diff --git a/ChangeLog.d/ec_jpake_driver_dispatch.txt b/ChangeLog.d/ec_jpake_driver_dispatch.txt new file mode 100644 index 000000000..343929629 --- /dev/null +++ b/ChangeLog.d/ec_jpake_driver_dispatch.txt @@ -0,0 +1,3 @@ +Features + * Add a driver dispatch layer for EC J-PAKE, enabling alternative + implementations of EC J-PAKE through the driver entry points. diff --git a/ChangeLog.d/fix-jpake-user-peer.txt b/ChangeLog.d/fix-jpake-user-peer.txt new file mode 100644 index 000000000..e027fc37b --- /dev/null +++ b/ChangeLog.d/fix-jpake-user-peer.txt @@ -0,0 +1,4 @@ +Bugfix + * Allow setting user and peer identifiers for EC J-PAKE operation + instead of role in PAKE PSA Crypto API as described in the specification. + This is a partial fix that allows only "client" and "server" identifiers. diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index f681ea60e..0027ec766 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -374,6 +374,22 @@ psa_status_t psa_crypto_driver_pake_get_password_key(     uint8_t** p_key_buffer, size_t *key_buffer_size, const psa_key_attributes_t *attributes); +psa_status_t psa_crypto_driver_pake_get_user_len( +    const psa_crypto_driver_pake_inputs_t *inputs, +    size_t *user_len); + +psa_status_t psa_crypto_driver_pake_get_user( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *user_id, size_t user_id_size, size_t *user_id_len); + +psa_status_t psa_crypto_driver_pake_get_peer_len( +    const psa_crypto_driver_pake_inputs_t *inputs, +    size_t *peer_len); + +psa_status_t psa_crypto_driver_pake_get_peer( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length); + psa_status_t psa_crypto_driver_pake_get_role(     const psa_crypto_driver_pake_inputs_t *inputs,     psa_pake_role_t *role); diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 30d345c8e..4920508d7 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1300,10 +1300,10 @@ typedef struct psa_jpake_computation_stage_s psa_jpake_computation_stage_t; */ static psa_pake_operation_t psa_pake_operation_init(void); -/** Get the lengths of the password in bytes from given inputs. +/** Get the length of the password in bytes from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] password_len Return buffer for password length. + * \param[out] password_len Password length. * * \retval #PSA_SUCCESS * Success. @@ -1344,6 +1344,70 @@ psa_status_t psa_crypto_driver_pake_get_role( const psa_crypto_driver_pake_inputs_t *inputs, psa_pake_role_t *role); +/** Get the length of the user id in bytes from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] user_len User id length. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * User id hasn't been set yet. + */ +psa_status_t psa_crypto_driver_pake_get_user_len( + const psa_crypto_driver_pake_inputs_t *inputs, + size_t *user_len); + +/** Get the length of the peer id in bytes from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] peer_len Peer id length. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * Peer id hasn't been set yet. + */ +psa_status_t psa_crypto_driver_pake_get_peer_len( + const psa_crypto_driver_pake_inputs_t *inputs, + size_t *peer_len); + +/** Get the user id from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] user_id User id. + * \param user_id_size Size of \p user_id in bytes. + * \param[out] user_id_len Size of the user id in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * User id hasn't been set yet. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p user_id is too small. + */ +psa_status_t psa_crypto_driver_pake_get_user( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *user_id, size_t user_id_size, size_t *user_id_len); + +/** Get the peer id from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] peer_id Peer id. + * \param peer_id_size Size of \p peer_id in bytes. + * \param[out] peer_id_length Size of the peer id in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * Peer id hasn't been set yet. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p peer_id is too small. + */ +psa_status_t psa_crypto_driver_pake_get_peer( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length); + /** Get the cipher suite from given inputs. * * \param[in] inputs Operation inputs. @@ -1498,6 +1562,7 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * been set (psa_pake_set_user() hasn't been * called yet). * \param[in] user_id The user ID to authenticate with. + * (temporary limitation: "client" or "server" only) * \param user_id_len Size of the \p user_id buffer in bytes. * * \retval #PSA_SUCCESS @@ -1539,6 +1604,7 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, * been set (psa_pake_set_peer() hasn't been * called yet). * \param[in] peer_id The peer's ID to authenticate. + * (temporary limitation: "client" or "server" only) * \param peer_id_len Size of the \p peer_id buffer in bytes. * * \retval #PSA_SUCCESS @@ -1970,6 +2036,10 @@ struct psa_crypto_driver_pake_inputs_s { uint8_t *MBEDTLS_PRIVATE(password); size_t MBEDTLS_PRIVATE(password_len); psa_pake_role_t MBEDTLS_PRIVATE(role); + uint8_t *MBEDTLS_PRIVATE(user); + size_t MBEDTLS_PRIVATE(user_len); + uint8_t *MBEDTLS_PRIVATE(peer); + size_t MBEDTLS_PRIVATE(peer_len); psa_key_attributes_t MBEDTLS_PRIVATE(attributes); psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); }; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 199c25b18..ba204f7ef 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -90,6 +90,10 @@ #define BUILTIN_ALG_ANY_HKDF 1 #endif +/* The only two JPAKE user/peer identifiers supported for the time being. */ +static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; +static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; + /****************************************************************/ /* Global data, support functions and library management */ /****************************************************************/ @@ -7208,6 +7212,68 @@ psa_status_t psa_crypto_driver_pake_get_role( return PSA_SUCCESS; } +psa_status_t psa_crypto_driver_pake_get_user_len( + const psa_crypto_driver_pake_inputs_t *inputs, + size_t *user_len) +{ + if (inputs->user_len == 0) { + return PSA_ERROR_BAD_STATE; + } + + *user_len = inputs->user_len; + + return PSA_SUCCESS; +} + +psa_status_t psa_crypto_driver_pake_get_user( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *user_id, size_t user_id_size, size_t *user_id_len) +{ + if (inputs->user_len == 0) { + return PSA_ERROR_BAD_STATE; + } + + if (user_id_size < inputs->user_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + memcpy(user_id, inputs->user, inputs->user_len); + *user_id_len = inputs->user_len; + + return PSA_SUCCESS; +} + +psa_status_t psa_crypto_driver_pake_get_peer_len( + const psa_crypto_driver_pake_inputs_t *inputs, + size_t *peer_len) +{ + if (inputs->peer_len == 0) { + return PSA_ERROR_BAD_STATE; + } + + *peer_len = inputs->peer_len; + + return PSA_SUCCESS; +} + +psa_status_t psa_crypto_driver_pake_get_peer( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length) +{ + if (inputs->peer_len == 0) { + return PSA_ERROR_BAD_STATE; + } + + if (peer_id_size < inputs->peer_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + memcpy(peer_id, inputs->peer, inputs->peer_len); + *peer_id_length = inputs->peer_len; + + return PSA_SUCCESS; +} + psa_status_t psa_crypto_driver_pake_get_cipher_suite( const psa_crypto_driver_pake_inputs_t *inputs, psa_pake_cipher_suite_t *cipher_suite) @@ -7322,7 +7388,6 @@ psa_status_t psa_pake_set_user( size_t user_id_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - (void) user_id; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = PSA_ERROR_BAD_STATE; @@ -7334,7 +7399,30 @@ psa_status_t psa_pake_set_user( goto exit; } - return PSA_ERROR_NOT_SUPPORTED; + if (operation->data.inputs.user_len != 0) { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + /* Allow only "client" or "server" values (temporary restriction). */ + if ((user_id_len != sizeof(jpake_server_id) || + memcmp(user_id, jpake_server_id, user_id_len) != 0) && + (user_id_len != sizeof(jpake_client_id) || + memcmp(user_id, jpake_client_id, user_id_len) != 0)) { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + + operation->data.inputs.user = mbedtls_calloc(1, user_id_len); + if (operation->data.inputs.user == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto exit; + } + + memcpy(operation->data.inputs.user, user_id, user_id_len); + operation->data.inputs.user_len = user_id_len; + + return PSA_SUCCESS; exit: psa_pake_abort(operation); return status; @@ -7346,7 +7434,6 @@ psa_status_t psa_pake_set_peer( size_t peer_id_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - (void) peer_id; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = PSA_ERROR_BAD_STATE; @@ -7358,7 +7445,30 @@ psa_status_t psa_pake_set_peer( goto exit; } - return PSA_ERROR_NOT_SUPPORTED; + if (operation->data.inputs.peer_len != 0) { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + /* Allow only "client" or "server" values (temporary restriction). */ + if ((peer_id_len != sizeof(jpake_server_id) || + memcmp(peer_id, jpake_server_id, peer_id_len) != 0) && + (peer_id_len != sizeof(jpake_client_id) || + memcmp(peer_id, jpake_client_id, peer_id_len) != 0)) { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + + operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len); + if (operation->data.inputs.peer == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto exit; + } + + memcpy(operation->data.inputs.peer, peer_id, peer_id_len); + operation->data.inputs.peer_len = peer_id_len; + + return PSA_SUCCESS; exit: psa_pake_abort(operation); return status; @@ -7371,22 +7481,24 @@ psa_status_t psa_pake_set_role( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - status = PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; goto exit; } - if (role != PSA_PAKE_ROLE_NONE && - role != PSA_PAKE_ROLE_FIRST && - role != PSA_PAKE_ROLE_SECOND && - role != PSA_PAKE_ROLE_CLIENT && - role != PSA_PAKE_ROLE_SERVER) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; + switch (operation->alg) { +#if defined(PSA_WANT_ALG_JPAKE) + case PSA_ALG_JPAKE: + if (role == PSA_PAKE_ROLE_NONE) { + return PSA_SUCCESS; + } + status = PSA_ERROR_INVALID_ARGUMENT; + break; +#endif + default: + (void) role; + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; } - - operation->data.inputs.role = role; - - return PSA_SUCCESS; exit: psa_pake_abort(operation); return status; @@ -7456,15 +7568,27 @@ static psa_status_t psa_pake_complete_inputs( with the driver context which will be setup by the driver. */ psa_crypto_driver_pake_inputs_t inputs = operation->data.inputs; - if (inputs.password_len == 0 || - inputs.role == PSA_PAKE_ROLE_NONE) { + if (inputs.password_len == 0) { return PSA_ERROR_BAD_STATE; } - if (operation->alg == PSA_ALG_JPAKE && - inputs.role != PSA_PAKE_ROLE_CLIENT && - inputs.role != PSA_PAKE_ROLE_SERVER) { - return PSA_ERROR_NOT_SUPPORTED; + if (operation->alg == PSA_ALG_JPAKE) { + if (inputs.user_len == 0 || inputs.peer_len == 0) { + return PSA_ERROR_BAD_STATE; + } + if (memcmp(inputs.user, jpake_client_id, inputs.user_len) == 0 && + memcmp(inputs.peer, jpake_server_id, inputs.peer_len) == 0) { + inputs.role = PSA_PAKE_ROLE_CLIENT; + } else + if (memcmp(inputs.user, jpake_server_id, inputs.user_len) == 0 && + memcmp(inputs.peer, jpake_client_id, inputs.peer_len) == 0) { + inputs.role = PSA_PAKE_ROLE_SERVER; + } + + if (inputs.role != PSA_PAKE_ROLE_CLIENT && + inputs.role != PSA_PAKE_ROLE_SERVER) { + return PSA_ERROR_NOT_SUPPORTED; + } } /* Clear driver context */ @@ -7476,6 +7600,10 @@ static psa_status_t psa_pake_complete_inputs( mbedtls_platform_zeroize(inputs.password, inputs.password_len); mbedtls_free(inputs.password); + /* User and peer are translated to role. */ + mbedtls_free(inputs.user); + mbedtls_free(inputs.peer); + if (status == PSA_SUCCESS) { #if defined(PSA_WANT_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { @@ -7884,13 +8012,19 @@ psa_status_t psa_pake_abort( status = psa_driver_wrapper_pake_abort(operation); } - if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS && - operation->data.inputs.password != NULL) { - mbedtls_platform_zeroize(operation->data.inputs.password, - operation->data.inputs.password_len); - mbedtls_free(operation->data.inputs.password); + if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + if (operation->data.inputs.password != NULL) { + mbedtls_platform_zeroize(operation->data.inputs.password, + operation->data.inputs.password_len); + mbedtls_free(operation->data.inputs.password); + } + if (operation->data.inputs.user != NULL) { + mbedtls_free(operation->data.inputs.user); + } + if (operation->data.inputs.peer != NULL) { + mbedtls_free(operation->data.inputs.peer); + } } - memset(operation, 0, sizeof(psa_pake_operation_t)); return status; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0ff0e6435..b17da066e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1945,14 +1945,19 @@ void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) +static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; +static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; + static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( mbedtls_ssl_context *ssl, mbedtls_svc_key_id_t pwd) { psa_status_t status; - psa_pake_role_t psa_role; psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); - + const uint8_t *user = NULL; + size_t user_len = 0; + const uint8_t *peer = NULL; + size_t peer_len = 0; psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); psa_pake_cs_set_primitive(&cipher_suite, PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, @@ -1966,12 +1971,23 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( } if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - psa_role = PSA_PAKE_ROLE_SERVER; + user = jpake_server_id; + user_len = sizeof(jpake_server_id); + peer = jpake_client_id; + peer_len = sizeof(jpake_client_id); } else { - psa_role = PSA_PAKE_ROLE_CLIENT; + user = jpake_client_id; + user_len = sizeof(jpake_client_id); + peer = jpake_server_id; + peer_len = sizeof(jpake_server_id); } - status = psa_pake_set_role(&ssl->handshake->psa_pake_ctx, psa_role); + status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_pake_set_peer(&ssl->handshake->psa_pake_ctx, peer, peer_len); if (status != PSA_SUCCESS) { return status; } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index ab09fa0f5..56f4d1d5b 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -5,6 +5,11 @@ Global to silent the compiler when unused. */ size_t pake_expected_hit_count = 0; int pake_in_driver = 0; + +/* The only two JPAKE user/peer identifiers supported for the time being. */ +static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; +static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; + #if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, @@ -3035,8 +3040,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), PSA_SUCCESS); - TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), - PSA_SUCCESS); + PSA_ASSERT(psa_pake_set_user(&operation, jpake_server_id, sizeof(jpake_server_id))); + PSA_ASSERT(psa_pake_set_peer(&operation, jpake_client_id, sizeof(jpake_client_id))); TEST_EQUAL(psa_pake_set_password_key(&operation, key), PSA_SUCCESS); @@ -3229,9 +3234,11 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); - PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); + PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); + PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); - PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); + PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_password_key(&server, key)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 7640e3a89..62157037d 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -1,90 +1,106 @@ PSA PAKE: uninitialized access to psa_pake_operation_t depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE PSA PAKE: invalid alg depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_SETUP:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid primitive type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive family depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive bits depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid hash depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:"client":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: duplicate a valid setup depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE -PSA PAKE: ecjpake setup invalid role NONE +PSA PAKE: ecjpake setup role depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:ERR_IN_OUTPUT:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_SET_ROLE:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: wrong password key type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: wrong password key usage depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED + +PSA PAKE: set empty user +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"":"server":0:ERR_IN_SET_USER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set empty peer +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"":0:ERR_IN_SET_PEER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: set invalid user depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"aaaa":"server":0:ERR_IN_SET_USER:PSA_ERROR_NOT_SUPPORTED PSA PAKE: set invalid peer depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"aaaa":0:ERR_IN_SET_PEER:PSA_ERROR_NOT_SUPPORTED -PSA PAKE: set user +PSA PAKE: user already set depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_SET_USER:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_DUPLICATE_SET_USER:PSA_ERROR_BAD_STATE -PSA PAKE: set peer +PSA PAKE: peer already set depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_SET_PEER:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_DUPLICATE_SET_PEER:PSA_ERROR_BAD_STATE + +PSA PAKE: user and peer both servers +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"server":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: user and peer both clients +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"client":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid input depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: unkown input step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid first input step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE PSA PAKE: input buffer too large depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid output depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: unkown output step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid first output step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE PSA PAKE: output buffer too small depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_BUFFER_TOO_SMALL +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_BUFFER_TOO_SMALL PSA PAKE: check rounds w/o forced errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS @@ -202,3 +218,9 @@ pake_input_getters_cipher_suite PSA PAKE: input getters: role pake_input_getters_role + +PSA PAKE: input getters: user +pake_input_getters_user + +PSA PAKE: input getters: peer +pake_input_getters_peer diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 2bed45ac1..88f24dd55 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -8,10 +8,11 @@ typedef enum { /* errors forced internally in the code */ ERR_INJECT_UNINITIALIZED_ACCESS, ERR_INJECT_DUPLICATE_SETUP, - ERR_INJECT_INVALID_USER, - ERR_INJECT_INVALID_PEER, ERR_INJECT_SET_USER, ERR_INJECT_SET_PEER, + ERR_INJECT_SET_ROLE, + ERR_DUPLICATE_SET_USER, + ERR_DUPLICATE_SET_PEER, ERR_INJECT_EMPTY_IO_BUFFER, ERR_INJECT_UNKNOWN_STEP, ERR_INJECT_INVALID_FIRST_STEP, @@ -39,6 +40,8 @@ typedef enum { ERR_INJECT_ROUND2_SERVER_ZK_PROOF, /* erros issued from the .data file */ ERR_IN_SETUP, + ERR_IN_SET_USER, + ERR_IN_SET_PEER, ERR_IN_SET_ROLE, ERR_IN_SET_PASSWORD_KEY, ERR_IN_INPUT, @@ -50,6 +53,10 @@ typedef enum { PAKE_ROUND_TWO } pake_round_t; +/* The only two JPAKE user/peer identifiers supported for the time being. */ +static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; +static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; + /* * Inject an error on the specified buffer ONLY it this is the correct stage. * Offset 7 is arbitrary, but chosen because it's "in the middle" of the part @@ -537,7 +544,7 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, - int primitive_arg, int hash_arg, int role_arg, + int primitive_arg, int hash_arg, char *user_arg, char *peer_arg, int test_input, int err_stage_arg, int expected_error_arg) @@ -549,7 +556,6 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, psa_key_type_t key_type_pw = key_type_pw_arg; psa_key_usage_t key_usage_pw = key_usage_pw_arg; psa_algorithm_t hash_alg = hash_arg; - psa_pake_role_t role = role_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; ecjpake_error_stage_t err_stage = err_stage_arg; @@ -557,8 +563,12 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, psa_status_t status; unsigned char *output_buffer = NULL; size_t output_len = 0; - const uint8_t unsupp_id[] = "abcd"; const uint8_t password[] = "abcd"; + uint8_t *user = (uint8_t *) user_arg; + uint8_t *peer = (uint8_t *) peer_arg; + size_t user_len = strlen(user_arg); + size_t peer_len = strlen(peer_arg); + psa_key_derivation_operation_t key_derivation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -581,13 +591,13 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, PSA_ASSERT(psa_pake_abort(&operation)); if (err_stage == ERR_INJECT_UNINITIALIZED_ACCESS) { - TEST_EQUAL(psa_pake_set_user(&operation, NULL, 0), + TEST_EQUAL(psa_pake_set_user(&operation, user, user_len), expected_error); - TEST_EQUAL(psa_pake_set_peer(&operation, NULL, 0), + TEST_EQUAL(psa_pake_set_peer(&operation, peer, peer_len), expected_error); TEST_EQUAL(psa_pake_set_password_key(&operation, key), expected_error); - TEST_EQUAL(psa_pake_set_role(&operation, role), + TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), expected_error); TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, 0, &output_len), @@ -606,24 +616,27 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, SETUP_CONDITIONAL_CHECK_STEP(psa_pake_setup(&operation, &cipher_suite), ERR_INJECT_DUPLICATE_SETUP); - SETUP_ALWAYS_CHECK_STEP(psa_pake_set_role(&operation, role), + SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), + ERR_INJECT_SET_ROLE); + + SETUP_ALWAYS_CHECK_STEP(psa_pake_set_role(&operation, PSA_PAKE_ROLE_NONE), ERR_IN_SET_ROLE); + SETUP_ALWAYS_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), + ERR_IN_SET_USER); + + SETUP_ALWAYS_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), + ERR_IN_SET_PEER); + + SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), + ERR_DUPLICATE_SET_USER); + + SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), + ERR_DUPLICATE_SET_PEER); + SETUP_ALWAYS_CHECK_STEP(psa_pake_set_password_key(&operation, key), ERR_IN_SET_PASSWORD_KEY); - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, NULL, 0), - ERR_INJECT_INVALID_USER); - - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, NULL, 0), - ERR_INJECT_INVALID_PEER); - - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, unsupp_id, 4), - ERR_INJECT_SET_USER); - - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, unsupp_id, 4), - ERR_INJECT_SET_PEER); - const size_t size_key_share = PSA_PAKE_INPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); const size_t size_zk_public = PSA_PAKE_INPUT_SIZE(alg, primitive, @@ -741,8 +754,10 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); - PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); - PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); + PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); + PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); PSA_ASSERT(psa_pake_set_password_key(&server, key)); PSA_ASSERT(psa_pake_set_password_key(&client, key)); @@ -816,8 +831,10 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); - PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); - PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); + PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); + PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); PSA_ASSERT(psa_pake_set_password_key(&server, key)); PSA_ASSERT(psa_pake_set_password_key(&client, key)); @@ -1030,8 +1047,9 @@ void pake_input_getters_role() TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret), PSA_ERROR_BAD_STATE); - PSA_ASSERT(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER)); - + /* Role can not be set directly using psa_pake_set_role(). It is set by the core + based on given user/peer identifiers. Simulate that Role is already set. */ + operation.data.inputs.role = PSA_PAKE_ROLE_SERVER; TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret), PSA_SUCCESS); @@ -1041,3 +1059,119 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void pake_input_getters_user() +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t operation = psa_pake_operation_init(); + const uint8_t user[] = { 's', 'e', 'r', 'v', 'e', 'r' }; + const size_t user_len = sizeof(user); + uint8_t user_ret[20] = { 0 }; // max user length is 20 bytes + size_t user_len_ret = 0; + size_t buffer_len_ret = 0; + + psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, + PSA_ECC_FAMILY_SECP_R1, 256); + + PSA_INIT(); + + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_primitive(&cipher_suite, primitive); + psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); + + PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); + + TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, + (uint8_t *) &user_ret, + 10, &buffer_len_ret), + PSA_ERROR_BAD_STATE); + + TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret), + PSA_ERROR_BAD_STATE); + + PSA_ASSERT(psa_pake_set_user(&operation, user, user_len)); + + TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret), + PSA_SUCCESS); + + TEST_EQUAL(user_len_ret, user_len); + + TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, + (uint8_t *) &user_ret, + user_len_ret - 1, + &buffer_len_ret), + PSA_ERROR_BUFFER_TOO_SMALL); + + TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, + (uint8_t *) &user_ret, + user_len_ret, + &buffer_len_ret), + PSA_SUCCESS); + + TEST_EQUAL(buffer_len_ret, user_len); + PSA_ASSERT(memcmp(user_ret, user, buffer_len_ret)); +exit: + PSA_ASSERT(psa_pake_abort(&operation)); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void pake_input_getters_peer() +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t operation = psa_pake_operation_init(); + const uint8_t peer[] = { 's', 'e', 'r', 'v', 'e', 'r' }; + const size_t peer_len = sizeof(peer); + uint8_t peer_ret[20] = { 0 }; // max peer length is 20 bytes + size_t peer_len_ret = 0; + size_t buffer_len_ret = 0; + + psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, + PSA_ECC_FAMILY_SECP_R1, 256); + + PSA_INIT(); + + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_primitive(&cipher_suite, primitive); + psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); + + PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); + + TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, + (uint8_t *) &peer_ret, + 10, &buffer_len_ret), + PSA_ERROR_BAD_STATE); + + TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret), + PSA_ERROR_BAD_STATE); + + PSA_ASSERT(psa_pake_set_peer(&operation, peer, peer_len)); + + TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret), + PSA_SUCCESS); + + TEST_EQUAL(peer_len_ret, peer_len); + + TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, + (uint8_t *) &peer_ret, + peer_len_ret - 1, + &buffer_len_ret), + PSA_ERROR_BUFFER_TOO_SMALL); + + TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, + (uint8_t *) &peer_ret, + peer_len_ret, + &buffer_len_ret), + PSA_SUCCESS); + + TEST_EQUAL(buffer_len_ret, peer_len); + PSA_ASSERT(memcmp(peer_ret, peer, buffer_len_ret)); +exit: + PSA_ASSERT(psa_pake_abort(&operation)); + PSA_DONE(); +} +/* END_CASE */