO_PADDING,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CMAC
+{"Test psa_mac_sign_setup - Negative case\n", 12, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x00},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_entry.c
new file mode 100644
index 00000000000..89b31266702
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c026/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c026.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 26)
+#define TEST_DESC "Testing crypto MAC APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c026_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/main.c
new file mode 100644
index 00000000000..3f88f244a43
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c027(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c027, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_c027.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_c027.c
new file mode 100644
index 00000000000..e761848f096
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_c027.c
@@ -0,0 +1,138 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c027.h"
+#include "test_data.h"
+
+client_test_t test_c027_crypto_list[] = {
+ NULL,
+ psa_mac_update_test,
+ psa_mac_update_invalid_operator_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+
+int32_t psa_mac_update_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t length;
+ psa_key_policy_t policy;
+ psa_mac_operation_t operation;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+ memset(data, 0, sizeof(data));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Start a multipart MAC calculation operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Add a message fragment to a multipart MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, check1[i].data,
+ check1[i].data_size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ continue;
+ }
+
+ /* Finish the calculation of the MAC of a message */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_FINISH, &operation, data,
+ sizeof(data)/sizeof(data[0]), &length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Add a message fragment to the same multipart MAC operation*/
+ status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, check1[i].data,
+ check1[i].data_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(10));
+
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_mac_update_invalid_operator_test(security_t caller)
+{
+ psa_mac_operation_t operation;
+ int32_t status;
+
+ memset(data, 0, sizeof(data));
+ memset(&operation, 0, sizeof(operation));
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "Test psa_mac_update without mac setup\n", 0);
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Start a multipart MAC calculation operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, data,
+ sizeof(data)/sizeof(data[0]));
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(2));
+
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_c027.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_c027.h
new file mode 100644
index 00000000000..ea4c22fc368
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_c027.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C027_CLIENT_TESTS_H_
+#define _TEST_C027_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c027)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c027_crypto_list[];
+
+int32_t psa_mac_update_test(security_t caller);
+int32_t psa_mac_update_invalid_operator_test(security_t caller);
+#endif /* _TEST_C027_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_data.h
new file mode 100644
index 00000000000..6537c7eefe8
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_data.h
@@ -0,0 +1,70 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[64];
+ uint32_t key_length;
+ uint8_t data[64];
+ size_t data_size;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_update 64 Byte HMAC SHA256\n", 1, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
+ 64, "hello world", 11, PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CMAC
+{"Test psa_mac_update 16 Byte AES - CMAC\n", 2, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x00},
+ AES_16B_KEY_SIZE, "hello world", 11, PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA512
+{"Test psa_mac_update 32 Byte HMAC SHA512\n", 3, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b},
+ 32, "hello world", 11, PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_512),
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_entry.c
new file mode 100644
index 00000000000..fedebfce98b
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c027/test_entry.c
@@ -0,0 +1,52 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c027.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 27)
+#define TEST_DESC "Testing crypto MAC APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c027_crypto_list, FALSE);
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/main.c
new file mode 100644
index 00000000000..7e3d64c05a2
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c028(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c028, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_c028.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_c028.c
new file mode 100644
index 00000000000..089827860b0
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_c028.c
@@ -0,0 +1,123 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c028.h"
+#include "test_data.h"
+
+client_test_t test_c028_crypto_list[] = {
+ NULL,
+ psa_mac_sign_finish_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+
+int32_t psa_mac_sign_finish_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t length;
+ psa_key_policy_t policy;
+ psa_mac_operation_t operation;
+
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+ memset(data, 0, sizeof(data));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Start a multipart MAC calculation operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Add a message fragment to a multipart MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, check1[i].data,
+ check1[i].data_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Finish the calculation of the MAC of a message */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_FINISH, &operation, data,
+ check1[i].mac_size, &length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ continue;
+ }
+
+ /* Check if the MAC length matches with the expected length */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_length, TEST_CHECKPOINT_NUM(10));
+
+ /* Check if the MAC data matches with the expected data */
+ TEST_ASSERT_MEMCMP(check1[i].expected_data, data, length, TEST_CHECKPOINT_NUM(11));
+
+ memset(data, 0, sizeof(data));
+
+ /* Finish the calculation of the MAC of a message using same operation
+ * should return error
+ */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_FINISH, &operation, data,
+ check1[i].mac_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(12));
+
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_c028.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_c028.h
new file mode 100644
index 00000000000..a8b1b0f03ef
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_c028.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C028_CLIENT_TESTS_H_
+#define _TEST_C028_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c028)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c028_crypto_list[];
+
+int32_t psa_mac_sign_finish_test(security_t caller);
+#endif /* _TEST_C028_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_data.h
new file mode 100644
index 00000000000..215307163d6
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_data.h
@@ -0,0 +1,114 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[64];
+ uint32_t key_length;
+ uint8_t data[16];
+ size_t data_size;
+ uint8_t expected_data[64];
+ size_t mac_size;
+ size_t expected_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_sign_finish HMAC SHA 224\n", 1, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 64, 28,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_224),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_sign_finish HMAC SHA 256\n", 2, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 64, 32,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_mac_sign_finish HMAC SHA 512\n", 3, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
+ 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
+ 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
+ 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
+ 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54}, 64, 64,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_512),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_sign_finish HMAC SHA 224 (truncated to 8 Byte)\n", 4, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68}, 64, 8,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 8),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CMAC
+{"Test psa_mac_sign_finish CMAC AES 128\n", 5, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, 16,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x9A, 0x8F, 0xFF, 0x8D, 0xA3, 0x5B, 0x97, 0xCB, 0x4C, 0x95, 0xF0, 0xFA, 0x6A,
+ 0xE7, 0xE0, 0x77}, 64, 16,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_SUCCESS
+},
+
+{"Test psa_mac_sign_finish small size buffer\n", 6, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, 16,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x9A, 0x8F, 0xFF, 0x8D, 0xA3, 0x5B, 0x97, 0xCB, 0x4C, 0x95, 0xF0, 0xFA, 0x6A,
+ 0xE7, 0xE0, 0x77}, 8, 16,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_entry.c
new file mode 100644
index 00000000000..86dda651fd0
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c028/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c028.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 28)
+#define TEST_DESC "Testing crypto MAC APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c028_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/main.c
new file mode 100644
index 00000000000..372866ab927
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c029(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c029, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_c029.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_c029.c
new file mode 100644
index 00000000000..d732d92044f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_c029.c
@@ -0,0 +1,144 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c029.h"
+#include "test_data.h"
+
+client_test_t test_c029_crypto_list[] = {
+ NULL,
+ psa_mac_verify_setup_test,
+ psa_mac_verify_setup_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static psa_mac_operation_t operation;
+
+int32_t psa_mac_verify_setup_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ psa_key_policy_t policy;
+ int32_t i, status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Start a multipart MAC verification operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_mac_verify_setup_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ psa_key_policy_t policy;
+ int32_t i, status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_mac_verify_setup invalid key handle\n",
+ g_test_count++);
+ /* Start a multipart MAC verification operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation,
+ check2[i].key_handle, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_mac_verify_setup zero as key handle\n",
+ g_test_count++);
+ /* Start a multipart MAC verification operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation,
+ 0, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_mac_verify_setup empty key handle\n",
+ g_test_count++);
+ /* Start a multipart MAC verification operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation,
+ check2[i].key_handle, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(6));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_c029.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_c029.h
new file mode 100644
index 00000000000..b549fed6748
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_c029.h
@@ -0,0 +1,32 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C029_CLIENT_TESTS_H_
+#define _TEST_C029_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c029)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c029_crypto_list[];
+
+int32_t psa_mac_verify_setup_test(security_t caller);
+int32_t psa_mac_verify_setup_negative_test(security_t caller);
+
+#endif /* _TEST_C029_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_data.h
new file mode 100644
index 00000000000..4adad3a3c04
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_data.h
@@ -0,0 +1,158 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+#define EMPTY_KEY_SLOT 31
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[64];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_verify_setup 64 Byte HMAC\n", 1, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
+ 64, PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CMAC
+{"Test psa_mac_verify_setup 16 Byte AES - CMAC\n", 2, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x00},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_CMAC,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_GMAC
+{"Test psa_mac_verify_setup 16 Byte AES - GMAC\n", 3, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x00},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_GMAC,
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CMAC
+#ifdef ARCH_TEST_HMAC
+{"Test psa_mac_verify_setup incompactible HMAC for CMAC\n", 4, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_CMAC,
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_AES_128
+{"Test psa_mac_verify_setup invalid usage\n", 5, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_EXPORT, PSA_ALG_CMAC,
+ PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_verify_setup invalid key type\n", 6, PSA_KEY_TYPE_RAW_DATA,
+{0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B, 0x0B,
+ 0x0B, 0x0B, 0x0B},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_verify_setup truncated MAC too large\n", 7, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
+ 64, PSA_KEY_USAGE_VERIFY, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33),
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_mac_verify_setup truncated MAC too small\n", 8, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
+ 64, PSA_KEY_USAGE_VERIFY, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_AES_128
+{"Test psa_mac_verify_setup bad algorithm (unknown MAC algorithm)\n", 9, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x00},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(0),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_mac_verify_setup bad algorithm (not a MAC algorithm)\n", 10, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0x00},
+ AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_CBC_NO_PADDING,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_verify_setup 64 negative case\n", 11, PSA_KEY_TYPE_HMAC,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
+ 64, PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_entry.c
new file mode 100644
index 00000000000..78c323f3c6c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c029/test_entry.c
@@ -0,0 +1,52 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c029.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 29)
+#define TEST_DESC "Testing crypto MAC APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c029_crypto_list, FALSE);
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/main.c
new file mode 100644
index 00000000000..ea4889ca33b
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c030(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c030, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_c030.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_c030.c
new file mode 100644
index 00000000000..ad14048c4a2
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_c030.c
@@ -0,0 +1,113 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c030.h"
+#include "test_data.h"
+
+client_test_t test_c030_crypto_list[] = {
+ NULL,
+ psa_mac_verify_finish_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_mac_verify_finish_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+ psa_mac_operation_t operation;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Start a multipart MAC calculation operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Add a message fragment to a multipart MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, check1[i].data,
+ check1[i].data_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Finish the calculation of the MAC of a message and compare it with
+ * an expected value
+ */
+ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_FINISH, &operation,
+ check1[i].expected_mac, check1[i].mac_size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(8));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ continue;
+ }
+
+ /* Finish the calculation of the MAC of a message using same operation
+ * should return error
+ */
+ status = val->crypto_function(VAL_CRYPTO_MAC_VERIFY_FINISH, &operation,
+ check1[i].expected_mac, check1[i].mac_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(10));
+
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_c030.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_c030.h
new file mode 100644
index 00000000000..46c27207c15
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_c030.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C030_CLIENT_TESTS_H_
+#define _TEST_C030_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c030)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c030_crypto_list[];
+
+int32_t psa_mac_verify_finish_test(security_t caller);
+#endif /* _TEST_C030_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_data.h
new file mode 100644
index 00000000000..eb9f2501968
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_data.h
@@ -0,0 +1,131 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[64];
+ uint32_t key_length;
+ uint8_t data[16];
+ size_t data_size;
+ uint8_t expected_mac[64];
+ size_t mac_size;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_verify_finish HMAC SHA 224\n", 1, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 28,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_224),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_verify_finish HMAC SHA 256\n", 2, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 32,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_mac_verify_finish HMAC SHA 512\n", 3, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
+ 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
+ 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
+ 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
+ 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54}, 64,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_512),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_verify_finish HMAC SHA 224 (truncated to 8 Byte)\n", 4, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68}, 8,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 8),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CMAC
+{"Test psa_mac_verify_finish CMAC AES 128\n", 5, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, 16,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x9A, 0x8F, 0xFF, 0x8D, 0xA3, 0x5B, 0x97, 0xCB, 0x4C, 0x95, 0xF0, 0xFA, 0x6A,
+ 0xE7, 0xE0, 0x77}, 16,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_CMAC,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_verify_finish small size buffer\n", 6, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf,
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 30,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_ERROR_INVALID_SIGNATURE
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_verify_finish incorrect expected MAC\n", 7, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+{0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, 8,
+{0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4,
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x20}, 28,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(PSA_ALG_SHA_224),
+ PSA_ERROR_INVALID_SIGNATURE
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_entry.c
new file mode 100644
index 00000000000..0188a082659
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c030/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c030.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 30)
+#define TEST_DESC "Testing crypto MAC APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c030_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/main.c
new file mode 100644
index 00000000000..77a4997f6c3
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c031(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c031, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_c031.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_c031.c
new file mode 100644
index 00000000000..9988fae8a95
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_c031.c
@@ -0,0 +1,163 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c031.h"
+#include "test_data.h"
+
+client_test_t test_c031_crypto_list[] = {
+ NULL,
+ psa_mac_abort_test,
+ psa_mac_abort_before_finish_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t data[BUFFER_SIZE];
+
+int32_t psa_mac_abort_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+ psa_mac_operation_t operation;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Start a multipart MAC calculation operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Multiple Abort a MAC operation should succeed */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_mac_abort_before_finish_test(security_t caller)
+{
+ size_t length;
+ psa_key_policy_t policy;
+ psa_algorithm_t key_alg = PSA_ALG_CMAC;
+ psa_key_usage_t usage = PSA_KEY_USAGE_SIGN;
+ psa_key_handle_t key_handle = 10;
+ psa_key_type_t key_type = PSA_KEY_TYPE_AES;
+ psa_mac_operation_t operation;
+ uint8_t key_data[] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7,
+ 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c};
+ uint8_t input_data[] = {0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65};
+ size_t key_length = sizeof(key_data)/sizeof(key_data[0]);
+ size_t inputdata_size = sizeof(input_data)/sizeof(input_data[0]);
+ int32_t status;
+
+ memset(data, 0, sizeof(data));
+ memset(&operation, 0, sizeof(operation));
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "Test psa_mac_sign_finish after calling psa_mac_abort\n", 0);
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, usage, key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, key_handle, key_type, key_data,
+ key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Start a multipart MAC calculation operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_SETUP, &operation, key_handle, key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Add a message fragment to a multipart MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_UPDATE, &operation, input_data, inputdata_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Abort a MAC operation */
+ status = val->crypto_function(VAL_CRYPTO_MAC_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Finish the calculation of the MAC of a message */
+ status = val->crypto_function(VAL_CRYPTO_MAC_SIGN_FINISH, &operation, data,
+ BUFFER_SIZE, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_c031.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_c031.h
new file mode 100644
index 00000000000..0aee628767a
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_c031.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C031_CLIENT_TESTS_H_
+#define _TEST_C031_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c031)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c031_crypto_list[];
+
+int32_t psa_mac_abort_test(security_t caller);
+int32_t psa_mac_abort_before_finish_test(security_t caller);
+#endif /* _TEST_C031_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_data.h
new file mode 100644
index 00000000000..e816f812bac
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_data.h
@@ -0,0 +1,80 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[64];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_HMAC
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_abort HMAC SHA 224\n", 1, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_224),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_mac_abort HMAC SHA 256\n", 2, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA512
+{"Test psa_mac_abort HMAC SHA 512\n", 3, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(PSA_ALG_SHA_512),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA224
+{"Test psa_mac_abort HMAC SHA 224 (truncated to 8 Byte)\n", 4, PSA_KEY_TYPE_HMAC,
+{0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 20,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 8),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CMAC
+{"Test psa_mac_abort CMAC AES 128\n", 5, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, 16,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_entry.c
new file mode 100644
index 00000000000..bd97a0d78af
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c031/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c031.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 31)
+#define TEST_DESC "Testing crypto MAC APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c031_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/main.c
new file mode 100644
index 00000000000..790ca052f9c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c032(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c032, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_c032.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_c032.c
new file mode 100644
index 00000000000..de4dcf78a53
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_c032.c
@@ -0,0 +1,181 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c032.h"
+#include "test_data.h"
+
+client_test_t test_c032_crypto_list[] = {
+ NULL,
+ psa_cipher_encrypt_setup_test,
+ psa_cipher_encrypt_setup_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static psa_cipher_operation_t operation;
+
+int32_t psa_cipher_encrypt_setup_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ const uint8_t *key_data;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the key for a multipart symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_cipher_encrypt_setup_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_cipher_encrypt_setup - Invalid key handle\n",
+ g_test_count++);
+ /* Set the key for a multipart symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
+ check2[i].key_handle, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_cipher_encrypt_setup - Zero as key handle\n",
+ g_test_count++);
+ /* Set the key for a multipart symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
+ 0, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_cipher_encrypt_setup - Empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Set the key for a multipart symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
+ check2[i].key_handle, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_c032.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_c032.h
new file mode 100644
index 00000000000..02a902c11ee
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_c032.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C032_CLIENT_TESTS_H_
+#define _TEST_C032_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c032)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c032_crypto_list[];
+
+int32_t psa_cipher_encrypt_setup_test(security_t caller);
+int32_t psa_cipher_encrypt_setup_negative_test(security_t caller);
+#endif /* _TEST_C032_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_data.h
new file mode 100644
index 00000000000..f7be6795459
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_data.h
@@ -0,0 +1,315 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[64];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ size_t expected_bit_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_encrypt_setup 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_cipher_encrypt_setup 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9}, AES_24B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_24B_KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_cipher_encrypt_setup 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE}, AES_32B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_32B_KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_encrypt_setup DES 64 bit key\n", 4, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES_8B_KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_encrypt_setup Triple DES 2-Key\n", 5, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES3_2KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_encrypt_setup Triple DES 3-Key\n", 6, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES3_3KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+{"Test psa_cipher_encrypt_setup 16 Byte raw data\n", 7, PSA_KEY_TYPE_RAW_DATA,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CMAC
+{"Test psa_cipher_encrypt_setup - not a cipher algorithm\n", 8, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CMAC, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER
+{"Test psa_cipher_encrypt_setup - unknown cipher algorithm\n", 9, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CATEGORY_CIPHER, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_ARC4
+{"Test psa_cipher_encrypt_setup - incompatible key ARC4\n", 10, PSA_KEY_TYPE_ARC4,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+{"Test psa_cipher_encrypt_setup - incorrect usage\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_cipher_encrypt_setup - RSA public key\n", 12, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 270,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, 2048,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_cipher_encrypt_setup - RSA keypair\n", 13, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 1193,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, 2048,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ASYMMETRIC_ENCRYPTION
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_cipher_encrypt_setup - EC Public key\n", 14,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1), {0}, 65,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, 256,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_cipher_encrypt_setup - EC keypair\n", 15,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1), {0}, 28,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION, 224,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_encrypt_setup negative cases\n", 16, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_entry.c
new file mode 100644
index 00000000000..1ff8b8e486c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c032/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c032.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 32)
+#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c032_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/main.c
new file mode 100644
index 00000000000..056b0729dc7
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c033(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c033, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_c033.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_c033.c
new file mode 100644
index 00000000000..45d5b15f30d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_c033.c
@@ -0,0 +1,181 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c033.h"
+#include "test_data.h"
+
+client_test_t test_c033_crypto_list[] = {
+ NULL,
+ psa_cipher_decrypt_setup_test,
+ psa_cipher_decrypt_setup_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static psa_cipher_operation_t operation;
+
+int32_t psa_cipher_decrypt_setup_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ const uint8_t *key_data;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the key for a multipart symmetric decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_cipher_decrypt_setup_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_cipher_decrypt_setup - Invalid key handle\n",
+ g_test_count++);
+ /* Set the key for a multipart symmetric decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
+ check2[i].key_handle, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_cipher_decrypt_setup - Zero as key handle\n",
+ g_test_count++);
+ /* Set the key for a multipart symmetric decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
+ 0, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_cipher_decrypt_setup - Empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Set the key for a multipart symmetric decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
+ check2[i].key_handle, check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_c033.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_c033.h
new file mode 100644
index 00000000000..7a0befb99fb
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_c033.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C033_CLIENT_TESTS_H_
+#define _TEST_C033_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c033)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c033_crypto_list[];
+
+int32_t psa_cipher_decrypt_setup_test(security_t caller);
+int32_t psa_cipher_decrypt_setup_negative_test(security_t caller);
+#endif /* _TEST_C033_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_data.h
new file mode 100644
index 00000000000..82cc109720f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_data.h
@@ -0,0 +1,317 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+#define EMPTY_KEY_SLOT 31
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[64];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ size_t expected_bit_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+
+static const uint8_t rsa_256_keypair[] = {
+ 0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
+ 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27,
+ 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F,
+ 0x4E, 0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE,
+ 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F, 0x8F, 0xE1,
+ 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B,
+ 0xBA, 0xE0, 0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA,
+ 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1, 0x63,
+ 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34,
+ 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
+ 0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
+ 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4,
+ 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5,
+ 0xFD, 0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23,
+ 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3, 0x2A, 0xD0,
+ 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63,
+ 0x78, 0x0F, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77,
+ 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3, 0x39,
+ 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33,
+ 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
+ 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0, 0x34, 0x0F, 0x52, 0x62, 0x05, 0x50,
+ 0x01, 0xEF, 0x9F, 0xED, 0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7,
+ 0x92, 0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C, 0xC6, 0x79,
+ 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54, 0x95, 0x77, 0xCB, 0xC3, 0x9A,
+ 0x9D, 0xB7, 0xD4, 0x1D, 0xA4, 0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA,
+ 0x67, 0x16, 0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A, 0xFB,
+ 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD, 0x98, 0x6B, 0x65, 0x9A,
+ 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6, 0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22,
+ 0x60, 0x2A, 0x73, 0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
+ 0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51, 0x25, 0x4E, 0x9F,
+ 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2, 0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64,
+ 0xCA, 0x9A, 0x5B, 0x05, 0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32,
+ 0x22, 0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F, 0x74, 0xD3,
+ 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63, 0x7A, 0x97, 0x2E, 0xD6, 0xB6,
+ 0x19, 0xC6, 0x92, 0x26, 0xE4, 0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9,
+ 0x78, 0x0D, 0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01, 0x41,
+ 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77, 0xD2, 0x60, 0xF2, 0x9F,
+ 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63, 0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C,
+ 0xE6, 0x55, 0x34, 0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
+ 0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C, 0xF1, 0x58, 0x58,
+ 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C, 0x54, 0x76, 0x39, 0x23, 0x63, 0xC9,
+ 0x10, 0x32, 0xB7, 0x93, 0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6,
+ 0xB5, 0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8, 0x1B, 0xAC,
+ 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4, 0x19, 0xB8, 0xC3, 0x60, 0xB1,
+ 0x57, 0x48, 0x5F, 0x52, 0x4F, 0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43,
+ 0x50, 0x3F, 0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E, 0xAD,
+ 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73, 0x70, 0x9C, 0x0A, 0x7C,
+ 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8, 0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD,
+ 0x15, 0x73, 0xDA, 0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
+ 0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B, 0xC6, 0xB1, 0x53,
+ 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00, 0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D,
+ 0xB7, 0x5C, 0x5C, 0x7C, 0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63,
+ 0xB3, 0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C, 0x8E, 0x7B,
+ 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18, 0x7D, 0xEA, 0xFE, 0x76, 0xA1,
+ 0xD4, 0xA1, 0xE9, 0x3F, 0x0D, 0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B,
+ 0x5B, 0x0F, 0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A, 0xED,
+ 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42, 0x13, 0x23, 0x4C, 0xCB,
+ 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7, 0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C,
+ 0xC1, 0x85, 0x5F, 0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
+ 0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE, 0x5F, 0x53, 0xA4,
+ 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81, 0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB,
+ 0xD5, 0xFE, 0xF9, 0x52, 0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52,
+ 0x2F, 0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63, 0x52, 0xDA,
+ 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5, 0xD3, 0x18, 0x14, 0x72, 0x77,
+ 0x5E, 0xC7, 0xA3, 0x04, 0x1F, 0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3,
+ 0xF2, 0xB5, 0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4, 0x5F,
+ 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7, 0x56, 0xC0, 0xD4, 0x22,
+ 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50, 0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95,
+ 0x92, 0x31, 0x41, 0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
+ 0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3, 0x22, 0x00, 0xFE,
+ 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29, 0x02, 0x81, 0x81, 0x00, 0x8A, 0x41,
+ 0x56, 0x28, 0x51, 0x9E, 0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2,
+ 0x6C, 0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA, 0xD4, 0x0C,
+ 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C, 0xD4, 0xE6, 0xDC, 0x4C, 0xED,
+ 0xD7, 0x16, 0x11, 0xC3, 0x3E, 0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE,
+ 0xBB, 0x75, 0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A, 0xC5,
+ 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE, 0x6E, 0x99, 0x87, 0xF8,
+ 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65, 0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF,
+ 0x16, 0xCA, 0x8B, 0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
+ 0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59, 0x9D, 0xE0, 0x63,
+ 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1, 0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D,
+ 0x45, 0xF9, 0x40, 0x8C, 0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C,
+ 0xAC, 0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5, 0xE5, 0x8A,
+ 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D, 0x86, 0x09, 0xB8, 0xD8, 0x76,
+ 0xA7, 0xC9, 0x1C, 0x71, 0x52, 0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD,
+ 0x61, 0x1B, 0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF, 0x43,
+ 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4, 0x5E, 0xCF, 0x4F, 0xFC,
+ 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23, 0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5,
+ 0x29, 0xD0, 0x44, 0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
+ 0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6, 0x7C, 0x9A, 0x1F,
+ 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 0x3B, 0xF1, 0xB0};
+
+static const uint8_t rsa_256_keydata[] = {
+ 0x30, 0x82, 0x01, 0x0A,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xDB, 0x1C, 0x7F, 0x2E, 0x0B, 0xCD, 0xBF, 0xCE, 0xD1,
+ 0x75, 0x10, 0xA0, 0xA2, 0xB8, 0xCE, 0x7D, 0xAA, 0xE2, 0x05, 0xE0, 0x7A, 0xD8, 0x44,
+ 0x63, 0x8F, 0xB5, 0xBD, 0xC0, 0xB0, 0x19, 0xB9, 0x37, 0xB8, 0x19, 0x4A, 0x0E, 0xF1,
+ 0x5D, 0x74, 0x80, 0x67, 0x46, 0x87, 0x06, 0xDE, 0x5B, 0x7F, 0x06, 0x03, 0xBD, 0xC1,
+ 0x8D, 0x5E, 0x07, 0x15, 0xD4, 0x5B, 0xF4, 0xDC, 0xE5, 0xCF, 0x3D, 0xF9, 0xC1, 0x11,
+ 0x2C, 0xAE, 0x6A, 0xB9, 0x8A, 0xBD, 0x1D, 0x67, 0x66, 0x17, 0xEA, 0x4E, 0xBD, 0xDB,
+ 0x15, 0x9A, 0x82, 0x87, 0xE4, 0xF0, 0x78, 0xC3, 0xA3, 0x85, 0x87, 0xB0, 0xFD, 0x9F,
+ 0xA9, 0x99, 0x5F, 0xE3, 0x33, 0xEC, 0xCC, 0xEA, 0x0B, 0xB5, 0x61, 0x5E, 0xF1, 0x49,
+ 0x7E, 0x3F, 0xA3, 0x2D, 0xEA, 0x01, 0x0C, 0xCC, 0x42, 0x9A, 0x76, 0x9B, 0xC4, 0xD0,
+ 0x37, 0xD3, 0xB1, 0x17, 0x01, 0x61, 0x01, 0x16, 0x59, 0x7E, 0x1C, 0x17, 0xC3, 0x53,
+ 0xFD, 0xD1, 0x72, 0xCB, 0x4C, 0x60, 0x15, 0xDA, 0x7D, 0xE2, 0xEA, 0xAD, 0x50, 0xEF,
+ 0x8E, 0xE2, 0x8B, 0xD4, 0x6A, 0x77, 0x55, 0xD6, 0x70, 0xD9, 0x6B, 0xBB, 0xF1, 0xEE,
+ 0x39, 0x04, 0x38, 0xA3, 0xBD, 0xE2, 0xD1, 0xE0, 0x66, 0x6B, 0xE2, 0x9C, 0x47, 0x99,
+ 0xE9, 0x28, 0xE6, 0xB6, 0xFC, 0x2E, 0xCA, 0x67, 0x43, 0x84, 0xE8, 0xD5, 0x83, 0xD6,
+ 0x9D, 0x98, 0x6B, 0x01, 0x3E, 0x81, 0xDC, 0x3C, 0x7A, 0xCA, 0xF9, 0xF3, 0x9C, 0xF7,
+ 0xD6, 0x28, 0x1B, 0x27, 0x78, 0x7C, 0xC3, 0xD0, 0xD5, 0x63, 0xA7, 0x81, 0x34, 0x89,
+ 0xAD, 0x25, 0x6A, 0xBD, 0xF2, 0xEA, 0xED, 0xFA, 0x57, 0xFC, 0xE5, 0x34, 0xC6, 0xC1,
+ 0x0F, 0x71, 0x2D, 0xD2, 0x08, 0x10, 0x1B, 0xAD, 0x44, 0x41, 0xE0, 0xFE, 0x79, 0xA0,
+ 0x63, 0x93, 0x8A, 0xB1, 0x5D, 0xE9, 0xB0, 0xEE, 0x6F, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f,
+ 0x4a, 0xd2, 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0,
+ 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b,
+ 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98,
+ 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0x68, 0x49, 0xf9, 0x7d, 0x10, 0x66, 0xf6, 0x99, 0x77, 0x59, 0x63, 0x7c, 0x7e, 0x38,
+ 0x99, 0x46, 0x4c, 0xee, 0x3e, 0xc7, 0xac, 0x97, 0x06, 0x53, 0xa0, 0xbe, 0x07, 0x42};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_decrypt_setup 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_cipher_decrypt_setup 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9}, AES_24B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_24B_KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_cipher_decrypt_setup 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE}, AES_32B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_32B_KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_decrypt_setup DES 64 bit key\n", 4, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES_8B_KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_decrypt_setup Triple DES 2-Key\n", 5, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES3_2KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_decrypt_setup Triple DES 3-Key\n", 6, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING, BYTES_TO_BITS(DES3_3KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+{"Test psa_cipher_decrypt_setup 16 Byte raw data\n", 7, PSA_KEY_TYPE_RAW_DATA,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_CMAC
+{"Test psa_cipher_decrypt_setup - not a cipher algorithm\n", 8, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CMAC, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER
+{"Test psa_cipher_decrypt_setup - unknown cipher algorithm\n", 9, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CATEGORY_CIPHER, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_ARC4
+{"Test psa_cipher_decrypt_setup - incompatible key ARC4\n", 10, PSA_KEY_TYPE_ARC4,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+
+{"Test psa_cipher_decrypt_setup - incorrect usage\n", 11, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#ifdef ARCH_TEST_RSA_2048
+{"Test psa_cipher_decrypt_setup - RSA public key\n", 12, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 270,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, 2048,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_cipher_decrypt_setup - RSA keypair\n", 13, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 1193,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, 2048,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_cipher_decrypt_setup - EC Public key\n", 14,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1), {0}, 65,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT, 192,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP224R1
+{"Test psa_cipher_decrypt_setup - EC keypair\n", 15,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP224R1), {0}, 28,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT, 224,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_decrypt_setup - negative test\n", 16, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR, BYTES_TO_BITS(AES_16B_KEY_SIZE),
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_entry.c
new file mode 100644
index 00000000000..a979d304ae3
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c033/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c033.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 33)
+#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c033_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/main.c
new file mode 100644
index 00000000000..0cd68eebd89
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c034(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c034, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_c034.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_c034.c
new file mode 100644
index 00000000000..65b680c3ac3
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_c034.c
@@ -0,0 +1,123 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c034.h"
+#include "test_data.h"
+
+
+client_test_t test_c034_crypto_list[] = {
+ NULL,
+ psa_cipher_generate_iv_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_cipher_generate_iv_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ uint32_t i, j, iv_sum;
+ uint8_t iv[32];
+ size_t iv_length;
+ psa_key_policy_t policy;
+ psa_cipher_operation_t operation;
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the key for a multipart symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Generate an IV for a symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_GENERATE_IV, &operation, iv,
+ check1[i].iv_size, &iv_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+ continue;
+ }
+
+ /* Check that if generated iv length match the expected length */
+ TEST_ASSERT_EQUAL(iv_length, check1[i].expected_iv_length, TEST_CHECKPOINT_NUM(9));
+
+ iv_sum = 0;
+ for (j = 0; j < iv_length; j++)
+ {
+ iv_sum += iv[j];
+ }
+
+ /* Check that if generated iv are zero */
+ TEST_ASSERT_NOT_EQUAL(iv_sum, 0, TEST_CHECKPOINT_NUM(10));
+
+ /* Generating an IV for a symmetric encryption operation using the same operator
+ * should fail
+ */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_GENERATE_IV, &operation, iv,
+ check1[i].iv_size, &iv_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(11));
+
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_c034.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_c034.h
new file mode 100644
index 00000000000..3d1211a6f5d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_c034.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C034_CLIENT_TESTS_H_
+#define _TEST_C034_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c034)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c034_crypto_list[];
+
+int32_t psa_cipher_generate_iv_test(security_t caller);
+#endif /* _TEST_C034_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_data.h
new file mode 100644
index 00000000000..7bc7eab9aa3
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_data.h
@@ -0,0 +1,139 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ size_t iv_size;
+ size_t expected_iv_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_generate_iv 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, 16, 16,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_cipher_generate_iv 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9}, AES_24B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, 16, 16,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_cipher_generate_iv 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE}, AES_32B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, 16, 16,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_generate_iv DES 64 bit key\n", 4, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ 8, 8,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_generate_iv Triple DES 2-Key\n", 5, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ 8, 8,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_generate_iv Triple DES 3-Key\n", 6, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ 8, 8,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_generate_iv AES - small iv buffer\n", 7, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, 8, 16,
+ PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_generate_iv DES - small iv buffer\n", 8, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ 4, 8,
+ PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_generate_iv AES - large iv buffer\n", 9, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR, 32, 16,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_generate_iv DES - large iv buffer\n", 10, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ 16, 8,
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_entry.c
new file mode 100644
index 00000000000..c86a67df474
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c034/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c034.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 34)
+#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c034_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/main.c
new file mode 100644
index 00000000000..57e66b9a64b
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c035(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c035, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_c035.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_c035.c
new file mode 100644
index 00000000000..368b699c490
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_c035.c
@@ -0,0 +1,100 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c035.h"
+#include "test_data.h"
+
+
+client_test_t test_c035_crypto_list[] = {
+ NULL,
+ psa_cipher_set_iv_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_cipher_set_iv_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+ psa_cipher_operation_t operation;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the key for a multipart symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Set an IV for a symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, check1[i].iv,
+ check1[i].iv_size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(7));
+
+ /* Setting an IV for a symmetric encryption operation using the same operator
+ * should fail
+ */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, check1[i].iv,
+ check1[i].iv_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(8));
+
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_c035.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_c035.h
new file mode 100644
index 00000000000..d4cf6f8fedf
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_c035.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C035_CLIENT_TESTS_H_
+#define _TEST_C035_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c035)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c035_crypto_list[];
+
+int32_t psa_cipher_set_iv_test(security_t caller);
+#endif /* _TEST_C035_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_data.h
new file mode 100644
index 00000000000..af43a3b8dc4
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_data.h
@@ -0,0 +1,151 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t iv[32];
+ size_t iv_size;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_set_iv 16 Byte AES\n", 1, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_192
+{"Test psa_cipher_set_iv 24 Byte AES\n", 2, PSA_KEY_TYPE_AES,
+{0x24, 0x13, 0x61, 0x47, 0x61, 0xB8, 0xC8, 0xF0, 0xDF, 0xAB, 0x5A, 0x0E, 0x87,
+ 0x40, 0xAC, 0xA3, 0x90, 0x77, 0x83, 0x52, 0x31, 0x74, 0xF9}, AES_24B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_256
+{"Test psa_cipher_set_iv 32 Byte AES\n", 3, PSA_KEY_TYPE_AES,
+{0xEA, 0xD5, 0xE6, 0xC8, 0x51, 0xF9, 0xEC, 0xBB, 0x9B, 0x57, 0x7C, 0xED, 0xD2,
+ 0x4B, 0x82, 0x84, 0x9F, 0x9F, 0xE6, 0x73, 0x21, 0x3D, 0x1A, 0x05, 0xC9, 0xED,
+ 0xDF, 0x25, 0x17, 0x68, 0x86, 0xAE}, AES_32B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_AES_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_set_iv DES 64 bit key\n", 4, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, 8,
+ PSA_SUCCESS
+},
+
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_set_iv Triple DES 2-Key\n", 5, PSA_KEY_TYPE_DES,
+{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ DES3_2KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, 8,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_set_iv Triple DES 3-Key\n", 6, PSA_KEY_TYPE_DES,
+{0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xF1, 0xE0, 0xD3, 0xC2, 0xB5, 0xA4, 0x97, 0x86,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ DES3_3KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, 8,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_set_iv AES - small iv buffer\n", 7, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, 8,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_AES_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_set_iv DES - small iv buffer\n", 8, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x00, 0x01, 0x02, 0x03,}, 4,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_set_iv AES - large iv buffer\n", 9, PSA_KEY_TYPE_AES,
+{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
+ 0x5F, 0xC9, 0xD0}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+ 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}, 32,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_AES_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_set_iv DES - large iv buffer\n", 10, PSA_KEY_TYPE_DES,
+ {0x70, 0x24, 0x55, 0x0C, 0x14, 0x9D, 0xED, 0x29},
+ DES_8B_KEY_SIZE, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F}, 16,
+ PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_entry.c
new file mode 100644
index 00000000000..a37200fca3e
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c035/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c035.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 35)
+#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c035_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/main.c
new file mode 100644
index 00000000000..b4361193b8c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/main.c
@@ -0,0 +1,10 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+#include "unity/unity.h"
+
+void test_entry_c036(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c036, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_c036.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_c036.c
new file mode 100644
index 00000000000..4a917c484bd
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_c036.c
@@ -0,0 +1,131 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c036.h"
+#include "test_data.h"
+
+
+client_test_t test_c036_crypto_list[] = {
+ NULL,
+ psa_cipher_update_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t output[SIZE_32B];
+static psa_cipher_operation_t operation;
+
+int32_t psa_cipher_update_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t length;
+ psa_key_policy_t policy;
+ psa_cipher_operation_t invalid_operation;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ memset(&operation, 0, sizeof(operation));
+ memset(&invalid_operation, 0, sizeof(invalid_operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ if (check1[i].usage == PSA_KEY_USAGE_ENCRYPT)
+ {
+ /* Set the key for a multipart symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ }
+ else if (check1[i].usage == PSA_KEY_USAGE_DECRYPT)
+ {
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ /* Set an IV for a symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, check1[i].iv,
+ check1[i].iv_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Encrypt or decrypt a message fragment in an active cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_UPDATE, &operation, check1[i].input,
+ check1[i].input_length, output, check1[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+ continue;
+ }
+
+ /* Check if the output length matches the expected length */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(11));
+
+ /* Check if the output data matches the expected data */
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(12));
+
+ /* Encrypt or decrypt a message fragment in an invalid cipher operation should fail */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_UPDATE, &invalid_operation,
+ check1[i].input, check1[i].input_length, output, check1[i].output_size,
+ &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(13));
+
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(14));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_c036.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_c036.h
new file mode 100644
index 00000000000..045271a04b2
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_c036.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C036_CLIENT_TESTS_H_
+#define _TEST_C036_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c036)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c036_crypto_list[];
+
+int32_t psa_cipher_update_test(security_t caller);
+#endif /* _TEST_C036_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_data.h
new file mode 100644
index 00000000000..c5e4fbe8cb2
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_data.h
@@ -0,0 +1,252 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t iv[16];
+ size_t iv_size;
+ uint8_t input[32];
+ size_t input_length;
+ size_t output_size;
+ uint8_t expected_output[32];
+ size_t expected_output_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_cipher_update - Encrypt - AES CBC_NO_PADDING\n", 1, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, 16,
+{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B}, 16, PSA_SUCCESS
+},
+
+{"Test psa_cipher_update - Encrypt - AES CBC_NO_PADDING (Short input)\n", 2, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 5, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 0, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CBC_PKCS7
+{"Test psa_cipher_update - Encrypt - AES CBC_PKCS7\n", 3, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, 16,
+{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
+ 0x20, 0x74, 0x3b}, 16, PSA_SUCCESS
+},
+
+{"Test psa_cipher_update - Encrypt - AES CBC_PKCS7 (Short input)\n", 4, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17}, 15, 16,
+{0}, 0, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+{"Test psa_cipher_update - Encrypt - AES CTR\n", 5, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, 16,
+{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
+ 0xb2, 0xbd, 0x32}, 16, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_update - Encrypt - DES CBC (nopad)\n", 6, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, 8,
+{0x64, 0xf9, 0x17, 0xb0, 0x15, 0x2f, 0x8f, 0x05}, 8, PSA_SUCCESS
+},
+#endif
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_update - Encrypt - 2-key 3DE -CBC (nopad)\n", 7, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce}, DES3_2KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, 8,
+{0x5d, 0x06, 0x52, 0x42, 0x9c, 0x5b, 0x0a, 0xc7}, 8, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_update - Encrypt - 3-key 3DE -CBC (nopad)\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce, 0x31, 0x32, 0x34, 0x37, 0x38, 0x3b, 0x3d, 0x3e}, DES3_3KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, 8,
+{0x81, 0x7c, 0xa7, 0xd6, 0x9b, 0x80, 0xd8, 0x6a}, 8, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_AES_128
+{"Test psa_cipher_update - small output buffer size\n", 9, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, 15,
+{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B}, 16, PSA_ERROR_BUFFER_TOO_SMALL
+},
+
+{"Test psa_cipher_update - Decrypt - AES CBC_NO_PADDING\n", 10, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B}, 16, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, PSA_SUCCESS
+},
+
+{"Test psa_cipher_update - Decrypt - AES CBC_NO_PADDING (Short input)\n", 11, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 5, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 0, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_PKCS7
+{"Test psa_cipher_update - Decrypt - AES CBC_PKCS7\n", 12, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_PKCS7,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
+ 0x20, 0x74, 0x3b}, 16, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_update - Decrypt - AES CBC_PKCS7 (Short input)\n", 13, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_PKCS7,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
+ 0x20, 0x74, 0x3b, 0xca, 0x7e, 0x8a, 0x15, 0xdc, 0x3c, 0x77, 0x64, 0x36, 0x31,
+ 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 32, 32,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+{"Test psa_cipher_update - Decrypt - AES CTR\n", 14, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
+ 0xb2, 0xbd, 0x32}, 16, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_update - Decrypt - DES CBC (nopad)\n", 15, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0x64, 0xf9, 0x17, 0xb0, 0x15, 0x2f, 0x8f, 0x05}, 8, 8,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_update - Decrypt - 2-key 3DE -CBC (nopad)\n", 16, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce}, DES3_2KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0x5d, 0x06, 0x52, 0x42, 0x9c, 0x5b, 0x0a, 0xc7}, 8, 8,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_update - Decrypt - 3-key 3DE -CBC (nopad)\n", 17, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce, 0x31, 0x32, 0x34, 0x37, 0x38, 0x3b, 0x3d, 0x3e}, DES3_3KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0x81, 0x7c, 0xa7, 0xd6, 0x9b, 0x80, 0xd8, 0x6a}, 8, 8,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_entry.c
new file mode 100644
index 00000000000..f46a6b3cf0f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c036/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c036.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 36)
+#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c036_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/main.c
new file mode 100644
index 00000000000..ee6266ecabe
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/main.c
@@ -0,0 +1,10 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+#include "unity/unity.h"
+
+void test_entry_c037(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c037, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_c037.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_c037.c
new file mode 100644
index 00000000000..fa2ab6c5b85
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_c037.c
@@ -0,0 +1,143 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c037.h"
+#include "test_data.h"
+
+#define SLOT_1 0
+#define SLOT_2 1
+
+client_test_t test_c037_crypto_list[] = {
+ NULL,
+ psa_cipher_finish_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t output[SIZE_32B];
+
+int32_t psa_cipher_finish_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t update_length, finish_length;
+ psa_key_policy_t policy;
+ psa_cipher_operation_t operation, invalid_operation;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+ memset(&operation, 0, sizeof(operation));
+ memset(&invalid_operation, 0, sizeof(invalid_operation));
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ if (check1[i].usage == PSA_KEY_USAGE_ENCRYPT)
+ {
+ /* Set the key for a multipart symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ }
+ else if (check1[i].usage == PSA_KEY_USAGE_DECRYPT)
+ {
+ /* Set the key for a multipart symmetric decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ /* Set an IV for a symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, check1[i].iv,
+ check1[i].iv_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Encrypt or decrypt a message fragment in an active cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_UPDATE, &operation, check1[i].input,
+ check1[i].input_length, output, check1[i].output_size[SLOT_1], &update_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+
+ /* Finish encrypting or decrypting a message in a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_FINISH, &operation,
+ output + update_length, check1[i].output_size[SLOT_2], &finish_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(10));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(11));
+ continue;
+ }
+
+ /* Check if the output length matches the expected length */
+ TEST_ASSERT_EQUAL(finish_length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(12));
+
+ /* Check if the output data matches the expected data */
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output,
+ (update_length + finish_length),
+ TEST_CHECKPOINT_NUM(13));
+
+ /* Finish encrypting or decrypting a message using an invalid operation should fail */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_FINISH, &invalid_operation, output,
+ check1[i].output_size[SLOT_2], &finish_length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(14));
+
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(15));
+
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &invalid_operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(16));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_c037.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_c037.h
new file mode 100644
index 00000000000..e7e1bdaa830
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_c037.h
@@ -0,0 +1,30 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C037_CLIENT_TESTS_H_
+#define _TEST_C037_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c037)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c037_crypto_list[];
+
+int32_t psa_cipher_finish_test(security_t caller);
+#endif /* _TEST_C037_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_data.h
new file mode 100644
index 00000000000..013eec189e4
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_data.h
@@ -0,0 +1,281 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t iv[16];
+ size_t iv_size;
+ uint8_t input[32];
+ size_t input_length;
+ size_t output_size[2];
+ uint8_t expected_output[32];
+ size_t expected_output_length;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING\n", 1, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, {SIZE_32B, SIZE_32B},
+{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B}, 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING (Short input)\n", 2, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 5, {16, 16},
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 0, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_CBC_PKCS7
+{"Test psa_cipher_finish - Encrypt - AES CBC_PKCS7\n", 3, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, {SIZE_32B, SIZE_32B},
+{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
+ 0x20, 0x74, 0x3b, 0xca, 0x7e, 0x8a, 0x15, 0xdc, 0x3c, 0x77, 0x64, 0x36, 0x31,
+ 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 16, PSA_SUCCESS
+},
+
+{"Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 (Short input)\n", 4, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17}, 15, {SIZE_32B, SIZE_32B},
+{0x62, 0x79, 0xb4, 0x9d, 0x7f, 0x7a, 0x8d, 0xd8, 0x7b, 0x68, 0x51, 0x75, 0xd4,
+ 0x27, 0x6e, 0x24}, 16, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+{"Test psa_cipher_finish - Encrypt - AES CTR\n", 5, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, {SIZE_32B, SIZE_32B},
+{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
+ 0xb2, 0xbd, 0x32}, 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_finish - Encrypt - AES CTR (short input)\n", 6, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17}, 15, {SIZE_32B, SIZE_32B},
+{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
+ 0xb2, 0xbd}, 0, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_finish - Encrypt - DES CBC (nopad)\n", 7, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, {SIZE_32B, SIZE_32B},
+{0x64, 0xf9, 0x17, 0xb0, 0x15, 0x2f, 0x8f, 0x05}, 0, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_finish - Encrypt - 2-key 3DE -CBC (nopad)\n", 8, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce}, DES3_2KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, {SIZE_32B, SIZE_32B},
+{0x5d, 0x06, 0x52, 0x42, 0x9c, 0x5b, 0x0a, 0xc7}, 0, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_finish - Encrypt - 3-key 3DE -CBC (nopad)\n", 9, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce, 0x31, 0x32, 0x34, 0x37, 0x38, 0x3b, 0x3d, 0x3e}, DES3_3KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 8, {SIZE_32B, SIZE_32B},
+{0x81, 0x7c, 0xa7, 0xd6, 0x9b, 0x80, 0xd8, 0x6a}, 0, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_PKCS7
+{"Test psa_cipher_finish - small output buffer size\n", 10, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 16, {SIZE_32B, 15},
+{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
+ 0x20, 0x74, 0x3b, 0xca, 0x7e, 0x8a, 0x15, 0xdc, 0x3c, 0x77, 0x64, 0x36, 0x31,
+ 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 16, PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING\n", 11, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0xA0, 0x76, 0xEC, 0x9D, 0xFB, 0xE4, 0x7D, 0x52, 0xAF, 0xC3, 0x57, 0x33, 0x6F,
+ 0x20, 0x74, 0x3B},
+ 16, {SIZE_32B, SIZE_32B},
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING (Short input)\n", 12, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 5, {16, 16},
+{0x6b, 0xc1, 0xbe, 0xe2, 0x23}, 0, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_CBC_PKCS7
+{"Test psa_cipher_finish - Decrypt - AES CBC_PKCS7\n", 13, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_PKCS7,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0xa0, 0x76, 0xec, 0x9d, 0xfb, 0xe4, 0x7d, 0x52, 0xaf, 0xc3, 0x57, 0x33, 0x6f,
+ 0x20, 0x74, 0x3b, 0xca, 0x7e, 0x8a, 0x15, 0xdc, 0x3c, 0x77, 0x64, 0x36, 0x31,
+ 0x42, 0x93, 0x03, 0x1c, 0xd4, 0xf3}, 32, {SIZE_32B, SIZE_32B},
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a}, 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_finish - Decrypt - AES CBC_PKCS7 (Short input)\n", 14, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_PKCS7,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x62, 0x79, 0xb4, 0x9d, 0x7f, 0x7a, 0x8d, 0xd8, 0x7b, 0x68, 0x51, 0x75, 0xd4,
+ 0x27, 0x6e, 0x24}, 16, {SIZE_32B, SIZE_32B},
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17}, 15, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+{"Test psa_cipher_finish - Decrypt - AES CTR\n", 15, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
+ 0xb2, 0xbd, 0x32}, 16, {SIZE_32B, SIZE_32B},
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17, 0x2a},
+ 0, PSA_SUCCESS
+},
+
+{"Test psa_cipher_finish - Decrypt - AES CTR (short input)\n", 16, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a}, 16,
+{0x8f, 0x94, 0x08, 0xfe, 0x80, 0xa8, 0x1d, 0x3e, 0x81, 0x3d, 0xa3, 0xc7, 0xb0,
+ 0xb2, 0xbd}, 15, {SIZE_32B, SIZE_32B},
+{0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
+ 0x93, 0x17}, 0, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_finish - Decrypt - DES CBC (nopad)\n", 17, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0x64, 0xf9, 0x17, 0xb0, 0x15, 0x2f, 0x8f, 0x05}, 8, {SIZE_32B, SIZE_32B},
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 0, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_finish - Decrypt - 2-key 3DE -CBC (nopad)\n", 18, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce}, DES3_2KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0x5d, 0x06, 0x52, 0x42, 0x9c, 0x5b, 0x0a, 0xc7}, 8, {SIZE_32B, SIZE_32B},
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 0, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_finish - 3-key 3DE -CBC (nopad)\n", 19, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce, 0x31, 0x32, 0x34, 0x37, 0x38, 0x3b, 0x3d, 0x3e}, DES3_3KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+{0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a}, 8,
+{0x81, 0x7c, 0xa7, 0xd6, 0x9b, 0x80, 0xd8, 0x6a}, 8, {SIZE_32B, SIZE_32B},
+{0xed, 0xa4, 0x01, 0x12, 0x39, 0xbc, 0x3a, 0xc9}, 0, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_entry.c
new file mode 100644
index 00000000000..7732adb47e1
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c037/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c037.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 37)
+#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c037_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/main.c
new file mode 100644
index 00000000000..3d5b9844e8a
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c038(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c038, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_c038.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_c038.c
new file mode 100644
index 00000000000..b8d8840c09e
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_c038.c
@@ -0,0 +1,177 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c038.h"
+#include "test_data.h"
+
+client_test_t test_c038_crypto_list[] = {
+ NULL,
+ psa_cipher_abort_test,
+ psa_cipher_abort_before_update_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t output[SIZE_32B];
+
+int32_t psa_cipher_abort_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+ psa_cipher_operation_t operation;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ if (check1[i].usage == PSA_KEY_USAGE_ENCRYPT)
+ {
+ /* Set the key for a multipart symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+ }
+ else if (check1[i].usage == PSA_KEY_USAGE_DECRYPT)
+ {
+ /* Set the key for a multipart symmetric decryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_DECRYPT_SETUP, &operation,
+ check1[i].key_handle, check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Multiple abort cipher operation should return success*/
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(9));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_cipher_abort_before_update_test(security_t caller)
+{
+ size_t length;
+ psa_key_policy_t policy;
+ psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING;
+ psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT;
+ psa_key_handle_t key_handle = 13;
+ psa_key_type_t key_type = PSA_KEY_TYPE_AES;
+ psa_cipher_operation_t operation;
+ uint8_t key_data[] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab,
+ 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c};
+ uint8_t input[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9,
+ 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a};
+ uint8_t iv[] = {0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a,
+ 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a};
+ size_t key_length = sizeof(key_data)/sizeof(key_data[0]);
+ size_t input_length = sizeof(input)/sizeof(input[0]);
+ size_t iv_size = sizeof(iv)/sizeof(iv[0]);
+ int32_t status;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, "Test psa_cipher_update after psa_cipher_abort should fail\n", 0);
+ memset(&operation, 0, sizeof(operation));
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, usage, key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, key_handle, &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, key_handle,
+ key_type, key_data, key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the key for a multipart symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ENCRYPT_SETUP, &operation,
+ key_handle, key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Set an IV for a symmetric encryption operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_SET_IV, &operation, iv, iv_size);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+
+ /* Abort a cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_ABORT, &operation);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Encrypt or decrypt a message fragment in an active cipher operation */
+ status = val->crypto_function(VAL_CRYPTO_CIPHER_UPDATE, &operation, input,
+ input_length, output, SIZE_32B, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_BAD_STATE, TEST_CHECKPOINT_NUM(9));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_c038.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_c038.h
new file mode 100644
index 00000000000..6d6e5f019c9
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_c038.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C038_CLIENT_TESTS_H_
+#define _TEST_C038_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c038)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c038_crypto_list[];
+
+int32_t psa_cipher_abort_test(security_t caller);
+int32_t psa_cipher_abort_before_update_test(security_t caller);
+#endif /* _TEST_C038_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_data.h
new file mode 100644
index 00000000000..1dedbecbc92
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_data.h
@@ -0,0 +1,145 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[32];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ psa_status_t expected_status;
+} test_data;
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_cipher_abort - Encrypt - AES CBC_NO_PADDING\n", 1, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CBC_PKCS7
+{"Test psa_cipher_abort - Encrypt - AES CBC_PKCS7\n", 2, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_PKCS7,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+{"Test psa_cipher_abort - Encrypt - AES CTR\n", 3, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CTR,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_abort - Encrypt - DES CBC (nopad)\n", 4, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_abort - Encrypt - 2-key 3DE -CBC (nopad)\n", 5, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce}, DES3_2KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_abort - Encrypt - 3-key 3DE -CBC (nopad)\n", 6, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce, 0x31, 0x32, 0x34, 0x37, 0x38, 0x3b, 0x3d, 0x3e}, DES3_3KEY_SIZE,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_NO_PADDING,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_AES_128
+#ifdef ARCH_TEST_CBC_NO_PADDING
+{"Test psa_cipher_abort - Decrypt - AES CBC_NO_PADDING\n", 7, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CBC_PKCS7
+{"Test psa_cipher_abort - Decrypt - AES CBC_PKCS7\n", 8, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_PKCS7,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_CIPER_MODE_CTR
+{"Test psa_cipher_abort - Decrypt - AES CTR\n", 9, PSA_KEY_TYPE_AES,
+{0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09,
+ 0xcf, 0x4f, 0x3c}, AES_16B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CTR,
+ PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_CBC_NO_PADDING
+#ifdef ARCH_TEST_DES_1KEY
+{"Test psa_cipher_abort - Decrypt - DES CBC (nopad)\n", 10, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e}, DES_8B_KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_2KEY
+{"Test psa_cipher_abort - Decrypt - 2-key 3DE -CBC (nopad)\n", 11, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce}, DES3_2KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+ PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_DES_3KEY
+{"Test psa_cipher_abort - Decrypt - 3-key 3DE -CBC (nopad)\n", 12, PSA_KEY_TYPE_DES,
+{0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e, 0xc1, 0xc2, 0xc4, 0xc7, 0xc8,
+ 0xcb, 0xcd, 0xce, 0x31, 0x32, 0x34, 0x37, 0x38, 0x3b, 0x3d, 0x3e}, DES3_3KEY_SIZE,
+ PSA_KEY_USAGE_DECRYPT, PSA_ALG_CBC_NO_PADDING,
+ PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_entry.c
new file mode 100644
index 00000000000..d027adae90a
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c038/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c038.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 38)
+#define TEST_DESC "Testing crypto symmetric cipher APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c038_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/main.c
new file mode 100644
index 00000000000..455badce9f0
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c039(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c039, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_c039.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_c039.c
new file mode 100644
index 00000000000..0053fdd173b
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_c039.c
@@ -0,0 +1,239 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c039.h"
+#include "test_data.h"
+
+client_test_t test_c039_crypto_list[] = {
+ NULL,
+ psa_asymmetric_encrypt_test,
+ psa_asymmetric_encrypt_negative_test,
+ NULL,
+};
+
+static bool_t is_buffer_empty(uint8_t *buffer, size_t size)
+{
+ int i;
+
+ for (i = 0; i < size; i++)
+ {
+ if (buffer[i] != 0)
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+static int g_test_count = 1;
+static uint8_t output[SIZE_128B];
+
+int32_t psa_asymmetric_encrypt_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ const uint8_t *key_data;
+ uint8_t *salt;
+ size_t length;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ memset(output, 0, sizeof(output));
+
+ /* Set the key data based on key type */
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(128))
+ key_data = rsa_128_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(128))
+ key_data = rsa_128_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE)
+ salt = NULL;
+ else
+ salt = check1[i].salt;
+
+ /* Encrypt a short message with a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_ENCRYPT, check1[i].key_handle,
+ check1[i].key_alg, check1[i].input, check1[i].input_length, salt,
+ check1[i].salt_length, output, check1[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Check if the output length matches with the expected output length */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(7));
+
+ /* We test encryption by checking that encrypt-then-decrypt gives back
+ * the original plaintext because of the non-optional random
+ * part of encryption process which prevents using fixed vectors. */
+ if ((check1[i].usage & PSA_KEY_USAGE_DECRYPT) == PSA_KEY_USAGE_DECRYPT)
+ {
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_DECRYPT,
+ check1[i].key_handle, check1[i].key_alg, output, length, salt,
+ check1[i].salt_length, output, check1[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Check if the output length matches with the input length */
+ TEST_ASSERT_EQUAL(length, check1[i].input_length, TEST_CHECKPOINT_NUM(9));
+
+ /* Check if the output matches with the given input data */
+ TEST_ASSERT_MEMCMP(output, check1[i].input, length, TEST_CHECKPOINT_NUM(10));
+ }
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_asymmetric_encrypt_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ uint8_t *salt;
+ size_t length;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_encrypt - Invalid key handle\n",
+ g_test_count++);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_encrypt - Invalid key handle\n",
+ g_test_count++);
+ /* Encrypt a short message with a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_ENCRYPT, check2[i].key_handle,
+ check2[i].key_alg, check2[i].input, check2[i].input_length, salt,
+ check2[i].salt_length, output, check2[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_encrypt - Zero as key handle\n",
+ g_test_count++);
+ /* Encrypt a short message with a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_ENCRYPT, 0,
+ check2[i].key_alg, check2[i].input, check2[i].input_length, salt,
+ check2[i].salt_length, output, check2[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_encrypt - Empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE)
+ salt = NULL;
+ else
+ salt = check1[i].salt;
+
+ /* Encrypt a short message with a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_ENCRYPT, check2[i].key_handle,
+ check2[i].key_alg, check2[i].input, check2[i].input_length, salt,
+ check2[i].salt_length, output, check2[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_c039.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_c039.h
new file mode 100644
index 00000000000..27d74972fbb
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_c039.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C039_CLIENT_TESTS_H_
+#define _TEST_C039_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c039)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c039_crypto_list[];
+
+int32_t psa_asymmetric_encrypt_test(security_t caller);
+int32_t psa_asymmetric_encrypt_negative_test(security_t caller);
+#endif /* _TEST_C039_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_data.h
new file mode 100644
index 00000000000..48538253085
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_data.h
@@ -0,0 +1,254 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[16];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t salt[16];
+ size_t salt_length;
+ uint8_t input[32];
+ size_t input_length;
+ size_t output_size;
+ size_t expected_output_length;
+ size_t expected_bit_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+static const uint8_t rsa_256_keypair[1];
+static const uint8_t rsa_256_keydata[1];
+
+static const uint8_t ec_keydata[] = {
+ 0x30, 0x49, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06,
+ 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01, 0x03, 0x32, 0x00, 0x04, 0xBC,
+ 0x79, 0x7D, 0xB3, 0xAE, 0x7F, 0x08, 0xEC, 0x3D, 0x49, 0x6B, 0x4F, 0xB4, 0x11, 0xB3,
+ 0xF6, 0x20, 0xA5, 0x58, 0xA5, 0x01, 0xE0, 0x22, 0x2D, 0x08, 0xCF, 0xE0, 0xDC, 0x8A,
+ 0xEC, 0x8B, 0x1A, 0x7B, 0xF2, 0x4B, 0xE9, 0x29, 0x51, 0xCC, 0x5B, 0xA1, 0xBE, 0xBB,
+ 0x24, 0x74, 0x90, 0x9A, 0xE0};
+
+static const uint8_t ec_keypair[] = {
+ 0x30, 0x5F, 0x02, 0x01, 0x01, 0x04, 0x18, 0x33, 0x8E, 0x86, 0xA8, 0x81, 0xE2, 0x38,
+ 0xF5, 0x49, 0xBD, 0x6F, 0x05, 0x53, 0x49, 0x4B, 0x73, 0xE3, 0xD6, 0x11, 0x30, 0xFD,
+ 0xC6, 0xC9, 0x6D, 0xA0, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
+ 0x01, 0xA1, 0x34, 0x03, 0x32, 0x00, 0x04, 0x51, 0x75, 0xBC, 0xDF, 0x30, 0xA3, 0x70,
+ 0xF3, 0x9D, 0x53, 0x93, 0xE6, 0x12, 0x72, 0x88, 0xD8, 0x01, 0x67, 0xB5, 0xF4, 0xB4,
+ 0xB7, 0x76, 0xC6, 0x74, 0xF7, 0xC6, 0xF3, 0x54, 0xB7, 0xD2, 0x24, 0x06, 0x2C, 0x1F,
+ 0x68, 0x54, 0xB5, 0xA7, 0xAF, 0x0F, 0xE5, 0x78, 0xEA, 0xF2, 0x58, 0xF0, 0x27};
+
+static const uint8_t rsa_128_keydata[] = {
+ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+ 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb,
+ 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b,
+ 0x54, 0x1e, 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12,
+ 0x49, 0xe1, 0x12, 0x96, 0x28, 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44,
+ 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, 0x7a,
+ 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, 0xc6, 0x19,
+ 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb,
+ 0xf8, 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e,
+ 0xde, 0x26, 0x3a, 0x2a, 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86,
+ 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b,
+ 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t rsa_128_keypair[] = {
+0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05,
+0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f,
+0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, 0xe1, 0xfe, 0xb0,
+0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, 0xe1, 0x12, 0x96, 0x28,
+0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, 0x0e,
+0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee,
+0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02,
+0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb, 0xf8, 0x59, 0xc2, 0xc1, 0x81,
+0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, 0xbf,
+0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d,
+0xa5, 0x3d, 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00,
+0x01, 0x02, 0x81, 0x81, 0x00, 0x87, 0x4b, 0xf0, 0xff, 0xc2, 0xf2, 0xa7, 0x1d,
+0x14, 0x67, 0x1d, 0xdd, 0x01, 0x71, 0xc9, 0x54, 0xd7, 0xfd, 0xbf, 0x50, 0x28,
+0x1e, 0x4f, 0x6d, 0x99, 0xea, 0x0e, 0x1e, 0xbc, 0xf8, 0x2f, 0xaa, 0x58, 0xe7,
+0xb5, 0x95, 0xff, 0xb2, 0x93, 0xd1, 0xab, 0xe1, 0x7f, 0x11, 0x0b, 0x37, 0xc4,
+0x8c, 0xc0, 0xf3, 0x6c, 0x37, 0xe8, 0x4d, 0x87, 0x66, 0x21, 0xd3, 0x27, 0xf6,
+0x4b, 0xbe, 0x08, 0x45, 0x7d, 0x3e, 0xc4, 0x09, 0x8b, 0xa2, 0xfa, 0x0a, 0x31,
+0x9f, 0xba, 0x41, 0x1c, 0x28, 0x41, 0xed, 0x7b, 0xe8, 0x31, 0x96, 0xa8, 0xcd,
+0xf9, 0xda, 0xa5, 0xd0, 0x06, 0x94, 0xbc, 0x33, 0x5f, 0xc4, 0xc3, 0x22, 0x17,
+0xfe, 0x04, 0x88, 0xbc, 0xe9, 0xcb, 0x72, 0x02, 0xe5, 0x94, 0x68, 0xb1, 0xea,
+0xd1, 0x19, 0x00, 0x04, 0x77, 0xdb, 0x2c, 0xa7, 0x97, 0xfa, 0xc1, 0x9e, 0xda,
+0x3f, 0x58, 0xc1, 0x02, 0x41, 0x00, 0xe2, 0xab, 0x76, 0x08, 0x41, 0xbb, 0x9d,
+0x30, 0xa8, 0x1d, 0x22, 0x2d, 0xe1, 0xeb, 0x73, 0x81, 0xd8, 0x22, 0x14, 0x40,
+0x7f, 0x1b, 0x97, 0x5c, 0xbb, 0xfe, 0x4e, 0x1a, 0x94, 0x67, 0xfd, 0x98, 0xad,
+0xbd, 0x78, 0xf6, 0x07, 0x83, 0x6c, 0xa5, 0xbe, 0x19, 0x28, 0xb9, 0xd1, 0x60,
+0xd9, 0x7f, 0xd4, 0x5c, 0x12, 0xd6, 0xb5, 0x2e, 0x2c, 0x98, 0x71, 0xa1, 0x74,
+0xc6, 0x6b, 0x48, 0x81, 0x13, 0x02, 0x41, 0x00, 0xc5, 0xab, 0x27, 0x60, 0x21,
+0x59, 0xae, 0x7d, 0x6f, 0x20, 0xc3, 0xc2, 0xee, 0x85, 0x1e, 0x46, 0xdc, 0x11,
+0x2e, 0x68, 0x9e, 0x28, 0xd5, 0xfc, 0xbb, 0xf9, 0x90, 0xa9, 0x9e, 0xf8, 0xa9,
+0x0b, 0x8b, 0xb4, 0x4f, 0xd3, 0x64, 0x67, 0xe7, 0xfc, 0x17, 0x89, 0xce, 0xb6,
+0x63, 0xab, 0xda, 0x33, 0x86, 0x52, 0xc3, 0xc7, 0x3f, 0x11, 0x17, 0x74, 0x90,
+0x2e, 0x84, 0x05, 0x65, 0x92, 0x70, 0x91, 0x02, 0x41, 0x00, 0xb6, 0xcd, 0xbd,
+0x35, 0x4f, 0x7d, 0xf5, 0x79, 0xa6, 0x3b, 0x48, 0xb3, 0x64, 0x3e, 0x35, 0x3b,
+0x84, 0x89, 0x87, 0x77, 0xb4, 0x8b, 0x15, 0xf9, 0x4e, 0x0b, 0xfc, 0x05, 0x67,
+0xa6, 0xae, 0x59, 0x11, 0xd5, 0x7a, 0xd6, 0x40, 0x9c, 0xf7, 0x64, 0x7b, 0xf9,
+0x62, 0x64, 0xe9, 0xbd, 0x87, 0xeb, 0x95, 0xe2, 0x63, 0xb7, 0x11, 0x0b, 0x9a,
+0x1f, 0x9f, 0x94, 0xac, 0xce, 0xd0, 0xfa, 0xfa, 0x4d, 0x02, 0x40, 0x71, 0x19,
+0x5e, 0xec, 0x37, 0xe8, 0xd2, 0x57, 0xde, 0xcf, 0xc6, 0x72, 0xb0, 0x7a, 0xe6,
+0x39, 0xf1, 0x0c, 0xbb, 0x9b, 0x0c, 0x73, 0x9d, 0x0c, 0x80, 0x99, 0x68, 0xd6,
+0x44, 0xa9, 0x4e, 0x3f, 0xd6, 0xed, 0x92, 0x87, 0x07, 0x7a, 0x14, 0x58, 0x3f,
+0x37, 0x90, 0x58, 0xf7, 0x6a, 0x8a, 0xec, 0xd4, 0x3c, 0x62, 0xdc, 0x8c, 0x0f,
+0x41, 0x76, 0x66, 0x50, 0xd7, 0x25, 0x27, 0x5a, 0xc4, 0xa1, 0x02, 0x41, 0x00,
+0xbb, 0x32, 0xd1, 0x33, 0xed, 0xc2, 0xe0, 0x48, 0xd4, 0x63, 0x38, 0x8b, 0x7b,
+0xe9, 0xcb, 0x4b, 0xe2, 0x9f, 0x4b, 0x62, 0x50, 0xbe, 0x60, 0x3e, 0x70, 0xe3,
+0x64, 0x75, 0x01, 0xc9, 0x7d, 0xdd, 0xe2, 0x0a, 0x4e, 0x71, 0xbe, 0x95, 0xfd,
+0x5e, 0x71, 0x78, 0x4e, 0x25, 0xac, 0xa4, 0xba, 0xf2, 0x5b, 0xe5, 0x73, 0x8a,
+0xae, 0x59, 0xbb, 0xfe, 0x1c, 0x99, 0x77, 0x81, 0x44, 0x7a, 0x2b, 0x24};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_RSA_1024
+#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
+{"Test psa_asymmetric_encrypt - RSA PKCS1V15\n", 1, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 128,
+ 128, 1024, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+#ifdef ARCH_TEST_RSA_OAEP
+{"Test psa_asymmetric_encrypt - RSA OAEP SHA256\n", 2, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),
+{0}, 0,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 128,
+ 128, 1024, PSA_SUCCESS
+},
+
+{"Test psa_asymmetric_encrypt - RSA OAEP SHA256 with label\n", 3, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),
+{0x74, 0x68, 0x69, 0x73, 0x00, 0x69, 0x73, 0x00, 0x61, 0x00, 0x6c, 0x61, 0x62,
+ 0x65, 0x6c, 0x00}, 16,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 128,
+ 128, 1024, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
+{"Test psa_asymmetric_encrypt - RSA KEYPAIR PKCS1V15\n", 4, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 128,
+ 128, 1024, PSA_SUCCESS
+},
+
+{"Test psa_asymmetric_encrypt - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 110,
+ 128, 1024, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_asymmetric_encrypt - Invalid algorithm\n", 6, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_SHA_256,
+{0}, 0,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 128,
+ 128, 1024, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
+#ifdef ARCH_TEST_AES_128
+{"Test psa_asymmetric_encrypt - Invalid key type\n", 7, PSA_KEY_TYPE_AES,
+{0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05,
+ 0x7d, 0x39, 0x6e}, 16,
+ PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 128,
+ 0, BYTES_TO_BITS(AES_16B_KEY_SIZE), PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_1024
+{"Test psa_asymmetric_encrypt - Invalid usage\n", 8, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 128,
+ 128, 1024, PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+
+#ifdef FUTURE_SUPPORT
+{"Test psa_asymmetric_encrypt - ECC public key\n", 9,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | PSA_ECC_CURVE_SECP192R1,
+{0}, 75, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_ECDSA_ANY,
+{0}, 0,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 128,
+ 0, 192, PSA_SUCCESS
+}
+
+{"Test psa_asymmetric_encrypt - ECC keypair\n", 10,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{0}, 97, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
+{0}, 0,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 128,
+ 0, 192, PSA_SUCCESS
+}
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
+#ifdef ARCH_TEST_RSA_1024
+{"Test psa_asymmetric_encrypt - Negative case\n", 11, PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 22, 128,
+ 128, 1024, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_entry.c
new file mode 100644
index 00000000000..323f17382b9
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c039/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c039.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 39)
+#define TEST_DESC "Testing crypto asymmetric APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c039_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/main.c
new file mode 100644
index 00000000000..c885f701491
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c040(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c040, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_c040.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_c040.c
new file mode 100644
index 00000000000..69dc7ef0e91
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_c040.c
@@ -0,0 +1,226 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c040.h"
+#include "test_data.h"
+
+client_test_t test_c040_crypto_list[] = {
+ NULL,
+ psa_asymmetric_decrypt_test,
+ psa_asymmetric_decrypt_negative_test,
+ NULL,
+};
+
+static bool_t is_buffer_empty(uint8_t *buffer, size_t size)
+{
+ int i;
+
+ for (i = 0; i < size; i++)
+ {
+ if (buffer[i] != 0)
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+static int g_test_count = 1;
+static uint8_t output[SIZE_128B];
+
+int32_t psa_asymmetric_decrypt_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ const uint8_t *key_data;
+ uint8_t *salt;
+ size_t length;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ memset(output, 0, sizeof(output));
+
+ /* Set the key data based on key type */
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(128))
+ key_data = rsa_128_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(128))
+ key_data = rsa_128_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE)
+ salt = NULL;
+ else
+ salt = check1[i].salt;
+
+ /* Decrypt a short message with a private key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_DECRYPT, check1[i].key_handle,
+ check1[i].key_alg, check1[i].input, check1[i].input_length, salt,
+ check1[i].salt_length, output, check1[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Check if the output length matches with the expected length */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_output_length, TEST_CHECKPOINT_NUM(7));
+
+ /* Check if the output matches with the expected data */
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, length, TEST_CHECKPOINT_NUM(8));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_asymmetric_decrypt_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ uint8_t *salt;
+ size_t length;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_decrypt - Invalid key handle\n",
+ g_test_count++);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_decrypt - Invalid key handle\n",
+ g_test_count++);
+ /* Encrypt a short message with a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_DECRYPT, check2[i].key_handle,
+ check2[i].key_alg, check2[i].input, check2[i].input_length, salt,
+ check2[i].salt_length, output, check2[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_decrypt - Zero as key handle\n",
+ g_test_count++);
+ /* Encrypt a short message with a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_DECRYPT, 0,
+ check2[i].key_alg, check2[i].input, check2[i].input_length, salt,
+ check2[i].salt_length, output, check2[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_decrypt - Empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ if (is_buffer_empty(check1[i].salt, check1[i].salt_length) == TRUE)
+ salt = NULL;
+ else
+ salt = check1[i].salt;
+
+ /* Encrypt a short message with a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_DECRYPT, check2[i].key_handle,
+ check2[i].key_alg, check2[i].input, check2[i].input_length, salt,
+ check2[i].salt_length, output, check2[i].output_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_c040.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_c040.h
new file mode 100644
index 00000000000..ebb8f5b096d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_c040.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C040_CLIENT_TESTS_H_
+#define _TEST_C040_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c040)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c040_crypto_list[];
+
+int32_t psa_asymmetric_decrypt_test(security_t caller);
+int32_t psa_asymmetric_decrypt_negative_test(security_t caller);
+#endif /* _TEST_C040_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_data.h
new file mode 100644
index 00000000000..c6bc2487a66
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_data.h
@@ -0,0 +1,329 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[16];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t salt[16];
+ size_t salt_length;
+ uint8_t input[128];
+ size_t input_length;
+ size_t output_size;
+ uint8_t expected_output[32];
+ size_t expected_output_length;
+ size_t expected_bit_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+static const uint8_t rsa_256_keypair[1];
+static const uint8_t rsa_256_keydata[1];
+
+static const uint8_t ec_keydata[] = {
+ 0x30, 0x49, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06,
+ 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01, 0x03, 0x32, 0x00, 0x04, 0xBC,
+ 0x79, 0x7D, 0xB3, 0xAE, 0x7F, 0x08, 0xEC, 0x3D, 0x49, 0x6B, 0x4F, 0xB4, 0x11, 0xB3,
+ 0xF6, 0x20, 0xA5, 0x58, 0xA5, 0x01, 0xE0, 0x22, 0x2D, 0x08, 0xCF, 0xE0, 0xDC, 0x8A,
+ 0xEC, 0x8B, 0x1A, 0x7B, 0xF2, 0x4B, 0xE9, 0x29, 0x51, 0xCC, 0x5B, 0xA1, 0xBE, 0xBB,
+ 0x24, 0x74, 0x90, 0x9A, 0xE0};
+
+static const uint8_t ec_keypair[] = {
+ 0x30, 0x5F, 0x02, 0x01, 0x01, 0x04, 0x18, 0x33, 0x8E, 0x86, 0xA8, 0x81, 0xE2, 0x38,
+ 0xF5, 0x49, 0xBD, 0x6F, 0x05, 0x53, 0x49, 0x4B, 0x73, 0xE3, 0xD6, 0x11, 0x30, 0xFD,
+ 0xC6, 0xC9, 0x6D, 0xA0, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
+ 0x01, 0xA1, 0x34, 0x03, 0x32, 0x00, 0x04, 0x51, 0x75, 0xBC, 0xDF, 0x30, 0xA3, 0x70,
+ 0xF3, 0x9D, 0x53, 0x93, 0xE6, 0x12, 0x72, 0x88, 0xD8, 0x01, 0x67, 0xB5, 0xF4, 0xB4,
+ 0xB7, 0x76, 0xC6, 0x74, 0xF7, 0xC6, 0xF3, 0x54, 0xB7, 0xD2, 0x24, 0x06, 0x2C, 0x1F,
+ 0x68, 0x54, 0xB5, 0xA7, 0xAF, 0x0F, 0xE5, 0x78, 0xEA, 0xF2, 0x58, 0xF0, 0x27};
+
+static const uint8_t rsa_128_keydata[] = {
+ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+ 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb,
+ 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b,
+ 0x54, 0x1e, 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12,
+ 0x49, 0xe1, 0x12, 0x96, 0x28, 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44,
+ 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, 0x7a,
+ 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, 0xc6, 0x19,
+ 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb,
+ 0xf8, 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e,
+ 0xde, 0x26, 0x3a, 0x2a, 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86,
+ 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b,
+ 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t rsa_128_keypair[] = {
+0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05,
+0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f,
+0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, 0xe1, 0xfe, 0xb0,
+0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, 0xe1, 0x12, 0x96, 0x28,
+0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, 0x0e,
+0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee,
+0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02,
+0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb, 0xf8, 0x59, 0xc2, 0xc1, 0x81,
+0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, 0xbf,
+0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d,
+0xa5, 0x3d, 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00,
+0x01, 0x02, 0x81, 0x81, 0x00, 0x87, 0x4b, 0xf0, 0xff, 0xc2, 0xf2, 0xa7, 0x1d,
+0x14, 0x67, 0x1d, 0xdd, 0x01, 0x71, 0xc9, 0x54, 0xd7, 0xfd, 0xbf, 0x50, 0x28,
+0x1e, 0x4f, 0x6d, 0x99, 0xea, 0x0e, 0x1e, 0xbc, 0xf8, 0x2f, 0xaa, 0x58, 0xe7,
+0xb5, 0x95, 0xff, 0xb2, 0x93, 0xd1, 0xab, 0xe1, 0x7f, 0x11, 0x0b, 0x37, 0xc4,
+0x8c, 0xc0, 0xf3, 0x6c, 0x37, 0xe8, 0x4d, 0x87, 0x66, 0x21, 0xd3, 0x27, 0xf6,
+0x4b, 0xbe, 0x08, 0x45, 0x7d, 0x3e, 0xc4, 0x09, 0x8b, 0xa2, 0xfa, 0x0a, 0x31,
+0x9f, 0xba, 0x41, 0x1c, 0x28, 0x41, 0xed, 0x7b, 0xe8, 0x31, 0x96, 0xa8, 0xcd,
+0xf9, 0xda, 0xa5, 0xd0, 0x06, 0x94, 0xbc, 0x33, 0x5f, 0xc4, 0xc3, 0x22, 0x17,
+0xfe, 0x04, 0x88, 0xbc, 0xe9, 0xcb, 0x72, 0x02, 0xe5, 0x94, 0x68, 0xb1, 0xea,
+0xd1, 0x19, 0x00, 0x04, 0x77, 0xdb, 0x2c, 0xa7, 0x97, 0xfa, 0xc1, 0x9e, 0xda,
+0x3f, 0x58, 0xc1, 0x02, 0x41, 0x00, 0xe2, 0xab, 0x76, 0x08, 0x41, 0xbb, 0x9d,
+0x30, 0xa8, 0x1d, 0x22, 0x2d, 0xe1, 0xeb, 0x73, 0x81, 0xd8, 0x22, 0x14, 0x40,
+0x7f, 0x1b, 0x97, 0x5c, 0xbb, 0xfe, 0x4e, 0x1a, 0x94, 0x67, 0xfd, 0x98, 0xad,
+0xbd, 0x78, 0xf6, 0x07, 0x83, 0x6c, 0xa5, 0xbe, 0x19, 0x28, 0xb9, 0xd1, 0x60,
+0xd9, 0x7f, 0xd4, 0x5c, 0x12, 0xd6, 0xb5, 0x2e, 0x2c, 0x98, 0x71, 0xa1, 0x74,
+0xc6, 0x6b, 0x48, 0x81, 0x13, 0x02, 0x41, 0x00, 0xc5, 0xab, 0x27, 0x60, 0x21,
+0x59, 0xae, 0x7d, 0x6f, 0x20, 0xc3, 0xc2, 0xee, 0x85, 0x1e, 0x46, 0xdc, 0x11,
+0x2e, 0x68, 0x9e, 0x28, 0xd5, 0xfc, 0xbb, 0xf9, 0x90, 0xa9, 0x9e, 0xf8, 0xa9,
+0x0b, 0x8b, 0xb4, 0x4f, 0xd3, 0x64, 0x67, 0xe7, 0xfc, 0x17, 0x89, 0xce, 0xb6,
+0x63, 0xab, 0xda, 0x33, 0x86, 0x52, 0xc3, 0xc7, 0x3f, 0x11, 0x17, 0x74, 0x90,
+0x2e, 0x84, 0x05, 0x65, 0x92, 0x70, 0x91, 0x02, 0x41, 0x00, 0xb6, 0xcd, 0xbd,
+0x35, 0x4f, 0x7d, 0xf5, 0x79, 0xa6, 0x3b, 0x48, 0xb3, 0x64, 0x3e, 0x35, 0x3b,
+0x84, 0x89, 0x87, 0x77, 0xb4, 0x8b, 0x15, 0xf9, 0x4e, 0x0b, 0xfc, 0x05, 0x67,
+0xa6, 0xae, 0x59, 0x11, 0xd5, 0x7a, 0xd6, 0x40, 0x9c, 0xf7, 0x64, 0x7b, 0xf9,
+0x62, 0x64, 0xe9, 0xbd, 0x87, 0xeb, 0x95, 0xe2, 0x63, 0xb7, 0x11, 0x0b, 0x9a,
+0x1f, 0x9f, 0x94, 0xac, 0xce, 0xd0, 0xfa, 0xfa, 0x4d, 0x02, 0x40, 0x71, 0x19,
+0x5e, 0xec, 0x37, 0xe8, 0xd2, 0x57, 0xde, 0xcf, 0xc6, 0x72, 0xb0, 0x7a, 0xe6,
+0x39, 0xf1, 0x0c, 0xbb, 0x9b, 0x0c, 0x73, 0x9d, 0x0c, 0x80, 0x99, 0x68, 0xd6,
+0x44, 0xa9, 0x4e, 0x3f, 0xd6, 0xed, 0x92, 0x87, 0x07, 0x7a, 0x14, 0x58, 0x3f,
+0x37, 0x90, 0x58, 0xf7, 0x6a, 0x8a, 0xec, 0xd4, 0x3c, 0x62, 0xdc, 0x8c, 0x0f,
+0x41, 0x76, 0x66, 0x50, 0xd7, 0x25, 0x27, 0x5a, 0xc4, 0xa1, 0x02, 0x41, 0x00,
+0xbb, 0x32, 0xd1, 0x33, 0xed, 0xc2, 0xe0, 0x48, 0xd4, 0x63, 0x38, 0x8b, 0x7b,
+0xe9, 0xcb, 0x4b, 0xe2, 0x9f, 0x4b, 0x62, 0x50, 0xbe, 0x60, 0x3e, 0x70, 0xe3,
+0x64, 0x75, 0x01, 0xc9, 0x7d, 0xdd, 0xe2, 0x0a, 0x4e, 0x71, 0xbe, 0x95, 0xfd,
+0x5e, 0x71, 0x78, 0x4e, 0x25, 0xac, 0xa4, 0xba, 0xf2, 0x5b, 0xe5, 0x73, 0x8a,
+0xae, 0x59, 0xbb, 0xfe, 0x1c, 0x99, 0x77, 0x81, 0x44, 0x7a, 0x2b, 0x24};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_RSA_1024
+#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
+{"Test psa_asymmetric_decrypt - RSA KEYPAIR PKCS1V15\n", 1, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
+ 0x77, 0x9b, 0x29, 0x8d, 0xbb, 0xaf, 0x7f, 0x50, 0x70, 0x7a, 0x74, 0x05, 0x29,
+ 0x6d, 0xd2, 0x78, 0x34, 0x56, 0xfc, 0x79, 0x20, 0x02, 0xf4, 0x62, 0xe7, 0x60,
+ 0x50, 0x0e, 0x02, 0xaf, 0xa2, 0x5a, 0x85, 0x9a, 0xce, 0x87, 0x01, 0xcb, 0x5d,
+ 0x3b, 0x02, 0x62, 0x11, 0x64, 0x31, 0xc4, 0x3a, 0xf8, 0xeb, 0x08, 0xf5, 0xa8,
+ 0x83, 0x01, 0x05, 0x7c, 0xf1, 0xc1, 0x56, 0xa2, 0xa5, 0x19, 0x3c, 0x14, 0x3e,
+ 0x7a, 0x5b, 0x03, 0xfa, 0xc1, 0x32, 0xb7, 0xe8, 0x9e, 0x6d, 0xcd, 0x8f, 0x4c,
+ 0x82, 0xc9, 0xb2, 0x84, 0x52, 0x32, 0x9c, 0x26, 0x0d, 0x30, 0xbc, 0x39, 0xb3,
+ 0x81, 0x6b, 0x7c, 0x46, 0xb4, 0x1b, 0x37, 0xb4, 0x85, 0x0d, 0x2a, 0xe7, 0x4e,
+ 0x72, 0x9f, 0x99, 0xc6, 0x62, 0x1f, 0xbb, 0xe2, 0xe4, 0x68, 0x72},
+ 128, 128,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad},
+ 32, 1024, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+#ifdef ARCH_TEST_RSA_OAEP
+{"Test psa_asymmetric_decrypt - RSA KEYPAIR OAEP SHA256\n", 2, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),
+{0}, 0,
+{0x3d, 0x31, 0x46, 0xb1, 0xc9, 0x82, 0x00, 0x42, 0x73, 0xa9, 0xeb, 0xb9, 0xb0,
+ 0x63, 0xe6, 0xae, 0x53, 0xb1, 0xa8, 0x5b, 0xfc, 0x80, 0x23, 0x24, 0xbc, 0xdd,
+ 0x04, 0xfa, 0xa0, 0xf7, 0x21, 0x1f, 0xb2, 0xbd, 0xee, 0xa4, 0x03, 0x58, 0x09,
+ 0x55, 0x54, 0xdf, 0x9c, 0x25, 0x08, 0x66, 0xc7, 0x36, 0x1e, 0x73, 0x8f, 0x0d,
+ 0x27, 0x0e, 0xaa, 0x27, 0x73, 0x8e, 0x87, 0x92, 0x8c, 0x5e, 0x31, 0x81, 0x55,
+ 0x06, 0x34, 0x67, 0x27, 0x90, 0x0f, 0xf0, 0x3c, 0xef, 0x0b, 0xe6, 0xf9, 0xdd,
+ 0x6b, 0xba, 0x63, 0xce, 0x89, 0x07, 0x4e, 0x81, 0x94, 0xfe, 0x68, 0xb5, 0xa5,
+ 0x73, 0x94, 0x22, 0xd4, 0xf1, 0x38, 0xbb, 0xbb, 0x61, 0xf4, 0x9b, 0x76, 0xcf,
+ 0x1f, 0x18, 0xde, 0xf2, 0xc9, 0x93, 0xe3, 0x11, 0x3b, 0x08, 0xc1, 0x91, 0xea,
+ 0x1d, 0xa0, 0xfe, 0xb9, 0x4f, 0x8f, 0xd9, 0xb3, 0x01, 0x09, 0xa1},
+ 128, 128,
+{0},
+ 0, 1024, PSA_SUCCESS
+},
+
+{"Test psa_asymmetric_decrypt - RSA KEYPAIR OAEP SHA256 with label\n", 3,
+ PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),
+{0x74, 0x68, 0x69, 0x73, 0x00, 0x69, 0x73, 0x00, 0x61, 0x00, 0x6c, 0x61, 0x62,
+ 0x65, 0x6c, 0x00}, 16,
+{0x46, 0xed, 0xc9, 0x98, 0x4a, 0x6d, 0x4b, 0x7c, 0x7f, 0xd8, 0x8f, 0xda, 0x9e,
+ 0xa9, 0x1d, 0xdb, 0xd3, 0x0b, 0x28, 0xa0, 0x79, 0x3c, 0xc7, 0x5a, 0x9f, 0xcd,
+ 0xd9, 0x4d, 0x86, 0x7c, 0x69, 0x09, 0x0a, 0x69, 0x7d, 0x46, 0xa6, 0xf3, 0x36,
+ 0xa3, 0xe4, 0x8a, 0x12, 0x2d, 0xd3, 0xee, 0x3b, 0x51, 0x56, 0x6b, 0x44, 0x5f,
+ 0xf7, 0x8a, 0xdb, 0x61, 0x3d, 0x09, 0xb7, 0xd8, 0xc5, 0x9c, 0x25, 0xa2, 0x7d,
+ 0x8c, 0xf7, 0xf5, 0xe3, 0x64, 0x55, 0xf2, 0xe7, 0x1f, 0xf6, 0xc6, 0xee, 0x98,
+ 0xd5, 0x74, 0x0e, 0x66, 0xb2, 0x37, 0x94, 0xac, 0xc7, 0x29, 0x06, 0x56, 0x19,
+ 0x51, 0xc2, 0xbe, 0x50, 0x64, 0xf6, 0xa2, 0x50, 0x64, 0x6a, 0xb6, 0x27, 0xec,
+ 0xbf, 0xa4, 0x8c, 0x02, 0xf8, 0x2c, 0x29, 0xfe, 0x9b, 0x8c, 0x8e, 0x6b, 0xe8,
+ 0xeb, 0x75, 0x24, 0x32, 0x12, 0x49, 0x74, 0x37, 0x3b, 0x54, 0x2c},
+ 128, 128,
+{0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x6e, 0x6f, 0x20, 0x73, 0x71,
+ 0x75, 0x65, 0x61, 0x6d, 0x69, 0x73, 0x68, 0x20, 0x6f, 0x73, 0x73, 0x69, 0x66,
+ 0x72, 0x61, 0x67, 0x65},
+ 30, 1024, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
+{"Test psa_asymmetric_decrypt - Invalid key type (RSA public key)\n", 4,
+PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0x3d, 0x31, 0x46, 0xb1, 0xc9, 0x82, 0x00, 0x42, 0x73, 0xa9, 0xeb, 0xb9, 0xb0,
+ 0x63, 0xe6, 0xae, 0x53, 0xb1, 0xa8, 0x5b, 0xfc, 0x80, 0x23, 0x24, 0xbc, 0xdd,
+ 0x04, 0xfa, 0xa0, 0xf7, 0x21, 0x1f, 0xb2, 0xbd, 0xee, 0xa4, 0x03, 0x58, 0x09,
+ 0x55, 0x54, 0xdf, 0x9c, 0x25, 0x08, 0x66, 0xc7, 0x36, 0x1e, 0x73, 0x8f, 0x0d,
+ 0x27, 0x0e, 0xaa, 0x27, 0x73, 0x8e, 0x87, 0x92, 0x8c, 0x5e, 0x31, 0x81, 0x55,
+ 0x06, 0x34, 0x67, 0x27, 0x90, 0x0f, 0xf0, 0x3c, 0xef, 0x0b, 0xe6, 0xf9, 0xdd,
+ 0x6b, 0xba, 0x63, 0xce, 0x89, 0x07, 0x4e, 0x81, 0x94, 0xfe, 0x68, 0xb5, 0xa5,
+ 0x73, 0x94, 0x22, 0xd4, 0xf1, 0x38, 0xbb, 0xbb, 0x61, 0xf4, 0x9b, 0x76, 0xcf,
+ 0x1f, 0x18, 0xde, 0xf2, 0xc9, 0x93, 0xe3, 0x11, 0x3b, 0x08, 0xc1, 0x91, 0xea,
+ 0x1d, 0xa0, 0xfe, 0xb9, 0x4f, 0x8f, 0xd9, 0xb3, 0x01, 0x09, 0xa1},
+ 128, 128,
+{0},
+ 0, 1024, PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_asymmetric_decrypt - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
+ 0x77, 0x9b, 0x29, 0x8d, 0xbb, 0xaf, 0x7f, 0x50, 0x70, 0x7a, 0x74, 0x05, 0x29,
+ 0x6d, 0xd2, 0x78, 0x34, 0x56, 0xfc, 0x79, 0x20, 0x02, 0xf4, 0x62, 0xe7, 0x60,
+ 0x50, 0x0e, 0x02, 0xaf, 0xa2, 0x5a, 0x85, 0x9a, 0xce, 0x87, 0x01, 0xcb, 0x5d,
+ 0x3b, 0x02, 0x62, 0x11, 0x64, 0x31, 0xc4, 0x3a, 0xf8, 0xeb, 0x08, 0xf5, 0xa8,
+ 0x83, 0x01, 0x05, 0x7c, 0xf1, 0xc1, 0x56, 0xa2, 0xa5, 0x19, 0x3c, 0x14, 0x3e,
+ 0x7a, 0x5b, 0x03, 0xfa, 0xc1, 0x32, 0xb7, 0xe8, 0x9e, 0x6d, 0xcd, 0x8f, 0x4c,
+ 0x82, 0xc9, 0xb2, 0x84, 0x52, 0x32, 0x9c, 0x26, 0x0d, 0x30, 0xbc, 0x39, 0xb3,
+ 0x81, 0x6b, 0x7c, 0x46, 0xb4, 0x1b, 0x37, 0xb4, 0x85, 0x0d, 0x2a, 0xe7, 0x4e,
+ 0x72, 0x9f, 0x99, 0xc6, 0x62, 0x1f, 0xbb, 0xe2, 0xe4, 0x68, 0x72},
+ 128, 30,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad},
+ 32, 1024, PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+
+#ifdef ARCH_TEST_SHA256
+{"Test psa_asymmetric_decrypt - Invalid algorithm\n", 6, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_SHA_256,
+{0}, 0,
+{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
+ 0x77, 0x9b, 0x29, 0x8d, 0xbb, 0xaf, 0x7f, 0x50, 0x70, 0x7a, 0x74, 0x05, 0x29,
+ 0x6d, 0xd2, 0x78, 0x34, 0x56, 0xfc, 0x79, 0x20, 0x02, 0xf4, 0x62, 0xe7, 0x60,
+ 0x50, 0x0e, 0x02, 0xaf, 0xa2, 0x5a, 0x85, 0x9a, 0xce, 0x87, 0x01, 0xcb, 0x5d,
+ 0x3b, 0x02, 0x62, 0x11, 0x64, 0x31, 0xc4, 0x3a, 0xf8, 0xeb, 0x08, 0xf5, 0xa8,
+ 0x83, 0x01, 0x05, 0x7c, 0xf1, 0xc1, 0x56, 0xa2, 0xa5, 0x19, 0x3c, 0x14, 0x3e,
+ 0x7a, 0x5b, 0x03, 0xfa, 0xc1, 0x32, 0xb7, 0xe8, 0x9e, 0x6d, 0xcd, 0x8f, 0x4c,
+ 0x82, 0xc9, 0xb2, 0x84, 0x52, 0x32, 0x9c, 0x26, 0x0d, 0x30, 0xbc, 0x39, 0xb3,
+ 0x81, 0x6b, 0x7c, 0x46, 0xb4, 0x1b, 0x37, 0xb4, 0x85, 0x0d, 0x2a, 0xe7, 0x4e,
+ 0x72, 0x9f, 0x99, 0xc6, 0x62, 0x1f, 0xbb, 0xe2, 0xe4, 0x68, 0x72},
+ 128, 128,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad},
+ 32, 1024, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
+#ifdef ARCH_TEST_AES_128
+{"Test psa_asymmetric_decrypt - Invalid key type (AES Key)\n", 7, PSA_KEY_TYPE_AES,
+{0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05,
+ 0x7d, 0x39, 0x6e}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
+ 0x77, 0x9b, 0x29, 0x8d, 0xbb, 0xaf, 0x7f, 0x50, 0x70, 0x7a, 0x74, 0x05, 0x29,
+ 0x6d, 0xd2, 0x78, 0x34, 0x56, 0xfc, 0x79, 0x20, 0x02, 0xf4, 0x62, 0xe7, 0x60,
+ 0x50, 0x0e, 0x02, 0xaf, 0xa2, 0x5a, 0x85, 0x9a, 0xce, 0x87, 0x01, 0xcb, 0x5d,
+ 0x3b, 0x02, 0x62, 0x11, 0x64, 0x31, 0xc4, 0x3a, 0xf8, 0xeb, 0x08, 0xf5, 0xa8,
+ 0x83, 0x01, 0x05, 0x7c, 0xf1, 0xc1, 0x56, 0xa2, 0xa5, 0x19, 0x3c, 0x14, 0x3e,
+ 0x7a, 0x5b, 0x03, 0xfa, 0xc1, 0x32, 0xb7, 0xe8, 0x9e, 0x6d, 0xcd, 0x8f, 0x4c,
+ 0x82, 0xc9, 0xb2, 0x84, 0x52, 0x32, 0x9c, 0x26, 0x0d, 0x30, 0xbc, 0x39, 0xb3,
+ 0x81, 0x6b, 0x7c, 0x46, 0xb4, 0x1b, 0x37, 0xb4, 0x85, 0x0d, 0x2a, 0xe7, 0x4e,
+ 0x72, 0x9f, 0x99, 0xc6, 0x62, 0x1f, 0xbb, 0xe2, 0xe4, 0x68, 0x72},
+ 128, 128,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad},
+ 32, BYTES_TO_BITS(AES_16B_KEY_SIZE), PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_1024
+{"Test psa_asymmetric_decrypt - Invalid usage\n", 8, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
+ 0x77, 0x9b, 0x29, 0x8d, 0xbb, 0xaf, 0x7f, 0x50, 0x70, 0x7a, 0x74, 0x05, 0x29,
+ 0x6d, 0xd2, 0x78, 0x34, 0x56, 0xfc, 0x79, 0x20, 0x02, 0xf4, 0x62, 0xe7, 0x60,
+ 0x50, 0x0e, 0x02, 0xaf, 0xa2, 0x5a, 0x85, 0x9a, 0xce, 0x87, 0x01, 0xcb, 0x5d,
+ 0x3b, 0x02, 0x62, 0x11, 0x64, 0x31, 0xc4, 0x3a, 0xf8, 0xeb, 0x08, 0xf5, 0xa8,
+ 0x83, 0x01, 0x05, 0x7c, 0xf1, 0xc1, 0x56, 0xa2, 0xa5, 0x19, 0x3c, 0x14, 0x3e,
+ 0x7a, 0x5b, 0x03, 0xfa, 0xc1, 0x32, 0xb7, 0xe8, 0x9e, 0x6d, 0xcd, 0x8f, 0x4c,
+ 0x82, 0xc9, 0xb2, 0x84, 0x52, 0x32, 0x9c, 0x26, 0x0d, 0x30, 0xbc, 0x39, 0xb3,
+ 0x81, 0x6b, 0x7c, 0x46, 0xb4, 0x1b, 0x37, 0xb4, 0x85, 0x0d, 0x2a, 0xe7, 0x4e,
+ 0x72, 0x9f, 0x99, 0xc6, 0x62, 0x1f, 0xbb, 0xe2, 0xe4, 0x68, 0x72},
+ 128, 128,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad},
+ 32, 1024, PSA_ERROR_NOT_PERMITTED
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_RSA_PKCS1V15_CRYPT
+#ifdef ARCH_TEST_RSA_1024
+{"Test psa_asymmetric_decrypt - Negative case\n", 1, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_DECRYPT, PSA_ALG_RSA_PKCS1V15_CRYPT,
+{0}, 0,
+{0x99, 0xff, 0xde, 0x2f, 0xcc, 0x00, 0xc9, 0xcc, 0x01, 0x97, 0x2e, 0xbf, 0xa7,
+ 0x77, 0x9b, 0x29, 0x8d, 0xbb, 0xaf, 0x7f, 0x50, 0x70, 0x7a, 0x74, 0x05, 0x29,
+ 0x6d, 0xd2, 0x78, 0x34, 0x56, 0xfc, 0x79, 0x20, 0x02, 0xf4, 0x62, 0xe7, 0x60,
+ 0x50, 0x0e, 0x02, 0xaf, 0xa2, 0x5a, 0x85, 0x9a, 0xce, 0x87, 0x01, 0xcb, 0x5d,
+ 0x3b, 0x02, 0x62, 0x11, 0x64, 0x31, 0xc4, 0x3a, 0xf8, 0xeb, 0x08, 0xf5, 0xa8,
+ 0x83, 0x01, 0x05, 0x7c, 0xf1, 0xc1, 0x56, 0xa2, 0xa5, 0x19, 0x3c, 0x14, 0x3e,
+ 0x7a, 0x5b, 0x03, 0xfa, 0xc1, 0x32, 0xb7, 0xe8, 0x9e, 0x6d, 0xcd, 0x8f, 0x4c,
+ 0x82, 0xc9, 0xb2, 0x84, 0x52, 0x32, 0x9c, 0x26, 0x0d, 0x30, 0xbc, 0x39, 0xb3,
+ 0x81, 0x6b, 0x7c, 0x46, 0xb4, 0x1b, 0x37, 0xb4, 0x85, 0x0d, 0x2a, 0xe7, 0x4e,
+ 0x72, 0x9f, 0x99, 0xc6, 0x62, 0x1f, 0xbb, 0xe2, 0xe4, 0x68, 0x72},
+ 128, 128,
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad},
+ 32, 1024, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_entry.c
new file mode 100644
index 00000000000..7b36aedc40c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c040/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c040.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 40)
+#define TEST_DESC "Testing crypto asymmetric APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c040_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/main.c
new file mode 100644
index 00000000000..2699f556c84
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c041(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c041, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_c041.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_c041.c
new file mode 100644
index 00000000000..55106f7288f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_c041.c
@@ -0,0 +1,199 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c041.h"
+#include "test_data.h"
+
+client_test_t test_c041_crypto_list[] = {
+ NULL,
+ psa_asymmetric_sign_test,
+ psa_asymmetric_sign_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t signature[SIZE_128B];
+
+int32_t psa_asymmetric_sign_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ const uint8_t *key_data;
+ size_t length;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ memset(signature, 0, sizeof(signature));
+
+ /* Set the key data based on key type */
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(128))
+ key_data = rsa_128_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(128))
+ key_data = rsa_128_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Sign a hash or short message with a private key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_SIGN, check1[i].key_handle,
+ check1[i].key_alg, check1[i].input, check1[i].input_length,
+ signature, check1[i].signature_size, &length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ continue;
+
+ /* Check if the output length matches with the expected length */
+ TEST_ASSERT_EQUAL(length, check1[i].expected_signature_length, TEST_CHECKPOINT_NUM(7));
+
+ /* Check if the output matches with the expected data */
+ TEST_ASSERT_MEMCMP(signature, check1[i].expected_signature, length, TEST_CHECKPOINT_NUM(8));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_asymmetric_sign_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ size_t length;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_sign - Invalid key handle\n",
+ g_test_count++);
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_sign - Invalid key handle\n",
+ g_test_count++);
+ /* Sign a hash or short message with a private key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_SIGN, check2[i].key_handle,
+ check2[i].key_alg, check2[i].input, check2[i].input_length,
+ signature, check2[i].signature_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_sign - zero as key handle\n",
+ g_test_count++);
+ /* Sign a hash or short message with a private key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_SIGN, 0,
+ check2[i].key_alg, check2[i].input, check2[i].input_length,
+ signature, check2[i].signature_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_sign - Empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Sign a hash or short message with a private key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_SIGN, check2[i].key_handle,
+ check2[i].key_alg, check2[i].input, check2[i].input_length,
+ signature, check2[i].signature_size, &length);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_c041.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_c041.h
new file mode 100644
index 00000000000..11f8074aa84
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_c041.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C041_CLIENT_TESTS_H_
+#define _TEST_C041_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c041)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c041_crypto_list[];
+
+int32_t psa_asymmetric_sign_test(security_t caller);
+int32_t psa_asymmetric_sign_negative_test(security_t caller);
+#endif /* _TEST_C041_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_data.h
new file mode 100644
index 00000000000..cecccb6ca91
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_data.h
@@ -0,0 +1,317 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[16];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t input[32];
+ size_t input_length;
+ size_t signature_size;
+ uint8_t expected_signature[128];
+ size_t expected_signature_length;
+ size_t expected_bit_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+static const uint8_t rsa_256_keypair[1];
+static const uint8_t rsa_256_keydata[1];
+static const uint8_t ec_keydata[1];
+
+static const uint8_t ec_keypair[] = {
+ 0xab, 0x45, 0x43, 0x57, 0x12, 0x64,
+ 0x9c, 0xb3, 0x0b, 0xbd, 0xda, 0xc4, 0x91, 0x97, 0xee, 0xbf, 0x27, 0x40, 0xff, 0xc7,
+ 0xf8, 0x74, 0xd9, 0x24, 0x4c, 0x34, 0x60, 0xf5, 0x4f, 0x32, 0x2d, 0x3a};
+
+static const uint8_t rsa_128_keydata[] = {
+ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+ 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb,
+ 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b,
+ 0x54, 0x1e, 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12,
+ 0x49, 0xe1, 0x12, 0x96, 0x28, 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44,
+ 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, 0x7a,
+ 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, 0xc6, 0x19,
+ 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb,
+ 0xf8, 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e,
+ 0xde, 0x26, 0x3a, 0x2a, 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86,
+ 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b,
+ 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t rsa_128_keypair[] = {
+0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05,
+0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f,
+0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, 0xe1, 0xfe, 0xb0,
+0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, 0xe1, 0x12, 0x96, 0x28,
+0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, 0x0e,
+0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee,
+0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02,
+0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb, 0xf8, 0x59, 0xc2, 0xc1, 0x81,
+0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, 0xbf,
+0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d,
+0xa5, 0x3d, 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00,
+0x01, 0x02, 0x81, 0x81, 0x00, 0x87, 0x4b, 0xf0, 0xff, 0xc2, 0xf2, 0xa7, 0x1d,
+0x14, 0x67, 0x1d, 0xdd, 0x01, 0x71, 0xc9, 0x54, 0xd7, 0xfd, 0xbf, 0x50, 0x28,
+0x1e, 0x4f, 0x6d, 0x99, 0xea, 0x0e, 0x1e, 0xbc, 0xf8, 0x2f, 0xaa, 0x58, 0xe7,
+0xb5, 0x95, 0xff, 0xb2, 0x93, 0xd1, 0xab, 0xe1, 0x7f, 0x11, 0x0b, 0x37, 0xc4,
+0x8c, 0xc0, 0xf3, 0x6c, 0x37, 0xe8, 0x4d, 0x87, 0x66, 0x21, 0xd3, 0x27, 0xf6,
+0x4b, 0xbe, 0x08, 0x45, 0x7d, 0x3e, 0xc4, 0x09, 0x8b, 0xa2, 0xfa, 0x0a, 0x31,
+0x9f, 0xba, 0x41, 0x1c, 0x28, 0x41, 0xed, 0x7b, 0xe8, 0x31, 0x96, 0xa8, 0xcd,
+0xf9, 0xda, 0xa5, 0xd0, 0x06, 0x94, 0xbc, 0x33, 0x5f, 0xc4, 0xc3, 0x22, 0x17,
+0xfe, 0x04, 0x88, 0xbc, 0xe9, 0xcb, 0x72, 0x02, 0xe5, 0x94, 0x68, 0xb1, 0xea,
+0xd1, 0x19, 0x00, 0x04, 0x77, 0xdb, 0x2c, 0xa7, 0x97, 0xfa, 0xc1, 0x9e, 0xda,
+0x3f, 0x58, 0xc1, 0x02, 0x41, 0x00, 0xe2, 0xab, 0x76, 0x08, 0x41, 0xbb, 0x9d,
+0x30, 0xa8, 0x1d, 0x22, 0x2d, 0xe1, 0xeb, 0x73, 0x81, 0xd8, 0x22, 0x14, 0x40,
+0x7f, 0x1b, 0x97, 0x5c, 0xbb, 0xfe, 0x4e, 0x1a, 0x94, 0x67, 0xfd, 0x98, 0xad,
+0xbd, 0x78, 0xf6, 0x07, 0x83, 0x6c, 0xa5, 0xbe, 0x19, 0x28, 0xb9, 0xd1, 0x60,
+0xd9, 0x7f, 0xd4, 0x5c, 0x12, 0xd6, 0xb5, 0x2e, 0x2c, 0x98, 0x71, 0xa1, 0x74,
+0xc6, 0x6b, 0x48, 0x81, 0x13, 0x02, 0x41, 0x00, 0xc5, 0xab, 0x27, 0x60, 0x21,
+0x59, 0xae, 0x7d, 0x6f, 0x20, 0xc3, 0xc2, 0xee, 0x85, 0x1e, 0x46, 0xdc, 0x11,
+0x2e, 0x68, 0x9e, 0x28, 0xd5, 0xfc, 0xbb, 0xf9, 0x90, 0xa9, 0x9e, 0xf8, 0xa9,
+0x0b, 0x8b, 0xb4, 0x4f, 0xd3, 0x64, 0x67, 0xe7, 0xfc, 0x17, 0x89, 0xce, 0xb6,
+0x63, 0xab, 0xda, 0x33, 0x86, 0x52, 0xc3, 0xc7, 0x3f, 0x11, 0x17, 0x74, 0x90,
+0x2e, 0x84, 0x05, 0x65, 0x92, 0x70, 0x91, 0x02, 0x41, 0x00, 0xb6, 0xcd, 0xbd,
+0x35, 0x4f, 0x7d, 0xf5, 0x79, 0xa6, 0x3b, 0x48, 0xb3, 0x64, 0x3e, 0x35, 0x3b,
+0x84, 0x89, 0x87, 0x77, 0xb4, 0x8b, 0x15, 0xf9, 0x4e, 0x0b, 0xfc, 0x05, 0x67,
+0xa6, 0xae, 0x59, 0x11, 0xd5, 0x7a, 0xd6, 0x40, 0x9c, 0xf7, 0x64, 0x7b, 0xf9,
+0x62, 0x64, 0xe9, 0xbd, 0x87, 0xeb, 0x95, 0xe2, 0x63, 0xb7, 0x11, 0x0b, 0x9a,
+0x1f, 0x9f, 0x94, 0xac, 0xce, 0xd0, 0xfa, 0xfa, 0x4d, 0x02, 0x40, 0x71, 0x19,
+0x5e, 0xec, 0x37, 0xe8, 0xd2, 0x57, 0xde, 0xcf, 0xc6, 0x72, 0xb0, 0x7a, 0xe6,
+0x39, 0xf1, 0x0c, 0xbb, 0x9b, 0x0c, 0x73, 0x9d, 0x0c, 0x80, 0x99, 0x68, 0xd6,
+0x44, 0xa9, 0x4e, 0x3f, 0xd6, 0xed, 0x92, 0x87, 0x07, 0x7a, 0x14, 0x58, 0x3f,
+0x37, 0x90, 0x58, 0xf7, 0x6a, 0x8a, 0xec, 0xd4, 0x3c, 0x62, 0xdc, 0x8c, 0x0f,
+0x41, 0x76, 0x66, 0x50, 0xd7, 0x25, 0x27, 0x5a, 0xc4, 0xa1, 0x02, 0x41, 0x00,
+0xbb, 0x32, 0xd1, 0x33, 0xed, 0xc2, 0xe0, 0x48, 0xd4, 0x63, 0x38, 0x8b, 0x7b,
+0xe9, 0xcb, 0x4b, 0xe2, 0x9f, 0x4b, 0x62, 0x50, 0xbe, 0x60, 0x3e, 0x70, 0xe3,
+0x64, 0x75, 0x01, 0xc9, 0x7d, 0xdd, 0xe2, 0x0a, 0x4e, 0x71, 0xbe, 0x95, 0xfd,
+0x5e, 0x71, 0x78, 0x4e, 0x25, 0xac, 0xa4, 0xba, 0xf2, 0x5b, 0xe5, 0x73, 0x8a,
+0xae, 0x59, 0xbb, 0xfe, 0x1c, 0x99, 0x77, 0x81, 0x44, 0x7a, 0x2b, 0x24};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_RSA_1024
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+{"Test psa_asymmetric_sign - RSA KEYPAIR PKCS1V15 RAW\n", 1, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+{0x61, 0x62, 0x63}, 3, 128,
+{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
+ 0x83, 0xed, 0x11, 0xa7, 0x6a, 0x78, 0x98, 0xa1, 0xbb, 0x5c, 0xe1, 0x91, 0x37,
+ 0x5a, 0x4a, 0xa7, 0x49, 0x5a, 0x63, 0x3d, 0x27, 0x87, 0x9f, 0xf5, 0x8e, 0xba,
+ 0x5a, 0x57, 0x37, 0x1c, 0x34, 0xfe, 0xb1, 0x18, 0x0e, 0x8b, 0x85, 0x0d, 0x55,
+ 0x24, 0x76, 0xeb, 0xb5, 0x63, 0x4d, 0xf6, 0x20, 0x26, 0x19, 0x92, 0xf1, 0x2e,
+ 0xbe, 0xe9, 0x09, 0x70, 0x41, 0xdb, 0xbe, 0xa8, 0x5a, 0x42, 0xd4, 0x5b, 0x34,
+ 0x4b, 0xe5, 0x07, 0x3c, 0xeb, 0x77, 0x2f, 0xfc, 0x60, 0x49, 0x54, 0xb9, 0x15,
+ 0x8b, 0xa8, 0x1e, 0xc3, 0xdc, 0x4d, 0x9d, 0x65, 0xe3, 0xab, 0x7a, 0xa3, 0x18,
+ 0x16, 0x5f, 0x38, 0xc3, 0x6f, 0x84, 0x1f, 0x1c, 0x69, 0xcb, 0x1c, 0xfa, 0x49,
+ 0x4a, 0xa5, 0xcb, 0xb4, 0xd6, 0xc0, 0xef, 0xba, 0xfb, 0x04, 0x3a},
+ 128, 1024, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
+#ifdef ARCH_TEST_SHA256
+{"Test psa_asymmetric_sign - RSA KEYPAIR PKCS1V15 SHA-256\n", 2, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 32, 128,
+{0xa7, 0x36, 0x64, 0xd5, 0x5b, 0x39, 0xc7, 0xea, 0x6c, 0x1e, 0x5b, 0x50, 0x11,
+ 0x72, 0x4a, 0x11, 0xe1, 0xd7, 0x07, 0x3d, 0x3a, 0x68, 0xf4, 0x8c, 0x83, 0x6f,
+ 0xad, 0x15, 0x3a, 0x1d, 0x91, 0xb6, 0xab, 0xdb, 0xc8, 0xf6, 0x9d, 0xa1, 0x3b,
+ 0x20, 0x6c, 0xc9, 0x6a, 0xf6, 0x36, 0x3b, 0x11, 0x44, 0x58, 0xb0, 0x26, 0xaf,
+ 0x14, 0xb2, 0x4f, 0xab, 0x89, 0x29, 0xed, 0x63, 0x4c, 0x6a, 0x2a, 0xca, 0xce,
+ 0x0b, 0xcc, 0x62, 0xd9, 0xbb, 0x6a, 0x98, 0x4a, 0xfb, 0xcb, 0xfc, 0xd3, 0xa0,
+ 0x60, 0x8d, 0x32, 0xa2, 0xba, 0xe5, 0x35, 0xb9, 0xcd, 0x1e, 0xcd, 0xf9, 0xdd,
+ 0x28, 0x1d, 0xb1, 0xe0, 0x02, 0x5c, 0x3b, 0xfb, 0x55, 0x12, 0x96, 0x3e, 0xc3,
+ 0xb9, 0x8d, 0xda, 0xa6, 0x9e, 0x38, 0xbc, 0x3c, 0x84, 0xb1, 0xb6, 0x1a, 0x04,
+ 0xe5, 0x64, 0x86, 0x40, 0x85, 0x6a, 0xac, 0xc6, 0xfc, 0x73, 0x11},
+ 128, 1024, PSA_SUCCESS
+},
+#endif
+#endif
+#endif
+
+#ifdef ARCH_TEST_SHA256
+#ifdef ARCH_TEST_DETERMINISTIC_ECDSA
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_asymmetric_sign - ECDSA SECP256R1 SHA-256\n", 3,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1), {0}, 32,
+ PSA_KEY_USAGE_SIGN, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
+{0x9a, 0xc4, 0x33, 0x5b, 0x46, 0x9b, 0xbd, 0x79, 0x14, 0x39, 0x24, 0x85, 0x04,
+ 0xdd, 0x0d, 0x49, 0xc7, 0x13, 0x49, 0xa2, 0x95, 0xfe, 0xe5, 0xa1, 0xc6, 0x85,
+ 0x07, 0xf4, 0x5a, 0x9e, 0x1c, 0x7b}, 32, 128,
+{0x6a, 0x33, 0x99, 0xf6, 0x94, 0x21, 0xff, 0xe1, 0x49, 0x03, 0x77, 0xad, 0xf2,
+ 0xea, 0x1f, 0x11, 0x7d, 0x81, 0xa6, 0x3c, 0xf5, 0xbf, 0x22, 0xe9, 0x18, 0xd5,
+ 0x11, 0x75, 0xeb, 0x25, 0x91, 0x51, 0xce, 0x95, 0xd7, 0xc2, 0x6c, 0xc0, 0x4e,
+ 0x25, 0x50, 0x3e, 0x2f, 0x7a, 0x1e, 0xc3, 0x57, 0x3e, 0x3c, 0x24, 0x12, 0x53,
+ 0x4b, 0xb4, 0xa1, 0x9b, 0x3a, 0x78, 0x11, 0x74, 0x2f, 0x49, 0xf5, 0x0f},
+ 64, 512, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_1024
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
+{"Test psa_asymmetric_sign - Invalid key type (RSA public key)\n", 4,
+PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 32, 128,
+{0xa7, 0x36, 0x64, 0xd5, 0x5b, 0x39, 0xc7, 0xea, 0x6c, 0x1e, 0x5b, 0x50, 0x11,
+ 0x72, 0x4a, 0x11, 0xe1, 0xd7, 0x07, 0x3d, 0x3a, 0x68, 0xf4, 0x8c, 0x83, 0x6f,
+ 0xad, 0x15, 0x3a, 0x1d, 0x91, 0xb6, 0xab, 0xdb, 0xc8, 0xf6, 0x9d, 0xa1, 0x3b,
+ 0x20, 0x6c, 0xc9, 0x6a, 0xf6, 0x36, 0x3b, 0x11, 0x44, 0x58, 0xb0, 0x26, 0xaf,
+ 0x14, 0xb2, 0x4f, 0xab, 0x89, 0x29, 0xed, 0x63, 0x4c, 0x6a, 0x2a, 0xca, 0xce,
+ 0x0b, 0xcc, 0x62, 0xd9, 0xbb, 0x6a, 0x98, 0x4a, 0xfb, 0xcb, 0xfc, 0xd3, 0xa0,
+ 0x60, 0x8d, 0x32, 0xa2, 0xba, 0xe5, 0x35, 0xb9, 0xcd, 0x1e, 0xcd, 0xf9, 0xdd,
+ 0x28, 0x1d, 0xb1, 0xe0, 0x02, 0x5c, 0x3b, 0xfb, 0x55, 0x12, 0x96, 0x3e, 0xc3,
+ 0xb9, 0x8d, 0xda, 0xa6, 0x9e, 0x38, 0xbc, 0x3c, 0x84, 0xb1, 0xb6, 0x1a, 0x04,
+ 0xe5, 0x64, 0x86, 0x40, 0x85, 0x6a, 0xac, 0xc6, 0xfc, 0x73, 0x11},
+ 128, 1024, PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_asymmetric_sign - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 32, 120,
+{0xa7, 0x36, 0x64, 0xd5, 0x5b, 0x39, 0xc7, 0xea, 0x6c, 0x1e, 0x5b, 0x50, 0x11,
+ 0x72, 0x4a, 0x11, 0xe1, 0xd7, 0x07, 0x3d, 0x3a, 0x68, 0xf4, 0x8c, 0x83, 0x6f,
+ 0xad, 0x15, 0x3a, 0x1d, 0x91, 0xb6, 0xab, 0xdb, 0xc8, 0xf6, 0x9d, 0xa1, 0x3b,
+ 0x20, 0x6c, 0xc9, 0x6a, 0xf6, 0x36, 0x3b, 0x11, 0x44, 0x58, 0xb0, 0x26, 0xaf,
+ 0x14, 0xb2, 0x4f, 0xab, 0x89, 0x29, 0xed, 0x63, 0x4c, 0x6a, 0x2a, 0xca, 0xce,
+ 0x0b, 0xcc, 0x62, 0xd9, 0xbb, 0x6a, 0x98, 0x4a, 0xfb, 0xcb, 0xfc, 0xd3, 0xa0,
+ 0x60, 0x8d, 0x32, 0xa2, 0xba, 0xe5, 0x35, 0xb9, 0xcd, 0x1e, 0xcd, 0xf9, 0xdd,
+ 0x28, 0x1d, 0xb1, 0xe0, 0x02, 0x5c, 0x3b, 0xfb, 0x55, 0x12, 0x96, 0x3e, 0xc3,
+ 0xb9, 0x8d, 0xda, 0xa6, 0x9e, 0x38, 0xbc, 0x3c, 0x84, 0xb1, 0xb6, 0x1a, 0x04,
+ 0xe5, 0x64, 0x86, 0x40, 0x85, 0x6a, 0xac, 0xc6, 0xfc, 0x73, 0x11},
+ 128, 1024, PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+
+{"Test psa_asymmetric_sign - Invalid algorithm\n", 6, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_SHA_256,
+{0x61, 0x62, 0x63}, 3, 128,
+{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
+ 0x83, 0xed, 0x11, 0xa7, 0x6a, 0x78, 0x98, 0xa1, 0xbb, 0x5c, 0xe1, 0x91, 0x37,
+ 0x5a, 0x4a, 0xa7, 0x49, 0x5a, 0x63, 0x3d, 0x27, 0x87, 0x9f, 0xf5, 0x8e, 0xba,
+ 0x5a, 0x57, 0x37, 0x1c, 0x34, 0xfe, 0xb1, 0x18, 0x0e, 0x8b, 0x85, 0x0d, 0x55,
+ 0x24, 0x76, 0xeb, 0xb5, 0x63, 0x4d, 0xf6, 0x20, 0x26, 0x19, 0x92, 0xf1, 0x2e,
+ 0xbe, 0xe9, 0x09, 0x70, 0x41, 0xdb, 0xbe, 0xa8, 0x5a, 0x42, 0xd4, 0x5b, 0x34,
+ 0x4b, 0xe5, 0x07, 0x3c, 0xeb, 0x77, 0x2f, 0xfc, 0x60, 0x49, 0x54, 0xb9, 0x15,
+ 0x8b, 0xa8, 0x1e, 0xc3, 0xdc, 0x4d, 0x9d, 0x65, 0xe3, 0xab, 0x7a, 0xa3, 0x18,
+ 0x16, 0x5f, 0x38, 0xc3, 0x6f, 0x84, 0x1f, 0x1c, 0x69, 0xcb, 0x1c, 0xfa, 0x49,
+ 0x4a, 0xa5, 0xcb, 0xb4, 0xd6, 0xc0, 0xef, 0xba, 0xfb, 0x04, 0x3a},
+ 128, 1024, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
+#ifdef ARCH_TEST_AES_128
+{"Test psa_asymmetric_sign - Invalid key type (AES Key)\n", 7, PSA_KEY_TYPE_AES,
+{0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05,
+ 0x7d, 0x39, 0x6e}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN,
+ PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0x61, 0x62, 0x63}, 3, 128,
+{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
+ 0x83, 0xed, 0x11, 0xa7, 0x6a, 0x78, 0x98, 0xa1, 0xbb, 0x5c, 0xe1, 0x91, 0x37,
+ 0x5a, 0x4a, 0xa7, 0x49, 0x5a, 0x63, 0x3d, 0x27, 0x87, 0x9f, 0xf5, 0x8e, 0xba,
+ 0x5a, 0x57, 0x37, 0x1c, 0x34, 0xfe, 0xb1, 0x18, 0x0e, 0x8b, 0x85, 0x0d, 0x55,
+ 0x24, 0x76, 0xeb, 0xb5, 0x63, 0x4d, 0xf6, 0x20, 0x26, 0x19, 0x92, 0xf1, 0x2e,
+ 0xbe, 0xe9, 0x09, 0x70, 0x41, 0xdb, 0xbe, 0xa8, 0x5a, 0x42, 0xd4, 0x5b, 0x34,
+ 0x4b, 0xe5, 0x07, 0x3c, 0xeb, 0x77, 0x2f, 0xfc, 0x60, 0x49, 0x54, 0xb9, 0x15,
+ 0x8b, 0xa8, 0x1e, 0xc3, 0xdc, 0x4d, 0x9d, 0x65, 0xe3, 0xab, 0x7a, 0xa3, 0x18,
+ 0x16, 0x5f, 0x38, 0xc3, 0x6f, 0x84, 0x1f, 0x1c, 0x69, 0xcb, 0x1c, 0xfa, 0x49,
+ 0x4a, 0xa5, 0xcb, 0xb4, 0xd6, 0xc0, 0xef, 0xba, 0xfb, 0x04, 0x3a},
+ 128, BYTES_TO_BITS(AES_16B_KEY_SIZE), PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_1024
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+{"Test psa_asymmetric_sign - Invalid usage\n", 8, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+{0x61, 0x62, 0x63}, 3, 128,
+{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
+ 0x83, 0xed, 0x11, 0xa7, 0x6a, 0x78, 0x98, 0xa1, 0xbb, 0x5c, 0xe1, 0x91, 0x37,
+ 0x5a, 0x4a, 0xa7, 0x49, 0x5a, 0x63, 0x3d, 0x27, 0x87, 0x9f, 0xf5, 0x8e, 0xba,
+ 0x5a, 0x57, 0x37, 0x1c, 0x34, 0xfe, 0xb1, 0x18, 0x0e, 0x8b, 0x85, 0x0d, 0x55,
+ 0x24, 0x76, 0xeb, 0xb5, 0x63, 0x4d, 0xf6, 0x20, 0x26, 0x19, 0x92, 0xf1, 0x2e,
+ 0xbe, 0xe9, 0x09, 0x70, 0x41, 0xdb, 0xbe, 0xa8, 0x5a, 0x42, 0xd4, 0x5b, 0x34,
+ 0x4b, 0xe5, 0x07, 0x3c, 0xeb, 0x77, 0x2f, 0xfc, 0x60, 0x49, 0x54, 0xb9, 0x15,
+ 0x8b, 0xa8, 0x1e, 0xc3, 0xdc, 0x4d, 0x9d, 0x65, 0xe3, 0xab, 0x7a, 0xa3, 0x18,
+ 0x16, 0x5f, 0x38, 0xc3, 0x6f, 0x84, 0x1f, 0x1c, 0x69, 0xcb, 0x1c, 0xfa, 0x49,
+ 0x4a, 0xa5, 0xcb, 0xb4, 0xd6, 0xc0, 0xef, 0xba, 0xfb, 0x04, 0x3a},
+ 128, 1024, PSA_ERROR_NOT_PERMITTED
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
+#ifdef ARCH_TEST_SHA256
+{"Test psa_asymmetric_sign - Wrong hash size\n", 9, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00}, 30, 128,
+{0xa7, 0x36, 0x64, 0xd5, 0x5b, 0x39, 0xc7, 0xea, 0x6c, 0x1e, 0x5b, 0x50, 0x11,
+ 0x72, 0x4a, 0x11, 0xe1, 0xd7, 0x07, 0x3d, 0x3a, 0x68, 0xf4, 0x8c, 0x83, 0x6f,
+ 0xad, 0x15, 0x3a, 0x1d, 0x91, 0xb6, 0xab, 0xdb, 0xc8, 0xf6, 0x9d, 0xa1, 0x3b,
+ 0x20, 0x6c, 0xc9, 0x6a, 0xf6, 0x36, 0x3b, 0x11, 0x44, 0x58, 0xb0, 0x26, 0xaf,
+ 0x14, 0xb2, 0x4f, 0xab, 0x89, 0x29, 0xed, 0x63, 0x4c, 0x6a, 0x2a, 0xca, 0xce,
+ 0x0b, 0xcc, 0x62, 0xd9, 0xbb, 0x6a, 0x98, 0x4a, 0xfb, 0xcb, 0xfc, 0xd3, 0xa0,
+ 0x60, 0x8d, 0x32, 0xa2, 0xba, 0xe5, 0x35, 0xb9, 0xcd, 0x1e, 0xcd, 0xf9, 0xdd,
+ 0x28, 0x1d, 0xb1, 0xe0, 0x02, 0x5c, 0x3b, 0xfb, 0x55, 0x12, 0x96, 0x3e, 0xc3,
+ 0xb9, 0x8d, 0xda, 0xa6, 0x9e, 0x38, 0xbc, 0x3c, 0x84, 0xb1, 0xb6, 0x1a, 0x04,
+ 0xe5, 0x64, 0x86, 0x40, 0x85, 0x6a, 0xac, 0xc6, 0xfc, 0x73, 0x11},
+ 128, 1024, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_RSA_1024
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+{"Test psa_asymmetric_sign - Negative case\n", 10, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_SIGN, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+{0x61, 0x62, 0x63}, 3, 128,
+{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
+ 0x83, 0xed, 0x11, 0xa7, 0x6a, 0x78, 0x98, 0xa1, 0xbb, 0x5c, 0xe1, 0x91, 0x37,
+ 0x5a, 0x4a, 0xa7, 0x49, 0x5a, 0x63, 0x3d, 0x27, 0x87, 0x9f, 0xf5, 0x8e, 0xba,
+ 0x5a, 0x57, 0x37, 0x1c, 0x34, 0xfe, 0xb1, 0x18, 0x0e, 0x8b, 0x85, 0x0d, 0x55,
+ 0x24, 0x76, 0xeb, 0xb5, 0x63, 0x4d, 0xf6, 0x20, 0x26, 0x19, 0x92, 0xf1, 0x2e,
+ 0xbe, 0xe9, 0x09, 0x70, 0x41, 0xdb, 0xbe, 0xa8, 0x5a, 0x42, 0xd4, 0x5b, 0x34,
+ 0x4b, 0xe5, 0x07, 0x3c, 0xeb, 0x77, 0x2f, 0xfc, 0x60, 0x49, 0x54, 0xb9, 0x15,
+ 0x8b, 0xa8, 0x1e, 0xc3, 0xdc, 0x4d, 0x9d, 0x65, 0xe3, 0xab, 0x7a, 0xa3, 0x18,
+ 0x16, 0x5f, 0x38, 0xc3, 0x6f, 0x84, 0x1f, 0x1c, 0x69, 0xcb, 0x1c, 0xfa, 0x49,
+ 0x4a, 0xa5, 0xcb, 0xb4, 0xd6, 0xc0, 0xef, 0xba, 0xfb, 0x04, 0x3a},
+ 128, 1024, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_entry.c
new file mode 100644
index 00000000000..dd70f13e0ae
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c041/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c041.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 41)
+#define TEST_DESC "Testing crypto asymmetric APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c041_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/main.c
new file mode 100644
index 00000000000..024d74494ef
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c042(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c042, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_c042.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_c042.c
new file mode 100644
index 00000000000..afa83775c7a
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_c042.c
@@ -0,0 +1,190 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c042.h"
+#include "test_data.h"
+
+client_test_t test_c042_crypto_list[] = {
+ NULL,
+ psa_asymmetric_verify_test,
+ psa_asymmetric_verify_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+
+int32_t psa_asymmetric_verify_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ const uint8_t *key_data;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Set the key data based on key type */
+ if (PSA_KEY_TYPE_IS_RSA(check1[i].key_type))
+ {
+ if (check1[i].key_type == PSA_KEY_TYPE_RSA_KEYPAIR)
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keypair;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(128))
+ key_data = rsa_128_keypair;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ else
+ {
+ if (check1[i].expected_bit_length == BYTES_TO_BITS(384))
+ key_data = rsa_384_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(256))
+ key_data = rsa_256_keydata;
+ else if (check1[i].expected_bit_length == BYTES_TO_BITS(128))
+ key_data = rsa_128_keydata;
+ else
+ return VAL_STATUS_INVALID;
+ }
+ }
+ else if (PSA_KEY_TYPE_IS_ECC(check1[i].key_type))
+ {
+ if (PSA_KEY_TYPE_IS_ECC_KEYPAIR(check1[i].key_type))
+ key_data = ec_keypair;
+ else
+ key_data = ec_keydata;
+ }
+ else
+ key_data = check1[i].key_data;
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Verify the signature a hash or short message using a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_VERIFY, check1[i].key_handle,
+ check1[i].key_alg, check1[i].input, check1[i].input_length,
+ check1[i].signature, check1[i].signature_size);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ /* Destroy a key and restore the slot to its default state */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_asymmetric_verify_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_verify - Invalid key handle\n",
+ g_test_count++);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_verify - Invalid key handle\n",
+ g_test_count++);
+ /* Verify the signature a hash or short message using a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_VERIFY, check2[i].key_handle,
+ check2[i].key_alg, check2[i].input, check2[i].input_length,
+ check2[i].signature, check2[i].signature_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_verify - Zero as key handle\n",
+ g_test_count++);
+ /* Verify the signature a hash or short message using a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_VERIFY, 0,
+ check2[i].key_alg, check2[i].input, check2[i].input_length,
+ check2[i].signature, check2[i].signature_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_asymmetric_verify - Empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Verify the signature a hash or short message using a public key */
+ status = val->crypto_function(VAL_CRYPTO_ASYMMTERIC_VERIFY, check2[i].key_handle,
+ check2[i].key_alg, check2[i].input, check2[i].input_length,
+ check2[i].signature, check2[i].signature_size);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_c042.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_c042.h
new file mode 100644
index 00000000000..b6c2f615ce2
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_c042.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C042_CLIENT_TESTS_H_
+#define _TEST_C042_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c042)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c042_crypto_list[];
+
+int32_t psa_asymmetric_verify_test(security_t caller);
+int32_t psa_asymmetric_verify_negative_test(security_t caller);
+#endif /* _TEST_C042_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_data.h
new file mode 100644
index 00000000000..53a4ea609b2
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_data.h
@@ -0,0 +1,373 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[16];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t input[32];
+ size_t input_length;
+ uint8_t signature[128];
+ size_t signature_size;
+ size_t expected_bit_length;
+ psa_status_t expected_status;
+} test_data;
+
+static const uint8_t rsa_384_keypair[1];
+static const uint8_t rsa_384_keydata[1];
+static const uint8_t rsa_256_keypair[1];
+static const uint8_t rsa_256_keydata[1];
+static const uint8_t ec_keydata[] = {
+ 0x04, 0xde,
+ 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, 0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2,
+ 0x0e, 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, 0xa0, 0xba, 0x01,
+ 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b, 0x24, 0xa5,
+ 0xb9, 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98, 0xa1, 0x6f,
+ 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20};
+
+static const uint8_t ec_keypair[] = {
+ 0xab, 0x45, 0x43, 0x57, 0x12, 0x64,
+ 0x9c, 0xb3, 0x0b, 0xbd, 0xda, 0xc4, 0x91, 0x97, 0xee, 0xbf, 0x27, 0x40, 0xff, 0xc7,
+ 0xf8, 0x74, 0xd9, 0x24, 0x4c, 0x34, 0x60, 0xf5, 0x4f, 0x32, 0x2d, 0x3a};
+
+static const uint8_t rsa_128_keydata[] = {
+ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+ 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb,
+ 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b,
+ 0x54, 0x1e, 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12,
+ 0x49, 0xe1, 0x12, 0x96, 0x28, 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44,
+ 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, 0x7a,
+ 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, 0xc6, 0x19,
+ 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb,
+ 0xf8, 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e,
+ 0xde, 0x26, 0x3a, 0x2a, 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86,
+ 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b,
+ 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01};
+
+static const uint8_t rsa_128_keypair[] = {
+0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05,
+0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f,
+0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, 0xe1, 0xfe, 0xb0,
+0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, 0xe1, 0x12, 0x96, 0x28,
+0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, 0x0e,
+0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee,
+0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02,
+0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb, 0xf8, 0x59, 0xc2, 0xc1, 0x81,
+0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, 0xbf,
+0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d,
+0xa5, 0x3d, 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00,
+0x01, 0x02, 0x81, 0x81, 0x00, 0x87, 0x4b, 0xf0, 0xff, 0xc2, 0xf2, 0xa7, 0x1d,
+0x14, 0x67, 0x1d, 0xdd, 0x01, 0x71, 0xc9, 0x54, 0xd7, 0xfd, 0xbf, 0x50, 0x28,
+0x1e, 0x4f, 0x6d, 0x99, 0xea, 0x0e, 0x1e, 0xbc, 0xf8, 0x2f, 0xaa, 0x58, 0xe7,
+0xb5, 0x95, 0xff, 0xb2, 0x93, 0xd1, 0xab, 0xe1, 0x7f, 0x11, 0x0b, 0x37, 0xc4,
+0x8c, 0xc0, 0xf3, 0x6c, 0x37, 0xe8, 0x4d, 0x87, 0x66, 0x21, 0xd3, 0x27, 0xf6,
+0x4b, 0xbe, 0x08, 0x45, 0x7d, 0x3e, 0xc4, 0x09, 0x8b, 0xa2, 0xfa, 0x0a, 0x31,
+0x9f, 0xba, 0x41, 0x1c, 0x28, 0x41, 0xed, 0x7b, 0xe8, 0x31, 0x96, 0xa8, 0xcd,
+0xf9, 0xda, 0xa5, 0xd0, 0x06, 0x94, 0xbc, 0x33, 0x5f, 0xc4, 0xc3, 0x22, 0x17,
+0xfe, 0x04, 0x88, 0xbc, 0xe9, 0xcb, 0x72, 0x02, 0xe5, 0x94, 0x68, 0xb1, 0xea,
+0xd1, 0x19, 0x00, 0x04, 0x77, 0xdb, 0x2c, 0xa7, 0x97, 0xfa, 0xc1, 0x9e, 0xda,
+0x3f, 0x58, 0xc1, 0x02, 0x41, 0x00, 0xe2, 0xab, 0x76, 0x08, 0x41, 0xbb, 0x9d,
+0x30, 0xa8, 0x1d, 0x22, 0x2d, 0xe1, 0xeb, 0x73, 0x81, 0xd8, 0x22, 0x14, 0x40,
+0x7f, 0x1b, 0x97, 0x5c, 0xbb, 0xfe, 0x4e, 0x1a, 0x94, 0x67, 0xfd, 0x98, 0xad,
+0xbd, 0x78, 0xf6, 0x07, 0x83, 0x6c, 0xa5, 0xbe, 0x19, 0x28, 0xb9, 0xd1, 0x60,
+0xd9, 0x7f, 0xd4, 0x5c, 0x12, 0xd6, 0xb5, 0x2e, 0x2c, 0x98, 0x71, 0xa1, 0x74,
+0xc6, 0x6b, 0x48, 0x81, 0x13, 0x02, 0x41, 0x00, 0xc5, 0xab, 0x27, 0x60, 0x21,
+0x59, 0xae, 0x7d, 0x6f, 0x20, 0xc3, 0xc2, 0xee, 0x85, 0x1e, 0x46, 0xdc, 0x11,
+0x2e, 0x68, 0x9e, 0x28, 0xd5, 0xfc, 0xbb, 0xf9, 0x90, 0xa9, 0x9e, 0xf8, 0xa9,
+0x0b, 0x8b, 0xb4, 0x4f, 0xd3, 0x64, 0x67, 0xe7, 0xfc, 0x17, 0x89, 0xce, 0xb6,
+0x63, 0xab, 0xda, 0x33, 0x86, 0x52, 0xc3, 0xc7, 0x3f, 0x11, 0x17, 0x74, 0x90,
+0x2e, 0x84, 0x05, 0x65, 0x92, 0x70, 0x91, 0x02, 0x41, 0x00, 0xb6, 0xcd, 0xbd,
+0x35, 0x4f, 0x7d, 0xf5, 0x79, 0xa6, 0x3b, 0x48, 0xb3, 0x64, 0x3e, 0x35, 0x3b,
+0x84, 0x89, 0x87, 0x77, 0xb4, 0x8b, 0x15, 0xf9, 0x4e, 0x0b, 0xfc, 0x05, 0x67,
+0xa6, 0xae, 0x59, 0x11, 0xd5, 0x7a, 0xd6, 0x40, 0x9c, 0xf7, 0x64, 0x7b, 0xf9,
+0x62, 0x64, 0xe9, 0xbd, 0x87, 0xeb, 0x95, 0xe2, 0x63, 0xb7, 0x11, 0x0b, 0x9a,
+0x1f, 0x9f, 0x94, 0xac, 0xce, 0xd0, 0xfa, 0xfa, 0x4d, 0x02, 0x40, 0x71, 0x19,
+0x5e, 0xec, 0x37, 0xe8, 0xd2, 0x57, 0xde, 0xcf, 0xc6, 0x72, 0xb0, 0x7a, 0xe6,
+0x39, 0xf1, 0x0c, 0xbb, 0x9b, 0x0c, 0x73, 0x9d, 0x0c, 0x80, 0x99, 0x68, 0xd6,
+0x44, 0xa9, 0x4e, 0x3f, 0xd6, 0xed, 0x92, 0x87, 0x07, 0x7a, 0x14, 0x58, 0x3f,
+0x37, 0x90, 0x58, 0xf7, 0x6a, 0x8a, 0xec, 0xd4, 0x3c, 0x62, 0xdc, 0x8c, 0x0f,
+0x41, 0x76, 0x66, 0x50, 0xd7, 0x25, 0x27, 0x5a, 0xc4, 0xa1, 0x02, 0x41, 0x00,
+0xbb, 0x32, 0xd1, 0x33, 0xed, 0xc2, 0xe0, 0x48, 0xd4, 0x63, 0x38, 0x8b, 0x7b,
+0xe9, 0xcb, 0x4b, 0xe2, 0x9f, 0x4b, 0x62, 0x50, 0xbe, 0x60, 0x3e, 0x70, 0xe3,
+0x64, 0x75, 0x01, 0xc9, 0x7d, 0xdd, 0xe2, 0x0a, 0x4e, 0x71, 0xbe, 0x95, 0xfd,
+0x5e, 0x71, 0x78, 0x4e, 0x25, 0xac, 0xa4, 0xba, 0xf2, 0x5b, 0xe5, 0x73, 0x8a,
+0xae, 0x59, 0xbb, 0xfe, 0x1c, 0x99, 0x77, 0x81, 0x44, 0x7a, 0x2b, 0x24};
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_RSA_1024
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+{"Test psa_asymmetric_verify - RSA KEYPAIR PKCS1V15 RAW\n", 1, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+{0x61, 0x62, 0x63}, 3,
+{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
+ 0x83, 0xed, 0x11, 0xa7, 0x6a, 0x78, 0x98, 0xa1, 0xbb, 0x5c, 0xe1, 0x91, 0x37,
+ 0x5a, 0x4a, 0xa7, 0x49, 0x5a, 0x63, 0x3d, 0x27, 0x87, 0x9f, 0xf5, 0x8e, 0xba,
+ 0x5a, 0x57, 0x37, 0x1c, 0x34, 0xfe, 0xb1, 0x18, 0x0e, 0x8b, 0x85, 0x0d, 0x55,
+ 0x24, 0x76, 0xeb, 0xb5, 0x63, 0x4d, 0xf6, 0x20, 0x26, 0x19, 0x92, 0xf1, 0x2e,
+ 0xbe, 0xe9, 0x09, 0x70, 0x41, 0xdb, 0xbe, 0xa8, 0x5a, 0x42, 0xd4, 0x5b, 0x34,
+ 0x4b, 0xe5, 0x07, 0x3c, 0xeb, 0x77, 0x2f, 0xfc, 0x60, 0x49, 0x54, 0xb9, 0x15,
+ 0x8b, 0xa8, 0x1e, 0xc3, 0xdc, 0x4d, 0x9d, 0x65, 0xe3, 0xab, 0x7a, 0xa3, 0x18,
+ 0x16, 0x5f, 0x38, 0xc3, 0x6f, 0x84, 0x1f, 0x1c, 0x69, 0xcb, 0x1c, 0xfa, 0x49,
+ 0x4a, 0xa5, 0xcb, 0xb4, 0xd6, 0xc0, 0xef, 0xba, 0xfb, 0x04, 0x3a},
+ 128, 1024, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
+#ifdef ARCH_TEST_SHA256
+{"Test psa_asymmetric_verify - RSA KEYPAIR PKCS1V15 SHA-256\n", 2, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 32,
+{0xa7, 0x36, 0x64, 0xd5, 0x5b, 0x39, 0xc7, 0xea, 0x6c, 0x1e, 0x5b, 0x50, 0x11,
+ 0x72, 0x4a, 0x11, 0xe1, 0xd7, 0x07, 0x3d, 0x3a, 0x68, 0xf4, 0x8c, 0x83, 0x6f,
+ 0xad, 0x15, 0x3a, 0x1d, 0x91, 0xb6, 0xab, 0xdb, 0xc8, 0xf6, 0x9d, 0xa1, 0x3b,
+ 0x20, 0x6c, 0xc9, 0x6a, 0xf6, 0x36, 0x3b, 0x11, 0x44, 0x58, 0xb0, 0x26, 0xaf,
+ 0x14, 0xb2, 0x4f, 0xab, 0x89, 0x29, 0xed, 0x63, 0x4c, 0x6a, 0x2a, 0xca, 0xce,
+ 0x0b, 0xcc, 0x62, 0xd9, 0xbb, 0x6a, 0x98, 0x4a, 0xfb, 0xcb, 0xfc, 0xd3, 0xa0,
+ 0x60, 0x8d, 0x32, 0xa2, 0xba, 0xe5, 0x35, 0xb9, 0xcd, 0x1e, 0xcd, 0xf9, 0xdd,
+ 0x28, 0x1d, 0xb1, 0xe0, 0x02, 0x5c, 0x3b, 0xfb, 0x55, 0x12, 0x96, 0x3e, 0xc3,
+ 0xb9, 0x8d, 0xda, 0xa6, 0x9e, 0x38, 0xbc, 0x3c, 0x84, 0xb1, 0xb6, 0x1a, 0x04,
+ 0xe5, 0x64, 0x86, 0x40, 0x85, 0x6a, 0xac, 0xc6, 0xfc, 0x73, 0x11},
+ 128, 1024, PSA_SUCCESS
+},
+#endif
+#endif
+#endif
+
+#ifdef ARCH_TEST_SHA256
+#ifdef ARCH_TEST_DETERMINISTIC_ECDSA
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_asymmetric_verify - ECDSA KEYPAIR SECP256R1 SHA-256\n", 3,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1), {0}, 32,
+ PSA_KEY_USAGE_VERIFY, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
+{0x9a, 0xc4, 0x33, 0x5b, 0x46, 0x9b, 0xbd, 0x79, 0x14, 0x39, 0x24, 0x85, 0x04,
+ 0xdd, 0x0d, 0x49, 0xc7, 0x13, 0x49, 0xa2, 0x95, 0xfe, 0xe5, 0xa1, 0xc6, 0x85,
+ 0x07, 0xf4, 0x5a, 0x9e, 0x1c, 0x7b}, 32,
+{0x6a, 0x33, 0x99, 0xf6, 0x94, 0x21, 0xff, 0xe1, 0x49, 0x03, 0x77, 0xad, 0xf2,
+ 0xea, 0x1f, 0x11, 0x7d, 0x81, 0xa6, 0x3c, 0xf5, 0xbf, 0x22, 0xe9, 0x18, 0xd5,
+ 0x11, 0x75, 0xeb, 0x25, 0x91, 0x51, 0xce, 0x95, 0xd7, 0xc2, 0x6c, 0xc0, 0x4e,
+ 0x25, 0x50, 0x3e, 0x2f, 0x7a, 0x1e, 0xc3, 0x57, 0x3e, 0x3c, 0x24, 0x12, 0x53,
+ 0x4b, 0xb4, 0xa1, 0x9b, 0x3a, 0x78, 0x11, 0x74, 0x2f, 0x49, 0xf5, 0x0f},
+ 64, 512, PSA_SUCCESS
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_1024
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
+{"Test psa_asymmetric_verify - RSA public key\n", 4,
+PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 32,
+{0xa7, 0x36, 0x64, 0xd5, 0x5b, 0x39, 0xc7, 0xea, 0x6c, 0x1e, 0x5b, 0x50, 0x11,
+ 0x72, 0x4a, 0x11, 0xe1, 0xd7, 0x07, 0x3d, 0x3a, 0x68, 0xf4, 0x8c, 0x83, 0x6f,
+ 0xad, 0x15, 0x3a, 0x1d, 0x91, 0xb6, 0xab, 0xdb, 0xc8, 0xf6, 0x9d, 0xa1, 0x3b,
+ 0x20, 0x6c, 0xc9, 0x6a, 0xf6, 0x36, 0x3b, 0x11, 0x44, 0x58, 0xb0, 0x26, 0xaf,
+ 0x14, 0xb2, 0x4f, 0xab, 0x89, 0x29, 0xed, 0x63, 0x4c, 0x6a, 0x2a, 0xca, 0xce,
+ 0x0b, 0xcc, 0x62, 0xd9, 0xbb, 0x6a, 0x98, 0x4a, 0xfb, 0xcb, 0xfc, 0xd3, 0xa0,
+ 0x60, 0x8d, 0x32, 0xa2, 0xba, 0xe5, 0x35, 0xb9, 0xcd, 0x1e, 0xcd, 0xf9, 0xdd,
+ 0x28, 0x1d, 0xb1, 0xe0, 0x02, 0x5c, 0x3b, 0xfb, 0x55, 0x12, 0x96, 0x3e, 0xc3,
+ 0xb9, 0x8d, 0xda, 0xa6, 0x9e, 0x38, 0xbc, 0x3c, 0x84, 0xb1, 0xb6, 0x1a, 0x04,
+ 0xe5, 0x64, 0x86, 0x40, 0x85, 0x6a, 0xac, 0xc6, 0xfc, 0x73, 0x11},
+ 128, 1024, PSA_SUCCESS
+},
+
+{"Test psa_asymmetric_verify - Small output buffer\n", 5, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 32,
+{0xa7, 0x36, 0x64, 0xd5, 0x5b, 0x39, 0xc7, 0xea, 0x6c, 0x1e, 0x5b, 0x50, 0x11,
+ 0x72, 0x4a, 0x11, 0xe1, 0xd7, 0x07, 0x3d, 0x3a, 0x68, 0xf4, 0x8c, 0x83, 0x6f,
+ 0xad, 0x15, 0x3a, 0x1d, 0x91, 0xb6, 0xab, 0xdb, 0xc8, 0xf6, 0x9d, 0xa1, 0x3b,
+ 0x20, 0x6c, 0xc9, 0x6a, 0xf6, 0x36, 0x3b, 0x11, 0x44, 0x58, 0xb0, 0x26, 0xaf,
+ 0x14, 0xb2, 0x4f, 0xab, 0x89, 0x29, 0xed, 0x63, 0x4c, 0x6a, 0x2a, 0xca, 0xce,
+ 0x0b, 0xcc, 0x62, 0xd9, 0xbb, 0x6a, 0x98, 0x4a, 0xfb, 0xcb, 0xfc, 0xd3, 0xa0,
+ 0x60, 0x8d, 0x32, 0xa2, 0xba, 0xe5, 0x35, 0xb9, 0xcd, 0x1e, 0xcd, 0xf9, 0xdd,
+ 0x28, 0x1d, 0xb1, 0xe0, 0x02, 0x5c, 0x3b, 0xfb, 0x55, 0x12, 0x96, 0x3e, 0xc3,
+ 0xb9, 0x8d, 0xda, 0xa6, 0x9e, 0x38, 0xbc, 0x3c, 0x84, 0xb1, 0xb6, 0x1a, 0x04,
+ 0xe5, 0x64, 0x86, 0x40, 0x85, 0x6a, 0xac, 0xc6, 0xfc, 0x73, 0x11},
+ 120, 1024, PSA_ERROR_BUFFER_TOO_SMALL
+},
+#endif
+
+{"Test psa_asymmetric_verify - Invalid algorithm\n", 6, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_SHA_256,
+{0x61, 0x62, 0x63}, 3,
+{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
+ 0x83, 0xed, 0x11, 0xa7, 0x6a, 0x78, 0x98, 0xa1, 0xbb, 0x5c, 0xe1, 0x91, 0x37,
+ 0x5a, 0x4a, 0xa7, 0x49, 0x5a, 0x63, 0x3d, 0x27, 0x87, 0x9f, 0xf5, 0x8e, 0xba,
+ 0x5a, 0x57, 0x37, 0x1c, 0x34, 0xfe, 0xb1, 0x18, 0x0e, 0x8b, 0x85, 0x0d, 0x55,
+ 0x24, 0x76, 0xeb, 0xb5, 0x63, 0x4d, 0xf6, 0x20, 0x26, 0x19, 0x92, 0xf1, 0x2e,
+ 0xbe, 0xe9, 0x09, 0x70, 0x41, 0xdb, 0xbe, 0xa8, 0x5a, 0x42, 0xd4, 0x5b, 0x34,
+ 0x4b, 0xe5, 0x07, 0x3c, 0xeb, 0x77, 0x2f, 0xfc, 0x60, 0x49, 0x54, 0xb9, 0x15,
+ 0x8b, 0xa8, 0x1e, 0xc3, 0xdc, 0x4d, 0x9d, 0x65, 0xe3, 0xab, 0x7a, 0xa3, 0x18,
+ 0x16, 0x5f, 0x38, 0xc3, 0x6f, 0x84, 0x1f, 0x1c, 0x69, 0xcb, 0x1c, 0xfa, 0x49,
+ 0x4a, 0xa5, 0xcb, 0xb4, 0xd6, 0xc0, 0xef, 0xba, 0xfb, 0x04, 0x3a},
+ 128, 1024, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
+#ifdef ARCH_TEST_AES_128
+{"Test psa_asymmetric_verify - Invalid key type (AES Key)\n", 7, PSA_KEY_TYPE_AES,
+{0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05,
+ 0x7d, 0x39, 0x6e}, AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY,
+ PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0x61, 0x62, 0x63}, 3,
+{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
+ 0x83, 0xed, 0x11, 0xa7, 0x6a, 0x78, 0x98, 0xa1, 0xbb, 0x5c, 0xe1, 0x91, 0x37,
+ 0x5a, 0x4a, 0xa7, 0x49, 0x5a, 0x63, 0x3d, 0x27, 0x87, 0x9f, 0xf5, 0x8e, 0xba,
+ 0x5a, 0x57, 0x37, 0x1c, 0x34, 0xfe, 0xb1, 0x18, 0x0e, 0x8b, 0x85, 0x0d, 0x55,
+ 0x24, 0x76, 0xeb, 0xb5, 0x63, 0x4d, 0xf6, 0x20, 0x26, 0x19, 0x92, 0xf1, 0x2e,
+ 0xbe, 0xe9, 0x09, 0x70, 0x41, 0xdb, 0xbe, 0xa8, 0x5a, 0x42, 0xd4, 0x5b, 0x34,
+ 0x4b, 0xe5, 0x07, 0x3c, 0xeb, 0x77, 0x2f, 0xfc, 0x60, 0x49, 0x54, 0xb9, 0x15,
+ 0x8b, 0xa8, 0x1e, 0xc3, 0xdc, 0x4d, 0x9d, 0x65, 0xe3, 0xab, 0x7a, 0xa3, 0x18,
+ 0x16, 0x5f, 0x38, 0xc3, 0x6f, 0x84, 0x1f, 0x1c, 0x69, 0xcb, 0x1c, 0xfa, 0x49,
+ 0x4a, 0xa5, 0xcb, 0xb4, 0xd6, 0xc0, 0xef, 0xba, 0xfb, 0x04, 0x3a},
+ 128, BYTES_TO_BITS(AES_16B_KEY_SIZE), PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+#endif
+
+#ifdef ARCH_TEST_RSA_1024
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+{"Test psa_asymmetric_verify - Invalid usage\n", 8, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+{0x61, 0x62, 0x63}, 3,
+{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
+ 0x83, 0xed, 0x11, 0xa7, 0x6a, 0x78, 0x98, 0xa1, 0xbb, 0x5c, 0xe1, 0x91, 0x37,
+ 0x5a, 0x4a, 0xa7, 0x49, 0x5a, 0x63, 0x3d, 0x27, 0x87, 0x9f, 0xf5, 0x8e, 0xba,
+ 0x5a, 0x57, 0x37, 0x1c, 0x34, 0xfe, 0xb1, 0x18, 0x0e, 0x8b, 0x85, 0x0d, 0x55,
+ 0x24, 0x76, 0xeb, 0xb5, 0x63, 0x4d, 0xf6, 0x20, 0x26, 0x19, 0x92, 0xf1, 0x2e,
+ 0xbe, 0xe9, 0x09, 0x70, 0x41, 0xdb, 0xbe, 0xa8, 0x5a, 0x42, 0xd4, 0x5b, 0x34,
+ 0x4b, 0xe5, 0x07, 0x3c, 0xeb, 0x77, 0x2f, 0xfc, 0x60, 0x49, 0x54, 0xb9, 0x15,
+ 0x8b, 0xa8, 0x1e, 0xc3, 0xdc, 0x4d, 0x9d, 0x65, 0xe3, 0xab, 0x7a, 0xa3, 0x18,
+ 0x16, 0x5f, 0x38, 0xc3, 0x6f, 0x84, 0x1f, 0x1c, 0x69, 0xcb, 0x1c, 0xfa, 0x49,
+ 0x4a, 0xa5, 0xcb, 0xb4, 0xd6, 0xc0, 0xef, 0xba, 0xfb, 0x04, 0x3a},
+ 128, 1024, PSA_ERROR_NOT_PERMITTED
+},
+#endif
+
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN
+#ifdef ARCH_TEST_SHA256
+{"Test psa_asymmetric_verify - Wrong hash size\n", 9, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00}, 30,
+{0xa7, 0x36, 0x64, 0xd5, 0x5b, 0x39, 0xc7, 0xea, 0x6c, 0x1e, 0x5b, 0x50, 0x11,
+ 0x72, 0x4a, 0x11, 0xe1, 0xd7, 0x07, 0x3d, 0x3a, 0x68, 0xf4, 0x8c, 0x83, 0x6f,
+ 0xad, 0x15, 0x3a, 0x1d, 0x91, 0xb6, 0xab, 0xdb, 0xc8, 0xf6, 0x9d, 0xa1, 0x3b,
+ 0x20, 0x6c, 0xc9, 0x6a, 0xf6, 0x36, 0x3b, 0x11, 0x44, 0x58, 0xb0, 0x26, 0xaf,
+ 0x14, 0xb2, 0x4f, 0xab, 0x89, 0x29, 0xed, 0x63, 0x4c, 0x6a, 0x2a, 0xca, 0xce,
+ 0x0b, 0xcc, 0x62, 0xd9, 0xbb, 0x6a, 0x98, 0x4a, 0xfb, 0xcb, 0xfc, 0xd3, 0xa0,
+ 0x60, 0x8d, 0x32, 0xa2, 0xba, 0xe5, 0x35, 0xb9, 0xcd, 0x1e, 0xcd, 0xf9, 0xdd,
+ 0x28, 0x1d, 0xb1, 0xe0, 0x02, 0x5c, 0x3b, 0xfb, 0x55, 0x12, 0x96, 0x3e, 0xc3,
+ 0xb9, 0x8d, 0xda, 0xa6, 0x9e, 0x38, 0xbc, 0x3c, 0x84, 0xb1, 0xb6, 0x1a, 0x04,
+ 0xe5, 0x64, 0x86, 0x40, 0x85, 0x6a, 0xac, 0xc6, 0xfc, 0x73, 0x11},
+ 128, 1024, PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_asymmetric_verify - Wrong signature\n", 10,
+PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+{0}, 162, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+{0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d,
+ 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10,
+ 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad}, 32,
+{0xa8, 0x36, 0x64, 0xd5, 0x5b, 0x39, 0xc7, 0xea, 0x6c, 0x1e, 0x5b, 0x50, 0x11,
+ 0x72, 0x4a, 0x11, 0xe1, 0xd7, 0x07, 0x3d, 0x3a, 0x68, 0xf4, 0x8c, 0x83, 0x6f,
+ 0xad, 0x15, 0x3a, 0x1d, 0x91, 0xb6, 0xab, 0xdb, 0xc8, 0xf6, 0x9d, 0xa1, 0x3b,
+ 0x20, 0x6c, 0xc9, 0x6a, 0xf6, 0x36, 0x3b, 0x11, 0x44, 0x58, 0xb0, 0x26, 0xaf,
+ 0x14, 0xb2, 0x4f, 0xab, 0x89, 0x29, 0xed, 0x63, 0x4c, 0x6a, 0x2a, 0xca, 0xce,
+ 0x0b, 0xcc, 0x62, 0xd9, 0xbb, 0x6a, 0x98, 0x4a, 0xfb, 0xcb, 0xfc, 0xd3, 0xa0,
+ 0x60, 0x8d, 0x32, 0xa2, 0xba, 0xe5, 0x35, 0xb9, 0xcd, 0x1e, 0xcd, 0xf9, 0xdd,
+ 0x28, 0x1d, 0xb1, 0xe0, 0x02, 0x5c, 0x3b, 0xfb, 0x55, 0x12, 0x96, 0x3e, 0xc3,
+ 0xb9, 0x8d, 0xda, 0xa6, 0x9e, 0x38, 0xbc, 0x3c, 0x84, 0xb1, 0xb6, 0x1a, 0x04,
+ 0xe5, 0x64, 0x86, 0x40, 0x85, 0x6a, 0xac, 0xc6, 0xfc, 0x73, 0x11},
+ 128, 1024, PSA_ERROR_INVALID_SIGNATURE
+},
+#endif
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+#ifdef ARCH_TEST_ECDSA
+{"Test psa_asymmetric_verify - EC public key\n", 11,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+{0}, 65, PSA_KEY_USAGE_VERIFY, PSA_ALG_ECDSA_ANY,
+{0x9a, 0xc4, 0x33, 0x5b, 0x46, 0x9b, 0xbd, 0x79, 0x14, 0x39, 0x24, 0x85, 0x04,
+ 0xdd, 0x0d, 0x49, 0xc7, 0x13, 0x49, 0xa2, 0x95, 0xfe, 0xe5, 0xa1, 0xc6, 0x85,
+ 0x07, 0xf4, 0x5a, 0x9e, 0x1c, 0x7b}, 32,
+{0x6a, 0x33, 0x99, 0xf6, 0x94, 0x21, 0xff, 0xe1, 0x49, 0x03, 0x77, 0xad, 0xf2,
+ 0xea, 0x1f, 0x11, 0x7d, 0x81, 0xa6, 0x3c, 0xf5, 0xbf, 0x22, 0xe9, 0x18, 0xd5,
+ 0x11, 0x75, 0xeb, 0x25, 0x91, 0x51, 0xce, 0x95, 0xd7, 0xc2, 0x6c, 0xc0, 0x4e,
+ 0x25, 0x50, 0x3e, 0x2f, 0x7a, 0x1e, 0xc3, 0x57, 0x3e, 0x3c, 0x24, 0x12, 0x53,
+ 0x4b, 0xb4, 0xa1, 0x9b, 0x3a, 0x78, 0x11, 0x74, 0x2f, 0x49, 0xf5, 0x0f},
+ 64, 512, PSA_SUCCESS
+},
+
+{"Test psa_asymmetric_verify - Wrong signature size\n", 12,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+{0}, 65, PSA_KEY_USAGE_VERIFY, PSA_ALG_ECDSA_ANY,
+{0x9a, 0xc4, 0x33, 0x5b, 0x46, 0x9b, 0xbd, 0x79, 0x14, 0x39, 0x24, 0x85, 0x04,
+ 0xdd, 0x0d, 0x49, 0xc7, 0x13, 0x49, 0xa2, 0x95, 0xfe, 0xe5, 0xa1, 0xc6, 0x85,
+ 0x07, 0xf4, 0x5a, 0x9e, 0x1c, 0x7b}, 32,
+{0x6a, 0x33, 0x99, 0xf6, 0x94, 0x21, 0xff, 0xe1, 0x49, 0x03, 0x77, 0xad, 0xf2,
+ 0xea, 0x1f, 0x11, 0x7d, 0x81, 0xa6, 0x3c, 0xf5, 0xbf, 0x22, 0xe9, 0x18, 0xd5,
+ 0x11, 0x75, 0xeb, 0x25, 0x91, 0x51, 0xce, 0x95, 0xd7, 0xc2, 0x6c, 0xc0, 0x4e,
+ 0x25, 0x50, 0x3e, 0x2f, 0x7a, 0x1e, 0xc3, 0x57, 0x3e, 0x3c, 0x24, 0x12, 0x53,
+ 0x4b, 0xb4, 0xa1, 0x9b, 0x3a, 0x78, 0x11, 0x74, 0x2f, 0x49, 0xf5, 0x0f, 0x00},
+ 65, 512, PSA_ERROR_INVALID_SIGNATURE
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_RSA_1024
+#ifdef ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+{"Test psa_asymmetric_verify - Negative case\n", 13, PSA_KEY_TYPE_RSA_KEYPAIR,
+{0}, 610, PSA_KEY_USAGE_VERIFY, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
+{0x61, 0x62, 0x63}, 3,
+{0x2c, 0x77, 0x44, 0x98, 0x3f, 0x02, 0x3a, 0xc7, 0xbb, 0x1c, 0x55, 0x52, 0x9d,
+ 0x83, 0xed, 0x11, 0xa7, 0x6a, 0x78, 0x98, 0xa1, 0xbb, 0x5c, 0xe1, 0x91, 0x37,
+ 0x5a, 0x4a, 0xa7, 0x49, 0x5a, 0x63, 0x3d, 0x27, 0x87, 0x9f, 0xf5, 0x8e, 0xba,
+ 0x5a, 0x57, 0x37, 0x1c, 0x34, 0xfe, 0xb1, 0x18, 0x0e, 0x8b, 0x85, 0x0d, 0x55,
+ 0x24, 0x76, 0xeb, 0xb5, 0x63, 0x4d, 0xf6, 0x20, 0x26, 0x19, 0x92, 0xf1, 0x2e,
+ 0xbe, 0xe9, 0x09, 0x70, 0x41, 0xdb, 0xbe, 0xa8, 0x5a, 0x42, 0xd4, 0x5b, 0x34,
+ 0x4b, 0xe5, 0x07, 0x3c, 0xeb, 0x77, 0x2f, 0xfc, 0x60, 0x49, 0x54, 0xb9, 0x15,
+ 0x8b, 0xa8, 0x1e, 0xc3, 0xdc, 0x4d, 0x9d, 0x65, 0xe3, 0xab, 0x7a, 0xa3, 0x18,
+ 0x16, 0x5f, 0x38, 0xc3, 0x6f, 0x84, 0x1f, 0x1c, 0x69, 0xcb, 0x1c, 0xfa, 0x49,
+ 0x4a, 0xa5, 0xcb, 0xb4, 0xd6, 0xc0, 0xef, 0xba, 0xfb, 0x04, 0x3a},
+ 128, 1024, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_entry.c
new file mode 100644
index 00000000000..7687142f211
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c042/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c042.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 42)
+#define TEST_DESC "Testing crypto asymmetric APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c042_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/main.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/main.c
new file mode 100644
index 00000000000..47e9adca0fd
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/main.c
@@ -0,0 +1,9 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+void test_entry_c043(val_api_t *val_api, psa_api_t *psa_api);
+
+int main(void)
+{
+ test_start(test_entry_c043, COMPLIANCE_TEST_CRYPTO);
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_c043.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_c043.c
new file mode 100644
index 00000000000..a82a3ab454c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_c043.c
@@ -0,0 +1,183 @@
+
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c043.h"
+#include "test_data.h"
+
+client_test_t test_c043_crypto_list[] = {
+ NULL,
+ psa_key_agreement_test,
+ psa_key_agreement_negative_test,
+ NULL,
+};
+
+static int g_test_count = 1;
+static uint8_t output[SIZE_50B];
+
+int32_t psa_key_agreement_test(security_t caller)
+{
+ int num_checks = sizeof(check1)/sizeof(check1[0]);
+ int32_t i, status;
+ size_t capacity;
+ psa_key_policy_t policy;
+ psa_crypto_generator_t generator = {0};
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", g_test_count++);
+ val->print(PRINT_TEST, check1[i].test_desc, 0);
+
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check1[i].usage,
+ check1[i].key_alg);
+
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(3));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check1[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(4));
+
+ /* Import the key data into the key slot */
+ status = val->crypto_function(VAL_CRYPTO_IMPORT_KEY, check1[i].key_handle,
+ check1[i].key_type, check1[i].key_data, check1[i].key_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set up a key agreement operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_AGREEMENT, &generator,
+ check1[i].key_handle, check1[i].peer_key, check1[i].peer_key_length,
+ check1[i].key_alg);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(6));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+ {
+ /* Abort a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(7));
+ continue;
+ }
+
+ /* Retrieve the current capacity of a generator */
+ status = val->crypto_function(VAL_CRYPTO_GET_GENERATOR_CAPACITY, &generator, &capacity);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8));
+
+ /* Check if the generator capacity matches with the expected capacity */
+ TEST_ASSERT_EQUAL(capacity, check1[i].expected_capacity, TEST_CHECKPOINT_NUM(9));
+
+ /* Read some data from a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_READ, &generator, output,
+ check1[i].expected_output_length);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(10));
+
+ /* Check if the output matches with the expected data */
+ TEST_ASSERT_MEMCMP(output, check1[i].expected_output, check1[i].expected_output_length,
+ TEST_CHECKPOINT_NUM(11));
+
+ /* Abort a generator */
+ status = val->crypto_function(VAL_CRYPTO_GENERATOR_ABORT, &generator);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(12));
+
+ /* Destroy a key and restore the slot to its default state */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, check1[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(13));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_key_agreement_negative_test(security_t caller)
+{
+ int num_checks = sizeof(check2)/sizeof(check2[0]);
+ int32_t i, status;
+ psa_key_policy_t policy;
+ psa_crypto_generator_t generator = {0};
+
+ /* Initialize the PSA crypto library*/
+ status = val->crypto_function(VAL_CRYPTO_INIT);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(1));
+
+ for (i = 0; i < num_checks; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] Test psa_key_agreement - Invalid key handle\n",
+ g_test_count++);
+ /* Initialize a key policy structure to a default that forbids all
+ * usage of the key
+ */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_INIT, &policy);
+
+ /* Setting up the watchdog timer for each check */
+ status = val->wd_reprogram_timer(WD_CRYPTO_TIMEOUT);
+ TEST_ASSERT_EQUAL(status, VAL_STATUS_SUCCESS, TEST_CHECKPOINT_NUM(2));
+
+ /* Set the standard fields of a policy structure */
+ val->crypto_function(VAL_CRYPTO_KEY_POLICY_SET_USAGE, &policy, check2[i].usage,
+ check2[i].key_alg);
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_key_agreement - Invalid key handle\n",
+ g_test_count++);
+ /* Set up a key agreement operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_AGREEMENT, &generator,
+ check2[i].key_handle, check2[i].peer_key, check2[i].peer_key_length,
+ check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(3));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_key_agreement - Zero as key handle\n",
+ g_test_count++);
+ /* Set up a key agreement operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_AGREEMENT, &generator,
+ 0, check2[i].peer_key, check2[i].peer_key_length,
+ check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_INVALID_HANDLE, TEST_CHECKPOINT_NUM(4));
+
+ val->print(PRINT_TEST, "[Check %d] Test psa_key_agreement - Empty key handle\n",
+ g_test_count++);
+ /* Allocate a key slot for a transient key */
+ status = val->crypto_function(VAL_CRYPTO_ALLOCATE_KEY, &check2[i].key_handle);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(5));
+
+ /* Set the usage policy on a key slot */
+ status = val->crypto_function(VAL_CRYPTO_SET_KEY_POLICY, check2[i].key_handle,
+ &policy);
+ TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(6));
+
+ /* Set up a key agreement operation */
+ status = val->crypto_function(VAL_CRYPTO_KEY_AGREEMENT, &generator,
+ check2[i].key_handle, check2[i].peer_key, check2[i].peer_key_length,
+ check2[i].key_alg);
+ TEST_ASSERT_EQUAL(status, PSA_ERROR_EMPTY_SLOT, TEST_CHECKPOINT_NUM(7));
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_c043.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_c043.h
new file mode 100644
index 00000000000..0192b6e66e3
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_c043.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_C043_CLIENT_TESTS_H_
+#define _TEST_C043_CLIENT_TESTS_H_
+
+#include "val_crypto.h"
+#define test_entry CONCAT(test_entry_,c043)
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_c043_crypto_list[];
+
+int32_t psa_key_agreement_test(security_t caller);
+int32_t psa_key_agreement_negative_test(security_t caller);
+#endif /* _TEST_C043_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_data.h b/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_data.h
new file mode 100644
index 00000000000..e2d100fccde
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_data.h
@@ -0,0 +1,194 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_crypto.h"
+
+typedef struct {
+ char test_desc[75];
+ psa_key_handle_t key_handle;
+ psa_key_type_t key_type;
+ uint8_t key_data[91];
+ uint32_t key_length;
+ psa_key_usage_t usage;
+ psa_algorithm_t key_alg;
+ uint8_t peer_key[120];
+ size_t peer_key_length;
+ uint8_t expected_output[48];
+ size_t expected_output_length;
+ size_t expected_capacity;
+ psa_status_t expected_status;
+} test_data;
+
+
+static test_data check1[] = {
+#ifdef ARCH_TEST_ECDH
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_key_agreement - ECDH SECP256R1\n", 1,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65,
+{0xd6, 0x84, 0x0f, 0x6b, 0x42, 0xf6, 0xed, 0xaf, 0xd1, 0x31, 0x16, 0xe0, 0xe1,
+ 0x25, 0x65, 0x20, 0x2f, 0xef, 0x8e, 0x9e, 0xce, 0x7d, 0xce, 0x03, 0x81, 0x24,
+ 0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 32, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP384R1
+{"Test psa_key_agreement - ECDH SECP384R1\n", 2,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1),
+{0x09, 0x9f, 0x3c, 0x70, 0x34, 0xd4, 0xa2, 0xc6, 0x99, 0x88, 0x4d, 0x73, 0xa3,
+ 0x75, 0xa6, 0x7f, 0x76, 0x24, 0xef, 0x7c, 0x6b, 0x3c, 0x0f, 0x16, 0x06, 0x47,
+ 0xb6, 0x74, 0x14, 0xdc, 0xe6, 0x55, 0xe3, 0x5b, 0x53, 0x80, 0x41, 0xe6, 0x49,
+ 0xee, 0x3f, 0xae, 0xf8, 0x96, 0x78, 0x3a, 0xb1, 0x94}, 48, PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+{0x04, 0xe5, 0x58,
+ 0xdb, 0xef, 0x53, 0xee, 0xcd, 0xe3, 0xd3, 0xfc, 0xcf, 0xc1, 0xae, 0xa0, 0x8a,
+ 0x89, 0xa9, 0x87, 0x47, 0x5d, 0x12, 0xfd, 0x95, 0x0d, 0x83, 0xcf, 0xa4, 0x17,
+ 0x32, 0xbc, 0x50, 0x9d, 0x0d, 0x1a, 0xc4, 0x3a, 0x03, 0x36, 0xde, 0xf9, 0x6f,
+ 0xda, 0x41, 0xd0, 0x77, 0x4a, 0x35, 0x71, 0xdc, 0xfb, 0xec, 0x7a, 0xac, 0xf3,
+ 0x19, 0x64, 0x72, 0x16, 0x9e, 0x83, 0x84, 0x30, 0x36, 0x7f, 0x66, 0xee, 0xbe,
+ 0x3c, 0x6e, 0x70, 0xc4, 0x16, 0xdd, 0x5f, 0x0c, 0x68, 0x75, 0x9d, 0xd1, 0xff,
+ 0xf8, 0x3f, 0xa4, 0x01, 0x42, 0x20, 0x9d, 0xff, 0x5e, 0xaa, 0xd9, 0x6d, 0xb9,
+ 0xe6, 0x38, 0x6c}, 97,
+{0x11, 0x18, 0x73, 0x31, 0xc2, 0x79, 0x96, 0x2d, 0x93, 0xd6, 0x04, 0x24, 0x3f,
+ 0xd5, 0x92, 0xcb, 0x9d, 0x0a, 0x92, 0x6f, 0x42, 0x2e, 0x47, 0x18, 0x75, 0x21,
+ 0x28, 0x7e, 0x71, 0x56, 0xc5, 0xc4, 0xd6, 0x03, 0x13, 0x55, 0x69, 0xb9, 0xe9,
+ 0xd0, 0x9c, 0xf5, 0xd4, 0xa2, 0x70, 0xf5, 0x97, 0x46}, 48, 48, PSA_SUCCESS
+},
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_key_agreement - Invalid usage\n", 3,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65,
+{0xd6, 0x84, 0x0f, 0x6b, 0x42, 0xf6, 0xed, 0xaf, 0xd1, 0x31, 0x16, 0xe0, 0xe1,
+ 0x25, 0x65, 0x20, 0x2f, 0xef, 0x8e, 0x9e, 0xce, 0x7d, 0xce, 0x03, 0x81, 0x24,
+ 0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 32, PSA_ERROR_NOT_PERMITTED
+},
+
+{"Test psa_key_agreement - Unknown KDF\n", 4,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH(0),
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65,
+{0xd6, 0x84, 0x0f, 0x6b, 0x42, 0xf6, 0xed, 0xaf, 0xd1, 0x31, 0x16, 0xe0, 0xe1,
+ 0x25, 0x65, 0x20, 0x2f, 0xef, 0x8e, 0x9e, 0xce, 0x7d, 0xce, 0x03, 0x81, 0x24,
+ 0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 32, PSA_ERROR_NOT_SUPPORTED
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+#ifdef ARCH_TEST_SHA256
+#ifdef ARCH_TEST_HKDF
+{"Test psa_key_agreement - Not a key agreement alg\n", 5,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256),
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65,
+{0xd6, 0x84, 0x0f, 0x6b, 0x42, 0xf6, 0xed, 0xaf, 0xd1, 0x31, 0x16, 0xe0, 0xe1,
+ 0x25, 0x65, 0x20, 0x2f, 0xef, 0x8e, 0x9e, 0xce, 0x7d, 0xce, 0x03, 0x81, 0x24,
+ 0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 32, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+
+#ifdef ARCH_TEST_ECDH
+{"Test psa_key_agreement - Public key on different curve\n", 6,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+{0x04, 0xe5, 0x58,
+ 0xdb, 0xef, 0x53, 0xee, 0xcd, 0xe3, 0xd3, 0xfc, 0xcf, 0xc1, 0xae, 0xa0, 0x8a,
+ 0x89, 0xa9, 0x87, 0x47, 0x5d, 0x12, 0xfd, 0x95, 0x0d, 0x83, 0xcf, 0xa4, 0x17,
+ 0x32, 0xbc, 0x50, 0x9d, 0x0d, 0x1a, 0xc4, 0x3a, 0x03, 0x36, 0xde, 0xf9, 0x6f,
+ 0xda, 0x41, 0xd0, 0x77, 0x4a, 0x35, 0x71, 0xdc, 0xfb, 0xec, 0x7a, 0xac, 0xf3,
+ 0x19, 0x64, 0x72, 0x16, 0x9e, 0x83, 0x84, 0x30, 0x36, 0x7f, 0x66, 0xee, 0xbe,
+ 0x3c, 0x6e, 0x70, 0xc4, 0x16, 0xdd, 0x5f, 0x0c, 0x68, 0x75, 0x9d, 0xd1, 0xff,
+ 0xf8, 0x3f, 0xa4, 0x01, 0x42, 0x20, 0x9d, 0xff, 0x5e, 0xaa, 0xd9, 0x6d, 0xb9,
+ 0xe6, 0x38, 0x6c}, 97,
+{0}, 0, 0, PSA_ERROR_INVALID_ARGUMENT
+},
+
+{"Test psa_key_agreement - Public key instead of private key\n", 7,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1),
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65, {0}, 0, 0, PSA_ERROR_INVALID_ARGUMENT
+},
+#endif
+#endif
+};
+
+static test_data check2[] = {
+#ifdef ARCH_TEST_ECDH
+#ifdef ARCH_TEST_ECC_CURVE_SECP256R1
+{"Test psa_key_agreement - Negative case\n", 8,
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+{0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, 0xa2,
+ 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, 0xc6, 0x2a,
+ 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33}, 32, PSA_KEY_USAGE_DERIVE, PSA_ALG_ECDH(PSA_ALG_SELECT_RAW),
+{0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, 0x02,
+ 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, 0x4c, 0x73,
+ 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, 0xca, 0x36, 0x6c,
+ 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, 0x6a, 0xac, 0x23, 0xf0,
+ 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, 0x33, 0x03, 0x98, 0x72, 0xab},
+ 65,
+{0xd6, 0x84, 0x0f, 0x6b, 0x42, 0xf6, 0xed, 0xaf, 0xd1, 0x31, 0x16, 0xe0, 0xe1,
+ 0x25, 0x65, 0x20, 0x2f, 0xef, 0x8e, 0x9e, 0xce, 0x7d, 0xce, 0x03, 0x81, 0x24,
+ 0x64, 0xd0, 0x4b, 0x94, 0x42, 0xde}, 32, 32, PSA_SUCCESS
+},
+#endif
+#endif
+};
diff --git a/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_entry.c b/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_entry.c
new file mode 100644
index 00000000000..b1ba5e3d861
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_crypto/test_c043/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_c043.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_CRYPTO_BASE, 43)
+#define TEST_DESC "Testing crypto generator APIs\n"
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_crypto_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_c043_crypto_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->crypto_function(VAL_CRYPTO_FREE);
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/psa_its_testlist.md b/components/TARGET_PSA/TESTS/compliance_its/psa_its_testlist.md
new file mode 100644
index 00000000000..b466a7ec0c1
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/psa_its_testlist.md
@@ -0,0 +1,30 @@
+# PSA Internal Trusted Storage Testcase checklist
+
+## Requirements for Storage Test Suite
+
+Following are the requirements of the Storage Test Suite.
+
+1. Unless described in this document, any behaviour that is defined as IMPLEMENTATION_DEFINED in PSA Storage API document is not verified in this document.
+2. Storage Test Cases use UID value starting from 1 onwards. These UID needs to be free for successfull test execution.
+3. UID values 1 and 2 are reserved as WRITE_ONCE UID.These UID can't be free from testcase. Make sure these are free.
+
+
+| Test | Return Value | API Verified | Test Algorithm | UID Usage |
+|-----------|--------------------------------------|------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| test_s001 | PSA_ITS_ERROR_UID_NOT_FOUND | psa_its_get
psa_its_get_info
psa_its_remove
| 1. Call get API with UID for which no UID/Data pair is created
2. Call get_info API for which no UID/Data pair is created
3. Call remove API for which no UID/Data pair is created
4. Set valid UID/Data pair with uid1
5. Set one more set of UID/Data pair, with different uid, than previous
6. Remove the uid of step 4.
7. Call get API for removed UID/data pair
8. Call get_info API for removed UID/Data pair
9. Call remove API for removed UID/Data pair
10. Set valid UID/Data pair
11. Call get API for different uid , then created
12. Call get_info API for different uid, then created
13. Call remove API for different uid, then created
14. Remove the created UID/Data pair.
15. Remove the stray uid.
| UID value used are 5,6,7 |
+| test_s002 | PSA_ITS_ERROR_WRITE_ONCE | psa_its_set
psa_its_remove
| 1. Set valid UID/data value pair , with create flag value none.2. Call get and get_info API to validate the data, attributes associated with data
3. Call set API again with same uid and create flag PSA_PS_WRITE_ONCE_FLAG
4. Call get and get_info API to validate the data, attributes associated with data is not changed after second set operation
5. try to remove the UID/data pair.
6. Create new UID/data value pair, with create flag PSA_PS_WRITE_ONCE_FLAG
7. Try to remove the created UID.
8. Call get and get_info API to validate the data, attributes associated with data
9. Again call SET with same UID , create flag PSA_PS_WRITE_ONCE_FLAG but different data length
10. Try to remove the UID, PSA_ITS_ERROR_WRITE_ONCE error should be returned
11. Call get and get_info API to validate the data, attributes associated with data
| UID value used are 1 and 2 |
+| test_s003 | PSA_ITS_ERROR_INSUFFICIENT_SPACE | psa_its_set
| 1. Create UID/data pairs, with data_len 256 bytes. Do this with incrementing uid values till we have INSUFFICENT_SPACE.
2. Remove all the UID/data pairs created.
3. Repeat the steps once more, to check all previous uid are removed successfully
| UID value starts from 5 and keep on incrementing till all space is exhausted |
+| test_s004 | PSA_ITS_SUCCESS | psa_its_set
psa_its_get
psa_its_get_info
psa_its_remove
| 1. Set a valid uid/data pair
2. Validate the data using get api
3. Change the data length to half of previous.
4. Call GET api with original data length , error should be returned and also the return buffer should be empty
5. Call GET api with correct data_len and validate the data received.
6. Check old data cannot be accessed.
7. Call REMOVE api to delete the UID/data pair
| UID value used is 5 |
+| test_s005 | PSA_ITS_SUCCESS | psa_its_set
psa_its_get
psa_its_get_info
psa_its_remove
| 1. Set valid UID/data pair with varying uid and data_len
2. Call GET api and validate the set data
3. Call GET info api and validate the data attributes
4. Call REMOVE api to delete the UID/data pair
| UID value used are 4 |
+| test_s006 | PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED | psa_its_set
| 1. Call the SET_INFO with minimum flag value to max flag value
2. Call GET_INFO api and validate the flag value
3. Remove the uid/data pair
| UID value used is 5 |
+| test_s007 | PSA_ITS_ERROR_INCORRECT_SIZE | psa_its_set
| 1. Create valid uid/data pair.
2. Increase the length of storage.
3. Try to access the old length using get api.
4. Try to access with valid length less than stored size.
5. Decrease the length of storage.
6. Try to access the old length.
7. Remove the uid
| UID value used is 5 |
+| test_s008 | PSA_ITS_ERROR_OFFSET_INVALID | psa_its_get
| 1. Set valid UID/data pair
2. Call GET api with valid offset and offset + data_len equal to stored data size.
3. Call GET api with valid offset and offset + data_len less than stored data size.
4. Call get api with invalid offset.
5. Call get api with zero offset , but data len greater than data size.
6. Remove the uid.
| UID value used is 5 |
+| test_s009 | PSA_ITS_SUCCESS | psa_its_get
psa_its_set
psa_its_get_info
| 1. Call the SET API with NULL pointer and data_len zero
2. Validate using get_info api storage should be present.
3. Call get API with NULL pointer.
4. Remove the UID.
5. Call get_info API to validate storage is removed.
6. Set storage entity with valid write_buffer , but length zero.
7. Call get_info API to validate storage attributes.
8. Call get_info api with NULL pointer and valid uid.
9. Remove the uid
| UID value used is 5
|
+| test_s010 | PSA_ITS_ERROR_STORAGE_FAILURE
| psa_its_set
| 1. Call the SET API with UID value 0.
2. Check that storage creation fails.
| UID value used is 0
|
+
+## License
+Arm PSA test suite is distributed under Apache v2.0 License.
+
+--------------
+
+*Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.*
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/main.c b/components/TARGET_PSA/TESTS/compliance_its/test_s001/main.c
new file mode 100644
index 00000000000..8045d73f5ec
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s001/main.c
@@ -0,0 +1,17 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+#ifdef ITS_TEST
+void test_entry_s001(val_api_t *val_api, psa_api_t *psa_api);
+#elif PS_TEST
+void test_entry_p001(val_api_t *val_api, psa_api_t *psa_api);
+#endif
+
+int main(void)
+{
+#ifdef ITS_TEST
+ test_start(test_entry_s001, COMPLIANCE_TEST_STORAGE);
+#elif PS_TEST
+ test_start(test_entry_p001, COMPLIANCE_TEST_STORAGE);
+#endif
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_entry.c b/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_entry.c
new file mode 100644
index 00000000000..8b8aed94e91
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s001.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_STORAGE_BASE, 1)
+#define TEST_DESC "UID not found check\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_secure_storage_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_s001_sst_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_its_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_its_data.h
new file mode 100644
index 00000000000..af95d04b601
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_its_data.h
@@ -0,0 +1,81 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S001_ITS_DATA_TESTS_H_
+#define _TEST_S001_ITS_DATA_TESTS_H_
+
+#include "val_internal_trusted_storage.h"
+
+#define SST_FUNCTION val->its_function
+#define psa_sst_uid_t psa_its_uid_t
+
+typedef struct {
+ enum its_function_code api;
+ psa_its_status_t status;
+} test_data;
+
+static struct psa_its_info_t info;
+static const test_data s001_data[] = {
+{
+ 0, 0 /* Unused Index0 */
+},
+{
+ VAL_ITS_GET, PSA_ITS_ERROR_UID_NOT_FOUND /* Call the get API when no UID is set */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_ERROR_UID_NOT_FOUND /* Call the get_info API when no UID is set */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_ERROR_UID_NOT_FOUND /* Call the remove API when no UID is set */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create a valid storage entity with UID1 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create a valid storage entity with UID2 */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove UID1 */
+},
+{
+ VAL_ITS_GET, PSA_ITS_ERROR_UID_NOT_FOUND /* Call get API for UID1 */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_ERROR_UID_NOT_FOUND /* Call get_info API for UID1 */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_ERROR_UID_NOT_FOUND /* Call remove API for UID1 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create a valid storage entity again with UID1 */
+},
+{
+ VAL_ITS_GET, PSA_ITS_ERROR_UID_NOT_FOUND /* Call get API for UID not same as UID1 or UID2 */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_ERROR_UID_NOT_FOUND /* Call get_info for UID not same as UID1 or UID2 */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_ERROR_UID_NOT_FOUND /* Call remove API for UID not same as UID1 or UID2 */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove UID1 */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove UID2 */
+},
+};
+#endif /* _TEST_S001_ITS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_ps_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_ps_data.h
new file mode 100644
index 00000000000..20130585aa7
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_ps_data.h
@@ -0,0 +1,81 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or ps affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S001_PS_DATA_TESTS_H_
+#define _TEST_S001_PS_DATA_TESTS_H_
+
+#include "val_protected_storage.h"
+
+#define SST_FUNCTION val->ps_function
+#define psa_sst_uid_t psa_ps_uid_t
+
+typedef struct {
+ enum ps_function_code api;
+ psa_ps_status_t status;
+} test_data;
+
+static struct psa_ps_info_t info;
+static const test_data s001_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_PS_GET, PSA_PS_ERROR_UID_NOT_FOUND /* Call the get API when no UID is set */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_ERROR_UID_NOT_FOUND /* Call the get_info API when no UID is set */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_ERROR_UID_NOT_FOUND /* Call the remove API when no UID is set */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create a valid storage entity with UID1 */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create a valid storage entity with UID2 */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove UID1 */
+},
+{
+ VAL_PS_GET, PSA_PS_ERROR_UID_NOT_FOUND /* Call get API for UID1 */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_ERROR_UID_NOT_FOUND /* Call get_info API for UID1 */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_ERROR_UID_NOT_FOUND /* Call remove API for UID1 */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create a valid storage entity again with UID1 */
+},
+{
+ VAL_PS_GET, PSA_PS_ERROR_UID_NOT_FOUND /* Call get API for UID not same as UID1 or UID2 */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_ERROR_UID_NOT_FOUND /* Call get_info for UID not same as UID1 or UID2 */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_ERROR_UID_NOT_FOUND /* Call remove API for UID not same as UID1 or UID2 */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove UID1 */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove UID2 */
+},
+};
+#endif /* _TEST_S001_PS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_s001.c b/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_s001.c
new file mode 100644
index 00000000000..3eabe5b5e8d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_s001.c
@@ -0,0 +1,170 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s001.h"
+#ifdef ITS_TEST
+#include "test_its_data.h"
+#elif PS_TEST
+#include "test_ps_data.h"
+#endif
+
+#define TEST_BUFF_SIZE 16
+
+client_test_t test_s001_sst_list[] = {
+ NULL,
+ psa_sst_uid_not_found,
+ NULL,
+};
+
+static uint8_t write_buff[TEST_BUFF_SIZE] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
+static uint8_t read_buff[TEST_BUFF_SIZE] = {0};
+
+static int32_t sst_calls_without_set_call(psa_sst_uid_t p_uid)
+{
+ uint32_t status;
+
+ /* get() without using set() before */
+ val->print(PRINT_TEST, "[Check 1] Call get API for UID %d which is not set\n", p_uid);
+ status = SST_FUNCTION(s001_data[1].api, p_uid, 0, TEST_BUFF_SIZE, read_buff);
+ TEST_ASSERT_EQUAL(status,s001_data[1].status,TEST_CHECKPOINT_NUM(1));
+
+ /* get_info() without using set() before */
+ val->print(PRINT_TEST, "[Check 2] Call get_info API for UID %d which is not set\n", p_uid);
+ status = SST_FUNCTION(s001_data[2].api, p_uid, &info);
+ TEST_ASSERT_EQUAL(status, s001_data[2].status, TEST_CHECKPOINT_NUM(2));
+
+ /* remove() without using set() before */
+ val->print(PRINT_TEST, "[Check 3] Call remove API for UID %d which is not set\n", p_uid);
+ status = SST_FUNCTION(s001_data[3].api, p_uid);
+ TEST_ASSERT_EQUAL(status, s001_data[3].status, TEST_CHECKPOINT_NUM(3));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+static int32_t sst_set_and_remove(psa_sst_uid_t p_uid)
+{
+ uint32_t status;
+
+ /* set() a UID1 */
+ status = SST_FUNCTION(s001_data[4].api, p_uid, TEST_BUFF_SIZE, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s001_data[4].status, TEST_CHECKPOINT_NUM(4));
+
+ /* Also set() with a different UID */
+ status = SST_FUNCTION(s001_data[5].api, p_uid + 1, TEST_BUFF_SIZE, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s001_data[5].status, TEST_CHECKPOINT_NUM(5));
+
+ /* remove() UID1 */
+ status = SST_FUNCTION(s001_data[6].api, p_uid);
+ TEST_ASSERT_EQUAL(status, s001_data[6].status, TEST_CHECKPOINT_NUM(6));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+static int32_t sst_calls_after_uid_remove(psa_sst_uid_t p_uid)
+{
+ uint32_t status;
+
+ /* get() for UID which is removed */
+ val->print(PRINT_TEST, "[Check 4] Call get API for UID %d which is removed\n", p_uid);
+ status = SST_FUNCTION(s001_data[7].api, p_uid, 0, TEST_BUFF_SIZE, read_buff);
+ TEST_ASSERT_EQUAL(status, s001_data[7].status, TEST_CHECKPOINT_NUM(7));
+
+ /* get_info() for UID which is removed */
+ val->print(PRINT_TEST, "[Check 5] Call get_info API for UID %d which is removed\n", p_uid);
+ status = SST_FUNCTION(s001_data[8].api, p_uid, &info);
+ TEST_ASSERT_EQUAL(status, s001_data[8].status, TEST_CHECKPOINT_NUM(8));
+
+ /* remove() for UID which is removed */
+ val->print(PRINT_TEST, "[Check 6] Call remove API for UID %d which is removed\n", p_uid);
+ status = SST_FUNCTION(s001_data[9].api, p_uid);
+ TEST_ASSERT_EQUAL(status, s001_data[9].status, TEST_CHECKPOINT_NUM(9));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+static int32_t sst_calls_with_different_uid(psa_sst_uid_t p_uid)
+{
+ uint32_t status;
+
+ /* set() a UID */
+ val->print(PRINT_TEST, "Set storage for UID %d\n", p_uid);
+ status = SST_FUNCTION(s001_data[10].api, p_uid, TEST_BUFF_SIZE, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s001_data[10].status, TEST_CHECKPOINT_NUM(10));
+
+ /* get() for different UID then set UID */
+ val->print(PRINT_TEST, "[Check 7] Call get API for different UID %d\n", p_uid);
+ status = SST_FUNCTION(s001_data[11].api, p_uid-1, 0, TEST_BUFF_SIZE - 1, read_buff);
+ TEST_ASSERT_EQUAL(status, s001_data[11].status, TEST_CHECKPOINT_NUM(11));
+
+ /* get_info() for different UID then set UID */
+ val->print(PRINT_TEST, "[Check 8] Call get_info API for different UID %d\n", p_uid);
+ status = SST_FUNCTION(s001_data[12].api, p_uid-1, &info);
+ TEST_ASSERT_EQUAL(status, s001_data[12].status, TEST_CHECKPOINT_NUM(12));
+
+ /* remove() for different UID then set UID */
+ val->print(PRINT_TEST, "[Check 9] Call remove API for different UID %d\n", p_uid);
+ status = SST_FUNCTION(s001_data[13].api, p_uid-1);
+ TEST_ASSERT_EQUAL(status, s001_data[13].status, TEST_CHECKPOINT_NUM(13));
+
+ /* remove() the set UID */
+ status = SST_FUNCTION(s001_data[14].api, p_uid);
+ TEST_ASSERT_EQUAL(status, s001_data[14].status, TEST_CHECKPOINT_NUM(14));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+static int32_t sst_remove_stray_uid(psa_sst_uid_t p_uid)
+{
+ uint32_t status;
+
+ /* Remove UID + 1 */
+ status = SST_FUNCTION(s001_data[15].api, p_uid);
+ TEST_ASSERT_EQUAL(status, s001_data[15].status, TEST_CHECKPOINT_NUM(15));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_sst_uid_not_found(security_t caller)
+{
+ int32_t test_status;
+ psa_sst_uid_t uid = UID_BASE_VALUE + 6;
+
+ test_status = sst_calls_without_set_call(uid);
+ if (test_status != VAL_STATUS_SUCCESS)
+ return test_status;
+
+ test_status = sst_set_and_remove(uid);
+ if (test_status != VAL_STATUS_SUCCESS)
+ return test_status;
+
+ test_status = sst_calls_after_uid_remove(uid);
+ if (test_status != VAL_STATUS_SUCCESS)
+ return test_status;
+
+ test_status = sst_calls_with_different_uid(uid);
+ if (test_status != VAL_STATUS_SUCCESS)
+ return test_status;
+
+ test_status = sst_remove_stray_uid(uid + 1);
+ if (test_status != VAL_STATUS_SUCCESS)
+ return test_status;
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_s001.h b/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_s001.h
new file mode 100644
index 00000000000..af42fef8c2e
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_s001.h
@@ -0,0 +1,35 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S001_CLIENT_TESTS_H_
+#define _TEST_S001_CLIENT_TESTS_H_
+
+#ifdef ITS_TEST
+#define VAL_STORAGE_BASE VAL_INTERNAL_TRUSTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, s001)
+#elif PS_TEST
+#define VAL_STORAGE_BASE VAL_PROTECTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, p001)
+#endif
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_s001_sst_list[];
+
+int32_t psa_sst_uid_not_found(security_t caller);
+#endif /* _TEST_S001_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/main.c b/components/TARGET_PSA/TESTS/compliance_its/test_s002/main.c
new file mode 100644
index 00000000000..10c724f8508
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s002/main.c
@@ -0,0 +1,18 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+#include "lifecycle.h"
+
+#ifdef ITS_TEST
+void test_entry_s002(val_api_t *val_api, psa_api_t *psa_api);
+#elif PS_TEST
+void test_entry_p002(val_api_t *val_api, psa_api_t *psa_api);
+#endif
+
+int main(void)
+{
+#ifdef ITS_TEST
+ test_start(test_entry_s002, COMPLIANCE_TEST_STORAGE);
+#elif PS_TEST
+ test_start(test_entry_p002, COMPLIANCE_TEST_STORAGE);
+#endif
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_entry.c b/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_entry.c
new file mode 100644
index 00000000000..538a41f47f8
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s002.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_STORAGE_BASE, 2)
+#define TEST_DESC "Write once error check\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_secure_storage_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_s002_sst_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_its_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_its_data.h
new file mode 100644
index 00000000000..303b25fdb06
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_its_data.h
@@ -0,0 +1,134 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S002_ITS_DATA_TESTS_H_
+#define _TEST_S002_ITS_DATA_TESTS_H_
+
+#include "val_internal_trusted_storage.h"
+
+#define SST_FUNCTION val->its_function
+#define PSA_SST_FLAG_WRITE_ONCE PSA_ITS_FLAG_WRITE_ONCE
+#define psa_sst_uid_t psa_its_uid_t
+
+typedef struct {
+ enum its_function_code api;
+ psa_its_status_t status;
+} test_data;
+
+static struct psa_its_info_t orig_info;
+static struct psa_its_info_t new_info;
+static const test_data s002_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create a valid storage with create flag value 0 */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Call the get_info API to validate the attributes */
+},
+{
+ 0, 0 /* Index not used as check for get info size */
+},
+{
+ 0, 0 /* Index not used as check for get info flag */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Validate the data using get API */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Change the flag to WRITE_ONCE using set API */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Call the get_info API to validate the flag change */
+},
+{
+ 0, 0 /* Index not used as check for get info size */
+},
+{
+ 0, 0 /* Index not used as check for get info flag */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Validate the data using get API after flag change */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_ERROR_WRITE_ONCE /* Storage should not be removed after WRITE_ONCE flag */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create a storage with different UID and flag value WRITE_ONCE */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_ERROR_WRITE_ONCE /* Storage should not be removed */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Validate the data using get API after flag change */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Call the get_info API to validate the flag change */
+},
+{
+ 0, 0 /* Index not used as check for get info size */
+},
+{
+ 0, 0 /* Index not used as check for get info flag */
+},
+{
+ VAL_ITS_SET, PSA_ITS_ERROR_WRITE_ONCE /* Try to set different size for same UID and flag value */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_ERROR_WRITE_ONCE /* Storage should not be removed */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Call the get_info API to validate the flag change */
+},
+{
+ 0, 0 /* Index not used as check for get info size */
+},
+{
+ 0, 0 /* Index not used as check for get info flag */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Validate the data using get API after flag change */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_ITS_SET, PSA_ITS_ERROR_WRITE_ONCE /* Setting flag to zero for UID should fail */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_ERROR_WRITE_ONCE /* Storage should not be removed */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Check that the WRITE_ONCE flag is preserved */
+},
+{
+ 0, 0 /* Index not used as check for get info size */
+},
+{
+ 0, 0 /* Index not used as check for get info flag */
+},
+};
+#endif /* _TEST_S002_ITS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_ps_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_ps_data.h
new file mode 100644
index 00000000000..19e88b724df
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_ps_data.h
@@ -0,0 +1,134 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or ps affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S002_PS_DATA_TESTS_H_
+#define _TEST_S002_PS_DATA_TESTS_H_
+
+#include "val_protected_storage.h"
+
+#define SST_FUNCTION val->ps_function
+#define PSA_SST_FLAG_WRITE_ONCE PSA_PS_FLAG_WRITE_ONCE
+#define psa_sst_uid_t psa_ps_uid_t
+
+typedef struct {
+ enum ps_function_code api;
+ psa_ps_status_t status;
+} test_data;
+
+static struct psa_ps_info_t orig_info;
+static struct psa_ps_info_t new_info;
+static const test_data s002_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create a valid storage with create flag value 0 */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Call the get_info API to validate the attributes */
+},
+{
+ 0, 0 /* Index not used as check for get info size */
+},
+{
+ 0, 0 /* Index not used as check for get info flag */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Validate the data using get API */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Change the flag to WRITE_ONCE using set API */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Call the get_info API to validate the flag change */
+},
+{
+ 0, 0 /* Index not used as check for get info size */
+},
+{
+ 0, 0 /* Index not used as check for get info flag */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Validate the data using get API after flag change */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_ERROR_WRITE_ONCE /* Storage should not be removed after WRITE_ONCE flag */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create storage with different UID and flag value WRITE_ONCE */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_ERROR_WRITE_ONCE /* Storage should not be removed */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Validate the data using get API after flag change */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Call the get_info API to validate the flag change */
+},
+{
+ 0, 0 /* Index not used as check for get info size */
+},
+{
+ 0, 0 /* Index not used as check for get info flag */
+},
+{
+ VAL_PS_SET, PSA_PS_ERROR_WRITE_ONCE /* Try to set different size for same UID and flag value */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_ERROR_WRITE_ONCE /* Storage should not be removed */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Call the get_info API to validate the flag change */
+},
+{
+ 0, 0 /* Index not used as check for get info size */
+},
+{
+ 0, 0 /* Index not used as check for get info flag */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Validate the data using get API after flag change */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_PS_SET, PSA_PS_ERROR_WRITE_ONCE /* Setting flag to zero for UID should fail */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_ERROR_WRITE_ONCE /* Storage should not be removed */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Check that the WRITE_ONCE flag is preserved */
+},
+{
+ 0, 0 /* Index not used as check for get info size */
+},
+{
+ 0, 0 /* Index not used as check for get info flag */
+},
+};
+#endif /* _TEST_S002_PS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_s002.c b/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_s002.c
new file mode 100644
index 00000000000..4fea4d61b93
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_s002.c
@@ -0,0 +1,161 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or sst affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s002.h"
+#ifdef ITS_TEST
+#include "test_its_data.h"
+#elif PS_TEST
+#include "test_ps_data.h"
+#endif
+
+#define UID_WRITE_ONCE_1 UID_BASE_VALUE + 1
+#define UID_WRITE_ONCE_2 UID_BASE_VALUE + 2
+#define TEST_BUFF_SIZE 16
+
+client_test_t test_s002_sst_list[] = {
+ NULL,
+ psa_sst_update_write_once_flag_after_create,
+ psa_sst_create_with_write_once_flag,
+ NULL,
+};
+
+int32_t psa_sst_update_write_once_flag_after_create(security_t caller)
+{
+ uint32_t status;
+ psa_sst_uid_t uid = UID_WRITE_ONCE_1;
+ uint8_t write_buff[TEST_BUFF_SIZE/2] = {0xDE, 0xAD, 0xBE, 0xEF, 0xCA, 0xFE, 0xBA, 0xBE};
+ uint8_t read_buff[TEST_BUFF_SIZE/2] = {0};
+ uint8_t write_buff_new[TEST_BUFF_SIZE/4] = {0xFF, 0xFF, 0xFF, 0xFF};
+
+ /* set() data without a WRITE_ONCE flag */
+ status = SST_FUNCTION(s002_data[1].api, uid, TEST_BUFF_SIZE/2, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s002_data[1].status, TEST_CHECKPOINT_NUM(1));
+
+ /* Check that get_info() returns correct attributes; also store for reference for later */
+ status = SST_FUNCTION(s002_data[2].api, uid, &orig_info);
+ TEST_ASSERT_EQUAL(status, s002_data[2].status, TEST_CHECKPOINT_NUM(2));
+ TEST_ASSERT_EQUAL(orig_info.size, TEST_BUFF_SIZE/2, TEST_CHECKPOINT_NUM(3));
+ TEST_ASSERT_EQUAL(orig_info.flags, 0, TEST_CHECKPOINT_NUM(4));
+
+ /* Check for data consistency using get() */
+ status = SST_FUNCTION(s002_data[5].api, uid, 0, TEST_BUFF_SIZE/2, read_buff);
+ TEST_ASSERT_EQUAL(status, s002_data[5].status, TEST_CHECKPOINT_NUM(5));
+ TEST_ASSERT_MEMCMP(write_buff, read_buff, TEST_BUFF_SIZE/2, TEST_CHECKPOINT_NUM(6));
+
+ /* set() with WRITE_ONCE_FLAG */
+ val->print(PRINT_TEST, "[Check 1] Update the flag of UID %d with WRITE_ONCE flag\n", uid);
+ status = SST_FUNCTION(s002_data[7].api, uid, TEST_BUFF_SIZE/4, write_buff_new,
+ PSA_SST_FLAG_WRITE_ONCE);
+ TEST_ASSERT_EQUAL(status, s002_data[7].status, TEST_CHECKPOINT_NUM(7));
+
+ /* Check that info is updated, after new set */
+ status = SST_FUNCTION(s002_data[8].api, uid, &new_info);
+ TEST_ASSERT_EQUAL(status, s002_data[8].status, TEST_CHECKPOINT_NUM(8));
+ TEST_ASSERT_EQUAL(new_info.size, new_info.size, TEST_CHECKPOINT_NUM(9));
+ TEST_ASSERT_EQUAL(new_info.flags, new_info.flags, TEST_CHECKPOINT_NUM(10));
+
+ /* Check that data contents are preserved which were written with WRITE_ONCE_FLAG originally */
+ status = SST_FUNCTION(s002_data[11].api, uid, 0, TEST_BUFF_SIZE/4, read_buff);
+ TEST_ASSERT_EQUAL(status, s002_data[11].status, TEST_CHECKPOINT_NUM(11));
+ TEST_ASSERT_MEMCMP(write_buff_new, read_buff, TEST_BUFF_SIZE/4, TEST_CHECKPOINT_NUM(12));
+
+ /* remove() the UID */
+ val->print(PRINT_TEST, "[Check 2] Try to remove the UID %d having WRITE_ONCE flag\n", uid);
+ status = SST_FUNCTION(s002_data[13].api, uid);
+ TEST_ASSERT_EQUAL(status, s002_data[13].status, TEST_CHECKPOINT_NUM(13));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+
+int32_t psa_sst_create_with_write_once_flag(security_t caller)
+{
+ uint32_t status;
+ psa_sst_uid_t uid = UID_WRITE_ONCE_2;
+ uint8_t write_buff[TEST_BUFF_SIZE] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
+ uint8_t read_buff[TEST_BUFF_SIZE] = {0};
+ uint8_t write_buff_new[TEST_BUFF_SIZE + 1] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF};
+
+ /* Set data for a UID using WRITE_ONCE flag */
+ val->print(PRINT_TEST, "[Check 3] Create a new UID %d with WRITE_ONCE flag\n", uid);
+ status = SST_FUNCTION(s002_data[14].api, uid, TEST_BUFF_SIZE, write_buff,
+ PSA_SST_FLAG_WRITE_ONCE);
+ TEST_ASSERT_EQUAL(status, s002_data[14].status, TEST_CHECKPOINT_NUM(14));
+
+ /* Check that remove() fails with PSA_SST_ERROR_WRITE_ONCE */
+ val->print(PRINT_TEST, "[Check 4] Try to remove the UID %d having WRITE_ONCE flag\n", uid);
+ status = SST_FUNCTION(s002_data[15].api, uid);
+ TEST_ASSERT_EQUAL(status, s002_data[15].status, TEST_CHECKPOINT_NUM(15));
+
+ /* Check data consistency using get()*/
+ status = SST_FUNCTION(s002_data[16].api, uid, 0, TEST_BUFF_SIZE, read_buff);
+ TEST_ASSERT_EQUAL(status, s002_data[16].status, TEST_CHECKPOINT_NUM(16));
+ TEST_ASSERT_MEMCMP(write_buff, read_buff, TEST_BUFF_SIZE, TEST_CHECKPOINT_NUM(17));
+
+ /* Check that info values is as expected */
+ status = SST_FUNCTION(s002_data[18].api, uid, &orig_info);
+ TEST_ASSERT_EQUAL(status, s002_data[18].status, TEST_CHECKPOINT_NUM(18));
+ TEST_ASSERT_EQUAL(orig_info.size, TEST_BUFF_SIZE, TEST_CHECKPOINT_NUM(19));
+ TEST_ASSERT_EQUAL(orig_info.flags, PSA_SST_FLAG_WRITE_ONCE, TEST_CHECKPOINT_NUM(20));
+
+ /* Try to overwrite using set() with same UID as used before with WRITE_ONCE_FLAG */
+ val->print(PRINT_TEST, "[Check 5] Try to change the length of write_once UID %d\n", uid);
+ status = SST_FUNCTION(s002_data[21].api, uid, (TEST_BUFF_SIZE + 1), write_buff_new,
+ PSA_SST_FLAG_WRITE_ONCE);
+ TEST_ASSERT_EQUAL(status, s002_data[21].status, TEST_CHECKPOINT_NUM(21));
+
+ /* Check that remove() still fails with PSA_SST_ERROR_WRITE_ONCE */
+ val->print(PRINT_TEST, "[Check 6] Check UID removal still fails\n", 0);
+ status = SST_FUNCTION(s002_data[22].api, uid);
+ TEST_ASSERT_EQUAL(status, s002_data[22].status, TEST_CHECKPOINT_NUM(22));
+
+ /* Check that info is preserved */
+ status = SST_FUNCTION(s002_data[23].api, uid, &new_info);
+ TEST_ASSERT_EQUAL(status, s002_data[23].status, TEST_CHECKPOINT_NUM(23));
+ TEST_ASSERT_EQUAL(new_info.size, orig_info.size, TEST_CHECKPOINT_NUM(24));
+ TEST_ASSERT_EQUAL(new_info.flags, orig_info.flags, TEST_CHECKPOINT_NUM(25));
+
+ /* Check that data contents are preserved which were written with WRITE_ONCE_FLAG originally */
+ status = SST_FUNCTION(s002_data[26].api, uid, 0, TEST_BUFF_SIZE, read_buff);
+ TEST_ASSERT_EQUAL(status, s002_data[26].status, TEST_CHECKPOINT_NUM(26));
+ TEST_ASSERT_MEMCMP(write_buff, read_buff, TEST_BUFF_SIZE, TEST_CHECKPOINT_NUM(27));
+
+ /* Try to overwrite using set() with same UID as used before without WRITE_ONCE_FLAG */
+ val->print(PRINT_TEST, "[Check 7] Try to change the WRITE_ONCE flag to None for UID %d\n", uid);
+ new_info.size = 0;
+ new_info.flags = 0;
+ status = SST_FUNCTION(s002_data[28].api, uid, (TEST_BUFF_SIZE - 1), write_buff_new, 0);
+ TEST_ASSERT_EQUAL(status, s002_data[28].status, TEST_CHECKPOINT_NUM(28));
+
+ /* Check that remove() still fails with PSA_SST_ERROR_WRITE_ONCE */
+ val->print(PRINT_TEST, "[Check 8] Check UID removal still fails\n", 0);
+ status = SST_FUNCTION(s002_data[29].api, uid);
+ TEST_ASSERT_EQUAL(status, s002_data[29].status, TEST_CHECKPOINT_NUM(29));
+
+ /* Check that info is preserved */
+ status = SST_FUNCTION(s002_data[30].api, uid, &new_info);
+ TEST_ASSERT_EQUAL(status, s002_data[30].status, TEST_CHECKPOINT_NUM(30));
+ TEST_ASSERT_EQUAL(new_info.size, orig_info.size, TEST_CHECKPOINT_NUM(31));
+ TEST_ASSERT_EQUAL(new_info.flags, orig_info.flags, TEST_CHECKPOINT_NUM(32));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_s002.h b/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_s002.h
new file mode 100644
index 00000000000..91c7aef25e2
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_s002.h
@@ -0,0 +1,36 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S002_CLIENT_TESTS_H_
+#define _TEST_S002_CLIENT_TESTS_H_
+
+#ifdef ITS_TEST
+#define VAL_STORAGE_BASE VAL_INTERNAL_TRUSTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, s002)
+#elif PS_TEST
+#define VAL_STORAGE_BASE VAL_PROTECTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, p002)
+#endif
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_s002_sst_list[];
+
+int32_t psa_sst_update_write_once_flag_after_create(security_t caller);
+int32_t psa_sst_create_with_write_once_flag(security_t caller);
+#endif /* _TEST_S002_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/main.c b/components/TARGET_PSA/TESTS/compliance_its/test_s003/main.c
new file mode 100644
index 00000000000..a25994c3c48
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s003/main.c
@@ -0,0 +1,23 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+#include "lifecycle.h"
+
+#ifndef PS_ALLOW_ENTIRE_STORAGE_FILL
+#error [NOT_SUPPORTED] Test is too long for CI, thus always fails on timeout.
+#endif
+
+#ifdef ITS_TEST
+void test_entry_s003(val_api_t *val_api, psa_api_t *psa_api);
+#elif PS_TEST
+void test_entry_p003(val_api_t *val_api, psa_api_t *psa_api);
+#endif
+
+int main(void)
+{
+#ifdef ITS_TEST
+ test_start(test_entry_s003, COMPLIANCE_TEST_STORAGE);
+#elif PS_TEST
+ test_start(test_entry_p003, COMPLIANCE_TEST_STORAGE);
+#endif
+
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_entry.c b/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_entry.c
new file mode 100644
index 00000000000..30dcbde8283
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s003.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_STORAGE_BASE, 3)
+#define TEST_DESC "Insufficient space check\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_secure_storage_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_s003_sst_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_its_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_its_data.h
new file mode 100644
index 00000000000..511e418b04b
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_its_data.h
@@ -0,0 +1,42 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S003_ITS_DATA_TESTS_H_
+#define _TEST_S003_ITS_DATA_TESTS_H_
+
+#include "val_internal_trusted_storage.h"
+
+#define SST_FUNCTION val->its_function
+#define PSA_SST_SUCCESS PSA_ITS_SUCCESS
+#define psa_sst_uid_t psa_its_uid_t
+
+typedef struct {
+ enum its_function_code api;
+ psa_its_status_t status;
+} test_data;
+
+static const test_data s003_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_ERROR_INSUFFICIENT_SPACE /* Call set API till insufficent space */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove the UID created */
+},
+};
+#endif /* _TEST_S003_ITS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_ps_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_ps_data.h
new file mode 100644
index 00000000000..db48c35b56d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_ps_data.h
@@ -0,0 +1,42 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or ps affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S003_PS_DATA_TESTS_H_
+#define _TEST_S003_PS_DATA_TESTS_H_
+
+#include "val_protected_storage.h"
+
+#define SST_FUNCTION val->ps_function
+#define PSA_SST_SUCCESS PSA_PS_SUCCESS
+#define psa_sst_uid_t psa_ps_uid_t
+
+typedef struct {
+ enum ps_function_code api;
+ psa_ps_status_t status;
+} test_data;
+
+static const test_data s003_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_PS_SET, PSA_PS_ERROR_INSUFFICIENT_SPACE /* Call set API till insufficent space */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove the UID created */
+},
+};
+#endif /* _TEST_S003_PS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_s003.c b/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_s003.c
new file mode 100644
index 00000000000..fcd9a08167d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_s003.c
@@ -0,0 +1,96 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s003.h"
+#if ITS_TEST
+#include "test_its_data.h"
+#elif PS_TEST
+#include "test_ps_data.h"
+#endif
+
+#define TEST_BUFF_SIZE 1024
+#define NUM_ITERATIONS 2
+#define TEST_BASE_UID_VALUE UID_BASE_VALUE + 5
+
+client_test_t test_s003_sst_list[] = {
+ NULL,
+ psa_sst_insufficient_space,
+ NULL,
+};
+
+static uint8_t write_buff[TEST_BUFF_SIZE];
+static char test_desc[2][80] = {
+ "Overload storage space\n",
+ "Overload storage again to verify all previous UID removed\n"};
+
+int32_t psa_sst_insufficient_space(security_t caller)
+{
+ uint32_t status = PSA_SST_SUCCESS;
+ psa_sst_uid_t uid;
+ uint32_t count = 0, results[NUM_ITERATIONS] = {0};
+ int i = 0;
+
+ /* Saturate the storage for NUM_ITERATION times, and remove them after */
+ for (i = 0 ; i < NUM_ITERATIONS; i++)
+ {
+ val->print(PRINT_TEST, "[Check %d] ", i + 1);
+ val->print(PRINT_TEST, &test_desc[i][0], 0);
+ for (uid = TEST_BASE_UID_VALUE; status == PSA_SST_SUCCESS; uid++)
+ {
+ val->print(PRINT_INFO, "Setting 0x%x bytes for ", TEST_BUFF_SIZE);
+ val->print(PRINT_INFO, "UID %d\n", uid);
+ status = SST_FUNCTION(s003_data[1].api, uid, TEST_BUFF_SIZE, write_buff, 0);
+ if (status != PSA_SST_SUCCESS)
+ {
+ val->print(PRINT_INFO, "UID %d set failed due to insufficient space\n", uid);
+ break;
+ }
+ }
+ TEST_ASSERT_EQUAL(status, s003_data[1].status, TEST_CHECKPOINT_NUM(1));
+
+ /* Store number of set()s it took to saturate the storage */
+ count = uid - (TEST_BASE_UID_VALUE);
+ results[i] = uid - (TEST_BASE_UID_VALUE);
+
+ if (count)
+ val->print(PRINT_TEST, "Remove all registered UIDs\n", 0);
+ for (uid = TEST_BASE_UID_VALUE; uid < (count + TEST_BASE_UID_VALUE); uid++)
+ {
+ val->print(PRINT_INFO, "Removing UID %d\n", uid);
+ status = SST_FUNCTION(s003_data[2].api, uid);
+ if (status != PSA_SST_SUCCESS)
+ break;
+ }
+ if (count)
+ TEST_ASSERT_EQUAL(status, s003_data[2].status, TEST_CHECKPOINT_NUM(2));
+ }
+
+ /* Check that it takes equal number of UIDs to fill up the storage each time */
+ for (i = 0; i < (NUM_ITERATIONS -1); i++)
+ {
+ if (results[i] != results[i+1])
+ {
+ val->print(PRINT_ERROR, "\tERROR : Mismatch between number of UIDs required to\n", 0);
+ val->print(PRINT_ERROR, "\t fill up the storage between iteration %d", i);
+ val->print(PRINT_ERROR, " and iteration %d\n", i+1);
+ return VAL_STATUS_ERROR;
+ }
+ }
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_s003.h b/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_s003.h
new file mode 100644
index 00000000000..ab2d6aa6c75
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_s003.h
@@ -0,0 +1,35 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S003_CLIENT_TESTS_H_
+#define _TEST_S003_CLIENT_TESTS_H_
+
+#ifdef ITS_TEST
+#define VAL_STORAGE_BASE VAL_INTERNAL_TRUSTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, s003)
+#elif PS_TEST
+#define VAL_STORAGE_BASE VAL_PROTECTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, p003)
+#endif
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_s003_sst_list[];
+
+int32_t psa_sst_insufficient_space(security_t caller);
+#endif /* _TEST_S003_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/main.c b/components/TARGET_PSA/TESTS/compliance_its/test_s004/main.c
new file mode 100644
index 00000000000..952dbdf9051
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s004/main.c
@@ -0,0 +1,17 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+#ifdef ITS_TEST
+void test_entry_s004(val_api_t *val_api, psa_api_t *psa_api);
+#elif PS_TEST
+void test_entry_p004(val_api_t *val_api, psa_api_t *psa_api);
+#endif
+
+int main(void)
+{
+#ifdef ITS_TEST
+ test_start(test_entry_s004, COMPLIANCE_TEST_STORAGE);
+#elif PS_TEST
+ test_start(test_entry_p004, COMPLIANCE_TEST_STORAGE);
+#endif
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_entry.c b/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_entry.c
new file mode 100644
index 00000000000..a6afc248daa
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s004.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_STORAGE_BASE, 4)
+#define TEST_DESC "Data Consistency check\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_secure_storage_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_s004_sst_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_its_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_its_data.h
new file mode 100644
index 00000000000..b41dc1bed63
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_its_data.h
@@ -0,0 +1,65 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S004_ITS_DATA_TESTS_H_
+#define _TEST_S004_ITS_DATA_TESTS_H_
+
+#include "val_internal_trusted_storage.h"
+
+#define SST_FUNCTION val->its_function
+#define psa_sst_uid_t psa_its_uid_t
+
+typedef struct {
+ enum its_function_code api;
+ psa_its_status_t status;
+} test_data;
+
+static const test_data s004_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create a valid storage entity */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Validate the data using get API after set API failure */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* For same UID set the length as half of previous */
+},
+{
+ VAL_ITS_GET, PSA_ITS_ERROR_INCORRECT_SIZE /* Call get with incorrect length */
+},
+{
+ 0, 0 /* No data should be returned */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Call get API with correct length */
+},
+{
+ 0, 0 /* No data should be returned */
+},
+{
+ 0, 0 /* Check that we should not be able to access the old data */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove the valid storage entity */
+},
+};
+#endif /* _TEST_S004_ITS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_ps_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_ps_data.h
new file mode 100644
index 00000000000..baaf194f95b
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_ps_data.h
@@ -0,0 +1,65 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or ps affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S004_PS_DATA_TESTS_H_
+#define _TEST_S004_PS_DATA_TESTS_H_
+
+#include "val_protected_storage.h"
+
+#define SST_FUNCTION val->ps_function
+#define psa_sst_uid_t psa_ps_uid_t
+
+typedef struct {
+ enum ps_function_code api;
+ psa_ps_status_t status;
+} test_data;
+
+static const test_data s004_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create a valid storage entity */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Validate the data using get API after set API failure */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* For same UID set the length as half of previous */
+},
+{
+ VAL_PS_GET, PSA_PS_ERROR_INCORRECT_SIZE /* Call get with incorrect length */
+},
+{
+ 0, 0 /* No data should be returned */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Call get API with correct length */
+},
+{
+ 0, 0 /* No data should be returned */
+},
+{
+ 0, 0 /* Check that we should not be able to access the old data */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove the valid storage entity */
+},
+};
+#endif /* _TEST_S004_PS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_s004.c b/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_s004.c
new file mode 100644
index 00000000000..9db24a79931
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_s004.c
@@ -0,0 +1,84 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s004.h"
+#ifdef ITS_TEST
+#include "test_its_data.h"
+#elif PS_TEST
+#include "test_ps_data.h"
+#endif
+
+#define TEST_BUFF_SIZE 20
+
+client_test_t test_s004_sst_list[] = {
+ NULL,
+ psa_sst_get_data_check,
+ NULL,
+};
+
+static psa_sst_uid_t uid = UID_BASE_VALUE + 5;
+static uint8_t read_buff[TEST_BUFF_SIZE] = {0};
+static uint8_t write_buff[TEST_BUFF_SIZE] = {0x99, 0x01, 0x30, 0x50, 0x04, 0x23, 0xF6, 0x07, 0x08, \
+ 0x0D, 0x70, 0xA1, 0xFF, 0xFF, 0x14, 0x73, 0x46, 0x97, 0xE8, 0xDD};
+
+int32_t psa_sst_get_data_check(security_t caller)
+{
+ uint32_t status,j;
+
+ /* Set data for UID */
+ status = SST_FUNCTION(s004_data[1].api, uid, TEST_BUFF_SIZE, write_buff,0);
+ TEST_ASSERT_EQUAL(status, s004_data[1].status, TEST_CHECKPOINT_NUM(1));
+
+ /* Call get function and check the data consistency */
+ status = SST_FUNCTION(s004_data[2].api, uid, 0, TEST_BUFF_SIZE, read_buff);
+ TEST_ASSERT_EQUAL(status, s004_data[2].status, TEST_CHECKPOINT_NUM(2));
+ TEST_ASSERT_MEMCMP(read_buff, write_buff, TEST_BUFF_SIZE, TEST_CHECKPOINT_NUM(3));
+
+ /* Call the set again for same uid and set the length as half */
+ status = SST_FUNCTION(s004_data[4].api, uid, TEST_BUFF_SIZE/2, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s004_data[4].status, TEST_CHECKPOINT_NUM(4));
+
+ /* Call get function with incorrect buffer length */
+ val->print(PRINT_TEST, "[Check 1] Call get API with incorrect length\n", 0);
+ memset(read_buff, 0, TEST_BUFF_SIZE);
+ status = SST_FUNCTION(s004_data[5].api, uid, 0, TEST_BUFF_SIZE, read_buff);
+ TEST_ASSERT_EQUAL(status, s004_data[5].status, TEST_CHECKPOINT_NUM(5));
+ for (j = 0; j < TEST_BUFF_SIZE; j++)
+ {
+ TEST_ASSERT_EQUAL(read_buff[j], 0, TEST_CHECKPOINT_NUM(6));
+ }
+
+ /* Call get function with CORRECT buffer length */
+ status = SST_FUNCTION(s004_data[7].api, uid, 0, TEST_BUFF_SIZE/2, read_buff);
+ TEST_ASSERT_EQUAL(status, s004_data[7].status, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_MEMCMP(read_buff, write_buff, TEST_BUFF_SIZE/2, TEST_CHECKPOINT_NUM(8));
+
+ /* Check we should not be able to access old set data */
+ val->print(PRINT_TEST, "[Check 2] Old buffer invalid after length change\n", 0);
+ for (j = TEST_BUFF_SIZE/2; j < TEST_BUFF_SIZE; j++)
+ {
+ TEST_ASSERT_EQUAL(read_buff[j], 0, TEST_CHECKPOINT_NUM(9));
+ }
+
+ /* Remove the UID */
+ status = SST_FUNCTION(s004_data[10].api, uid);
+ TEST_ASSERT_EQUAL(status, s004_data[10].status, TEST_CHECKPOINT_NUM(10));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_s004.h b/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_s004.h
new file mode 100644
index 00000000000..f556f85b8d1
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_s004.h
@@ -0,0 +1,35 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S004_CLIENT_TESTS_H_
+#define _TEST_S004_CLIENT_TESTS_H_
+
+#ifdef ITS_TEST
+#define VAL_STORAGE_BASE VAL_INTERNAL_TRUSTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, s004)
+#elif PS_TEST
+#define VAL_STORAGE_BASE VAL_PROTECTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, p004)
+#endif
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_s004_sst_list[];
+
+int32_t psa_sst_get_data_check(security_t caller);
+#endif /* _TEST_S004_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/main.c b/components/TARGET_PSA/TESTS/compliance_its/test_s005/main.c
new file mode 100644
index 00000000000..c587e5371a8
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s005/main.c
@@ -0,0 +1,17 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+#ifdef ITS_TEST
+void test_entry_s005(val_api_t *val_api, psa_api_t *psa_api);
+#elif PS_TEST
+void test_entry_p005(val_api_t *val_api, psa_api_t *psa_api);
+#endif
+
+int main(void)
+{
+#ifdef ITS_TEST
+ test_start(test_entry_s005, COMPLIANCE_TEST_STORAGE);
+#elif PS_TEST
+ test_start(test_entry_p005, COMPLIANCE_TEST_STORAGE);
+#endif
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_entry.c b/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_entry.c
new file mode 100644
index 00000000000..36dcbaa8cf4
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_entry.c
@@ -0,0 +1,52 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s005.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_STORAGE_BASE, 5)
+#define TEST_DESC "Success scenarios check\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_secure_storage_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_s005_sst_list, FALSE);
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_its_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_its_data.h
new file mode 100644
index 00000000000..653f7cc0a7a
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_its_data.h
@@ -0,0 +1,58 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S005_ITS_DATA_TESTS_H_
+#define _TEST_S005_ITS_DATA_TESTS_H_
+
+#include "val_internal_trusted_storage.h"
+
+#define SST_FUNCTION val->its_function
+#define psa_sst_uid_t psa_its_uid_t
+#define psa_sst_create_flags_t psa_its_create_flags_t
+
+typedef struct {
+ enum its_function_code api;
+ psa_its_status_t status;
+} test_data;
+
+static struct psa_its_info_t info;
+static const test_data s005_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create a valid storage entity */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Validate the data using get API */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Validate the data attributes get_info API */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove the valid storage entity */
+},
+};
+#endif /* _TEST_S005_ITS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_ps_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_ps_data.h
new file mode 100644
index 00000000000..a961269a0da
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_ps_data.h
@@ -0,0 +1,58 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or ps affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S005_PS_DATA_TESTS_H_
+#define _TEST_S005_PS_DATA_TESTS_H_
+
+#include "val_protected_storage.h"
+
+#define SST_FUNCTION val->ps_function
+#define psa_sst_uid_t psa_ps_uid_t
+#define psa_sst_create_flags_t psa_ps_create_flags_t
+
+typedef struct {
+ enum ps_function_code api;
+ psa_ps_status_t status;
+} test_data;
+
+static struct psa_ps_info_t info;
+static const test_data s005_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create a valid storage entity */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Validate the data using get API */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Validate the data attributes get_info API */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove the valid storage entity */
+},
+};
+#endif /* _TEST_S005_PS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_s005.c b/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_s005.c
new file mode 100644
index 00000000000..ac7f40bfd0f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_s005.c
@@ -0,0 +1,89 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s005.h"
+#ifdef ITS_TEST
+#include "test_its_data.h"
+#elif PS_TEST
+#include "test_ps_data.h"
+#endif
+
+#define TEST_BUFF_SIZE 30
+
+client_test_t test_s005_sst_list[] = {
+ NULL,
+ psa_sst_apis_check_success_case,
+ NULL,
+};
+
+static uint8_t read_buff[TEST_BUFF_SIZE];
+static uint8_t write_buff[TEST_BUFF_SIZE] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x23, 0xF6, 0x07, 0x08, 0x0D, 0x0A, 0x1B, 0x0C, 0x5D, 0x0E,\
+ 0x70, 0xA1, 0xFF, 0xFF, 0x14, 0x73, 0x46, 0x97, 0xE8, 0xDD, 0xCA, 0x0B, 0x3C, 0x0D, 0x2E};
+
+static int32_t psa_sst_apis_check(psa_sst_uid_t uid, uint32_t data_len,
+ uint8_t *data_buff, psa_sst_create_flags_t create_flag)
+{
+ uint32_t status;
+
+ /* Set the UID with the data_len and data_buff */
+ status = SST_FUNCTION(s005_data[1].api, uid, data_len, data_buff, create_flag);
+ TEST_ASSERT_EQUAL(status, s005_data[1].status, TEST_CHECKPOINT_NUM(1));
+
+ /* Call the get function to get the data buffer and match the buffer */
+ status = SST_FUNCTION(s005_data[2].api, uid, 0, data_len, read_buff);
+ TEST_ASSERT_EQUAL(status, s005_data[2].status, TEST_CHECKPOINT_NUM(2));
+ TEST_ASSERT_MEMCMP(read_buff, data_buff, data_len, TEST_CHECKPOINT_NUM(3));
+
+ /* Call the get_info function and match the attributes */
+ status = SST_FUNCTION(s005_data[4].api, uid, &info);
+ TEST_ASSERT_EQUAL(status, s005_data[4].status, TEST_CHECKPOINT_NUM(4));
+ TEST_ASSERT_EQUAL(info.size, data_len, TEST_CHECKPOINT_NUM(5));
+ TEST_ASSERT_EQUAL(info.flags, create_flag, TEST_CHECKPOINT_NUM(6));
+
+ /* Remove the UID */
+ status = SST_FUNCTION(s005_data[7].api, uid);
+ TEST_ASSERT_EQUAL(status, s005_data[7].status, TEST_CHECKPOINT_NUM(7));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_sst_apis_check_success_case(security_t caller)
+{
+ psa_sst_uid_t uid = UID_BASE_VALUE + 4;
+ uint32_t data_len = 0, status = VAL_STATUS_SUCCESS;
+
+ /* Calling set function with data_len 1 and valid data pointer */
+ val->print(PRINT_TEST, "[Check 1] Set UID with data length zero and call storage APIs\n", 0);
+ if (psa_sst_apis_check(uid, data_len, write_buff, 0))
+ {
+ val->print(PRINT_ERROR, "Data Len = %d\n", data_len);
+ return VAL_STATUS_ERROR;
+ }
+
+ data_len = TEST_BUFF_SIZE/2;
+ val->print(PRINT_TEST, "[Check 2] Resetting the length check\n", 0);
+ if (psa_sst_apis_check(uid, data_len, write_buff, 0))
+ {
+ val->print(PRINT_ERROR, "Data Len = %d\n", data_len);
+ return VAL_STATUS_ERROR;
+ }
+
+ return status;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_s005.h b/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_s005.h
new file mode 100644
index 00000000000..84cbf43a6fd
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_s005.h
@@ -0,0 +1,36 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S005_CLIENT_TESTS_H_
+#define _TEST_S005_CLIENT_TESTS_H_
+
+#ifdef ITS_TEST
+#define VAL_STORAGE_BASE VAL_INTERNAL_TRUSTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, s005)
+#elif PS_TEST
+#define VAL_STORAGE_BASE VAL_PROTECTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, p005)
+#endif
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_s005_sst_list[];
+
+int32_t psa_sst_apis_check_success_case(security_t caller);
+
+#endif /* _TEST_S005_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/main.c b/components/TARGET_PSA/TESTS/compliance_its/test_s006/main.c
new file mode 100644
index 00000000000..c4382565577
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s006/main.c
@@ -0,0 +1,17 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+#ifdef ITS_TEST
+void test_entry_s006(val_api_t *val_api, psa_api_t *psa_api);
+#elif PS_TEST
+void test_entry_p006(val_api_t *val_api, psa_api_t *psa_api);
+#endif
+
+int main(void)
+{
+#ifdef ITS_TEST
+ test_start(test_entry_s006, COMPLIANCE_TEST_STORAGE);
+#elif PS_TEST
+ test_start(test_entry_p006, COMPLIANCE_TEST_STORAGE);
+#endif
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_entry.c b/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_entry.c
new file mode 100644
index 00000000000..dda491bdc3f
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_entry.c
@@ -0,0 +1,52 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s006.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_STORAGE_BASE, 6)
+#define TEST_DESC "Flags not supported check\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_secure_storage_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_s006_sst_list, FALSE);
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_its_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_its_data.h
new file mode 100644
index 00000000000..4426f2c041b
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_its_data.h
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S006_ITS_DATA_TESTS_H_
+#define _TEST_S006_ITS_DATA_TESTS_H_
+
+#include "val_internal_trusted_storage.h"
+
+#define SST_FUNCTION val->its_function
+#define PSA_SST_FLAG_WRITE_ONCE PSA_ITS_FLAG_WRITE_ONCE
+#define psa_sst_uid_t psa_its_uid_t
+#define psa_sst_create_flags_t psa_its_create_flags_t
+
+typedef struct {
+ enum its_function_code api;
+ psa_its_status_t status;
+} test_data;
+
+static struct psa_its_info_t info;
+static const test_data s006_data[] = {
+{
+ 0, PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED /* This is dummy for index0 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create a valid storage entity with different flag values */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Validate the flag value get_info API */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove the storage entity */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_ERROR_UID_NOT_FOUND /* Storage entity remove fails */
+},
+};
+#endif /* _TEST_S006_ITS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_ps_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_ps_data.h
new file mode 100644
index 00000000000..86e1e3015a0
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_ps_data.h
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or ps affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S006_PS_DATA_TESTS_H_
+#define _TEST_S006_PS_DATA_TESTS_H_
+
+#include "val_protected_storage.h"
+
+#define SST_FUNCTION val->ps_function
+#define PSA_SST_FLAG_WRITE_ONCE PSA_PS_FLAG_WRITE_ONCE
+#define psa_sst_uid_t psa_ps_uid_t
+#define psa_sst_create_flags_t psa_ps_create_flags_t
+
+typedef struct {
+ enum ps_function_code api;
+ psa_ps_status_t status;
+} test_data;
+
+static struct psa_ps_info_t info;
+static const test_data s006_data[] = {
+{
+ 0, PSA_PS_ERROR_FLAGS_NOT_SUPPORTED /* This is dummy for index0 */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create a valid storage entity with different flag values */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Validate the flag value get_info API */
+},
+{
+ 0, 0 /* Index not used */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove the storage entity */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_ERROR_UID_NOT_FOUND /* Remove the storage entity */
+}
+};
+#endif /* _TEST_S006_PS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_s006.c b/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_s006.c
new file mode 100644
index 00000000000..1c7066b0086
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_s006.c
@@ -0,0 +1,90 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s006.h"
+#ifdef ITS_TEST
+#include "test_its_data.h"
+#elif PS_TEST
+#include "test_ps_data.h"
+#endif
+
+#define TEST_BUFF_SIZE 30
+
+client_test_t test_s006_sst_list[] = {
+ NULL,
+ psa_sst_flags_not_supported,
+ NULL,
+};
+
+static uint8_t write_buff[TEST_BUFF_SIZE] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x23, 0xF6, 0x07, 0x08, 0x0D, 0x0A, 0x1B, 0x0C, 0x5D, 0x0E,\
+ 0x70, 0xA1, 0xFF, 0xFF, 0x14, 0x73, 0x46, 0x97, 0xE8, 0xDD, 0xCA, 0x0B, 0x3C, 0x0D, 0x2E};
+
+static int32_t psa_sst_remove_api(psa_sst_uid_t uid, uint32_t data_len,
+ uint8_t *data_buff, psa_sst_create_flags_t create_flag)
+{
+ uint32_t status;
+
+ /* Call the get_info function and match the attributes */
+ status = SST_FUNCTION(s006_data[2].api, uid, &info);
+ TEST_ASSERT_EQUAL(status, s006_data[2].status, TEST_CHECKPOINT_NUM(2));
+ TEST_ASSERT_EQUAL(info.flags, create_flag, TEST_CHECKPOINT_NUM(3));
+
+ /* Remove the UID */
+ status = SST_FUNCTION(s006_data[4].api, uid);
+ TEST_ASSERT_EQUAL(status, s006_data[4].status, TEST_CHECKPOINT_NUM(4));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_sst_flags_not_supported(security_t caller)
+{
+ psa_sst_create_flags_t flag = 0x80000000;
+ uint32_t status = VAL_STATUS_SUCCESS;
+ psa_sst_uid_t uid = UID_BASE_VALUE + 5;
+ int32_t test_status;
+
+ /* Calling set function with different create flag value */
+
+ val->print(PRINT_TEST, "[Check 1] Call set API with valid flag values\n", 0);
+ while (flag)
+ {
+ /* Create storage with flag value */
+ status = SST_FUNCTION(s006_data[1].api, uid, TEST_BUFF_SIZE, write_buff,
+ (flag & (~PSA_SST_FLAG_WRITE_ONCE)));
+
+ if (status == s006_data[1].status)
+ {
+ test_status = psa_sst_remove_api(uid, TEST_BUFF_SIZE, write_buff,
+ (flag & (~PSA_SST_FLAG_WRITE_ONCE)));
+ if (test_status != VAL_STATUS_SUCCESS)
+ return test_status;
+ }
+ else if (status == s006_data[0].status)
+ {
+ /* Remove UID should fail */
+ status = SST_FUNCTION(s006_data[5].api, uid);
+ TEST_ASSERT_EQUAL(status, s006_data[5].status, TEST_CHECKPOINT_NUM(5));
+ }
+
+ flag = flag >> 1;
+ };
+
+ return status;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_s006.h b/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_s006.h
new file mode 100644
index 00000000000..43adf748f49
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_s006.h
@@ -0,0 +1,36 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S006_CLIENT_TESTS_H_
+#define _TEST_S006_CLIENT_TESTS_H_
+
+#ifdef ITS_TEST
+#define VAL_STORAGE_BASE VAL_INTERNAL_TRUSTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, s006)
+#elif PS_TEST
+#define VAL_STORAGE_BASE VAL_PROTECTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, p006)
+#endif
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_s006_sst_list[];
+
+int32_t psa_sst_flags_not_supported(security_t caller);
+
+#endif /* _TEST_S006_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/main.c b/components/TARGET_PSA/TESTS/compliance_its/test_s007/main.c
new file mode 100644
index 00000000000..b79fbc893bb
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s007/main.c
@@ -0,0 +1,17 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+#ifdef ITS_TEST
+void test_entry_s007(val_api_t *val_api, psa_api_t *psa_api);
+#elif PS_TEST
+void test_entry_p007(val_api_t *val_api, psa_api_t *psa_api);
+#endif
+
+int main(void)
+{
+#ifdef ITS_TEST
+ test_start(test_entry_s007, COMPLIANCE_TEST_STORAGE);
+#elif PS_TEST
+ test_start(test_entry_p007, COMPLIANCE_TEST_STORAGE);
+#endif
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_entry.c b/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_entry.c
new file mode 100644
index 00000000000..f6005a1a90d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_entry.c
@@ -0,0 +1,52 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s007.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_STORAGE_BASE, 7)
+#define TEST_DESC "Incorrect Size check\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_secure_storage_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_s007_sst_list, FALSE);
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_its_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_its_data.h
new file mode 100644
index 00000000000..550dffb0851
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_its_data.h
@@ -0,0 +1,65 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S007_ITS_DATA_TESTS_H_
+#define _TEST_S007_ITS_DATA_TESTS_H_
+
+#include "val_internal_trusted_storage.h"
+
+#define SST_FUNCTION val->its_function
+#define psa_sst_uid_t psa_its_uid_t
+
+typedef struct {
+ enum its_function_code api;
+ psa_its_status_t status;
+} test_data;
+
+static const test_data s007_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create a valid storage entity */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Increase the length of storage */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Try to access old length */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Try to access valid length less than set length */
+},
+{
+ 0, 0 /* This is dummy for index5 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Decrease the length of storage */
+},
+{
+ VAL_ITS_GET, PSA_ITS_ERROR_INCORRECT_SIZE /* Try to access old length */
+},
+{
+ VAL_ITS_GET, PSA_ITS_ERROR_INCORRECT_SIZE /* Try to access old length */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Try to access data with correct length */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove the storage entity */
+},
+};
+#endif /* _TEST_S007_ITS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_ps_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_ps_data.h
new file mode 100644
index 00000000000..fa032c18802
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_ps_data.h
@@ -0,0 +1,65 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or ps affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S007_PS_DATA_TESTS_H_
+#define _TEST_S007_PS_DATA_TESTS_H_
+
+#include "val_protected_storage.h"
+
+#define SST_FUNCTION val->ps_function
+#define psa_sst_uid_t psa_ps_uid_t
+
+typedef struct {
+ enum ps_function_code api;
+ psa_ps_status_t status;
+} test_data;
+
+static const test_data s007_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create a valid storage entity */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Increase the length of storage */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Try to access old length */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Try to access valid length less than set length */
+},
+{
+ 0, 0 /* This is dummy for index5 */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Decrease the length of storage */
+},
+{
+ VAL_PS_GET, PSA_PS_ERROR_INCORRECT_SIZE /* Try to access old length */
+},
+{
+ VAL_PS_GET, PSA_PS_ERROR_INCORRECT_SIZE /* Try to access old length */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Try to access data with correct length */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove the storage entity */
+},
+};
+#endif /* _TEST_S007_PS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_s007.c b/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_s007.c
new file mode 100644
index 00000000000..3e1a880d010
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_s007.c
@@ -0,0 +1,89 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s007.h"
+#ifdef ITS_TEST
+#include "test_its_data.h"
+#elif PS_TEST
+#include "test_ps_data.h"
+#endif
+
+#define TEST_BUFF_SIZE 30
+
+client_test_t test_s007_sst_list[] = {
+ NULL,
+ psa_sst_get_incorrect_size,
+ NULL,
+};
+
+static uint8_t write_buff[TEST_BUFF_SIZE] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x23, 0xF6, 0x07, 0x08, 0x0D, 0x0A, 0x1B, 0x0C, 0x5D, 0x0E,\
+ 0x70, 0xA1, 0xFF, 0xFF, 0x14, 0x73, 0x46, 0x97, 0xE8, 0xDD, 0xCA, 0x0B, 0x3C, 0x0D, 0x2E};
+static uint8_t read_buff[TEST_BUFF_SIZE];
+
+int32_t psa_sst_get_incorrect_size(security_t caller)
+{
+ psa_sst_uid_t uid = UID_BASE_VALUE + 5;
+ uint32_t status = VAL_STATUS_SUCCESS;
+
+ /* Set the UID with the data_len and data_buff */
+ val->print(PRINT_TEST, "Create a valid Storage\n", 0);
+ status = SST_FUNCTION(s007_data[1].api, uid, TEST_BUFF_SIZE/2, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s007_data[1].status, TEST_CHECKPOINT_NUM(1));
+
+ /* Call set for same UID and increase the length */
+ val->print(PRINT_TEST, "Increase the length of storage\n", 0);
+ status = SST_FUNCTION(s007_data[2].api, uid, TEST_BUFF_SIZE, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s007_data[2].status, TEST_CHECKPOINT_NUM(2));
+
+ /* Access data using get API and old length */
+ val->print(PRINT_TEST, "[Check 1] Call get API with old length\n", 0);
+ status = SST_FUNCTION(s007_data[3].api, uid, 0, TEST_BUFF_SIZE/2, read_buff);
+ TEST_ASSERT_EQUAL(status, s007_data[3].status, TEST_CHECKPOINT_NUM(3));
+
+ /* Access data using get API and valid length */
+ status = SST_FUNCTION(s007_data[4].api, uid, 0, TEST_BUFF_SIZE/4, read_buff);
+ TEST_ASSERT_EQUAL(status, s007_data[4].status, TEST_CHECKPOINT_NUM(4));
+ TEST_ASSERT_MEMCMP(read_buff, write_buff, TEST_BUFF_SIZE/4, TEST_CHECKPOINT_NUM(5));
+
+ /* Decrease the length again */
+ val->print(PRINT_TEST, "Decrease the length of storage\n", 0);
+ status = SST_FUNCTION(s007_data[6].api, uid, TEST_BUFF_SIZE/4, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s007_data[6].status, TEST_CHECKPOINT_NUM(6));
+
+ /* Access data using get API and old length */
+ status = SST_FUNCTION(s007_data[7].api, uid, 0, TEST_BUFF_SIZE/2, read_buff);
+ TEST_ASSERT_EQUAL(status, s007_data[7].status, TEST_CHECKPOINT_NUM(7));
+
+ /* Access data using get API and old length */
+ val->print(PRINT_TEST, "[Check 2] Call get API with old length\n", 0);
+ status = SST_FUNCTION(s007_data[8].api, uid, 0, TEST_BUFF_SIZE, read_buff);
+ TEST_ASSERT_EQUAL(status, s007_data[8].status, TEST_CHECKPOINT_NUM(8));
+
+ /* Access data using correct length */
+ val->print(PRINT_TEST, "[Check 3] Call get API with valid length\n", 0);
+ status = SST_FUNCTION(s007_data[9].api, uid, 0, TEST_BUFF_SIZE/4, read_buff);
+ TEST_ASSERT_EQUAL(status, s007_data[9].status, TEST_CHECKPOINT_NUM(9));
+
+ /* Remove the UID */
+ status = SST_FUNCTION(s007_data[10].api, uid);
+ TEST_ASSERT_EQUAL(status, s007_data[10].status, TEST_CHECKPOINT_NUM(10));
+
+ return status;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_s007.h b/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_s007.h
new file mode 100644
index 00000000000..5a71e4beb02
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_s007.h
@@ -0,0 +1,36 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S007_CLIENT_TESTS_H_
+#define _TEST_S007_CLIENT_TESTS_H_
+
+#ifdef ITS_TEST
+#define VAL_STORAGE_BASE VAL_INTERNAL_TRUSTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, s007)
+#elif PS_TEST
+#define VAL_STORAGE_BASE VAL_PROTECTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, p007)
+#endif
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_s007_sst_list[];
+
+int32_t psa_sst_get_incorrect_size(security_t caller);
+
+#endif /* _TEST_S007_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/main.c b/components/TARGET_PSA/TESTS/compliance_its/test_s008/main.c
new file mode 100644
index 00000000000..8faecab01e3
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s008/main.c
@@ -0,0 +1,17 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+#ifdef ITS_TEST
+void test_entry_s008(val_api_t *val_api, psa_api_t *psa_api);
+#elif PS_TEST
+void test_entry_p008(val_api_t *val_api, psa_api_t *psa_api);
+#endif
+
+int main(void)
+{
+#ifdef ITS_TEST
+ test_start(test_entry_s008, COMPLIANCE_TEST_STORAGE);
+#elif PS_TEST
+ test_start(test_entry_p008, COMPLIANCE_TEST_STORAGE);
+#endif
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_entry.c b/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_entry.c
new file mode 100644
index 00000000000..f5318816973
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s008.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_STORAGE_BASE, 8)
+#define TEST_DESC "Invalid offset check\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_secure_storage_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_s008_sst_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_its_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_its_data.h
new file mode 100644
index 00000000000..89093d49c82
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_its_data.h
@@ -0,0 +1,74 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S008_ITS_DATA_TESTS_H_
+#define _TEST_S008_ITS_DATA_TESTS_H_
+
+#include "val_internal_trusted_storage.h"
+
+#define SST_FUNCTION val->its_function
+#define psa_sst_uid_t psa_its_uid_t
+
+typedef struct {
+ enum its_function_code api;
+ psa_its_status_t status;
+} test_data;
+
+static const test_data s008_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create a valid storage entity with zero flag value */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Call get API with offset + data_len = total_size */
+},
+{
+ 0, 0 /* This is dummy for index3 */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Call get API with offset + data_len < total_size */
+},
+{
+ 0, 0 /* This is dummy for index5 */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Call get API with offset = total data_size + 1 */
+},
+{
+ 0, 0 /* This is dummy for index7 */
+},
+{
+ VAL_ITS_GET, PSA_ITS_ERROR_INCORRECT_SIZE /* get API with offset + data_len > total data_size */
+},
+{
+ 0, 0 /* This is dummy for index9 */
+},
+{
+ VAL_ITS_GET, PSA_ITS_ERROR_INCORRECT_SIZE /* Call get API with invalid data len and offset zero */
+},
+{
+ 0, 0 /* This is dummy for index11 */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Call get API with offset = MAX_UINT32 */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove the storage entity */
+},
+};
+#endif /* _TEST_S008_ITS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_ps_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_ps_data.h
new file mode 100644
index 00000000000..2b15d358f1c
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_ps_data.h
@@ -0,0 +1,74 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or ps affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S008_PS_DATA_TESTS_H_
+#define _TEST_S008_PS_DATA_TESTS_H_
+
+#include "val_protected_storage.h"
+
+#define SST_FUNCTION val->ps_function
+#define psa_sst_uid_t psa_ps_uid_t
+
+typedef struct {
+ enum ps_function_code api;
+ psa_ps_status_t status;
+} test_data;
+
+static const test_data s008_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create a valid storage entity with zero flag value */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Call get API with offset + data_len = total_size */
+},
+{
+ 0, 0 /* This is dummy for index3 */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Call get API with offset + data_len < total_size */
+},
+{
+ 0, 0 /* This is dummy for index5 */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS/* Call get API with offset = total data_size + 1 */
+},
+{
+ 0, 0 /* This is dummy for index7 */
+},
+{
+ VAL_PS_GET, PSA_PS_ERROR_INCORRECT_SIZE /* Call get API with offset + data_len > total data_size */
+},
+{
+ 0, 0 /* This is dummy for index9 */
+},
+{
+ VAL_PS_GET, PSA_PS_ERROR_INCORRECT_SIZE /* Call get API with invalid data len and offset zero */
+},
+{
+ 0, 0 /* This is dummy for index11 */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Call get API with offset = MAX_UINT32 */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove the storage entity */
+},
+};
+#endif /* _TEST_S008_PS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_s008.c b/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_s008.c
new file mode 100644
index 00000000000..8374f36e12d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_s008.c
@@ -0,0 +1,116 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s008.h"
+#ifdef ITS_TEST
+#include "test_its_data.h"
+#elif PS_TEST
+#include "test_ps_data.h"
+#endif
+
+#define TEST_BUFF_SIZE 20
+#define TEST_MAX_UINT32 0xFFFFFFFF
+
+client_test_t test_s008_sst_list[] = {
+ NULL,
+ psa_sst_valid_offset_success,
+ psa_sst_invalid_offset_failure,
+ NULL,
+};
+
+static psa_sst_uid_t uid = UID_BASE_VALUE + 5;
+static uint8_t read_buff[TEST_BUFF_SIZE];
+static uint8_t write_buff[TEST_BUFF_SIZE] = {0x99, 0x01, 0x02, 0x03, 0x04, 0x23, 0xF6, 0x07, 0x08, \
+ 0x0D, 0x70, 0xA1, 0xFF, 0xFF, 0x14, 0x73, 0x46, 0x97, 0xE8, 0xDD};
+
+int32_t psa_sst_invalid_offset_failure(security_t caller)
+{
+ uint32_t status, j;
+
+ /* Case where offset = data_size +1 , data_len 0. Also check nothing is returned in read buff*/
+ val->print(PRINT_TEST, "[Check 2] Try to access data with varying invalid offset\n", 0);
+ memset(read_buff, 0, TEST_BUFF_SIZE);
+ status = SST_FUNCTION(s008_data[6].api, uid, TEST_BUFF_SIZE+1, 0, read_buff);
+ TEST_ASSERT_NOT_EQUAL(status, s008_data[6].status, TEST_CHECKPOINT_NUM(6));
+ for (j = 0; j < TEST_BUFF_SIZE; j++)
+ {
+ TEST_ASSERT_EQUAL(read_buff[j], 0x00, TEST_CHECKPOINT_NUM(7));
+ }
+
+ /* Case where offset = data_size , data_len= 1 Also check nothing is returned in read buff*/
+ status = SST_FUNCTION(s008_data[8].api, uid, TEST_BUFF_SIZE, 1, read_buff);
+ TEST_ASSERT_EQUAL(status, s008_data[8].status, TEST_CHECKPOINT_NUM(8));
+ for (j = 0; j < TEST_BUFF_SIZE; j++)
+ {
+ TEST_ASSERT_EQUAL(read_buff[j], 0x00, TEST_CHECKPOINT_NUM(9));
+ }
+
+ /* Case where offset = 0 , data_len > data_size Also check nothing is returned in read buff*/
+ status = SST_FUNCTION(s008_data[10].api, uid, 0, TEST_BUFF_SIZE+1, read_buff);
+ TEST_ASSERT_EQUAL(status, s008_data[10].status, TEST_CHECKPOINT_NUM(10));
+ for (j = 0; j < TEST_BUFF_SIZE; j++)
+ {
+ TEST_ASSERT_EQUAL(read_buff[j], 0x00, TEST_CHECKPOINT_NUM(11));
+ }
+
+ /* Try to access data with offset as MAX_UINT32 and length less than buffer size */
+ status = SST_FUNCTION(s008_data[12].api, uid, TEST_MAX_UINT32, TEST_BUFF_SIZE/2, read_buff);
+ TEST_ASSERT_NOT_EQUAL(status, s008_data[12].status, TEST_CHECKPOINT_NUM(12));
+
+ /* Remove the UID */
+ status = SST_FUNCTION(s008_data[13].api, uid);
+ TEST_ASSERT_EQUAL(status, s008_data[13].status, TEST_CHECKPOINT_NUM(13));
+
+ return VAL_STATUS_SUCCESS;
+}
+
+int32_t psa_sst_valid_offset_success(security_t caller)
+{
+ uint32_t status, data_len, offset = TEST_BUFF_SIZE;
+
+ /* Set data for UID */
+ status = SST_FUNCTION(s008_data[1].api, uid, TEST_BUFF_SIZE, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s008_data[1].status, TEST_CHECKPOINT_NUM(1));
+
+ /* Case where offset + datalen = data_size */
+ val->print(PRINT_TEST, "[Check 1] Try to access data with varying valid offset\n", 0);
+ while (offset > 0)
+ {
+ data_len = TEST_BUFF_SIZE - offset;
+ memset(read_buff, 0, TEST_BUFF_SIZE);
+ status = SST_FUNCTION(s008_data[2].api, uid, offset, data_len, read_buff);
+ TEST_ASSERT_EQUAL(status, s008_data[2].status, TEST_CHECKPOINT_NUM(2));
+ TEST_ASSERT_MEMCMP(read_buff, write_buff + offset, data_len, TEST_CHECKPOINT_NUM(3));
+ offset >>= 1;
+ }
+
+ offset = TEST_BUFF_SIZE - 2;
+ data_len = 1;
+ /* Case where offset + datalen < data_size */
+ while (offset > 0)
+ {
+ status = SST_FUNCTION(s008_data[4].api, uid, offset, data_len, read_buff);
+ TEST_ASSERT_EQUAL(status, s008_data[4].status, TEST_CHECKPOINT_NUM(4));
+ TEST_ASSERT_MEMCMP(read_buff, write_buff + offset, data_len, TEST_CHECKPOINT_NUM(5));
+ offset >>= 1;
+ data_len <<= 1;
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_s008.h b/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_s008.h
new file mode 100644
index 00000000000..de4cd0d2d6d
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_s008.h
@@ -0,0 +1,37 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S008_CLIENT_TESTS_H_
+#define _TEST_S008_CLIENT_TESTS_H_
+
+#ifdef ITS_TEST
+#define VAL_STORAGE_BASE VAL_INTERNAL_TRUSTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, s008)
+#elif PS_TEST
+#define VAL_STORAGE_BASE VAL_PROTECTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, p008)
+#endif
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_s008_sst_list[];
+
+int32_t psa_sst_valid_offset_success(security_t caller);
+int32_t psa_sst_invalid_offset_failure(security_t caller);
+
+#endif /* _TEST_S008_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/main.c b/components/TARGET_PSA/TESTS/compliance_its/test_s009/main.c
new file mode 100644
index 00000000000..adf65a3d8aa
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s009/main.c
@@ -0,0 +1,17 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+#ifdef ITS_TEST
+void test_entry_s009(val_api_t *val_api, psa_api_t *psa_api);
+#elif PS_TEST
+void test_entry_p009(val_api_t *val_api, psa_api_t *psa_api);
+#endif
+
+int main(void)
+{
+#ifdef ITS_TEST
+ test_start(test_entry_s009, COMPLIANCE_TEST_STORAGE);
+#elif PS_TEST
+ test_start(test_entry_p009, COMPLIANCE_TEST_STORAGE);
+#endif
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_entry.c b/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_entry.c
new file mode 100644
index 00000000000..37883fb986a
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s009.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_STORAGE_BASE, 9)
+#define TEST_DESC "Invalid Arguments check\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_secure_storage_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_s009_sst_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_its_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_its_data.h
new file mode 100644
index 00000000000..80e7fb1a9ab
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_its_data.h
@@ -0,0 +1,69 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S009_ITS_DATA_TESTS_H_
+#define _TEST_S009_ITS_DATA_TESTS_H_
+
+#include "val_internal_trusted_storage.h"
+
+#define SST_FUNCTION val->its_function
+#define psa_sst_uid_t psa_its_uid_t
+
+typedef struct {
+ enum its_function_code api;
+ psa_its_status_t status;
+} test_data;
+
+static struct psa_its_info_t info;
+static const test_data s009_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Call set API with NULL write buffer and 0 length */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Verify UID is created */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Call get API with NULL write buffer and 0 length */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove the storage entity */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_ERROR_UID_NOT_FOUND /* Verify UID is removed */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create storage of zero size and valid write buffer */
+},
+{
+ VAL_ITS_GET_INFO, PSA_ITS_SUCCESS /* Call get_info API to check data size */
+},
+{
+ 0, 0 /* This is dummy for index8 */
+},
+{
+ VAL_ITS_GET, PSA_ITS_SUCCESS /* Call get API with 0 length and NULL read buffer */
+},
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Increase the asset size */
+},
+{
+ VAL_ITS_REMOVE, PSA_ITS_SUCCESS /* Remove the storage entity */
+},
+};
+#endif /* _TEST_S009_ITS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_ps_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_ps_data.h
new file mode 100644
index 00000000000..129bca08651
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_ps_data.h
@@ -0,0 +1,69 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or ps affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S009_PS_DATA_TESTS_H_
+#define _TEST_S009_PS_DATA_TESTS_H_
+
+#include "val_protected_storage.h"
+
+#define SST_FUNCTION val->ps_function
+#define psa_sst_uid_t psa_ps_uid_t
+
+typedef struct {
+ enum ps_function_code api;
+ psa_ps_status_t status;
+} test_data;
+
+static struct psa_ps_info_t info;
+static const test_data s009_data[] = {
+{
+ 0, 0 /* This is dummy for index0 */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Call set API with NULL write buffer and 0 length */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Verify UID is created */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Call get API with NULL write buffer and 0 length */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove the storage entity */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_ERROR_UID_NOT_FOUND /* Verify UID is removed */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create storage of zero size and valid write buffer */
+},
+{
+ VAL_PS_GET_INFO, PSA_PS_SUCCESS /* Call get_info API to check data size */
+},
+{
+ 0, 0 /* This is dummy for index8 */
+},
+{
+ VAL_PS_GET, PSA_PS_SUCCESS /* Call get API with 0 length and NULL read buffer */
+},
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Increase the asset size */
+},
+{
+ VAL_PS_REMOVE, PSA_PS_SUCCESS /* Remove the storage entity */
+},
+};
+#endif /* _TEST_S009_PS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_s009.c b/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_s009.c
new file mode 100644
index 00000000000..4567c666027
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_s009.c
@@ -0,0 +1,92 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s009.h"
+#ifdef ITS_TEST
+#include "test_its_data.h"
+#elif PS_TEST
+#include "test_ps_data.h"
+#endif
+
+#define TEST_BUFF_SIZE 20
+
+client_test_t test_s009_sst_list[] = {
+ NULL,
+ psa_sst_zero_length_check,
+ NULL,
+};
+
+static psa_sst_uid_t uid = UID_BASE_VALUE + 5;
+static uint8_t write_buff[TEST_BUFF_SIZE] = {0x99, 0x01, 0x02, 0x03, 0x04, 0x23, 0xF6, 0x07, 0x08, \
+ 0x0D, 0x70, 0xA1, 0xFF, 0xFF, 0x14, 0x73, 0x46, 0x97, 0xE8, 0xDD};
+
+int32_t psa_sst_zero_length_check(security_t caller)
+{
+ uint32_t status;
+
+ /* Set data for UID with length 0 and NULL pointer */
+ val->print(PRINT_TEST, "[Check 1] Call set API with NULL pointer and data length 0\n", 0);
+ status = SST_FUNCTION(s009_data[1].api, uid, 0, NULL, 0);
+ TEST_ASSERT_EQUAL(status, s009_data[1].status, TEST_CHECKPOINT_NUM(1));
+
+ /* Call the get_info function to verify UID created */
+ status = SST_FUNCTION(s009_data[2].api, uid, &info);
+ TEST_ASSERT_EQUAL(status, s009_data[2].status, TEST_CHECKPOINT_NUM(2));
+
+ /* Call get API with NULL read buffer */
+ val->print(PRINT_TEST, "[Check 2] Call get API with NULL read buffer and data length 0\n", 0);
+ status = SST_FUNCTION(s009_data[3].api, uid, 0, 0, NULL);
+ TEST_ASSERT_EQUAL(status, s009_data[3].status, TEST_CHECKPOINT_NUM(3));
+
+ /* Remove the UID */
+ val->print(PRINT_TEST, "[Check 3] Remove the UID\n", 0);
+ status = SST_FUNCTION(s009_data[4].api, uid);
+ TEST_ASSERT_EQUAL(status, s009_data[4].status, TEST_CHECKPOINT_NUM(4));
+
+ /* Call the get_info function to verify UID is removed */
+ val->print(PRINT_TEST, "[Check 4] Call get_info API to verify UID removed\n", 0);
+ status = SST_FUNCTION(s009_data[5].api, uid, &info);
+ TEST_ASSERT_EQUAL(status, s009_data[5].status, TEST_CHECKPOINT_NUM(5));
+
+ /* Create UID with length 0 and valid write buffer */
+ val->print(PRINT_TEST, "[Check 5] Create UID with zero data_len and valid write buffer\n", 0);
+ status = SST_FUNCTION(s009_data[6].api, uid, 0, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s009_data[6].status, TEST_CHECKPOINT_NUM(6));
+
+ /* Call the get_info function and match the attributes */
+ status = SST_FUNCTION(s009_data[7].api, uid, &info);
+ TEST_ASSERT_EQUAL(status, s009_data[7].status, TEST_CHECKPOINT_NUM(7));
+ TEST_ASSERT_EQUAL(info.size, 0, TEST_CHECKPOINT_NUM(8));
+
+ /* Call get API with NULL read buffer and valid UID */
+ val->print(PRINT_TEST, "[Check 8] Call get API with NULL read buffer and data length 0\n", 0);
+ status = SST_FUNCTION(s009_data[9].api, uid, 0, 0, NULL);
+ TEST_ASSERT_EQUAL(status, s009_data[9].status, TEST_CHECKPOINT_NUM(9));
+
+ /* Change the length to test_buff_size */
+ val->print(PRINT_TEST, "[Check 9] Increase the length\n", 0);
+ status = SST_FUNCTION(s009_data[10].api, uid, TEST_BUFF_SIZE, write_buff, 0);
+ TEST_ASSERT_EQUAL(status, s009_data[10].status, TEST_CHECKPOINT_NUM(10));
+
+ /* Remove the UID */
+ status = SST_FUNCTION(s009_data[11].api, uid);
+ TEST_ASSERT_EQUAL(status, s009_data[11].status, TEST_CHECKPOINT_NUM(11));
+
+ return VAL_STATUS_SUCCESS;
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_s009.h b/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_s009.h
new file mode 100644
index 00000000000..11b32d173d7
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_s009.h
@@ -0,0 +1,36 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S009_CLIENT_TESTS_H_
+#define _TEST_S009_CLIENT_TESTS_H_
+
+#ifdef ITS_TEST
+#define VAL_STORAGE_BASE VAL_INTERNAL_TRUSTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, s009)
+#elif PS_TEST
+#define VAL_STORAGE_BASE VAL_PROTECTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, p009)
+#endif
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_s009_sst_list[];
+
+int32_t psa_sst_zero_length_check(security_t caller);
+
+#endif /* _TEST_S009_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/main.c b/components/TARGET_PSA/TESTS/compliance_its/test_s010/main.c
new file mode 100644
index 00000000000..dd110a6a4d6
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s010/main.c
@@ -0,0 +1,17 @@
+#include "val_interfaces.h"
+#include "pal_mbed_os_intf.h"
+
+#ifdef ITS_TEST
+void test_entry_s010(val_api_t *val_api, psa_api_t *psa_api);
+#elif PS_TEST
+void test_entry_p010(val_api_t *val_api, psa_api_t *psa_api);
+#endif
+
+int main(void)
+{
+#ifdef ITS_TEST
+ test_start(test_entry_s010, COMPLIANCE_TEST_STORAGE);
+#elif PS_TEST
+ test_start(test_entry_p010, COMPLIANCE_TEST_STORAGE);
+#endif
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_entry.c b/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_entry.c
new file mode 100644
index 00000000000..82623c6b920
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_entry.c
@@ -0,0 +1,53 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s010.h"
+
+#define TEST_NUM VAL_CREATE_TEST_ID(VAL_STORAGE_BASE, 10)
+#define TEST_DESC "UID value zero check\n"
+
+TEST_PUBLISH(TEST_NUM, test_entry);
+val_api_t *val = NULL;
+psa_api_t *psa = NULL;
+
+void test_entry(val_api_t *val_api, psa_api_t *psa_api)
+{
+ int32_t status = VAL_STATUS_SUCCESS;
+
+ val = val_api;
+ psa = psa_api;
+
+ /* test init */
+ val->test_init(TEST_NUM, TEST_DESC, TEST_FIELD(TEST_ISOLATION_L1, WD_HIGH_TIMEOUT));
+ if (!IS_TEST_START(val->get_status()))
+ {
+ goto test_exit;
+ }
+
+ /* Execute list of tests available in test[num]_secure_storage_list from Non-secure side*/
+ status = val->execute_non_secure_tests(TEST_NUM, test_s010_sst_list, FALSE);
+
+ if (VAL_ERROR(status))
+ {
+ goto test_exit;
+ }
+
+test_exit:
+ val->test_exit();
+}
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_its_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_its_data.h
new file mode 100644
index 00000000000..7b1b6d37989
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_its_data.h
@@ -0,0 +1,35 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S010_ITS_DATA_TESTS_H_
+#define _TEST_S010_ITS_DATA_TESTS_H_
+
+#include "val_internal_trusted_storage.h"
+
+#define SST_FUNCTION val->its_function
+#define psa_sst_uid_t psa_its_uid_t
+
+typedef struct {
+ enum its_function_code api;
+ psa_its_status_t status;
+} test_data;
+
+static const test_data s010_data[] = {
+{
+ VAL_ITS_SET, PSA_ITS_SUCCESS /* Create with UID value zero should fail */
+},
+};
+#endif /* _TEST_S010_ITS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_ps_data.h b/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_ps_data.h
new file mode 100644
index 00000000000..e88ed9b4ca7
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_ps_data.h
@@ -0,0 +1,35 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or ps affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S010_PS_DATA_TESTS_H_
+#define _TEST_S010_PS_DATA_TESTS_H_
+
+#include "val_protected_storage.h"
+
+#define SST_FUNCTION val->ps_function
+#define psa_sst_uid_t psa_ps_uid_t
+
+typedef struct {
+ enum ps_function_code api;
+ psa_ps_status_t status;
+} test_data;
+
+static const test_data s010_data[] = {
+{
+ VAL_PS_SET, PSA_PS_SUCCESS /* Create with UID value zero should fail */
+},
+};
+#endif /* _TEST_S010_PS_DATA_TESTS_H_ */
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_s010.c b/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_s010.c
new file mode 100644
index 00000000000..c74bad3fdfe
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_s010.c
@@ -0,0 +1,49 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_interfaces.h"
+#include "val_target.h"
+#include "test_s010.h"
+#ifdef ITS_TEST
+#include "test_its_data.h"
+#elif PS_TEST
+#include "test_ps_data.h"
+#endif
+
+#define TEST_BUFF_SIZE 1
+
+client_test_t test_s010_sst_list[] = {
+ NULL,
+ psa_sst_uid_value_zero_check,
+ NULL,
+};
+
+static uint8_t write_buff[TEST_BUFF_SIZE] = {0xFF};
+
+int32_t psa_sst_uid_value_zero_check(security_t caller)
+{
+ int32_t status;
+ psa_sst_uid_t uid = 0;
+
+ /* Set with UID value zero should fail */
+ val->print(PRINT_TEST, "[Check 1] Creating storage with UID 0 should fail\n", 0 );
+ status = SST_FUNCTION(s010_data[0].api, uid, TEST_BUFF_SIZE, write_buff, 0);
+ TEST_ASSERT_NOT_EQUAL(status, s010_data[0].status, TEST_CHECKPOINT_NUM(1));
+
+ return VAL_STATUS_SUCCESS;
+}
+
diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_s010.h b/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_s010.h
new file mode 100644
index 00000000000..96ac55d4692
--- /dev/null
+++ b/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_s010.h
@@ -0,0 +1,35 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _TEST_S010_CLIENT_TESTS_H_
+#define _TEST_S010_CLIENT_TESTS_H_
+
+#ifdef ITS_TEST
+#define VAL_STORAGE_BASE VAL_INTERNAL_TRUSTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, s010)
+#elif PS_TEST
+#define VAL_STORAGE_BASE VAL_PROTECTED_STORAGE_BASE
+#define test_entry CONCAT(test_entry_, p010)
+#endif
+#define val CONCAT(val,test_entry)
+#define psa CONCAT(psa,test_entry)
+
+extern val_api_t *val;
+extern psa_api_t *psa;
+extern client_test_t test_s010_sst_list[];
+
+int32_t psa_sst_uid_value_zero_check(security_t caller);
+#endif /* _TEST_S010_CLIENT_TESTS_H_ */
diff --git a/components/TARGET_PSA/services/storage/its/psa_prot_internal_storage.h b/components/TARGET_PSA/services/storage/its/psa_prot_internal_storage.h
index ad4bf1eef95..5ce5cf6aaaf 100644
--- a/components/TARGET_PSA/services/storage/its/psa_prot_internal_storage.h
+++ b/components/TARGET_PSA/services/storage/its/psa_prot_internal_storage.h
@@ -44,10 +44,7 @@ MBED_DEPRECATED("ITS specific types should not be used")
typedef psa_storage_uid_t psa_its_uid_t;
MBED_DEPRECATED("ITS specific types should not be used")
-struct psa_its_info_t {
- uint32_t size;
- psa_its_create_flags_t flags;
-};
+#define psa_its_info_t psa_storage_info_t
// These defines should also be deprecated
#define PSA_ITS_SUCCESS PSA_SUCCESS
@@ -68,10 +65,8 @@ typedef psa_storage_uid_t psa_ps_uid_t;
MBED_DEPRECATED("PS specific types should not be used")
typedef psa_storage_create_flags_t psa_ps_create_flags_t;
MBED_DEPRECATED("PS specific types should not be used")
-struct psa_ps_info_t {
- uint32_t size;
- psa_ps_create_flags_t flags;
-};
+#define psa_ps_info_t psa_storage_info_t
+
#define PSA_PS_SUCCESS PSA_SUCCESS
#define PSA_PS_ERROR_UID_NOT_FOUND PSA_ERROR_DOES_NOT_EXIST
#define PSA_PS_ERROR_STORAGE_FAILURE PSA_ERROR_STORAGE_FAILURE
diff --git a/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.c b/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.c
new file mode 100644
index 00000000000..2d99f74d86f
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.c
@@ -0,0 +1,54 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+
+#include "pal_attestation_intf.h"
+
+/**
+ @brief - This API will call the requested attestation function
+ @param - type : function code
+ valist : variable argument list
+ @return - error status
+**/
+int32_t pal_attestation_function(int type, va_list valist)
+{
+ uint8_t *challenge, *token;
+ uint32_t challenge_size, *token_size, verify_token_size;
+
+ switch (type)
+ {
+ case PAL_INITIAL_ATTEST_GET_TOKEN:
+ challenge = va_arg(valist, uint8_t*);
+ challenge_size = va_arg(valist, uint32_t);
+ token = va_arg(valist, uint8_t*);
+ token_size = va_arg(valist, uint32_t*);
+ return psa_initial_attest_get_token(challenge, challenge_size, token, token_size);
+ case PAL_INITIAL_ATTEST_GET_TOKEN_SIZE:
+ challenge_size = va_arg(valist, uint32_t);
+ token_size = va_arg(valist, uint32_t*);
+ return psa_initial_attest_get_token_size(challenge_size, token_size);
+ case PAL_INITIAL_ATTEST_VERIFY_TOKEN:
+ challenge = va_arg(valist, uint8_t*);
+ challenge_size = va_arg(valist, uint32_t);
+ token = va_arg(valist, uint8_t*);
+ verify_token_size = va_arg(valist, uint32_t);
+ return pal_initial_attest_verify_token(challenge, challenge_size,
+ token, verify_token_size);
+ default:
+ return PAL_STATUS_UNSUPPORTED_FUNC;
+ }
+}
diff --git a/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h b/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h
new file mode 100644
index 00000000000..fdefc83adca
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h
@@ -0,0 +1,31 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _PAL_INITIAL_ATTESTATION_H_
+#define _PAL_INITIAL_ATTESTATION_H_
+
+#include "psa_initial_attestation_api.h"
+#include "pal_attestation_eat.h"
+
+enum attestation_function_code {
+ PAL_INITIAL_ATTEST_GET_TOKEN = 0x1,
+ PAL_INITIAL_ATTEST_GET_TOKEN_SIZE = 0x2,
+ PAL_INITIAL_ATTEST_VERIFY_TOKEN = 0x3,
+};
+
+int32_t pal_attestation_function(int type, va_list valist);
+#endif /* _PAL_INITIAL_ATTESTATION_H_ */
diff --git a/features/frameworks/TARGET_PSA/pal/pal_client_api_empty_intf.c b/features/frameworks/TARGET_PSA/pal/pal_client_api_empty_intf.c
new file mode 100644
index 00000000000..51361779f8c
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_client_api_empty_intf.c
@@ -0,0 +1,98 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef COMPONENT_PSA_SRV_IPC
+
+#include "pal_common.h"
+#include "pal_client_api_intf.h"
+
+
+/**
+ * @brief - Retrieve the version of the PSA Framework API that is implemented.
+ * This is a wrapper API for psa_framework_version API.
+ * @param - void
+ * @return - The PSA Framework API version.
+ */
+
+uint32_t pal_ipc_framework_version(void)
+{
+ return 0;
+}
+
+/**
+ * @brief - Retrieve the minor version of a Root of Trust Service by its SID.
+ * This is a wrapper API for the psa_version API.
+ * @param - sid The Root of Trust Service ID
+ * @return - Minor version of Root of Trust Service or PSA_VERSION_NONE if Root of Trust
+ * Service not present on the system.
+ */
+
+uint32_t pal_ipc_version(uint32_t sid)
+{
+ return PSA_VERSION_NONE;
+}
+
+/**
+ * @brief - Connect to given sid.
+ * This is a wrapper API for the psa_connect API.
+ * @param - sid : RoT service id
+ * @param - minor_version : minor_version of RoT service
+ * @return - psa_handle_t : return connection handle
+ */
+
+psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version)
+{
+ return PSA_NULL_HANDLE;
+}
+
+/**
+ * @brief Call a connected Root of Trust Service.
+ * This is a wrapper API for the psa_call API.
+ * The caller must provide an array of ::psa_invec_t structures as the input payload.
+ *
+ * @param -handle Handle for the connection.
+ * @param -in_vec Array of psa_invec structures.
+ * @param -in_len Number of psa_invec structures in in_vec.
+ * @param -out_vec Array of psa_outvec structures for optional Root of Trust Service response.
+ * @param -out_len Number of psa_outvec structures in out_vec.
+ * @return -psa_status_t
+ */
+
+psa_status_t pal_ipc_call(psa_handle_t handle,
+ const psa_invec *in_vec,
+ size_t in_len,
+ psa_outvec *out_vec,
+ size_t out_len)
+{
+ return (PSA_SUCCESS - 1);
+}
+
+/**
+ * @brief Close a connection to a Root of Trust Service.
+ * This is a wrapper API for the psa_close API.
+ * Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources.
+ *
+ * @param handle Handle for the connection.
+ * @return void
+ */
+
+void pal_ipc_close(psa_handle_t handle)
+{
+ return;
+}
+
+#endif
diff --git a/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.c b/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.c
new file mode 100644
index 00000000000..16e336c045f
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.c
@@ -0,0 +1,101 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifdef COMPONENT_PSA_SRV_IPC
+
+#include "pal_common.h"
+#include "pal_client_api_intf.h"
+
+/**
+ * @brief - Retrieve the version of the PSA Framework API that is implemented.
+ * This is a wrapper API for psa_framework_version API.
+ * @param - void
+ * @return - The PSA Framework API version.
+ * Note - Return PAL_STATUS_ERROR if PSA IPC is not implemented.
+ */
+
+uint32_t pal_ipc_framework_version(void)
+{
+ return (psa_framework_version());
+}
+
+/**
+ * @brief - Retrieve the minor version of a Root of Trust Service by its SID.
+ * This is a wrapper API for the psa_version API.
+ * @param - sid The Root of Trust Service ID
+ * @return - Minor version of Root of Trust Service or PSA_VERSION_NONE if Root of Trust
+ * Service not present on the system.
+ * Note - Return PAL_STATUS_ERROR if PSA IPC is not implemented.
+ */
+
+uint32_t pal_ipc_version(uint32_t sid)
+{
+ return (psa_version(sid));
+}
+
+/**
+ * @brief - Connect to given sid.
+ * This is a wrapper API for the psa_connect API.
+ * @param - sid : RoT service id
+ * @param - minor_version : minor_version of RoT service
+ * @return - psa_handle_t : return connection handle
+ * Note - Return PSA_NULL_HANDLE if PSA IPC is not implemented.
+ */
+
+psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version)
+{
+ return (psa_connect(sid, minor_version));
+}
+
+/**
+ * @brief Call a connected Root of Trust Service.
+ * This is a wrapper API for the psa_call API.
+ * The caller must provide an array of ::psa_invec_t structures as the input payload.
+ *
+ * @param -handle Handle for the connection.
+ * @param -in_vec Array of psa_invec structures.
+ * @param -in_len Number of psa_invec structures in in_vec.
+ * @param -out_vec Array of psa_outvec structures for optional Root of Trust Service response.
+ * @param -out_len Number of psa_outvec structures in out_vec.
+ * @return -psa_status_t
+ * Note - Return -1 if PSA IPC is not implemented.
+ */
+
+psa_status_t pal_ipc_call(psa_handle_t handle,
+ const psa_invec *in_vec,
+ size_t in_len,
+ psa_outvec *out_vec,
+ size_t out_len)
+{
+ return (psa_call(handle, in_vec, in_len, out_vec, out_len));
+}
+
+/**
+ * @brief Close a connection to a Root of Trust Service.
+ * This is a wrapper API for the psa_close API.
+ * Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources.
+ *
+ * @param - handle Handle for the connection.
+ * @return - void
+ */
+
+void pal_ipc_close(psa_handle_t handle)
+{
+ psa_close(handle);
+}
+
+#endif
diff --git a/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.h b/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.h
new file mode 100644
index 00000000000..cac75d27cbd
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.h
@@ -0,0 +1,74 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _PAL_CLIENT_API_H_
+#define _PAL_CLIENT_API_H_
+
+#if PSA_IPC_IMPLEMENTED
+/* psa/client.h: Contains the Client API elements. Accessible to all applications */
+#include "psa/client.h"
+
+/* psa_manifest/sid.h: Macro definitions derived from manifest files that map from RoT Service
+ * names to Service IDs (SIDs).
+ * Partition manifest parse build tool must provide the implementation of this file.
+*/
+#include "psa_manifest/sid.h"
+
+#else
+#include "pal_common.h"
+
+#define PSA_VERSION_NONE (0)
+#define PSA_SUCCESS (0)
+#define PSA_CONNECTION_REFUSED (INT32_MIN + 1)
+#define PSA_CONNECTION_BUSY (INT32_MIN + 2)
+#define PSA_DROP_CONNECTION (INT32_MIN)
+#define PSA_NULL_HANDLE ((psa_handle_t)0)
+
+typedef int32_t psa_status_t;
+typedef int32_t psa_handle_t;
+
+typedef struct psa_invec {
+ const void *base;
+ size_t len;
+} psa_invec;
+
+typedef struct psa_outvec {
+ void *base;
+ size_t len;
+} psa_outvec;
+
+uint32_t psa_framework_version(void);
+uint32_t psa_version(uint32_t sid);
+psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version);
+psa_status_t psa_call(psa_handle_t handle,
+ const psa_invec *in_vec,
+ size_t in_len,
+ psa_outvec *out_vec,
+ size_t out_len);
+void psa_close(psa_handle_t handle);
+#endif /* PSA_IPC_IMPLEMENTED */
+
+uint32_t pal_ipc_framework_version(void);
+uint32_t pal_ipc_version(uint32_t sid);
+psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version);
+psa_status_t pal_ipc_call(psa_handle_t handle,
+ const psa_invec *in_vec,
+ size_t in_len,
+ psa_outvec *out_vec,
+ size_t out_len);
+void pal_ipc_close(psa_handle_t handle);
+#endif /* _PAL_CLIENT_API_H_ */
diff --git a/features/frameworks/TARGET_PSA/pal/pal_common.h b/features/frameworks/TARGET_PSA/pal/pal_common.h
new file mode 100644
index 00000000000..2e905e47ccc
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_common.h
@@ -0,0 +1,112 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _PAL_COMMON_H_
+#define _PAL_COMMON_H_
+
+#include
+#include
+#include
+#include
+#include
+
+#ifndef PSA_PROTECTED_STORAGE_IMPLEMENTED
+#define PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED 1 /* Use ITS by default */
+#define ITS_TEST 1
+#endif
+
+#include "pal_crypto_config.h"
+#include "internal_trusted_storage.h"
+
+/* typedef's */
+typedef uint8_t bool_t;
+typedef uint32_t addr_t;
+typedef uint32_t test_id_t;
+typedef uint32_t block_id_t;
+typedef char char8_t;
+typedef uint32_t cfg_id_t;
+
+#define PAL_STATUS_UNSUPPORTED_FUNC 0xFF
+
+typedef enum
+{
+ PAL_STATUS_SUCCESS = 0x0,
+ PAL_STATUS_ERROR = 0x80
+} pal_status_t;
+
+typedef enum {
+ NVMEM_READ = 0x1,
+ NVMEM_WRITE = 0x2,
+} nvmem_fn_type_t;
+
+typedef struct {
+ nvmem_fn_type_t nvmem_fn_type;
+ addr_t base;
+ uint32_t offset;
+ int size;
+} nvmem_param_t;
+
+typedef enum {
+ WD_INIT_SEQ = 0x1,
+ WD_ENABLE_SEQ = 0x2,
+ WD_DISABLE_SEQ = 0x3,
+ WD_STATUS_SEQ = 0x4,
+} wd_fn_type_t;
+
+typedef enum {
+ WD_LOW_TIMEOUT = 0x1,
+ WD_MEDIUM_TIMEOUT = 0x2,
+ WD_HIGH_TIMEOUT = 0x3,
+ WD_CRYPTO_TIMEOUT = 0x4,
+} wd_timeout_type_t;
+
+typedef struct {
+ wd_fn_type_t wd_fn_type;
+ addr_t wd_base_addr;
+ uint32_t wd_time_us;
+ uint32_t wd_timer_tick_us;
+} wd_param_t;
+
+typedef enum {
+ UART_INIT = 0x1,
+ UART_PRINT = 0x2,
+} uart_fn_type_t;
+
+/*
+ * Redefining some of the client.h elements for compilation to go through
+ * when PSA IPC APIs are not implemented.
+ */
+#if (PSA_IPC_IMPLEMENTED == 0)
+
+#ifndef PSA_VERSION_NONE
+#define PSA_VERSION_NONE (0)
+#endif
+
+#ifndef PSA_SUCCESS
+#define PSA_SUCCESS (0)
+typedef int32_t psa_status_t;
+#endif
+typedef int32_t psa_handle_t;
+
+#ifndef PSA_NULL_HANDLE
+#define PSA_NULL_HANDLE ((psa_handle_t)0)
+#endif
+
+
+#endif /* PSA_IPC_IMPLEMENTED */
+
+#endif /* _PAL_COMMON_H_ */
diff --git a/features/frameworks/TARGET_PSA/pal/pal_crypto_config.h b/features/frameworks/TARGET_PSA/pal/pal_crypto_config.h
new file mode 100644
index 00000000000..eecb6c0b8a6
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_crypto_config.h
@@ -0,0 +1,411 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+/*
+ * \file pal_crypto_config.h
+ *
+ * \brief Configuration options for crypto tests (set of defines)
+ *
+ * This set of compile-time options may be used to enable
+ * or disable features selectively for crypto test suite
+ */
+
+#ifndef _PAL_CRYPTO_CONFIG_H_
+#define _PAL_CRYPTO_CONFIG_H_
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+/**
+ * \def ARCH_TEST_RSA
+ *
+ * Enable the RSA public-key cryptosystem.
+ * By default all supported keys are enabled.
+ *
+ * Comment macros to disable the types
+ */
+#ifdef MBEDTLS_RSA_C
+#define ARCH_TEST_RSA
+#define ARCH_TEST_RSA_1024
+#define ARCH_TEST_RSA_2048
+#define ARCH_TEST_RSA_3072
+#endif
+/**
+ * \def ARCH_TEST_ECC
+ * \def ARCH_TEST_ECC_CURVE_SECPXXXR1
+ *
+ * Enable the elliptic curve
+ * Enable specific curves within the Elliptic Curve
+ * module. By default all supported curves are enabled.
+ *
+ * Requires: ARCH_TEST_ECC
+ * Comment macros to disable the curve
+ */
+#ifdef MBEDTLS_ECP_C
+#define ARCH_TEST_ECC
+#ifdef MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define ARCH_TEST_ECC_CURVE_SECP192R1
+#endif
+#ifdef MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define ARCH_TEST_ECC_CURVE_SECP224R1
+#endif
+#ifdef MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define ARCH_TEST_ECC_CURVE_SECP256R1
+#endif
+#ifdef MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define ARCH_TEST_ECC_CURVE_SECP384R1
+#endif
+#endif
+/**
+ * \def ARCH_TEST_AES
+ *
+ * Enable the AES block cipher.
+ * By default all supported keys are enabled.
+ *
+ * Comment macros to disable the types
+ */
+#ifdef MBEDTLS_AES_C
+#define ARCH_TEST_AES
+#define ARCH_TEST_AES_128
+#define ARCH_TEST_AES_192
+#define ARCH_TEST_AES_256
+#define ARCH_TEST_AES_512
+#endif
+
+/**
+ * \def ARCH_TEST_DES
+ *
+ * Enable the DES block cipher.
+ * By default all supported keys are enabled.
+ *
+ * Comment macros to disable the types
+ */
+#ifdef MBEDTLS_DES_C
+#define ARCH_TEST_DES
+#define ARCH_TEST_DES_1KEY
+#define ARCH_TEST_DES_2KEY
+#define ARCH_TEST_DES_3KEY
+#endif
+
+/**
+ * \def ARCH_TEST_RAW
+ *
+ * A "key" of this type cannot be used for any cryptographic operation.
+ * Applications may use this type to store arbitrary data in the keystore.
+ */
+#define ARCH_TEST_RAW
+
+/**
+ * \def ARCH_TEST_CIPER
+ *
+ * Enable the generic cipher layer.
+ */
+#ifdef MBEDTLS_CIPHER_C
+#define ARCH_TEST_CIPER
+#endif
+/**
+ * \def ARCH_TEST_ARC4
+ *
+ * Enable the ARC4 key type.
+ */
+#ifdef MBEDTLS_ARC4_C
+#define ARCH_TEST_ARC4
+#endif
+/**
+ * \def ARCH_TEST_CIPER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ *
+ * Requires: ARCH_TEST_CIPER
+ */
+#ifdef MBEDTLS_CIPHER_MODE_CTR
+#define ARCH_TEST_CIPER_MODE_CTR
+#endif
+
+/**
+ * \def ARCH_TEST_CIPER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ *
+ * Requires: ARCH_TEST_CIPER
+ */
+#ifdef MBEDTLS_CIPHER_MODE_CFB
+#define ARCH_TEST_CIPER_MODE_CFB
+#endif
+
+/**
+ * \def ARCH_TEST_CIPER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ *
+ * Requires: ARCH_TEST_CIPER
+ */
+#ifdef MBEDTLS_CIPHER_MODE_CBC
+#define ARCH_TEST_CIPER_MODE_CBC
+#endif
+
+/**
+ * \def ARCH_TEST_CTR_AES
+ *
+ * Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CTR
+ */
+#if defined(MBEDTLS_CIPHER_MODE_CTR) && defined(MBEDTLS_AES_C)
+#define ARCH_TEST_CTR_AES
+#endif
+/**
+ * \def ARCH_TEST_CBC_AES
+ *
+ * Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CBC
+ *
+ * Comment macros to disable the types
+ */
+#if defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C)
+#define ARCH_TEST_CBC_AES
+#define ARCH_TEST_CBC_AES_NO_PADDING
+#endif
+
+
+/**
+ * \def ARCH_TEST_CBC_NO_PADDING
+ *
+ * Requires: ARCH_TEST_CIPER, ARCH_TEST_CIPER_MODE_CBC
+ *
+ * Comment macros to disable the types
+ */
+#ifdef MBEDTLS_CIPHER_MODE_CBC
+#define ARCH_TEST_CBC_NO_PADDING
+#endif
+
+/**
+ * \def ARCH_TEST_CFB_AES
+ *
+ * Requires: ARCH_TEST_CIPER, ARCH_TEST_AES, ARCH_TEST_CIPER_MODE_CFB
+ */
+#if defined(MBEDTLS_CIPHER_MODE_CFB) && defined(MBEDTLS_AES_C)
+#define ARCH_TEST_CFB_AES
+#endif
+
+/**
+ * \def ARCH_TEST_PKCS1V15_*
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ * Enable support for PKCS#1 v1.5 operations.
+ * Enable support for RSA-OAEP
+ *
+ * Requires: ARCH_TEST_RSA, ARCH_TEST_PKCS1V15
+ *
+ * Comment macros to disable the types
+ */
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C)
+#define ARCH_TEST_PKCS1V15
+#define ARCH_TEST_RSA_PKCS1V15_SIGN
+#define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+#define ARCH_TEST_RSA_PKCS1V15_CRYPT
+#endif
+#if defined(MBEDTLS_PKCS1_V21) && defined(MBEDTLS_RSA_C)
+#define ARCH_TEST_RSA_OAEP
+#endif
+
+
+/**
+ * \def ARCH_TEST_CBC_PKCS7
+ *
+ * Requires: ARCH_TEST_CIPER_MODE_CBC
+ *
+ * Comment macros to disable the types
+ */
+#if defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+#define ARCH_TEST_CBC_PKCS7
+#endif
+
+/**
+ * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION
+ *
+ * Enable support for Asymmetric encryption algorithms
+ */
+#define ARCH_TEST_ASYMMETRIC_ENCRYPTION
+
+/**
+ * \def ARCH_TEST_HASH
+ *
+ * Enable the hash algorithm.
+ */
+#define ARCH_TEST_HASH
+
+/**
+ * \def ARCH_TEST_HMAC
+ *
+ * The key policy determines which underlying hash algorithm the key can be
+ * used for.
+ *
+ * Requires: ARCH_TEST_HASH
+ */
+#define ARCH_TEST_HMAC
+
+/**
+ * \def ARCH_TEST_MDX
+ * \def ARCH_TEST_SHAXXX
+ *
+ * Enable the MDX algorithm.
+ * Enable the SHAXXX algorithm.
+ *
+ * Requires: ARCH_TEST_HASH
+ *
+ * Comment macros to disable the types
+ */
+#ifdef MBEDTLS_MD_C
+#ifdef MBEDTLS_MD2_C
+#define ARCH_TEST_MD2
+#endif
+#ifdef MBEDTLS_MD4_C
+#define ARCH_TEST_MD4
+#endif
+#ifdef MBEDTLS_MD5_C
+#define ARCH_TEST_MD5
+#endif
+#endif
+#ifdef MBEDTLS_RIPEMD160_C
+#define ARCH_TEST_RIPEMD160
+#endif
+#ifdef MBEDTLS_SHA1_C
+#define ARCH_TEST_SHA1
+#endif
+#ifdef MBEDTLS_SHA224_C
+#define ARCH_TEST_SHA224
+#endif
+#ifdef MBEDTLS_SHA256_C
+#define ARCH_TEST_SHA256
+#endif
+#ifdef MBEDTLS_SHA384_C
+#define ARCH_TEST_SHA384
+#endif
+#ifdef MBEDTLS_SHA512_C
+#define ARCH_TEST_SHA512
+#ifdef MBEDTLS_SHA512_224_C
+#define ARCH_TEST_SHA512_224
+#endif
+#ifdef MBEDTLS_SHA512_256_C
+#define ARCH_TEST_SHA512_256
+#endif
+#endif
+#ifdef MBEDTLS_SHA3_C
+#define ARCH_TEST_SHA3_224
+#define ARCH_TEST_SHA3_256
+#define ARCH_TEST_SHA3_384
+#define ARCH_TEST_SHA3_512
+#endif
+
+/**
+ * \def ARCH_TEST_HKDF
+ *
+ * Enable the HKDF algorithm (RFC 5869).
+ *
+ * Requires: ARCH_TEST_HASH
+*/
+#ifdef MBEDTLS_HKDF_C
+#define ARCH_TEST_HKDF
+#endif
+
+/**
+ * \def ARCH_TEST_xMAC
+ *
+ * Enable the xMAC (Cipher/Hash/G-based Message Authentication Code) mode for block
+ * ciphers.
+ * Requires: ARCH_TEST_AES or ARCH_TEST_DES
+ *
+ * Comment macros to disable the types
+ */
+#ifdef MBEDTLS_CMAC_C
+#define ARCH_TEST_CMAC
+#endif
+#ifdef MBEDTLS_GMAC_C
+#define ARCH_TEST_GMAC
+#endif
+#define ARCH_TEST_HMAC
+
+
+/**
+ * \def ARCH_TEST_CCM
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Requires: ARCH_TEST_AES
+ */
+#ifdef MBEDTLS_CCM_C
+#define ARCH_TEST_CCM
+#endif
+
+/**
+ * \def ARCH_TEST_GCM
+ *
+ * Enable the Galois/Counter Mode (GCM) for AES.
+ *
+ * Requires: ARCH_TEST_AES
+ *
+ */
+#ifdef MBEDTLS_GCM_C
+#define ARCH_TEST_GCM
+#endif
+
+/**
+ * \def ARCH_TEST_TRUNCATED_MAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#ifdef MBEDTLS_SSL_TRUNCATED_HMAC
+#define ARCH_TEST_TRUNCATED_MAC
+#endif
+
+
+/**
+ * \def ARCH_TEST_ECDH
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Requires: ARCH_TEST_ECC
+ */
+#ifdef MBEDTLS_ECDH_C
+#define ARCH_TEST_ECDH
+#endif
+
+/**
+ * \def ARCH_TEST_ECDSA
+ *
+ * Enable the elliptic curve DSA library.
+ * Requires: ARCH_TEST_ECC
+ */
+#ifdef MBEDTLS_ECDSA_C
+#define ARCH_TEST_ECDSA
+#endif
+
+/**
+ * \def ARCH_TEST_DETERMINISTIC_ECDSA
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+*/
+#ifdef MBEDTLS_ECDSA_DETERMINISTIC
+#define ARCH_TEST_DETERMINISTIC_ECDSA
+#endif
+
+#include "pal_crypto_config_check.h"
+
+#endif /* _PAL_CRYPTO_CONFIG_H_ */
diff --git a/features/frameworks/TARGET_PSA/pal/pal_crypto_config_check.h b/features/frameworks/TARGET_PSA/pal/pal_crypto_config_check.h
new file mode 100644
index 00000000000..85b225e4a3b
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_crypto_config_check.h
@@ -0,0 +1,223 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+/**
+ * \file pal_crypto_config_check.h
+ *
+ * \brief Consistency checks for configuration options
+ *
+ */
+
+#ifndef _PAL_CRYPTO_CONFIG_CHECK_H_
+#define _PAL_CRYPTO_CONFIG_CHECK_H_
+
+#if defined(ARCH_TEST_RSA_1024) && !defined(ARCH_TEST_RSA)
+#error "ARCH_TEST_RSA_1024 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_RSA_2048) && !defined(ARCH_TEST_RSA)
+#error "ARCH_TEST_RSA_2048 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_RSA_3072) && !defined(ARCH_TEST_RSA)
+#error "ARCH_TEST_RSA_3072 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_ECC_CURVE_SECP192R1) && !defined(ARCH_TEST_ECC)
+#error "ARCH_TEST_ECC_CURVE_SECP192R1 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_ECC_CURVE_SECP224R1) && !defined(ARCH_TEST_ECC)
+#error "ARCH_TEST_ECC_CURVE_SECP224R1 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_ECC_CURVE_SECP256R1) && !defined(ARCH_TEST_ECC)
+#error "ARCH_TEST_ECC_CURVE_SECP256R1 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_ECC_CURVE_SECP384R1) && !defined(ARCH_TEST_ECC)
+#error "ARCH_TEST_ECC_CURVE_SECP384R1 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_AES_128) && !defined(ARCH_TEST_AES)
+#error "ARCH_TEST_AES_128 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_AES_256) && !defined(ARCH_TEST_AES)
+#error "ARCH_TEST_AES_256 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_AES_512) && !defined(ARCH_TEST_AES)
+#error "ARCH_TEST_AES_512 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_DES_1KEY) && !defined(ARCH_TEST_DES)
+#error "ARCH_TEST_DES_1KEY defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_DES_2KEY) && !defined(ARCH_TEST_DES)
+#error "ARCH_TEST_DES_2KEY defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_DES_3KEY) && !defined(ARCH_TEST_DES)
+#error "ARCH_TEST_DES_3KEY defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_CIPER_MODE_CTR) && !defined(ARCH_TEST_CIPER)
+#error "ARCH_TEST_CIPER_MODE_CTR defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_CIPER_MODE_CFB) && !defined(ARCH_TEST_CIPER)
+#error "ARCH_TEST_CIPER_MODE_CFB defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_CIPER_MODE_CBC) && !defined(ARCH_TEST_CIPER)
+#error "ARCH_TEST_CIPER_MODE_CBC defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_CTR_AES) &&\
+ (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CTR))
+#error "ARCH_TEST_CTR_AES defined, but not all prerequisites"
+#endif
+
+#if (defined(ARCH_TEST_CBC_AES)|| defined(ARCH_TEST_CBC_AES_NO_PADDING)) &&\
+ (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CBC))
+#error "ARCH_TEST_CBC_AES defined, but not all prerequisites"
+#endif
+
+#if (defined(ARCH_TEST_CBC_NO_PADDING)) &&\
+ (!defined(ARCH_TEST_CIPER) ||!defined(ARCH_TEST_CIPER_MODE_CBC))
+#error "ARCH_TEST_CBC_NO_PADDING defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_CFB_AES) &&\
+ (!defined(ARCH_TEST_CIPER) || !defined(ARCH_TEST_AES) || !defined(ARCH_TEST_CIPER_MODE_CFB))
+#error "ARCH_TEST_CFB_AES defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_RSA_PKCS1V15_SIGN) &&\
+ (!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15))
+#error "ARCH_TEST_RSA_PKCS1V15_SIGN defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_RSA_PKCS1V15_SIGN_RAW) &&\
+ (!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15))
+#error "ARCH_TEST_RSA_PKCS1V15_SIGN_RAW defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_RSA_PKCS1V15_CRYPT) &&\
+ (!defined(ARCH_TEST_RSA) || !defined(ARCH_TEST_PKCS1V15))
+#error "ARCH_TEST_RSA_PKCS1V15_CRYPT defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_CBC_PKCS7) && !defined(ARCH_TEST_CIPER_MODE_CBC)
+#error "ARCH_TEST_CBC_PKCS7 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_HMAC) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_HMAC defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_MD2) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_MD2 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_MD4) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_MD4 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_MD5) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_MD5 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_RIPEMD160) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_RIPEMD160 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_SHA1) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_SHA1 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_SHA224) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_SHA224 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_SHA256) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_SHA256 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_SHA512) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_SHA512 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_SHA512_224) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_SHA512_224 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_SHA512_256) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_SHA512_256 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_SHA3_224) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_SHA3_224 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_SHA3_256) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_SHA3_384) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_SHA3_512) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_SHA3_256 defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_HKDF) && !defined(ARCH_TEST_HASH)
+#error "ARCH_TEST_HKDF defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_CMAC) && !defined(ARCH_TEST_AES) && !defined(ARCH_TEST_AES)
+#error "ARCH_TEST_CMAC defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_GMAC) && !defined(ARCH_TEST_AES) && !defined(ARCH_TEST_AES)
+#error "ARCH_TEST_GMAC defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_HMAC) && !defined(ARCH_TEST_AES) && !defined(ARCH_TEST_AES)
+#error "ARCH_TEST_HMAC defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_CCM) && !defined(ARCH_TEST_AES)
+#error "ARCH_TEST_CCM defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_GCM) && !defined(ARCH_TEST_AES)
+#error "ARCH_TEST_GCM defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_ECDH) && !defined(ARCH_TEST_ECC)
+#error "ARCH_TEST_ECDH defined, but not all prerequisites"
+#endif
+
+#if defined(ARCH_TEST_ECDSA) && !defined(ARCH_TEST_ECC)
+#error "ARCH_TEST_ECDSA defined, but not all prerequisites"
+#endif
+
+#endif /* _PAL_CRYPTO_CONFIG_CHECK_H_ */
diff --git a/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.c b/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.c
new file mode 100644
index 00000000000..ad97e15ad1b
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.c
@@ -0,0 +1,339 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#define PSA_CRYPTO_IMPLEMENTED 1
+#include "pal_crypto_intf.h"
+
+#define PAL_KEY_SLOT_COUNT 32
+
+/**
+ @brief - This API will call the requested crypto function
+ @param - type : function code
+ valist : variable argument list
+ @return - error status
+**/
+int32_t pal_crypto_function(int type, va_list valist)
+{
+#if PSA_CRYPTO_IMPLEMENTED
+ int i;
+ size_t size, *length, salt_length, label_length, ciphertext_size;
+ uint8_t *buffer, *ciphertext;
+ const uint8_t *salt, *label, *nonce, *additional_data;
+ uint8_t *plaintext;
+ uint32_t status;
+ const void *extra;
+ size_t extra_size, capacity, *gen_cap, nonce_length, additional_data_length;
+ psa_key_handle_t handle, *key_handle;
+ psa_key_type_t key_type, *key_type_out;
+ psa_key_policy_t *policy;
+ psa_key_usage_t usage, *usage_out;
+ psa_key_lifetime_t *lifetime_out;
+ psa_algorithm_t alg, *alg_out;
+ psa_hash_operation_t *hash_operation;
+ psa_mac_operation_t *mac_operation;
+ psa_cipher_operation_t *cipher_operation;
+ psa_crypto_generator_t *generator;
+
+ switch (type)
+ {
+ case PAL_CRYPTO_INIT:
+ return psa_crypto_init();
+ case PAL_CRYPTO_GENERATE_RANDOM:
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, int);
+ return psa_generate_random(buffer, size);
+ case PAL_CRYPTO_IMPORT_KEY:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ key_type = va_arg(valist, psa_key_type_t);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, int);
+ status = psa_import_key(handle, key_type, buffer, size);
+ return status;
+ case PAL_CRYPTO_EXPORT_KEY:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t*));
+ size = va_arg(valist, int);
+ length = (size_t *)va_arg(valist, size_t*);
+ status = psa_export_key(handle, buffer, size, length);
+ return status;
+ case PAL_CRYPTO_EXPORT_PUBLIC_KEY:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = (uint8_t *)(va_arg(valist, uint8_t*));
+ size = va_arg(valist, int);
+ length = (size_t *)va_arg(valist, size_t*);
+ status = psa_export_public_key(handle, buffer, size, length);
+ return status;
+ case PAL_CRYPTO_KEY_POLICY_INIT:
+ policy = va_arg(valist, psa_key_policy_t*);
+ memset(policy, 0, sizeof(psa_key_policy_t));
+ return 0;
+ case PAL_CRYPTO_KEY_POLICY_SET_USAGE:
+ policy = va_arg(valist, psa_key_policy_t*);
+ usage = va_arg(valist, psa_key_usage_t);
+ alg = va_arg(valist, psa_algorithm_t);
+ psa_key_policy_set_usage(policy, usage, alg);
+ return 0;
+ case PAL_CRYPTO_SET_KEY_POLICY:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ policy = va_arg(valist, psa_key_policy_t*);
+ return psa_set_key_policy(handle, policy);
+ case PAL_CRYPTO_DESTROY_KEY:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ status = psa_destroy_key(handle);
+ return status;
+ case PAL_CRYPTO_GET_KEY_INFORMATION:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ key_type_out = va_arg(valist, psa_key_type_t*);
+ length = (size_t *)va_arg(valist, size_t*);
+ status = psa_get_key_information(handle, key_type_out, length);
+ return status;
+ case PAL_CRYPTO_GET_KEY_POLICY:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ policy = va_arg(valist, psa_key_policy_t*);
+ return psa_get_key_policy(handle, policy);
+ case PAL_CRYPTO_KEY_POLICY_GET_USAGE:
+ policy = va_arg(valist, psa_key_policy_t*);
+ usage_out = va_arg(valist, psa_key_usage_t*);
+ *usage_out = psa_key_policy_get_usage(policy);
+ return 0;
+ case PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM:
+ policy = va_arg(valist, psa_key_policy_t*);
+ alg_out = va_arg(valist, psa_algorithm_t*);
+ *alg_out = psa_key_policy_get_algorithm(policy);
+ return 0;
+ case PAL_CRYPTO_GET_KEY_LIFETIME:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ lifetime_out = va_arg(valist, psa_key_lifetime_t*);
+ return psa_get_key_lifetime(handle, lifetime_out);
+ case PAL_CRYPTO_HASH_SETUP:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_hash_setup(hash_operation, alg);
+ case PAL_CRYPTO_HASH_UPDATE:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_hash_update(hash_operation, buffer, size);
+ case PAL_CRYPTO_HASH_VERIFY:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_hash_verify(hash_operation, buffer, size);
+ case PAL_CRYPTO_HASH_FINISH:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_hash_finish(hash_operation, buffer, size, length);
+ case PAL_CRYPTO_HASH_ABORT:
+ hash_operation = va_arg(valist, psa_hash_operation_t*);
+ return psa_hash_abort(hash_operation);
+ case PAL_CRYPTO_GENERATE_KEY:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ key_type = va_arg(valist, psa_key_type_t);
+ size = va_arg(valist, size_t);
+ extra = va_arg(valist, const void*);
+ extra_size = va_arg(valist, size_t);
+ return psa_generate_key(handle, key_type, size, extra, extra_size);
+ case PAL_CRYPTO_GENERATOR_READ:
+ generator = va_arg(valist, psa_crypto_generator_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, int);
+ return psa_generator_read(generator, buffer, size);
+ case PAL_CRYPTO_KEY_DERIVATION:
+ generator = va_arg(valist, psa_crypto_generator_t*);
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ salt = va_arg(valist, const uint8_t *);
+ salt_length = va_arg(valist, size_t);
+ label = va_arg(valist, const uint8_t *);
+ label_length = va_arg(valist, size_t);
+ capacity = va_arg(valist, size_t);
+ return psa_key_derivation(generator, handle, alg, salt, salt_length, label,
+ label_length, capacity);
+ case PAL_CRYPTO_GET_GENERATOR_CAPACITY:
+ generator = va_arg(valist, psa_crypto_generator_t*);
+ gen_cap = va_arg(valist, size_t*);
+ return psa_get_generator_capacity(generator, gen_cap);
+ case PAL_CRYPTO_GENERATOR_IMPORT_KEY:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ key_type = va_arg(valist, psa_key_type_t);
+ size = va_arg(valist, size_t);
+ generator = va_arg(valist, psa_crypto_generator_t*);
+ return psa_generator_import_key(handle, key_type, size, generator);
+ case PAL_CRYPTO_GENERATOR_ABORT:
+ generator = va_arg(valist, psa_crypto_generator_t*);
+ return psa_generator_abort(generator);
+ case PAL_CRYPTO_AEAD_ENCRYPT:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ nonce = va_arg(valist, const uint8_t *);
+ nonce_length = va_arg(valist, size_t);
+ additional_data = va_arg(valist, const uint8_t *);
+ additional_data_length = va_arg(valist, size_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_aead_encrypt(handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, plaintext, size, ciphertext, ciphertext_size, length);
+ case PAL_CRYPTO_AEAD_DECRYPT:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ nonce = va_arg(valist, const uint8_t *);
+ nonce_length = va_arg(valist, size_t);
+ additional_data = va_arg(valist, const uint8_t *);
+ additional_data_length = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_aead_decrypt(handle, alg, nonce, nonce_length, additional_data,
+ additional_data_length, ciphertext, ciphertext_size, plaintext, size, length);
+ case PAL_CRYPTO_MAC_SIGN_SETUP:
+ mac_operation = va_arg(valist, psa_mac_operation_t*);
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_mac_sign_setup(mac_operation, handle, alg);
+ case PAL_CRYPTO_MAC_UPDATE:
+ mac_operation = va_arg(valist, psa_mac_operation_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_mac_update(mac_operation, buffer, size);
+ case PAL_CRYPTO_MAC_SIGN_FINISH:
+ mac_operation = va_arg(valist, psa_mac_operation_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ length = (size_t *)va_arg(valist, size_t*);
+ return psa_mac_sign_finish(mac_operation, buffer, size, length);
+ case PAL_CRYPTO_MAC_VERIFY_SETUP:
+ mac_operation = va_arg(valist, psa_mac_operation_t*);
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_mac_verify_setup(mac_operation, handle, alg);
+ case PAL_CRYPTO_MAC_VERIFY_FINISH:
+ mac_operation = va_arg(valist, psa_mac_operation_t*);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_mac_verify_finish(mac_operation, buffer, size);
+ case PAL_CRYPTO_MAC_ABORT:
+ mac_operation = va_arg(valist, psa_mac_operation_t*);
+ return psa_mac_abort(mac_operation);
+ case PAL_CRYPTO_ASYMMTERIC_ENCRYPT:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ salt = va_arg(valist, const uint8_t *);
+ salt_length = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_asymmetric_encrypt(handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
+ case PAL_CRYPTO_ASYMMTERIC_DECRYPT:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ salt = va_arg(valist, const uint8_t *);
+ salt_length = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_asymmetric_decrypt(handle, alg, plaintext, size, salt, salt_length,
+ ciphertext, ciphertext_size, length);
+ case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP:
+ cipher_operation = va_arg(valist, psa_cipher_operation_t *);
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_cipher_encrypt_setup(cipher_operation, handle, alg);
+ case PAL_CRYPTO_CIPHER_DECRYPT_SETUP:
+ cipher_operation = va_arg(valist, psa_cipher_operation_t *);
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_cipher_decrypt_setup(cipher_operation, handle, alg);
+ case PAL_CRYPTO_CIPHER_GENERATE_IV:
+ cipher_operation = va_arg(valist, psa_cipher_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_generate_iv(cipher_operation, buffer, size, length);
+ case PAL_CRYPTO_CIPHER_SET_IV:
+ cipher_operation = va_arg(valist, psa_cipher_operation_t *);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ return psa_cipher_set_iv(cipher_operation, buffer, size);
+ case PAL_CRYPTO_CIPHER_UPDATE:
+ cipher_operation = va_arg(valist, psa_cipher_operation_t *);
+ plaintext = va_arg(valist, uint8_t *);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_update(cipher_operation, plaintext, size, ciphertext, ciphertext_size,
+ length);
+ case PAL_CRYPTO_CIPHER_FINISH:
+ cipher_operation = va_arg(valist, psa_cipher_operation_t *);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_cipher_finish(cipher_operation, ciphertext, ciphertext_size, length);
+ case PAL_CRYPTO_CIPHER_ABORT:
+ cipher_operation = va_arg(valist, psa_cipher_operation_t *);
+ return psa_cipher_abort(cipher_operation);
+ case PAL_CRYPTO_ASYMMTERIC_SIGN:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ length = va_arg(valist, size_t*);
+ return psa_asymmetric_sign(handle, alg, buffer, size, ciphertext, ciphertext_size,
+ length);
+ case PAL_CRYPTO_ASYMMTERIC_VERIFY:
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ alg = va_arg(valist, psa_algorithm_t);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ ciphertext = va_arg(valist, uint8_t *);
+ ciphertext_size = va_arg(valist, size_t);
+ return psa_asymmetric_verify(handle, alg, buffer, size, ciphertext, ciphertext_size);
+ case PAL_CRYPTO_KEY_AGREEMENT:
+ generator = va_arg(valist, psa_crypto_generator_t*);
+ handle = (psa_key_handle_t)va_arg(valist, int);
+ buffer = va_arg(valist, uint8_t*);
+ size = va_arg(valist, size_t);
+ alg = va_arg(valist, psa_algorithm_t);
+ return psa_key_agreement(generator, handle, buffer, size, alg);
+ case PAL_CRYPTO_ALLOCATE_KEY:
+ key_handle = (psa_key_handle_t *)va_arg(valist, int*);
+ return psa_allocate_key(key_handle);
+ case PAL_CRYPTO_FREE:
+ for (i = 0; i < PAL_KEY_SLOT_COUNT; i++)
+ psa_destroy_key(i);
+ return 0;
+ default:
+ return PAL_STATUS_UNSUPPORTED_FUNC;
+ }
+#else
+ return PAL_STATUS_ERROR;
+#endif
+}
diff --git a/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.h b/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.h
new file mode 100644
index 00000000000..90c5d9d3491
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_crypto_intf.h
@@ -0,0 +1,84 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _PAL_CRYPTO_H_
+#define _PAL_CRYPTO_H_
+
+#include
+#include "pal_common.h"
+
+#if PSA_IPC_IMPLEMENTED
+#include "psa/client.h"
+#endif
+
+#if PSA_CRYPTO_IMPLEMENTED
+#include "psa/crypto.h"
+#endif
+
+enum crypto_function_code {
+ PAL_CRYPTO_INIT = 0x1,
+ PAL_CRYPTO_GENERATE_RANDOM = 0x2,
+ PAL_CRYPTO_IMPORT_KEY = 0x3,
+ PAL_CRYPTO_EXPORT_KEY = 0x4,
+ PAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
+ PAL_CRYPTO_DESTROY_KEY = 0x6,
+ PAL_CRYPTO_GET_KEY_INFO = 0x7,
+ PAL_CRYPTO_KEY_POLICY_INIT = 0x8,
+ PAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9,
+ PAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA,
+ PAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB,
+ PAL_CRYPTO_SET_KEY_POLICY = 0xC,
+ PAL_CRYPTO_GET_KEY_POLICY = 0xD,
+ PAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
+ PAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
+ PAL_CRYPTO_HASH_SETUP = 0x11,
+ PAL_CRYPTO_HASH_UPDATE = 0x12,
+ PAL_CRYPTO_HASH_VERIFY = 0x13,
+ PAL_CRYPTO_HASH_FINISH = 0x14,
+ PAL_CRYPTO_HASH_ABORT = 0x15,
+ PAL_CRYPTO_GENERATE_KEY = 0x16,
+ PAL_CRYPTO_GENERATOR_READ = 0x17,
+ PAL_CRYPTO_KEY_DERIVATION = 0x18,
+ PAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
+ PAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
+ PAL_CRYPTO_GENERATOR_ABORT = 0x1B,
+ PAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
+ PAL_CRYPTO_AEAD_DECRYPT = 0x1D,
+ PAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
+ PAL_CRYPTO_MAC_UPDATE = 0x1F,
+ PAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
+ PAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
+ PAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
+ PAL_CRYPTO_MAC_ABORT = 0x23,
+ PAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
+ PAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
+ PAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
+ PAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
+ PAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
+ PAL_CRYPTO_CIPHER_SET_IV = 0x2C,
+ PAL_CRYPTO_CIPHER_UPDATE = 0x2D,
+ PAL_CRYPTO_CIPHER_FINISH = 0x2E,
+ PAL_CRYPTO_CIPHER_ABORT = 0x2F,
+ PAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
+ PAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
+ PAL_CRYPTO_KEY_AGREEMENT = 0x32,
+ PAL_CRYPTO_ALLOCATE_KEY = 0x33,
+ PAL_CRYPTO_FREE = 0xFE,
+};
+
+int32_t pal_crypto_function(int type, va_list valist);
+#endif /* _PAL_CRYPTO_H_ */
diff --git a/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.c b/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.c
new file mode 100644
index 00000000000..3cf90681515
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.c
@@ -0,0 +1,84 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+
+#include "pal_internal_trusted_storage_intf.h"
+
+/**
+ @brief - This API will call the requested internal trusted storage function
+ @param - type : function code
+ valist : variable argument list
+ @return - error status
+**/
+uint32_t pal_its_function(int type, va_list valist)
+{
+#if PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED
+ uint32_t uid, data_length, offset;
+ const void *p_write_data;
+ void *p_read_data;
+ psa_storage_create_flags_t its_create_flags;
+ //psa_ps_create_flags_t ps_create_flags;
+ struct psa_its_info_t *its_p_info;
+ //struct psa_eps_info_t *ps_p_info;
+
+ switch (type)
+ {
+ case PAL_ITS_SET:
+ uid = va_arg(valist, psa_storage_uid_t);
+ data_length = va_arg(valist, uint32_t);
+ p_write_data = va_arg(valist, const void*);
+ its_create_flags = va_arg(valist, psa_storage_create_flags_t);
+ return psa_its_set(uid, data_length, p_write_data, its_create_flags);
+ case PAL_ITS_GET:
+ uid = va_arg(valist, psa_storage_uid_t);
+ offset = va_arg(valist, uint32_t);
+ data_length = va_arg(valist, uint32_t);
+ p_read_data = va_arg(valist, void*);
+ return psa_its_get(uid, offset, data_length, p_read_data);
+ case PAL_ITS_GET_INFO:
+ uid = va_arg(valist, psa_storage_uid_t);
+ its_p_info = va_arg(valist, struct psa_its_info_t*);
+ return psa_its_get_info(uid, (struct psa_storage_info_t *)its_p_info);
+ case PAL_ITS_REMOVE:
+ uid = va_arg(valist, psa_storage_uid_t);
+ return psa_its_remove(uid);
+ /* case PAL_PS_SET: */
+ /* uid = va_arg(valist, uint32_t); */
+ /* data_length = va_arg(valist, uint32_t); */
+ /* p_write_data = va_arg(valist, const void*); */
+ /* ps_create_flags = va_arg(valist, psa_ps_create_flags_t); */
+ /* return psa_ps_set(uid, data_length, p_write_data, ps_create_flags); */
+ /* case PAL_PS_GET: */
+ /* uid = va_arg(valist, uint32_t); */
+ /* offset = va_arg(valist, uint32_t); */
+ /* data_length = va_arg(valist, uint32_t); */
+ /* p_read_data = va_arg(valist, void*); */
+ /* return psa_ps_get(uid, offset, data_length, p_read_data); */
+ /* case PAL_PS_GET_INFO: */
+ /* uid = va_arg(valist, uint32_t); */
+ /* ps_p_info = va_arg(valist, struct psa_eps_info_t*); */
+ /* return psa_ps_get_info(uid, ps_p_info); */
+ /* case PAL_PS_REMOVE: */
+ /* uid = va_arg(valist, uint32_t); */
+ /* return psa_ps_remove(uid); */
+ default:
+ return PAL_STATUS_UNSUPPORTED_FUNC;
+ }
+#else
+ return PAL_STATUS_ERROR;
+#endif
+}
diff --git a/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.h b/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.h
new file mode 100644
index 00000000000..c40aa438397
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.h
@@ -0,0 +1,36 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_
+#define _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_
+
+#include
+#include "pal_common.h"
+
+#if PSA_INTERNAL_TRUSTED_STORAGE_IMPLEMENTED
+#include "psa/internal_trusted_storage.h"
+#endif
+
+enum its_function_code {
+ PAL_ITS_SET = 0x1,
+ PAL_ITS_GET = 0x2,
+ PAL_ITS_GET_INFO = 0x3,
+ PAL_ITS_REMOVE = 0x4,
+};
+
+uint32_t pal_its_function(int type, va_list valist);
+#endif /* _PAL_INTERNAL_TRUSTED_STORAGE_INTF_H_ */
diff --git a/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp b/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp
new file mode 100644
index 00000000000..88c593fc3e5
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp
@@ -0,0 +1,143 @@
+#include "mbed.h"
+#include "rtos.h"
+#include "mbed_assert.h"
+#include "val_interfaces.h"
+#include "pal_common.h"
+
+#include "psa/crypto.h"
+#include "entropy_poll.h"
+
+#include "psa_attest_inject_key.h"
+#include "psa_initial_attestation_api.h"
+
+#include "pal_mbed_os_intf.h"
+
+#include "lifecycle.h"
+
+#define TEST_STACK_SIZE 8192
+#define TEST_KEY_ID_VALUE 17
+
+extern val_api_t val_api;
+extern psa_api_t psa_api;
+#ifdef PS_TEST
+extern "C" psa_status_t psa_ps_reset();
+#endif
+
+test_entry_f test_g = NULL;
+compliance_test_type type_g = COMPLIANCE_TEST_UNDEFINED;
+
+static const uint8_t private_key_data[] = {
+ 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56,
+ 0x38, 0xc4, 0x31, 0xcf, 0x1d, 0xf1, 0xc9, 0x94,
+ 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43,
+ 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee
+};
+
+static const uint8_t public_key_data[] = {
+ 0x04, 0x77, 0x72, 0x65, 0x6f, 0x81, 0x4b, 0x39,
+ 0x92, 0x79, 0xd5, 0xe1, 0xf1, 0x78, 0x1f, 0xac,
+ 0x6f, 0x09, 0x9a, 0x3c, 0x5c, 0xa1, 0xb0, 0xe3,
+ 0x53, 0x51, 0x83, 0x4b, 0x08, 0xb6, 0x5e, 0x0b,
+ 0x57, 0x25, 0x90, 0xcd, 0xaf, 0x8f, 0x76, 0x93,
+ 0x61, 0xbc, 0xf3, 0x4a, 0xcf, 0xc1, 0x1e, 0x5e,
+ 0x07, 0x4e, 0x84, 0x26, 0xbd, 0xde, 0x04, 0xbe,
+ 0x6e, 0x65, 0x39, 0x45, 0x44, 0x96, 0x17, 0xde,
+ 0x45
+};
+
+static void psa_attestation_destroy_key_for_test()
+{
+ const psa_key_id_t key_id = TEST_KEY_ID_VALUE;
+ psa_key_handle_t handle = 0;
+ psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
+ psa_destroy_key(handle);
+}
+
+static void psa_attestation_inject_key_for_test(void)
+{
+
+
+ psa_status_t status = PSA_SUCCESS;
+ size_t exported_length;
+ uint8_t exported[sizeof(public_key_data)];
+
+ psa_attestation_destroy_key_for_test();
+ psa_attestation_inject_key(private_key_data,
+ sizeof(private_key_data),
+ PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
+ exported,
+ sizeof(exported),
+ &exported_length);
+}
+
+
+
+static void reset_storage_for_compliance_test()
+{
+#ifdef ITS_TEST
+ mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST);
+#elif PS_TEST
+ psa_ps_reset();
+#endif
+}
+
+#if !defined(MAX)
+#define MAX(a,b) (((a)>(b))?(a):(b))
+#endif
+
+#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE \
+ MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
+
+static void inject_entropy()
+{
+#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC)
+ uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
+ for (int i = 0; i < MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE; ++i) {
+ seed[i] = i;
+ }
+ mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
+#endif // defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC)
+}
+
+
+
+void main_wrapper(void)
+{
+ test_g(&val_api, &psa_api);
+}
+
+
+void pal_mbed_os_compliance_test_initialize(void)
+{
+ if (COMPLIANCE_TEST_CRYPTO == type_g)
+ {
+ inject_entropy();
+ }
+ else if (COMPLIANCE_TEST_STORAGE == type_g)
+ {
+ reset_storage_for_compliance_test();
+ }
+ else if (COMPLIANCE_TEST_ATTESTATION == type_g)
+ {
+ inject_entropy();
+ psa_crypto_init();
+ psa_attestation_inject_key_for_test(); // inject key in case needed
+ }
+
+}
+
+void pal_mbed_os_compliance_test_destroy(void)
+{
+ reset_storage_for_compliance_test();
+}
+
+int test_start(test_entry_f test_f, compliance_test_type type)
+{
+ test_g = test_f;
+ type_g = type;
+ MBED_ASSERT((type > COMPLIANCE_TEST_START) && (type < COMPLIANCE_TEST_END));
+ Thread thread(osPriorityNormal, TEST_STACK_SIZE, NULL);
+ thread.start(main_wrapper);
+ thread.join();
+ return 0;
+}
diff --git a/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.h b/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.h
new file mode 100644
index 00000000000..bdee34c7c17
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.h
@@ -0,0 +1,26 @@
+#ifndef PAL_MBED_OS_CRYPTO_H_
+#define PAL_MBED_OS_CRYPTO_H_
+
+#include "val_interfaces.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum _compliance_test_type{
+ COMPLIANCE_TEST_UNDEFINED,
+ COMPLIANCE_TEST_START = COMPLIANCE_TEST_UNDEFINED,
+ COMPLIANCE_TEST_CRYPTO,
+ COMPLIANCE_TEST_ATTESTATION,
+ COMPLIANCE_TEST_STORAGE,
+ COMPLIANCE_TEST_END
+}compliance_test_type;
+
+typedef void (*test_entry_f)(val_api_t *val_api, psa_api_t *psa_api);
+int test_start(test_entry_f test_f, compliance_test_type type);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PAL_MBED_OS_CRYPTO_H_ */
diff --git a/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.c b/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.c
new file mode 100644
index 00000000000..cfabb5e8ad7
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.c
@@ -0,0 +1,63 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+
+#include "pal_protected_storage_intf.h"
+
+/**
+ @brief - This API will call the requested protected storage function
+ @param - type : function code
+ valist : variable argument list
+ @return - error status
+**/
+uint32_t pal_ps_function(int type, va_list valist)
+{
+#if PSA_PROTECTED_STORAGE_IMPLEMENTED
+ uint32_t uid, data_length, offset;
+ const void *p_write_data;
+ void *p_read_data;
+ psa_storage_create_flags_t ps_create_flags;
+ struct psa_ps_info_t *ps_p_info;
+
+ switch (type)
+ {
+ case PAL_PS_SET:
+ uid = va_arg(valist, psa_storage_uid_t);
+ data_length = va_arg(valist, uint32_t);
+ p_write_data = va_arg(valist, const void*);
+ ps_create_flags = va_arg(valist, psa_storage_create_flags_t);
+ return psa_ps_set(uid, data_length, p_write_data, ps_create_flags);
+ case PAL_PS_GET:
+ uid = va_arg(valist, psa_storage_uid_t);
+ offset = va_arg(valist, uint32_t);
+ data_length = va_arg(valist, uint32_t);
+ p_read_data = va_arg(valist, void*);
+ return psa_ps_get(uid, offset, data_length, p_read_data);
+ case PAL_PS_GET_INFO:
+ uid = va_arg(valist, psa_storage_uid_t);
+ ps_p_info = va_arg(valist, struct psa_ps_info_t*);
+ return psa_ps_get_info(uid, ps_p_info);
+ case PAL_PS_REMOVE:
+ uid = va_arg(valist, psa_storage_uid_t);
+ return psa_ps_remove(uid);
+ default:
+ return PAL_STATUS_UNSUPPORTED_FUNC;
+ }
+#else
+ return PAL_STATUS_ERROR;
+#endif
+}
diff --git a/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.h b/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.h
new file mode 100644
index 00000000000..3ebe86ab805
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.h
@@ -0,0 +1,36 @@
+/** @file
+ * Copyright (c) 2018, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _PAL_PROTECTED_STORAGE_INTF_H_
+#define _PAL_PROTECTED_STORAGE_INTF_H_
+
+#include
+#include "pal_common.h"
+
+#if PSA_PROTECTED_STORAGE_IMPLEMENTED
+#include "psa/protected_storage.h"
+#endif
+
+enum ps_function_code {
+ PAL_PS_SET = 0x1,
+ PAL_PS_GET = 0x2,
+ PAL_PS_GET_INFO = 0x3,
+ PAL_PS_REMOVE = 0x4,
+};
+
+uint32_t pal_ps_function(int type, va_list valist);
+#endif /* _PAL_PROTECTED_STORAGE_INTF_H_ */
diff --git a/features/frameworks/TARGET_PSA/pal_attestation_eat.c b/features/frameworks/TARGET_PSA/pal_attestation_eat.c
new file mode 100644
index 00000000000..262dc5ddffe
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal_attestation_eat.c
@@ -0,0 +1,385 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "pal_attestation_eat.h"
+
+uint32_t mandatory_claims = 0, mandaroty_sw_components = 0;
+bool_t sw_component_present = 0;
+
+static int get_items_in_map(QCBORDecodeContext *decode_context,
+ struct items_to_get_t *item_list)
+{
+ int item_index;
+ QCBORItem item;
+ struct items_to_get_t *item_ptr = item_list;
+
+ /* initialize the data type of all items in the list */
+ while (item_ptr->label != 0)
+ {
+ item_ptr->item.uDataType = QCBOR_TYPE_NONE;
+ item_ptr++;
+ }
+
+ QCBORDecode_GetNext(decode_context, &item);
+ if (item.uDataType != QCBOR_TYPE_MAP)
+ {
+ return PAL_ATTEST_ERROR;
+ }
+
+ for (item_index = item.val.uCount; item_index != 0; item_index--)
+ {
+ if (QCBORDecode_GetNext(decode_context, &item) != QCBOR_SUCCESS)
+ {
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+ if (item.uLabelType != QCBOR_TYPE_INT64)
+ {
+ continue;
+ }
+
+ item_ptr = item_list;
+ while (item_ptr->label != 0)
+ {
+ if (item.label.int64 == item_ptr->label)
+ {
+ item_ptr->item = item;
+ }
+ item_ptr++;
+ }
+ }
+
+ return PAL_ATTEST_SUCCESS;
+}
+
+static int get_item_in_map(QCBORDecodeContext *decode_context,
+ int32_t label,
+ QCBORItem *item)
+{
+ struct items_to_get_t item_list[2];
+
+ item_list[0].label = label;
+ item_list[1].label = 0;
+
+ if (get_items_in_map(decode_context, item_list))
+ {
+ return PAL_ATTEST_ERROR;
+ }
+
+ if (item_list[0].item.uDataType == QCBOR_TYPE_NONE)
+ {
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+
+ *item = item_list[0].item;
+
+ return PAL_ATTEST_SUCCESS;
+}
+
+static int parse_unprotected_headers(QCBORDecodeContext *decode_context,
+ struct useful_buf_c *child,
+ bool *loop_back)
+{
+ struct items_to_get_t item_list[3];
+
+ item_list[0].label = COSE_HEADER_PARAM_KID;
+ item_list[1].label = T_COSE_SHORT_CIRCUIT_LABEL;
+ item_list[2].label = 0;
+ *loop_back = false;
+
+ if (get_items_in_map(decode_context, item_list))
+ {
+ return PAL_ATTEST_ERROR;
+ }
+
+ if (item_list[1].item.uDataType == QCBOR_TYPE_TRUE)
+ {
+ *loop_back = true;
+ }
+
+ if (item_list[0].item.uDataType != QCBOR_TYPE_BYTE_STRING)
+ {
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+
+ *child = item_list[0].item.val.string;
+
+ return PAL_ATTEST_SUCCESS;
+}
+
+static int parse_protected_headers(struct useful_buf_c protected_headers,
+ int32_t *alg_id)
+{
+ QCBORDecodeContext decode_context;
+ QCBORItem item;
+
+ QCBORDecode_Init(&decode_context, protected_headers, 0);
+
+ if (get_item_in_map(&decode_context, COSE_HEADER_PARAM_ALG, &item))
+ {
+ return PAL_ATTEST_ERROR;
+ }
+
+ if (QCBORDecode_Finish(&decode_context))
+ {
+ return PAL_ATTEST_ERROR;
+ }
+
+ if ((item.uDataType != QCBOR_TYPE_INT64) || (item.val.int64 > INT32_MAX))
+ {
+ return PAL_ATTEST_ERROR;
+ }
+
+ *alg_id = (int32_t)item.val.int64;
+
+ return PAL_ATTEST_SUCCESS;
+}
+
+/**
+ @brief - This API will verify the claims
+ @param - decode_context : The buffer containing the challenge
+ item : context for decoding the data items
+ completed_challenge : Buffer containing the challenge
+ @return - error status
+**/
+static int parse_claims(QCBORDecodeContext *decode_context, QCBORItem item,
+ struct useful_buf_c completed_challenge)
+{
+ int i, count = 0;
+ int status = PAL_ATTEST_SUCCESS;
+
+ /* Parse each claim and validate their data type */
+ while (status == PAL_ATTEST_SUCCESS)
+ {
+ status = QCBORDecode_GetNext(decode_context, &item);
+ if (status != PAL_ATTEST_SUCCESS)
+ break;
+
+ mandatory_claims |= 1 << (EAT_CBOR_ARM_RANGE_BASE - item.label.int64);
+ if (item.uLabelType == QCBOR_TYPE_INT64)
+ {
+ if (item.label.int64 == EAT_CBOR_ARM_LABEL_NONCE)
+ {
+ if (item.uDataType == QCBOR_TYPE_BYTE_STRING)
+ {
+ /* Given challenge vs challenge in token */
+ if (UsefulBuf_Compare(item.val.string, completed_challenge))
+ return PAL_ATTEST_TOKEN_CHALLENGE_MISMATCH;
+ }
+ else
+ return PAL_ATTEST_TOKEN_NOT_SUPPORTED;
+ }
+ else if (item.label.int64 == EAT_CBOR_ARM_LABEL_BOOT_SEED ||
+ item.label.int64 == EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID ||
+ item.label.int64 == EAT_CBOR_ARM_LABEL_UEID)
+ {
+ if (item.uDataType != QCBOR_TYPE_BYTE_STRING)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+ else if (item.label.int64 == EAT_CBOR_ARM_LABEL_ORIGINATION ||
+ item.label.int64 == EAT_CBOR_ARM_LABEL_PROFILE_DEFINITION ||
+ item.label.int64 == EAT_CBOR_ARM_LABEL_HW_VERSION)
+ {
+ if (item.uDataType != QCBOR_TYPE_TEXT_STRING)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+ else if (item.label.int64 == EAT_CBOR_ARM_LABEL_CLIENT_ID ||
+ item.label.int64 == EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE)
+ {
+ if (item.uDataType != QCBOR_TYPE_INT64)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+ else if (item.label.int64 == EAT_CBOR_ARM_LABEL_SW_COMPONENTS)
+ {
+ if (item.uDataType != QCBOR_TYPE_ARRAY)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+
+ sw_component_present = 1;
+ status = QCBORDecode_GetNext(decode_context, &item);
+ if (status != PAL_ATTEST_SUCCESS)
+ continue;
+
+ count = item.val.uCount;
+ for (i = 0; i <= count; i++)
+ {
+ mandaroty_sw_components |= 1 << item.label.int64;
+
+ if (item.label.int64 == EAT_CBOR_SW_COMPONENT_MEASUREMENT)
+ {
+ if (item.uDataType != QCBOR_TYPE_BYTE_STRING)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+ else if (item.label.int64 == EAT_CBOR_SW_COMPONENT_MEASUREMENT_DESC)
+ {
+ if (item.uDataType != QCBOR_TYPE_TEXT_STRING)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+ else if (item.label.int64 == EAT_CBOR_SW_COMPONENT_VERSION)
+ {
+ if (item.uDataType != QCBOR_TYPE_TEXT_STRING)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+ else if (item.label.int64 == EAT_CBOR_SW_COMPONENT_SIGNER_ID)
+ {
+ if (item.uDataType != QCBOR_TYPE_BYTE_STRING)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+ else if (item.label.int64 == EAT_CBOR_SW_COMPONENT_EPOCH)
+ {
+ if (item.uDataType != QCBOR_TYPE_INT64)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+ else if (item.label.int64 == EAT_CBOR_SW_COMPONENT_TYPE)
+ {
+ if (item.uDataType != QCBOR_TYPE_TEXT_STRING)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+
+ if (i < count)
+ {
+ status = QCBORDecode_GetNext(decode_context, &item);
+ if (status != PAL_ATTEST_SUCCESS)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+ }
+ }
+
+ }
+ }
+ else
+ {
+ /* ToDo: Add other claim types */
+ }
+ }
+
+ if (status == QCBOR_ERR_HIT_END)
+ return PAL_ATTEST_SUCCESS;
+ else
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+}
+
+/**
+ @brief - This API will verify the attestation token
+ @param - challenge : The buffer containing the challenge
+ challenge_size : Size of the challenge buffer
+ token : The buffer containing the attestation token
+ token_size : Size of the token buffer
+ @return - error status
+**/
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
+ uint8_t *token, uint32_t token_size)
+{
+ int status = PAL_ATTEST_SUCCESS;
+ bool short_circuit;
+ int32_t cose_algorithm_id;
+ QCBORItem item;
+ QCBORDecodeContext decode_context;
+ struct useful_buf_c completed_challenge;
+ struct useful_buf_c completed_token;
+ struct useful_buf_c payload;
+ struct useful_buf_c protected_headers;
+ struct useful_buf_c kid;
+
+ /* Construct the token buffer for validation */
+ completed_token.ptr = token;
+ completed_token.len = token_size;
+
+ /* Construct the challenge buffer for validation */
+ completed_challenge.ptr = challenge;
+ completed_challenge.len = challenge_size;
+
+/*
+ -------------------------
+ | CBOR Array Type |
+ -------------------------
+ | Protected Headers |
+ -------------------------
+ | Unprotected Headers |
+ -------------------------
+ | Payload |
+ -------------------------
+ | Signature |
+ -------------------------
+*/
+
+ /* Initialize the decorder */
+ QCBORDecode_Init(&decode_context, completed_token, QCBOR_DECODE_MODE_NORMAL);
+
+ /* Get the Header */
+ QCBORDecode_GetNext(&decode_context, &item);
+
+ /* Check the CBOR Array type. Check if the count is 4.
+ * Only COSE_SIGN1 is supported now.
+ */
+ if (item.uDataType != QCBOR_TYPE_ARRAY || item.val.uCount != 4 ||
+ !QCBORDecode_IsTagged(&decode_context, &item, CBOR_TAG_COSE_SIGN1))
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+
+ /* Get the next headers */
+ QCBORDecode_GetNext(&decode_context, &item);
+ if (item.uDataType != QCBOR_TYPE_BYTE_STRING)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+
+ protected_headers = item.val.string;
+
+ /* Parse the protected headers and check the data type and value*/
+ status = parse_protected_headers(protected_headers, &cose_algorithm_id);
+ if (status != PAL_ATTEST_SUCCESS)
+ return status;
+
+ /* Parse the unprotected headers and check the data type and value */
+ short_circuit = false;
+ status = parse_unprotected_headers(&decode_context, &kid, &short_circuit);
+ if (status != PAL_ATTEST_SUCCESS)
+ return status;
+
+ /* Get the payload */
+ QCBORDecode_GetNext(&decode_context, &item);
+ if (item.uDataType != QCBOR_TYPE_BYTE_STRING)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+
+ payload = item.val.string;
+
+ /* Get the digital signature */
+ QCBORDecode_GetNext(&decode_context, &item);
+ if (item.uDataType != QCBOR_TYPE_BYTE_STRING)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+
+ /* Initialize the Decoder and validate the payload format */
+ QCBORDecode_Init(&decode_context, payload, QCBOR_DECODE_MODE_NORMAL);
+ status = QCBORDecode_GetNext(&decode_context, &item);
+ if (status != PAL_ATTEST_SUCCESS)
+ return status;
+
+ if (item.uDataType != QCBOR_TYPE_MAP)
+ return PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING;
+
+ /* Parse the payload and check the data type of each claim */
+ status = parse_claims(&decode_context, item, completed_challenge);
+ if (status != PAL_ATTEST_SUCCESS)
+ return status;
+
+ if ((mandatory_claims & MANDATORY_CLAIM_WITH_SW_COMP) == MANDATORY_CLAIM_WITH_SW_COMP)
+ {
+ if ((mandaroty_sw_components & MANDATORY_SW_COMP) != MANDATORY_SW_COMP)
+ return PAL_ATTEST_TOKEN_NOT_ALL_MANDATORY_CLAIMS;
+ }
+ else if ((mandatory_claims & MANDATORY_CLAIM_NO_SW_COMP) != MANDATORY_CLAIM_NO_SW_COMP)
+ {
+ return PAL_ATTEST_TOKEN_NOT_ALL_MANDATORY_CLAIMS;
+ }
+
+ return PAL_ATTEST_SUCCESS;
+}
diff --git a/features/frameworks/TARGET_PSA/pal_attestation_eat.h b/features/frameworks/TARGET_PSA/pal_attestation_eat.h
new file mode 100644
index 00000000000..9f435fb3d88
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal_attestation_eat.h
@@ -0,0 +1,73 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "qcbor.h"
+#include "pal_common.h"
+
+#define PAL_ATTEST_MIN_ERROR 30
+
+#define COSE_HEADER_PARAM_ALG 1
+#define COSE_HEADER_PARAM_KID 4
+
+#define MANDATORY_CLAIM_WITH_SW_COMP 862
+#define MANDATORY_CLAIM_NO_SW_COMP 926
+#define MANDATORY_SW_COMP 36
+#define CBOR_ARM_TOTAL_CLAIM_INSTANCE 10
+
+/*
+ CBOR Label for proprietary header indicating short-circuit
+ signing was used. Just a random number in the proprietary
+ label space */
+#define T_COSE_SHORT_CIRCUIT_LABEL (-8675309)
+
+#define EAT_CBOR_ARM_RANGE_BASE (-75000)
+#define EAT_CBOR_ARM_LABEL_PROFILE_DEFINITION (EAT_CBOR_ARM_RANGE_BASE - 0)
+#define EAT_CBOR_ARM_LABEL_CLIENT_ID (EAT_CBOR_ARM_RANGE_BASE - 1)
+#define EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE (EAT_CBOR_ARM_RANGE_BASE - 2)
+#define EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID (EAT_CBOR_ARM_RANGE_BASE - 3)
+#define EAT_CBOR_ARM_LABEL_BOOT_SEED (EAT_CBOR_ARM_RANGE_BASE - 4)
+#define EAT_CBOR_ARM_LABEL_HW_VERSION (EAT_CBOR_ARM_RANGE_BASE - 5)
+#define EAT_CBOR_ARM_LABEL_SW_COMPONENTS (EAT_CBOR_ARM_RANGE_BASE - 6)
+#define EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS (EAT_CBOR_ARM_RANGE_BASE - 7)
+#define EAT_CBOR_ARM_LABEL_NONCE (EAT_CBOR_ARM_RANGE_BASE - 8)
+#define EAT_CBOR_ARM_LABEL_UEID (EAT_CBOR_ARM_RANGE_BASE - 9)
+#define EAT_CBOR_ARM_LABEL_ORIGINATION (EAT_CBOR_ARM_RANGE_BASE - 10)
+
+#define EAT_CBOR_SW_COMPONENT_TYPE (1u)
+#define EAT_CBOR_SW_COMPONENT_MEASUREMENT (2u)
+#define EAT_CBOR_SW_COMPONENT_EPOCH (3u)
+#define EAT_CBOR_SW_COMPONENT_VERSION (4u)
+#define EAT_CBOR_SW_COMPONENT_SIGNER_ID (5u)
+#define EAT_CBOR_SW_COMPONENT_MEASUREMENT_DESC (6u)
+
+
+enum attestation_error_code {
+ PAL_ATTEST_SUCCESS = 0,
+ PAL_ATTEST_TOKEN_ERR_CBOR_FORMATTING = PAL_ATTEST_MIN_ERROR,
+ PAL_ATTEST_TOKEN_CHALLENGE_MISMATCH,
+ PAL_ATTEST_TOKEN_NOT_SUPPORTED,
+ PAL_ATTEST_TOKEN_NOT_ALL_MANDATORY_CLAIMS,
+ PAL_ATTEST_ERROR,
+};
+
+struct items_to_get_t {
+ int64_t label;
+ QCBORItem item;
+};
+
+int32_t pal_initial_attest_verify_token(uint8_t *challenge, uint32_t challenge_size,
+ uint8_t *token, uint32_t token_size);
diff --git a/features/frameworks/TARGET_PSA/pal_interfaces_ns.h b/features/frameworks/TARGET_PSA/pal_interfaces_ns.h
new file mode 100644
index 00000000000..186a5fc7e8e
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/pal_interfaces_ns.h
@@ -0,0 +1,187 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+#ifndef _PAL_INTERFACES_NS_H_
+#define _PAL_INTERFACES_NS_H_
+
+#include "val.h"
+#include "val_client_defs.h"
+#include
+
+/**
+ @brief - This function will read peripherals using SPI commands
+ @param - addr : address of the peripheral
+ - data : read buffer
+ - len : length of the read buffer in bytes
+ @return - error status
+**/
+int pal_spi_read(addr_t addr, uint8_t *data, uint32_t len);
+
+/**
+ * @brief - Retrieve the version of the PSA Framework API that is implemented.
+ * This is a wrapper API for psa_framework_version API.
+ * @param - void
+ * @return - The PSA Framework API version.
+ * Note - Return PAL_STATUS_ERROR if PSA IPC is not implemented.
+ */
+uint32_t pal_ipc_framework_version(void);
+
+/**
+ * @brief - Retrieve the minor version of a Root of Trust Service by its SID.
+ * This is a wrapper API for the psa_version API.
+ * @param - sid The Root of Trust Service ID
+ * @return - Minor version of Root of Trust Service or PSA_VERSION_NONE if Root of Trust Service
+ * not present on the system.
+ * Note - Return PAL_STATUS_ERROR if PSA IPC is not implemented.
+ */
+uint32_t pal_ipc_version(uint32_t sid);
+
+/**
+ * @brief - Connect to given sid.
+ * This is a wrapper API for the psa_connect API.
+ * @param - sid : RoT service id
+ * - minor_version : minor_version of RoT service
+ * @return - psa_handle_t : return connection handle
+ * Note - Return PSA_NULL_HANDLE if PSA IPC is not implemented.
+ */
+psa_handle_t pal_ipc_connect(uint32_t sid, uint32_t minor_version);
+
+/**
+ * @brief - Call a connected Root of Trust Service.
+ * This is a wrapper API for the psa_call API. The caller must provide an array of
+ * psa_invec_t structures as the input payload.
+ * @param - handle: Handle for the connection.
+ * - in_vec: Array of psa_invec structures.
+ * - in_len: Number of psa_invec structures in in_vec.
+ * - out_vec: Array of psa_outvec structures for optional Root of Trust Service response.
+ * - out_len: Number of psa_outvec structures in out_vec.
+ * @return - psa_status_t
+ */
+
+psa_status_t pal_ipc_call(psa_handle_t handle,
+ const psa_invec *in_vec,
+ size_t in_len,
+ psa_outvec *out_vec,
+ size_t out_len);
+
+/**
+ * @brief - Close a connection to a Root of Trust Service.
+ * This is a wrapper API for the psa_close API.
+ * Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service
+ * so it can clean up resources.
+ * @param - handle Handle for the connection.
+ * @return - void
+ */
+void pal_ipc_close(psa_handle_t handle);
+/**
+ @brief - This function initializes the UART
+ @param - uart base addr
+ @return - SUCCESS/FAILURE
+**/
+int pal_uart_init_ns(uint32_t uart_base_addr);
+
+/**
+ * @brief - This function parses the input string and writes bytes into UART TX FIFO
+ * @param - str : Input String
+ * - data : Value for format specifier
+ * @return - SUCCESS/FAILURE
+**/
+
+int pal_print_ns(char *str, uint32_t data);
+
+/**
+ * @brief - Initializes an hardware watchdog timer
+ * @param - base_addr : Base address of the watchdog module
+ * - time_us : Time in micro seconds
+ * - timer_tick_us : Number of ticks per micro second
+ * @return - SUCCESS/FAILURE
+**/
+int pal_wd_timer_init_ns(addr_t base_addr, uint32_t time_us, uint32_t timer_tick_us);
+
+/**
+ * @brief - Enables a hardware watchdog timer
+ * @param - base_addr : Base address of the watchdog module
+ * @return - SUCCESS/FAILURE
+**/
+int pal_wd_timer_enable_ns(addr_t base_addr);
+
+/**
+ * @brief - Disables a hardware watchdog timer
+ * @param - base_addr : Base address of the watchdog module
+ * @return - SUCCESS/FAILURE
+**/
+int pal_wd_timer_disable_ns(addr_t base_addr);
+
+/**
+ * @brief - Reads from given non-volatile address.
+ * @param - base : Base address of nvmem
+ * offset : Offset
+ * buffer : Pointer to source address
+ * size : Number of bytes
+ * @return - SUCCESS/FAILURE
+**/
+int pal_nvmem_read_ns(addr_t base, uint32_t offset, void *buffer, int size);
+
+/**
+ * @brief - Writes into given non-volatile address.
+ * @param - base : Base address of nvmem
+ * offset : Offset
+ * buffer : Pointer to source address
+ * size : Number of bytes
+ * @return - SUCCESS/FAILURE
+**/
+int pal_nvmem_write_ns(addr_t base, uint32_t offset, void *buffer, int size);
+
+/**
+ * @brief - This API will call the requested crypto function
+ * @param - type : function code
+ * valist : variable argument list
+ * @return - error status
+**/
+int32_t pal_crypto_function(int type, va_list valist);
+
+/**
+ * @brief - This API will call the requested internal trusted storage function
+ * @param - type : function code
+ * valist : variable argument list
+ * @return - error status
+**/
+uint32_t pal_its_function(int type, va_list valist);
+
+/**
+ * @brief - This API will call the requested protected storage function
+ * @param - type : function code
+ * valist : variable argument list
+ * @return - error status
+**/
+uint32_t pal_ps_function(int type, va_list valist);
+
+/**
+ * @brief - This API will call the requested attestation function
+ * @param - type : function code
+ * valist : variable argument list
+ * @return - error status
+**/
+int32_t pal_attestation_function(int type, va_list valist);
+
+/**
+ * @brief - Terminates the simulation at the end of all tests completion.
+ * By default, it put cpus into power down mode.
+ * @param - void
+ * @return - void
+**/
+void pal_terminate_simulation(void);
+#endif
diff --git a/features/frameworks/TARGET_PSA/psa_manifest/sid.h b/features/frameworks/TARGET_PSA/psa_manifest/sid.h
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/features/frameworks/TARGET_PSA/val.h b/features/frameworks/TARGET_PSA/val.h
new file mode 100644
index 00000000000..0989f49bb57
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val.h
@@ -0,0 +1,277 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_COMMON_H_
+#define _VAL_COMMON_H_
+
+#include "pal_common.h"
+
+#ifndef VAL_NSPE_BUILD
+#define STATIC_DECLARE static
+#else
+#define STATIC_DECLARE
+#endif
+
+#ifndef __WEAK
+#define __WEAK __attribute__((weak))
+#endif
+
+#ifndef __UNUSED
+#define __UNUSED __attribute__((unused))
+#endif
+
+#ifndef TRUE
+#define TRUE 0
+#endif
+#ifndef FALSE
+#define FALSE 1
+#endif
+
+#ifndef INT_MAX
+#define INT_MAX 0xFFFFFFFF
+#endif
+
+#define _CONCAT(A,B) A##B
+#define CONCAT(A,B) _CONCAT(A,B)
+
+/* test status defines */
+#define TEST_START 0x01
+#define TEST_END 0x02
+#define TEST_PASS 0x04
+#define TEST_FAIL 0x08
+#define TEST_SKIP 0x10
+#define TEST_PENDING 0x20
+
+#define TEST_NUM_BIT 32
+#define TEST_STATE_BIT 8
+#define TEST_STATUS_BIT 0
+
+#define TEST_NUM_MASK 0xFFFFFFFF
+#define TEST_STATE_MASK 0xFF
+#define TEST_STATUS_MASK 0xFF
+
+#define RESULT_START(status) (((TEST_START) << TEST_STATE_BIT) | ((status) << TEST_STATUS_BIT))
+#define RESULT_END(status) (((TEST_END) << TEST_STATE_BIT) | ((status) << TEST_STATUS_BIT))
+#define RESULT_PASS(status) (((TEST_PASS) << TEST_STATE_BIT) | ((status) << TEST_STATUS_BIT))
+#define RESULT_FAIL(status) (((TEST_FAIL) << TEST_STATE_BIT) | ((status) << TEST_STATUS_BIT))
+#define RESULT_SKIP(status) (((TEST_SKIP) << TEST_STATE_BIT) | ((status) << TEST_STATUS_BIT))
+#define RESULT_PENDING(status) (((TEST_PENDING) << TEST_STATE_BIT) | ((status) << TEST_STATUS_BIT))
+
+#define IS_TEST_FAIL(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_FAIL)
+#define IS_TEST_PASS(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_PASS)
+#define IS_TEST_SKIP(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_SKIP)
+#define IS_TEST_PENDING(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_PENDING)
+#define IS_TEST_START(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_START)
+#define IS_TEST_END(status) (((status >> TEST_STATE_BIT) & TEST_STATE_MASK) == TEST_END)
+#define VAL_ERROR(status) ((status & TEST_STATUS_MASK) ? 1 : 0)
+
+
+
+/* Test Defines */
+#define TEST_PUBLISH(test_id, entry)
+
+#define VAL_MAX_TEST_PER_COMP 200
+#define VAL_FF_BASE 0
+#define VAL_CRYPTO_BASE 1
+#define VAL_PROTECTED_STORAGE_BASE 2
+#define VAL_INTERNAL_TRUSTED_STORAGE_BASE 3
+#define VAL_INITIAL_ATTESTATION_BASE 4
+
+#define VAL_GET_COMP_NUM(test_id) \
+ ((test_id - (test_id % VAL_MAX_TEST_PER_COMP)) / VAL_MAX_TEST_PER_COMP)
+#define VAL_GET_TEST_NUM(test_id) (test_id % VAL_MAX_TEST_PER_COMP)
+#define VAL_CREATE_TEST_ID(comp,num) ((comp*VAL_MAX_TEST_PER_COMP) + num)
+
+#define TEST_FIELD(num1,num2) (num2 << 8 | num1)
+#define GET_TEST_ISOLATION_LEVEL(num) (num & 0x3)
+#define GET_WD_TIMOUT_TYPE(num) ((num >> 8) & 0x7)
+
+#define TEST_CHECKPOINT_NUM(n) n
+#define TEST(n) n
+#define BLOCK(n) n
+
+#define BLOCK_NUM_POS 8
+#define ACTION_POS 16
+#define GET_TEST_NUM(n) (0xff & n)
+#define GET_BLOCK_NUM(n) ((n >> BLOCK_NUM_POS) & 0xff)
+
+#define GET_ACTION_NUM(n) ((n >> ACTION_POS) & 0xff)
+#define TEST_EXECUTE_FUNC 1
+#define TEST_RETURN_RESULT 2
+#define INVALID_HANDLE 0x1234DEAD
+
+#define VAL_NVMEM_BLOCK_SIZE 4
+#define VAL_NVMEM_OFFSET(nvmem_idx) (nvmem_idx * VAL_NVMEM_BLOCK_SIZE)
+
+#define UART_INIT_SIGN 0xff
+#define UART_PRINT_SIGN 0xfe
+
+#define TEST_PANIC() \
+ do { \
+ } while(1)
+
+#define TEST_ASSERT_EQUAL(arg1, arg2, checkpoint) \
+ do { \
+ if ((arg1) != arg2) \
+ { \
+ val->print(PRINT_ERROR, "\tFailed at Checkpoint: %d\n", checkpoint); \
+ val->print(PRINT_ERROR, "\tActual: %d\n", arg1); \
+ val->print(PRINT_ERROR, "\tExpected: %d\n", arg2); \
+ return 1; \
+ } \
+ } while (0)
+
+#define TEST_ASSERT_DUAL(arg1, status1, status2, checkpoint) \
+ do { \
+ if ((arg1) != status1 && (arg1) != status2) \
+ { \
+ val->print(PRINT_ERROR, "\tFailed at Checkpoint: %d\n", checkpoint); \
+ val->print(PRINT_ERROR, "\tActual: %d\n", arg1); \
+ val->print(PRINT_ERROR, "\tExpected: %d", status1); \
+ val->print(PRINT_ERROR, "or %d\n", status2); \
+ return 1; \
+ } \
+ } while (0)
+
+#define TEST_ASSERT_NOT_EQUAL(arg1, arg2, checkpoint) \
+ do { \
+ if ((arg1) == arg2) \
+ { \
+ val->print(PRINT_ERROR, "\tFailed at Checkpoint: %d\n", checkpoint); \
+ val->print(PRINT_ERROR, "\tValue: %d\n", arg1); \
+ return 1; \
+ } \
+ } while (0)
+
+#define TEST_ASSERT_MEMCMP(buf1, buf2, size, checkpoint) \
+ do { \
+ if (memcmp(buf1, buf2, size)) \
+ { \
+ val->print(PRINT_ERROR, "\tFailed at Checkpoint: %d : ", checkpoint); \
+ val->print(PRINT_ERROR, "Unequal data in compared buffers\n", 0); \
+ return 1; \
+ } \
+ } while (0)
+
+/* enums */
+typedef enum {
+ NONSECURE = 0x0,
+ SECURE = 0x1,
+} security_t;
+
+typedef enum {
+ TEST_ISOLATION_L1 = 0x1,
+ TEST_ISOLATION_L2 = 0x2,
+ TEST_ISOLATION_L3 = 0x3,
+} test_isolation_level_t;
+
+typedef enum {
+ BOOT_UNKNOWN = 0x1,
+ BOOT_NOT_EXPECTED = 0x2,
+ BOOT_EXPECTED_NS = 0x3,
+ BOOT_EXPECTED_S = 0x4,
+ BOOT_EXPECTED_BUT_FAILED = 0x5,
+ BOOT_EXPECTED_CRYPTO = 0x6,
+} boot_state_t;
+
+typedef enum {
+ NV_BOOT = 0x0,
+ NV_TEST_ID_PREVIOUS = 0x1,
+ NV_TEST_ID_CURRENT = 0x2,
+ NV_TEST_CNT = 0x3,
+} nvmem_index_t;
+
+/* enums to report test sub-state */
+typedef enum {
+ VAL_STATUS_SUCCESS = 0x0,
+ VAL_STATUS_INVALID = 0x10,
+ VAL_STATUS_ERROR = 0x11,
+ VAL_STATUS_NOT_FOUND = 0x12,
+ VAL_STATUS_LOAD_ERROR = 0x13,
+ VAL_STATUS_INSUFFICIENT_SIZE = 0x14,
+ VAL_STATUS_CONNECTION_FAILED = 0x15,
+ VAL_STATUS_CALL_FAILED = 0x16,
+ VAL_STATUS_READ_FAILED = 0x17,
+ VAL_STATUS_WRITE_FAILED = 0x18,
+ VAL_STATUS_ISOLATION_LEVEL_NOT_SUPP = 0x19,
+ VAL_STATUS_INIT_FAILED = 0x1A,
+ VAL_STATUS_SPM_FAILED = 0x1B,
+ VAL_STATUS_SPM_UNEXPECTED_BEH = 0x1C,
+ VAL_STATUS_FRAMEWORK_VERSION_FAILED = 0x1D,
+ VAL_STATUS_VERSION_API_FAILED = 0x1E,
+ VAL_STATUS_INVALID_HANDLE = 0x1F,
+ VAL_STATUS_INVALID_MSG_TYPE = 0x20,
+ VAL_STATUS_WRONG_IDENTITY = 0x21,
+ VAL_STATUS_MSG_INSIZE_FAILED = 0x22,
+ VAL_STATUS_MSG_OUTSIZE_FAILED = 0x23,
+ VAL_STATUS_SKIP_FAILED = 0x24,
+ VAL_STATUS_CRYPTO_FAILURE = 0x25,
+ VAL_STATUS_INVALID_SIZE = 0x26,
+ VAL_STATUS_DATA_MISMATCH = 0x27,
+ VAL_STATUS_BOOT_EXPECTED_BUT_FAILED = 0x28,
+ VAL_STATUS_INIT_ALREADY_DONE = 0x29,
+ VAL_STATUS_HEAP_NOT_AVAILABLE = 0x2A,
+ VAL_STATUS_UNSUPPORTED = 0x2B,
+ VAL_STATUS_ERROR_MAX = INT_MAX,
+} val_status_t;
+
+/* verbosity enums */
+typedef enum {
+ PRINT_INFO = 1,
+ PRINT_DEBUG = 2,
+ PRINT_TEST = 3,
+ PRINT_WARN = 4,
+ PRINT_ERROR = 5,
+ PRINT_ALWAYS = 9
+} print_verbosity_t;
+
+/* Interrupt test function id enums */
+typedef enum {
+ TEST_PSA_EOI_WITH_NON_INTR_SIGNAL = 1,
+ TEST_PSA_EOI_WITH_MULTIPLE_SIGNALS = 2,
+ TEST_PSA_EOI_WITH_UNASSERTED_SIGNAL = 3,
+ TEST_INTR_SERVICE = 4,
+} test_intr_fn_id_t;
+
+/* typedef's */
+typedef struct {
+ boot_state_t state;
+} boot_t;
+
+typedef struct {
+ uint32_t pass_cnt:8;
+ uint32_t skip_cnt:8;
+ uint32_t fail_cnt:8;
+ uint32_t sim_error_cnt:8;
+} test_count_t;
+
+typedef struct {
+ uint16_t test_num;
+ uint8_t block_num;
+} test_info_t;
+
+
+/* struture to capture test state */
+typedef struct {
+ uint16_t reserved;
+ uint8_t state;
+ uint8_t status;
+} test_status_buffer_t;
+
+typedef int32_t (*client_test_t)(security_t caller);
+typedef int32_t (*server_test_t)(void);
+#endif /* VAL_COMMON_H */
diff --git a/features/frameworks/TARGET_PSA/val_attestation.c b/features/frameworks/TARGET_PSA/val_attestation.c
new file mode 100644
index 00000000000..cd8069ad761
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_attestation.c
@@ -0,0 +1,40 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_target.h"
+#include "pal_interfaces_ns.h"
+#include "val_framework.h"
+#include "val_client_defs.h"
+#include "val_attestation.h"
+
+/**
+ @brief - This API will call the requested attestation function
+ @param - type : function code
+ ... : variable number of arguments
+ @return - Error status
+**/
+
+int32_t val_attestation_function(int type, ...)
+{
+ va_list valist;
+ val_status_t status;
+
+ va_start(valist, type);
+ status = pal_attestation_function(type, valist);
+ va_end(valist);
+ return status;
+}
diff --git a/features/frameworks/TARGET_PSA/val_attestation.h b/features/frameworks/TARGET_PSA/val_attestation.h
new file mode 100644
index 00000000000..532272365d1
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_attestation.h
@@ -0,0 +1,33 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_INITIAL_ATTESTATION_H_
+#define _VAL_INITIAL_ATTESTATION_H_
+
+#include "val.h"
+#include "psa_initial_attestation_api.h"
+
+#define MAX_CHALLENGE_SIZE PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64
+
+enum attestation_function_code {
+ VAL_INITIAL_ATTEST_GET_TOKEN = 0x1,
+ VAL_INITIAL_ATTEST_GET_TOKEN_SIZE = 0x2,
+ VAL_INITIAL_ATTEST_VERIFY_TOKEN = 0x3,
+};
+
+int32_t val_attestation_function(int type, ...);
+#endif /* _VAL_INITIAL_ATTESTATION_H_ */
diff --git a/features/frameworks/TARGET_PSA/val_client_defs.h b/features/frameworks/TARGET_PSA/val_client_defs.h
new file mode 100644
index 00000000000..d1d18d7b6e4
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_client_defs.h
@@ -0,0 +1,34 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_CLIENT_H_
+#define _VAL_CLIENT_H_
+
+#include "val.h"
+#include "psa/client.h"
+#include "crypto_values.h"
+
+#define INVALID_SID 0x0000FA20
+
+#ifndef CLIENT_TEST_DISPATCHER_SID
+#define CLIENT_TEST_DISPATCHER_SID 0x0
+#endif
+
+#ifndef SERVER_TEST_DISPATCHER_SID
+#define SERVER_TEST_DISPATCHER_SID 0x0
+#endif
+#endif /* _VAL_CLIENT_H_ */
diff --git a/features/frameworks/TARGET_PSA/val_crypto.c b/features/frameworks/TARGET_PSA/val_crypto.c
new file mode 100644
index 00000000000..764b44a95e6
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_crypto.c
@@ -0,0 +1,39 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_target.h"
+#include "pal_interfaces_ns.h"
+#include "val_framework.h"
+#include "val_client_defs.h"
+#include "val_crypto.h"
+
+/**
+ @brief - This API will call the requested crypto function
+ @param - type : function code
+ ... : variable number of arguments
+ @return - Error status
+**/
+int32_t val_crypto_function(int type, ...)
+{
+ va_list valist;
+ val_status_t status;
+
+ va_start(valist, type);
+ status = pal_crypto_function(type, valist);
+ va_end(valist);
+ return status;
+}
diff --git a/features/frameworks/TARGET_PSA/val_crypto.h b/features/frameworks/TARGET_PSA/val_crypto.h
new file mode 100644
index 00000000000..644e59c787c
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_crypto.h
@@ -0,0 +1,108 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_CRYPTO_H_
+#define _VAL_CRYPTO_H_
+
+#include "val.h"
+#include "psa/client.h"
+#include "crypto_values.h"
+#include "crypto.h"
+
+#define BYTES_TO_BITS(byte) (byte * 8)
+
+/* Size */
+#define AES_16B_KEY_SIZE 16
+#define AES_24B_KEY_SIZE 24
+#define AES_32B_KEY_SIZE 32
+#define AES_18B_KEY_SIZE 18
+#define AES_34B_KEY_SIZE 34
+#define DES_8B_KEY_SIZE 8
+#define DES3_2KEY_SIZE 16
+#define DES3_3KEY_SIZE 24
+#define SIZE_32B 32
+#define SIZE_50B 50
+#define SIZE_128B 128
+#define SIZE_256B 256
+#define SIZE_512B 512
+#define BUFFER_SIZE 1200
+#define HASH_64B 64
+#define BUFFER_SIZE_HIGH 5130
+
+/* Key Slot */
+#define INVALID_KEY_SLOT 0xDEAD
+#define ZERO_KEY_SLOT 0
+#define OCCUPIED_KEY_SLOT 1
+#define MAX_KEY_SLOT 32
+
+#define PSA_KEY_LIFETIME_INVALID 0xFFFFFFFF
+#define PSA_KEY_USAGE_INVALID 0xFFFFFFFF
+#define PSA_ALG_INVALID 0xFFFFFFFF
+
+enum crypto_function_code {
+ VAL_CRYPTO_INIT = 0x1,
+ VAL_CRYPTO_GENERATE_RANDOM = 0x2,
+ VAL_CRYPTO_IMPORT_KEY = 0x3,
+ VAL_CRYPTO_EXPORT_KEY = 0x4,
+ VAL_CRYPTO_EXPORT_PUBLIC_KEY = 0x5,
+ VAL_CRYPTO_DESTROY_KEY = 0x6,
+ VAL_CRYPTO_GET_KEY_INFO = 0x7,
+ VAL_CRYPTO_KEY_POLICY_INIT = 0x8,
+ VAL_CRYPTO_KEY_POLICY_SET_USAGE = 0x9,
+ VAL_CRYPTO_KEY_POLICY_GET_USAGE = 0xA,
+ VAL_CRYPTO_KEY_POLICY_GET_ALGORITHM = 0xB,
+ VAL_CRYPTO_SET_KEY_POLICY = 0xC,
+ VAL_CRYPTO_GET_KEY_POLICY = 0xD,
+ VAL_CRYPTO_GET_KEY_INFORMATION = 0xE,
+ VAL_CRYPTO_GET_KEY_LIFETIME = 0xF,
+ VAL_CRYPTO_HASH_SETUP = 0x11,
+ VAL_CRYPTO_HASH_UPDATE = 0x12,
+ VAL_CRYPTO_HASH_VERIFY = 0x13,
+ VAL_CRYPTO_HASH_FINISH = 0x14,
+ VAL_CRYPTO_HASH_ABORT = 0x15,
+ VAL_CRYPTO_GENERATE_KEY = 0x16,
+ VAL_CRYPTO_GENERATOR_READ = 0x17,
+ VAL_CRYPTO_KEY_DERIVATION = 0x18,
+ VAL_CRYPTO_GET_GENERATOR_CAPACITY = 0x19,
+ VAL_CRYPTO_GENERATOR_IMPORT_KEY = 0x1A,
+ VAL_CRYPTO_GENERATOR_ABORT = 0x1B,
+ VAL_CRYPTO_AEAD_ENCRYPT = 0x1C,
+ VAL_CRYPTO_AEAD_DECRYPT = 0x1D,
+ VAL_CRYPTO_MAC_SIGN_SETUP = 0x1E,
+ VAL_CRYPTO_MAC_UPDATE = 0x1F,
+ VAL_CRYPTO_MAC_SIGN_FINISH = 0x20,
+ VAL_CRYPTO_MAC_VERIFY_SETUP = 0x21,
+ VAL_CRYPTO_MAC_VERIFY_FINISH = 0x22,
+ VAL_CRYPTO_MAC_ABORT = 0x23,
+ VAL_CRYPTO_ASYMMTERIC_ENCRYPT = 0x24,
+ VAL_CRYPTO_ASYMMTERIC_DECRYPT = 0x25,
+ VAL_CRYPTO_CIPHER_ENCRYPT_SETUP = 0x26,
+ VAL_CRYPTO_CIPHER_DECRYPT_SETUP = 0x2A,
+ VAL_CRYPTO_CIPHER_GENERATE_IV = 0x2B,
+ VAL_CRYPTO_CIPHER_SET_IV = 0x2C,
+ VAL_CRYPTO_CIPHER_UPDATE = 0x2D,
+ VAL_CRYPTO_CIPHER_FINISH = 0x2E,
+ VAL_CRYPTO_CIPHER_ABORT = 0x2F,
+ VAL_CRYPTO_ASYMMTERIC_SIGN = 0x30,
+ VAL_CRYPTO_ASYMMTERIC_VERIFY = 0x31,
+ VAL_CRYPTO_KEY_AGREEMENT = 0x32,
+ VAL_CRYPTO_ALLOCATE_KEY = 0x33,
+ VAL_CRYPTO_FREE = 0xFE,
+};
+
+int32_t val_crypto_function(int type, ...);
+#endif /* _VAL_CRYPTO_H_ */
diff --git a/features/frameworks/TARGET_PSA/val_entry.h b/features/frameworks/TARGET_PSA/val_entry.h
new file mode 100644
index 00000000000..2b885e0cb32
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_entry.h
@@ -0,0 +1,32 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_ENTRY_H_
+#define _VAL_ENTRY_H_
+
+#include "val_framework.h"
+
+#define PSA_ACS_MAJOR_VER 0
+#define PSA_ACS_MINOR_VER 8
+
+/**
+ @brief - PSA Test Suite C main function, does VAL init and calls test dispatcher
+ @param - None
+ @return - void
+**/
+extern void val_entry(void);
+#endif
diff --git a/features/frameworks/TARGET_PSA/val_framework.h b/features/frameworks/TARGET_PSA/val_framework.h
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/features/frameworks/TARGET_PSA/val_greentea.cpp b/features/frameworks/TARGET_PSA/val_greentea.cpp
new file mode 100644
index 00000000000..3ff074c2b6c
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_greentea.cpp
@@ -0,0 +1,317 @@
+#include "greentea-client/test_env.h"
+#include "inttypes.h"
+#include "val_greentea.h"
+
+void pal_mbed_os_compliance_test_initialize(void);
+void pal_mbed_os_compliance_test_destroy(void);
+
+extern "C" {
+
+
+
+/* globals */
+test_status_buffer_t g_status_buffer;
+
+void mbed_val_test_init(uint32_t test_num, char8_t *desc, uint32_t test_bitfield)
+{
+ /*global init*/
+ g_status_buffer.state = 0;
+ g_status_buffer.status = VAL_STATUS_INVALID;
+
+ mbed_val_print(PRINT_ALWAYS, "\nTEST: %d | DESCRIPTION: ", test_num);
+ mbed_val_print(PRINT_ALWAYS, desc, 0);
+#ifndef NO_GREENTEA
+ GREENTEA_SETUP(100, "default_auto");
+#endif
+ mbed_val_set_status(RESULT_START(VAL_STATUS_SUCCESS));
+ pal_mbed_os_compliance_test_initialize();
+ return;
+}
+
+void mbed_val_test_exit(void)
+{
+ uint32_t status = mbed_val_get_status();
+ pal_mbed_os_compliance_test_destroy();
+ /* return if test skipped or failed */
+ if (IS_TEST_FAIL(status) || IS_TEST_SKIP(status))
+ {
+ GREENTEA_TESTSUITE_RESULT(false);
+ }
+ else
+ {
+ GREENTEA_TESTSUITE_RESULT(true);
+ mbed_val_set_status(RESULT_END(VAL_STATUS_SUCCESS));
+ }
+}
+
+/**
+@brief - This function executes given list of tests from non-secure sequentially
+ This covers non-secure to secure IPC API scenario
+@param - test_num : Test_num
+@param - tests_list : list of tests to be executed
+@param - server_hs : Initiate a server handshake
+@return - val_status_t
+**/
+val_status_t mbed_val_execute_non_secure_tests(uint32_t test_num, client_test_t *tests_list,
+ bool_t server_hs)
+{
+ val_status_t status = VAL_STATUS_SUCCESS;
+ int32_t test_status = VAL_STATUS_SUCCESS;
+ psa_handle_t handle;
+ uint32_t i = 1;
+ test_info_t test_info;
+ char testcase_name[100] = "";
+ bool continue_test = true;
+
+ test_info.test_num = test_num;
+
+ mbed_val_print(PRINT_TEST, "[Info] Executing tests from non-secure\n", 0);
+ while (tests_list[i] != NULL)
+ {
+ memset(testcase_name, 0, 100);
+ sprintf(testcase_name, "Check%d", i);
+ GREENTEA_TESTCASE_START(testcase_name);
+ if (server_hs == TRUE)
+ {
+ /* Handshake with server tests */
+ test_info.block_num = i;
+ status = mbed_val_execute_secure_test_func(&handle, test_info,
+ SERVER_TEST_DISPATCHER_SID);
+ if (VAL_ERROR(status))
+ {
+ mbed_val_set_status(RESULT_FAIL(status));
+ mbed_val_print(PRINT_ERROR, "[Check%d] START\n", i);
+ return status;
+ }
+ else
+ {
+ mbed_val_print(PRINT_DEBUG, "[Check%d] START\n", i);
+ }
+ }
+
+ /* Execute client tests */
+ test_status = tests_list[i](NONSECURE);
+
+ if (server_hs == TRUE)
+ {
+ /* Retrive Server test status */
+ status = mbed_val_get_secure_test_result(&handle);
+ }
+
+ if (test_status != VAL_STATUS_SUCCESS)
+ {
+ status = VAL_STATUS_ERROR;
+ }
+
+ if (IS_TEST_SKIP(status))
+ {
+ mbed_val_set_status(status);
+ mbed_val_print(PRINT_DEBUG, "[Check%d] SKIPPED\n", i);
+ GREENTEA_TESTCASE_FINISH(testcase_name, 1, 0);
+ continue_test = false;
+ }
+ else if (VAL_ERROR(status))
+ {
+ mbed_val_set_status(RESULT_FAIL(status));
+ if (server_hs == TRUE)
+ mbed_val_print(PRINT_ERROR, "[Check%d] FAILED\n", i);
+ GREENTEA_TESTCASE_FINISH(testcase_name, 0, 1);
+ continue_test = false;
+ }
+ else
+ {
+ if (server_hs == TRUE)
+ mbed_val_print(PRINT_DEBUG, "[Check%d] PASSED\n", i);
+ GREENTEA_TESTCASE_FINISH(testcase_name, 1, 0);
+ continue_test = true;
+ }
+
+ if (!continue_test)
+ {
+ return status;
+ }
+
+ i++;
+ }
+ return status;
+}
+
+/**
+@brief - Records the state and status of test
+@return - val_status_t
+**/
+val_status_t mbed_val_set_status(uint32_t status)
+{
+ g_status_buffer.state = ((status >> TEST_STATE_BIT) & TEST_STATE_MASK);
+ g_status_buffer.status = (status & TEST_STATUS_MASK);
+
+ return VAL_STATUS_SUCCESS;
+}
+
+/**
+@brief - Updates the state and status for a given test
+@return - test status
+**/
+uint32_t mbed_val_get_status(void)
+{
+ return ((g_status_buffer.state) << TEST_STATE_BIT) | (g_status_buffer.status);
+}
+
+/**
+@brief - This function is used to handshake between:
+ - nonsecure client fn to server test fn
+ - secure client fn and server test fn
+ - nonsecure client fn to secure client test fn
+@param - handle : handle returned while connecting given sid
+@param - test_info : Test_num and block_num to be executed
+@param - sid : RoT service to be connected. Partition dispatcher sid
+@return - val_status_t
+**/
+val_status_t mbed_val_execute_secure_test_func(psa_handle_t *handle, test_info_t test_info, uint32_t sid)
+{
+ uint32_t test_data;
+ val_status_t status = VAL_STATUS_SUCCESS;
+ psa_status_t status_of_call = PSA_SUCCESS;
+
+ *handle = pal_ipc_connect(sid, 0);
+ if (*handle < 0)
+ {
+ mbed_val_print(PRINT_ERROR, "Could not connect SID. Handle=%x\n", *handle);
+ return VAL_STATUS_CONNECTION_FAILED;
+ }
+
+ test_data = ((uint32_t)(test_info.test_num) | ((uint32_t)(test_info.block_num) << BLOCK_NUM_POS) | ((uint32_t)(TEST_EXECUTE_FUNC) << ACTION_POS));
+ psa_invec data[1] = {{&test_data, sizeof(test_data)}};
+
+ status_of_call = pal_ipc_call(*handle, data, 1, NULL, 0);
+ if (status_of_call != PSA_SUCCESS)
+ {
+ status = VAL_STATUS_CALL_FAILED;
+ mbed_val_print(PRINT_ERROR, "Call to dispatch SF failed. Status=%x\n", status_of_call);
+ pal_ipc_close(*handle);
+ }
+
+ return status;
+}
+
+/**
+@brief - Print module. This is client interface API of secure partition
+ mbed_val_print_sf API for nspe world
+@param - verbosity: Print verbosity level
+ - string : Input string
+ - data : Value for format specifier
+@return - val_status_t
+**/
+val_status_t mbed_val_print(print_verbosity_t verbosity, const char *string, uint32_t data)
+{
+ if (data != 0) {
+ printf(string, data);
+ } else {
+ printf(string);
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+/**
+@brief - This function is used to retrive the status of previously connected test function
+ using mbed_val_execute_secure_test_func
+@param - handle : handle of server function. Handle of Partition dispatcher sid
+@return - The status of test functions
+**/
+val_status_t mbed_val_get_secure_test_result(psa_handle_t *handle)
+{
+ uint32_t test_data;
+ val_status_t status = VAL_STATUS_SUCCESS;
+ psa_status_t status_of_call = PSA_SUCCESS;
+
+ test_data = (TEST_RETURN_RESULT << ACTION_POS);
+
+ psa_outvec resp = {&status, sizeof(status)};
+ psa_invec data[1] = {{&test_data, sizeof(test_data)}};
+
+ status_of_call = pal_ipc_call(*handle, data, 1, &resp, 1);
+ if (status_of_call != PSA_SUCCESS)
+ {
+ status = VAL_STATUS_CALL_FAILED;
+ mbed_val_print(PRINT_ERROR, "Call to dispatch SF failed. Status=%x\n", status_of_call);
+ }
+
+ pal_ipc_close(*handle);
+ return status;
+}
+
+/**
+ * @brief Connect to given sid
+ @param -sid : RoT service id
+ @param -minor_version : minor_version of RoT service
+ @param -handle - return connection handle
+ * @return val_status_t
+ */
+val_status_t mbed_val_ipc_connect(uint32_t sid, uint32_t minor_version, psa_handle_t *handle )
+{
+ *handle = pal_ipc_connect(sid, minor_version);
+
+ if (*handle < 0)
+ {
+ return VAL_STATUS_CONNECTION_FAILED;
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+/**
+ * @brief Call a connected Root of Trust Service.@n
+ * The caller must provide an array of ::psa_invec_t structures as the input payload.
+ *
+ * @param handle Handle for the connection.
+ * @param in_vec Array of psa_invec structures.
+ * @param in_len Number of psa_invec structures in in_vec.
+ * @param out_vec Array of psa_outvec structures for optional Root of Trust Service response.
+ * @param out_len Number of psa_outvec structures in out_vec.
+ * @return val_status_t
+ */
+val_status_t mbed_val_ipc_call(psa_handle_t handle, psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len)
+{
+ psa_status_t call_status = PSA_SUCCESS;
+
+ call_status = pal_ipc_call(handle, in_vec, in_len, out_vec, out_len);
+
+ if (call_status != PSA_SUCCESS)
+ {
+ return VAL_STATUS_CALL_FAILED;
+ }
+
+ return VAL_STATUS_SUCCESS;
+}
+
+/**
+ * @brief Close a connection to a Root of Trust Service.
+ * Sends the PSA_IPC_DISCONNECT message to the Root of Trust Service so it can clean up resources.
+ *
+ * @param handle Handle for the connection.
+ * @return void
+ */
+void mbed_val_ipc_close(psa_handle_t handle)
+{
+ pal_ipc_close(handle);
+}
+
+
+/**
+ * @brief reprogram the watchdog timer
+ * always succeeds on mbed-greentead testing.
+ *
+ * @param timeout_type type of timeout.
+ * @return val_status_t
+ */
+val_status_t mbed_val_wd_reprogram_timer(wd_timeout_type_t timeout_type)
+{
+ return VAL_STATUS_SUCCESS;
+}
+
+
+} // extern "C"
+
+
diff --git a/features/frameworks/TARGET_PSA/val_greentea.h b/features/frameworks/TARGET_PSA/val_greentea.h
new file mode 100644
index 00000000000..77edb916edd
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_greentea.h
@@ -0,0 +1,30 @@
+#ifndef _VAL_GREENTEA_H_
+#define _VAL_GREENTEA_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "val.h"
+#include "val_interfaces.h"
+
+void mbed_val_test_init(uint32_t test_num, char8_t *desc, uint32_t test_bitfield);
+void mbed_val_test_exit(void);
+val_status_t mbed_val_execute_non_secure_tests(uint32_t test_num, client_test_t *tests_list, bool_t server_hs);
+val_status_t mbed_val_set_status(uint32_t status);
+uint32_t mbed_val_get_status(void);
+val_status_t mbed_val_execute_secure_test_func(psa_handle_t *handle, test_info_t test_info, uint32_t sid);
+val_status_t mbed_val_print(print_verbosity_t verbosity, const char *string, uint32_t data);
+val_status_t mbed_val_get_secure_test_result(psa_handle_t *handle);
+val_status_t mbed_val_ipc_connect(uint32_t sid, uint32_t minor_version, psa_handle_t *handle);
+val_status_t mbed_val_ipc_call(psa_handle_t handle, psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len);
+void mbed_val_ipc_close(psa_handle_t handle);
+val_status_t mbed_val_wd_reprogram_timer(wd_timeout_type_t timeout_type);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // _VAL_GREENTEA_H_
diff --git a/features/frameworks/TARGET_PSA/val_interfaces.c b/features/frameworks/TARGET_PSA/val_interfaces.c
new file mode 100644
index 00000000000..a3ba81c601c
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_interfaces.c
@@ -0,0 +1,62 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+
+#include "val_greentea.h"
+#include "val_interfaces.h"
+#include "val_crypto.h"
+#include "val_internal_trusted_storage.h"
+#include "val_protected_storage.h"
+#include "val_attestation.h"
+
+/*VAL APIs to be used by test */
+const val_api_t val_api = {
+ .print = mbed_val_print,
+ .set_status = mbed_val_set_status,
+ .get_status = mbed_val_get_status,
+ .test_init = mbed_val_test_init,
+ .test_exit = mbed_val_test_exit,
+ .err_check_set = NULL,
+ .target_get_config = NULL,
+ .execute_non_secure_tests = mbed_val_execute_non_secure_tests,
+ .switch_to_secure_client = NULL,
+ .execute_secure_test_func = mbed_val_execute_secure_test_func,
+ .get_secure_test_result = mbed_val_get_secure_test_result,
+ .ipc_connect = mbed_val_ipc_connect,
+ .ipc_call = mbed_val_ipc_call,
+ .ipc_close = mbed_val_ipc_close,
+ .nvmem_read = NULL,
+ .nvmem_write = NULL,
+ .wd_timer_init = NULL,
+ .wd_timer_enable = NULL,
+ .wd_timer_disable = NULL,
+ .wd_reprogram_timer = mbed_val_wd_reprogram_timer,
+ .set_boot_flag = NULL,
+ .get_boot_flag = NULL,
+ .crypto_function = val_crypto_function,
+ .its_function = val_its_function,
+ .ps_function = val_ps_function,
+ .attestation_function = val_attestation_function,
+};
+
+const psa_api_t psa_api = {
+ .framework_version = pal_ipc_framework_version,
+ .version = pal_ipc_version,
+ .connect = pal_ipc_connect,
+ .call = pal_ipc_call,
+ .close = pal_ipc_close,
+};
diff --git a/features/frameworks/TARGET_PSA/val_interfaces.h b/features/frameworks/TARGET_PSA/val_interfaces.h
new file mode 100644
index 00000000000..80996bdb2d5
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_interfaces.h
@@ -0,0 +1,83 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_INTERFACES_H_
+#define _VAL_INTERFACES_H_
+
+#include "val.h"
+#include "val_client_defs.h"
+#include "pal_interfaces_ns.h"
+
+/* typedef's */
+typedef struct {
+ val_status_t (*print) (print_verbosity_t verbosity,
+ const char *string, uint32_t data);
+ val_status_t (*set_status) (uint32_t status);
+ uint32_t (*get_status) (void);
+ void (*test_init) (uint32_t test_num, char8_t *desc,
+ uint32_t test_bitfield);
+ void (*test_exit) (void);
+ val_status_t (*err_check_set) (uint32_t checkpoint, val_status_t status);
+ val_status_t (*target_get_config) (cfg_id_t cfg_id, uint8_t **data, uint32_t *size);
+ val_status_t (*execute_non_secure_tests) (uint32_t test_num, client_test_t *tests_list,
+ bool_t server_hs);
+ val_status_t (*switch_to_secure_client) (uint32_t test_num);
+ val_status_t (*execute_secure_test_func) (psa_handle_t *handle, test_info_t test_info,
+ uint32_t sid);
+ val_status_t (*ipc_connect) (uint32_t sid, uint32_t minor_version,
+ psa_handle_t *handle );
+ val_status_t (*ipc_call) (psa_handle_t handle, psa_invec *in_vec,
+ size_t in_len, psa_outvec *out_vec,
+ size_t out_len);
+ void (*ipc_close) (psa_handle_t handle);
+ val_status_t (*get_secure_test_result) (psa_handle_t *handle);
+ val_status_t (*nvmem_read) (uint32_t offset, void *buffer, int size);
+ val_status_t (*nvmem_write) (uint32_t offset, void *buffer, int size);
+ val_status_t (*wd_timer_init) (wd_timeout_type_t timeout_type);
+ val_status_t (*wd_timer_enable) (void);
+ val_status_t (*wd_timer_disable) (void);
+ val_status_t (*wd_reprogram_timer) (wd_timeout_type_t timeout_type);
+ val_status_t (*set_boot_flag) (boot_state_t state);
+ val_status_t (*get_boot_flag) (boot_state_t *state);
+ int32_t (*crypto_function) (int type, ...);
+ uint32_t (*its_function) (int type, ...);
+ uint32_t (*ps_function) (int type, ...);
+ int32_t (*attestation_function) (int type, ...);
+} val_api_t;
+
+typedef struct {
+ uint32_t (*framework_version) (void);
+ uint32_t (*version) (uint32_t sid);
+ psa_handle_t (*connect) (uint32_t sid, uint32_t minor_version);
+ psa_status_t (*call) (psa_handle_t handle,
+ const psa_invec *in_vec,
+ size_t in_len,
+ psa_outvec *out_vec,
+ size_t out_len
+ );
+ void (*close) (psa_handle_t handle);
+} psa_api_t;
+
+typedef void (*test_fptr_t)(val_api_t *val, psa_api_t *psa);
+
+typedef struct {
+ test_id_t test_id;
+ test_fptr_t entry_addr;
+} val_test_info_t;
+
+void test_entry(val_api_t *val, psa_api_t *psa);
+#endif
diff --git a/features/frameworks/TARGET_PSA/val_internal_trusted_storage.c b/features/frameworks/TARGET_PSA/val_internal_trusted_storage.c
new file mode 100644
index 00000000000..e79e9c06c80
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_internal_trusted_storage.c
@@ -0,0 +1,39 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_target.h"
+#include "pal_interfaces_ns.h"
+#include "val_framework.h"
+#include "val_client_defs.h"
+#include "val_internal_trusted_storage.h"
+
+/**
+ @brief - This API will call the requested internal trusted storage function
+ @param - type : function code
+ ... : variable number of arguments
+ @return - Error status
+**/
+uint32_t val_its_function(int type, ...)
+{
+ va_list valist;
+ uint32_t status;
+
+ va_start(valist, type);
+ status = pal_its_function(type, valist);
+ va_end(valist);
+ return status;
+}
diff --git a/features/frameworks/TARGET_PSA/val_internal_trusted_storage.h b/features/frameworks/TARGET_PSA/val_internal_trusted_storage.h
new file mode 100644
index 00000000000..2f9384dea21
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_internal_trusted_storage.h
@@ -0,0 +1,34 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_INTERNAL_TRUSTED_STORAGE_H_
+#define _VAL_INTERNAL_TRUSTED_STORAGE_H_
+
+#include "val.h"
+
+#define UID_BASE_VALUE 0
+#define BYTES_TO_BITS(byte) (byte * 8)
+
+enum its_function_code {
+ VAL_ITS_SET = 0x1,
+ VAL_ITS_GET = 0x2,
+ VAL_ITS_GET_INFO = 0x3,
+ VAL_ITS_REMOVE = 0x4,
+};
+
+uint32_t val_its_function(int type, ...);
+#endif /* _VAL_INTERNAL_TRUSTED_STORAGE_H_ */
diff --git a/features/frameworks/TARGET_PSA/val_protected_storage.c b/features/frameworks/TARGET_PSA/val_protected_storage.c
new file mode 100644
index 00000000000..06c1f502aa5
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_protected_storage.c
@@ -0,0 +1,39 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#include "val_target.h"
+#include "pal_interfaces_ns.h"
+#include "val_framework.h"
+#include "val_client_defs.h"
+#include "val_protected_storage.h"
+
+/**
+ @brief - This API will call the requested protected storage function
+ @param - type : function code
+ ... : variable number of arguments
+ @return - Error status
+**/
+uint32_t val_ps_function(int type, ...)
+{
+ va_list valist;
+ uint32_t status;
+
+ va_start(valist, type);
+ status = pal_ps_function(type, valist);
+ va_end(valist);
+ return status;
+}
diff --git a/features/frameworks/TARGET_PSA/val_protected_storage.h b/features/frameworks/TARGET_PSA/val_protected_storage.h
new file mode 100644
index 00000000000..7f05cea25ae
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_protected_storage.h
@@ -0,0 +1,37 @@
+/** @file
+ * Copyright (c) 2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _VAL_PROTECTED_STORAGE_H_
+#define _VAL_PROTECTED_STORAGE_H_
+
+#include "val.h"
+
+#define UID_BASE_VALUE 0
+#define BYTES_TO_BITS(byte) (byte * 8)
+
+enum ps_function_code {
+ VAL_PS_SET = 0x1,
+ VAL_PS_GET = 0x2,
+ VAL_PS_GET_INFO = 0x3,
+ VAL_PS_REMOVE = 0x4,
+ VAL_PS_CREATE = 0x5,
+ VAL_PS_SET_EXTENDED = 0x6,
+ VAL_PS_GET_SUPPORT = 0x7,
+};
+
+uint32_t val_ps_function(int type, ...);
+#endif /* _VAL_PROTECTED_STORAGE_H_ */
diff --git a/features/frameworks/TARGET_PSA/val_target.h b/features/frameworks/TARGET_PSA/val_target.h
new file mode 100644
index 00000000000..c32f0a57d19
--- /dev/null
+++ b/features/frameworks/TARGET_PSA/val_target.h
@@ -0,0 +1,205 @@
+/** @file
+ * Copyright (c) 2018-2019, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+**/
+
+#ifndef _TARGET_INFO_DATA_H_
+#define _TARGET_INFO_DATA_H_
+
+#include "val.h"
+
+#define TARGET_CONFIG_CREATE_ID(major, minor, index) \
+ (((major & 0xFF) << 24) | ((minor & 0xFF) << 16) | (index & 0xFFFF))
+#define TARGET_CONFIG_GET_MAJOR(config_id) ((config_id >> 24) & 0xFF)
+#define TARGET_CONFIG_GET_MINOR(config_id) ((config_id >> 16) & 0xFF)
+#define TARGET_CONFIG_INCREMENT_INDEX(config_id) \
+ ((config_id & 0xFFFF0000) | ((config_id & 0xFFFF) + 1))
+#define GET_NUM_INSTANCE(struct_type) (struct_type->cfg_type.size >> 24)
+#define VAL_TEST_MAJOR_GROUP_MASK 0xFF000000UL
+#define VAL_TEST_MINOR_GROUP_MASK 0x00FF0000UL
+#define VAL_TEST_CFG_INSTANCE_MASK 0x0000FFFFUL
+#define VAL_TEST_INVALID_CFG_ID 0xFFFFFFFFUL
+#define TARGET_MIN_CFG_ID TARGET_CONFIG_CREATE_ID(GROUP_SOC_PERIPHERAL, 0, 0)
+#define TARGET_MAX_CFG_ID TARGET_CONFIG_CREATE_ID(GROUP_MAX, 0, 0)
+
+/**
+ Config IDs for each group/component
+ 31:24 : MAJOR (group)
+ 23:16 : MINOR (component)
+ 16:8 : SUB-component
+ 7:0 : INSTANCE (instance of same component)
+**/
+
+/*
+ MAJOR IDs
+*/
+typedef enum _GROUP_CONFIG_ID_ {
+ GROUP_SOC_PERIPHERAL = 0x1,
+ GROUP_MEMORY = 0x2,
+ GROUP_MISCELLANEOUS = 0x3,
+ GROUP_MAX = 0xFF,
+} group_cfg_id_t;
+
+/*
+ MINOR IDs
+ */
+typedef enum _SOC_PERIPHERAL_CONFIG_ID_ {
+ SOC_PERIPHERAL_UART = 0x1,
+ SOC_PERIPHERAL_TIMER = 0x2,
+ SOC_PERIPHERAL_WATCHDOG = 0x3,
+} soc_peripheral_cfg_id_t;
+
+typedef enum _MEMORY_CONFIG_ID_ {
+ MEMORY_NVMEM = 0x2,
+ MEMORY_NSPE_MMIO = 0x3,
+ MEMORY_CLIENT_PARTITION_MMIO = 0x4,
+ MEMORY_DRIVER_PARTITION_MMIO = 0x5,
+} memory_cfg_id_t;
+
+typedef enum _MISCELLANEOUS_CONFIG_ID_ {
+ MISCELLANEOUS_BOOT = 0x1,
+ MISCELLANEOUS_DUT = 0x2
+} miscellaneous_cfg_id_t;
+
+/**
+ Assign group type to each system component
+**/
+typedef enum _COMPONENT_GROUPING_{
+ UART = GROUP_SOC_PERIPHERAL,
+ TIMER = GROUP_SOC_PERIPHERAL,
+ WATCHDOG = GROUP_SOC_PERIPHERAL,
+ NVMEM = GROUP_MEMORY,
+ NSPE_MMIO = GROUP_MEMORY,
+ CLIENT_PARTITION_MMIO = GROUP_MEMORY,
+ DRIVER_PARTITION_MMIO = GROUP_MEMORY,
+ BOOT = GROUP_MISCELLANEOUS,
+ DUT = GROUP_MISCELLANEOUS,
+} comp_group_assign_t;
+
+/**
+ Target Configuration Header
+**/
+typedef struct _TARGET_CFG_HDR_ {
+ /* PSA_CFG */
+ uint32_t signature[2];
+ /* 8 byte String describing the Target platform */
+ uint32_t target_string[2];
+ /* version = 1 for now */
+ uint32_t version;
+ /* Header Size */
+ uint32_t size;
+}target_cfg_hdr_t;
+
+typedef enum {
+ LEVEL1 = 0x1,
+ LEVEL2,
+ LEVEL3,
+} firmware_level_t;
+
+typedef enum {
+ NOT_AVAILABLE = 0x0,
+ AVAILABLE = 0x1,
+} is_available_t;
+
+typedef enum {
+ SECURE_ACCESS = 0x100,
+ NONSECURE_ACCESS,
+ SECURE_PROGRAMMABLE,
+ NONSECURE_PROGRAMMABLE
+} dev_attr_t;
+
+typedef enum {
+ MEM_SECURE = 0x100,
+ MEM_NONSECURE,
+ MEM_NSC,
+} mem_tgt_attr_t;
+
+typedef enum {
+ TYPE_READ_ONLY = 0x10,
+ TYPE_WRITE_ONLY,
+ TYPE_READ_WRITE,
+ TYPE_EXECUTE,
+ TYPE_RESERVED,
+} perm_type_t;
+
+typedef struct _CFG_HDR_TYPE_ {
+ cfg_id_t cfg_id;
+ /* size inclusive of this header */
+ uint32_t size;
+} cfg_type_t;
+
+/**
+ Memory Information
+**/
+typedef struct _MEM_INFO_DESC_ {
+ cfg_type_t cfg_type;
+ uint32_t num;
+} memory_hdr_t;
+
+typedef struct _MEM_REGION_ {
+ cfg_type_t cfg_type;
+ addr_t start;
+ addr_t end;
+ mem_tgt_attr_t attribute;
+ perm_type_t permission;
+} memory_desc_t;
+
+/*
+ SOC Peripheral description structures
+*/
+typedef struct _SOC_PER_INFO_NUM_ {
+ cfg_type_t cfg_type;
+ uint32_t num;
+} soc_peripheral_hdr_t;
+
+typedef struct _SOC_PER_INFO_DESC_ {
+ cfg_type_t cfg_type;
+ uint32_t vendor_id;
+ uint32_t device_id;
+ addr_t base;
+ uint32_t size;
+ uint32_t intr_id;
+ perm_type_t permission;
+ uint32_t timeout_in_micro_sec_low;
+ uint32_t timeout_in_micro_sec_medium;
+ uint32_t timeout_in_micro_sec_high;
+ uint32_t timeout_in_micro_sec_crypto;
+ uint32_t num_of_tick_per_micro_sec;
+ dev_attr_t attribute;
+} soc_peripheral_desc_t;
+
+/**
+ System Miscellaneous Information
+**/
+
+typedef struct _MISCELLANEOUS_INFO_HDR_ {
+ cfg_type_t cfg_type;
+ uint32_t num;
+} miscellaneous_hdr_t;
+
+typedef struct _MISCELLANEOUS_INFO_DESC_ {
+ cfg_type_t cfg_type;
+ firmware_level_t implemented_psa_firmware_isolation_level;
+ addr_t ns_start_addr_of_combine_test_binary;
+ is_available_t combine_test_binary_in_ram;
+ addr_t ns_test_addr;
+} miscellaneous_desc_t;
+
+/*val target config read apis */
+STATIC_DECLARE val_status_t val_target_get_config(cfg_id_t cfg_id, uint8_t **data, uint32_t *size);
+STATIC_DECLARE val_status_t val_target_cfg_get_next(void **blob);
+STATIC_DECLARE val_status_t val_target_get_cfg_blob(cfg_id_t cfg_id, uint8_t **data, uint32_t *size);
+STATIC_DECLARE val_status_t val_target_get_config(cfg_id_t cfg_id, uint8_t **data, uint32_t *size);
+#endif
diff --git a/tools/importer/psa_compliance_importer.json b/tools/importer/psa_compliance_importer.json
new file mode 100644
index 00000000000..ef3a820c3c6
--- /dev/null
+++ b/tools/importer/psa_compliance_importer.json
@@ -0,0 +1,322 @@
+{
+ "files": [{
+ "src_file": "val/nspe/pal_interfaces_ns.h",
+ "dest_file": "features/frameworks/TARGET_PSA/pal_interfaces_ns.h"
+ },
+ {
+ "src_file": "platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.h",
+ "dest_file": "features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h"
+ },
+ {
+ "src_file": "platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_intf.c",
+ "dest_file": "features/frameworks/TARGET_PSA/pal/pal_attestation_intf.c"
+ },
+ {
+ "src_file": "platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.h",
+ "dest_file": "features/frameworks/TARGET_PSA/pal_attestation_eat.h"
+ },
+ {
+ "src_file": "platform/targets/tgt_dev_apis_mbedos_fvp_mps2_m4/nspe/initial_attestation/pal_attestation_eat.c",
+ "dest_file": "features/frameworks/TARGET_PSA/pal_attestation_eat.c"
+ },
+ {
+ "src_file": "val/nspe/val_attestation.h",
+ "dest_file": "features/frameworks/TARGET_PSA/val_attestation.h"
+ },
+ {
+ "src_file": "val/nspe/val_attestation.c",
+ "dest_file": "features/frameworks/TARGET_PSA/val_attestation.c"
+ },
+ {
+ "src_file": "val/nspe/val_attestation.h",
+ "dest_file": "features/frameworks/TARGET_PSA/val_attestation.h"
+ },
+ {
+ "src_file": "val/common/val_client_defs.h",
+ "dest_file": "features/frameworks/TARGET_PSA/val_client_defs.h"
+ },
+ {
+ "src_file": "val/nspe/val_crypto.c",
+ "dest_file": "features/frameworks/TARGET_PSA/val_crypto.c"
+ },
+ {
+ "src_file": "val/nspe/val_crypto.h",
+ "dest_file": "features/frameworks/TARGET_PSA/val_crypto.h"
+ },
+ {
+ "src_file": "val/nspe/val_entry.h",
+ "dest_file": "features/frameworks/TARGET_PSA/val_entry.h"
+ },
+ {
+ "src_file": "val/nspe/val_interfaces.h",
+ "dest_file": "features/frameworks/TARGET_PSA/val_interfaces.h"
+ },
+ {
+ "src_file": "val/nspe/val_interfaces.c",
+ "dest_file": "features/frameworks/TARGET_PSA/val_interfaces.c"
+ },
+ {
+ "src_file": "val/nspe/val_internal_trusted_storage.c",
+ "dest_file": "features/frameworks/TARGET_PSA/val_internal_trusted_storage.c"
+ },
+ {
+ "src_file": "val/nspe/val_internal_trusted_storage.h",
+ "dest_file": "features/frameworks/TARGET_PSA/val_internal_trusted_storage.h"
+ },
+ {
+ "src_file": "val/nspe/val_protected_storage.c",
+ "dest_file": "features/frameworks/TARGET_PSA/val_protected_storage.c"
+ },
+ {
+ "src_file": "val/nspe/val_protected_storage.h",
+ "dest_file": "features/frameworks/TARGET_PSA/val_protected_storage.h"
+ },
+ {
+ "src_file": "val/common/val_target.h",
+ "dest_file": "features/frameworks/TARGET_PSA/val_target.h"
+ },
+ {
+ "src_file": "val/common/val.h",
+ "dest_file": "features/frameworks/TARGET_PSA/val.h"
+ },
+ {
+ "src_file": "docs/psa_attestation_testlist.md",
+ "dest_file": "components/TARGET_PSA/TESTS/compliance_attestation/psa_attestation_testlist.md"
+ },
+ {
+ "src_file": "docs/psa_crypto_testlist.md",
+ "dest_file": "components/TARGET_PSA/TESTS/compliance_crypto/psa_crypto_testlist.md"
+ },
+ {
+ "src_file": "docs/psa_its_testlist.md",
+ "dest_file": "components/TARGET_PSA/TESTS/compliance_its/psa_its_testlist.md"
+ }
+ ],
+ "folders": [{
+ "src_folder": "dev_apis/internal_trusted_storage/test_s001/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_its/test_s001/"
+ },
+ {
+ "src_folder": "dev_apis/internal_trusted_storage/test_s002/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_its/test_s002/"
+ },
+ {
+ "src_folder": "dev_apis/internal_trusted_storage/test_s003/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_its/test_s003/"
+ },
+ {
+ "src_folder": "dev_apis/internal_trusted_storage/test_s004/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_its/test_s004/"
+ },
+ {
+ "src_folder": "dev_apis/internal_trusted_storage/test_s005/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_its/test_s005/"
+ },
+ {
+ "src_folder": "dev_apis/internal_trusted_storage/test_s006/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_its/test_s006/"
+ },
+ {
+ "src_folder": "dev_apis/internal_trusted_storage/test_s007/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_its/test_s007/"
+ },
+ {
+ "src_folder": "dev_apis/internal_trusted_storage/test_s008/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_its/test_s008/"
+ },
+ {
+ "src_folder": "dev_apis/internal_trusted_storage/test_s009/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_its/test_s009/"
+ },
+ {
+ "src_folder": "dev_apis/internal_trusted_storage/test_s010/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_its/test_s010/"
+ },
+ {
+ "src_folder": "dev_apis/initial_attestation/test_a001/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_attestation/test_a001/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c001/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c001/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c002/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c002/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c003/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c003/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c004/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c004/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c005/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c005/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c006/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c006/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c007/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c007/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c008/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c008/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c009/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c009/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c010/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c010/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c011/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c011/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c012/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c012/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c013/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c013/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c014/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c014/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c015/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c015/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c016/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c016/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c017/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c017/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c018/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c018/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c019/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c019/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c020/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c020/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c021/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c021/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c022/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c022/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c023/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c023/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c024/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c024/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c025/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c025/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c026/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c026/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c027/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c027/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c028/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c028/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c029/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c029/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c030/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c030/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c031/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c031/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c032/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c032/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c033/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c033/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c034/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c034/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c035/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c035/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c036/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c036/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c037/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c037/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c038/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c038/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c039/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c039/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c040/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c040/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c041/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c041/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c042/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c042/"
+ },
+ {
+ "src_folder": "dev_apis/crypto/test_c043/",
+ "dest_folder": "components/TARGET_PSA/TESTS/compliance_crypto/test_c043/"
+ }
+],
+ "commit_sha": [
+ "67ada4404f0aec2a398bebdb8973b901e07e5003",
+ "22e429bdd4cf0d1a40e416a206420d5938a226e1",
+ "eae1252c29d15207d6d3b89bcab8c644c652e6f8",
+ "1650a923eb6f79051544b2c57fb72140eaae4f65",
+ "2982907e37b695d9dee9db7026a3ae0ecbd04451",
+ "16a59cb9926bc96792cc9d1b7a996689f7bf1b86",
+ "c437c9f0b80a3f4177a23a2a6f2399d9e8bd162b"
+
+ ]
+}