yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add pake driver wrapper tests

Browse source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-11-22 14:35:44 +01:00
parent 061a016c65
commit 7658a0768b
2 changed files with 829 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
tests/suites/test_suite_psa_crypto_driver_wrappers.data
View file

@ -820,3 +820,39 @@ aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_G
PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, insufficient memory
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
PSA PAKE setup transparent driver: in-driver success
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
pake_setup:"abcd":PSA_SUCCESS:PSA_SUCCESS
PSA PAKE setup transparent driver: in-driver forced error
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
pake_setup:"abcd":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
PSA PAKE setup transparent driver: fallback
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_PAKE
pake_setup:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
PSA PAKE setup transparent driver: fallback not available
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE
pake_setup:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
PSA PAKE operations transparent driver: in-driver success
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
pake_operations:"abcd":PSA_SUCCESS:"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE
PSA PAKE operations transparent driver: in-driver forced status
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
pake_operations:"abcd":PSA_SUCCESS:"1234":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
PSA PAKE operations transparent driver: fallback
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_PAKE
pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE
PSA PAKE: ecjpake rounds transparent driver: in-driver
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:1
PSA PAKE: ecjpake rounds transparent driver: fallback
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:MBEDTLS_PSA_BUILTIN_PAKE
ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0

793
tests/suites/test_suite_psa_crypto_driver_wrappers.function
View file

@ -1,6 +1,411 @@
/* BEGIN_HEADER */
#include "test/drivers/test_driver.h"
/* Auxiliary variables for pake tests.
Global to silent the compiler when unused. */
size_t pake_expected_hit_count;
int pake_in_driver;
#if defined(PSA_WANT_ALG_JPAKE)
static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
psa_pake_operation_t *server,
psa_pake_operation_t *client,
int client_input_first,
int round)
{
unsigned char *buffer0 = NULL, *buffer1 = NULL;
size_t buffer_length = (
PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) +
PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) +
PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2;
/* The output should be exactly this size according to the spec */
const size_t expected_size_key_share =
PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE);
/* The output should be exactly this size according to the spec */
const size_t expected_size_zk_public =
PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC);
/* The output can be smaller: the spec allows stripping leading zeroes */
const size_t max_expected_size_zk_proof =
PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF);
size_t buffer0_off = 0;
size_t buffer1_off = 0;
size_t s_g1_len, s_g2_len, s_a_len;
size_t s_g1_off, s_g2_off, s_a_off;
size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len;
size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off;
size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len;
size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off;
size_t c_g1_len, c_g2_len, c_a_len;
size_t c_g1_off, c_g2_off, c_a_off;
size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len;
size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off;
size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len;
size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off;
psa_status_t status;
ASSERT_ALLOC(buffer0, buffer_length);
ASSERT_ALLOC(buffer1, buffer_length);
switch (round) {
case 1:
/* Server first round Output */
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_g1_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_g1_len, expected_size_key_share);
s_g1_off = buffer0_off;
buffer0_off += s_g1_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x1_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_x1_pk_len, expected_size_zk_public);
s_x1_pk_off = buffer0_off;
buffer0_off += s_x1_pk_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x1_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof);
s_x1_pr_off = buffer0_off;
buffer0_off += s_x1_pr_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_g2_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_g2_len, expected_size_key_share);
s_g2_off = buffer0_off;
buffer0_off += s_g2_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_x2_pk_len, expected_size_zk_public);
s_x2_pk_off = buffer0_off;
buffer0_off += s_x2_pk_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof);
s_x2_pr_off = buffer0_off;
buffer0_off += s_x2_pr_len;
if (client_input_first == 1) {
/* Client first round Input */
status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_g1_off, s_g1_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + s_x1_pk_off,
s_x1_pk_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + s_x1_pr_off,
s_x1_pr_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_g2_off,
s_g2_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + s_x2_pk_off,
s_x2_pk_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + s_x2_pr_off,
s_x2_pr_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
}
/* Client first round Output */
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_g1_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_g1_len, expected_size_key_share);
c_g1_off = buffer1_off;
buffer1_off += c_g1_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x1_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_x1_pk_len, expected_size_zk_public);
c_x1_pk_off = buffer1_off;
buffer1_off += c_x1_pk_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x1_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof);
c_x1_pr_off = buffer1_off;
buffer1_off += c_x1_pr_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_g2_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_g2_len, expected_size_key_share);
c_g2_off = buffer1_off;
buffer1_off += c_g2_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_x2_pk_len, expected_size_zk_public);
c_x2_pk_off = buffer1_off;
buffer1_off += c_x2_pk_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof);
c_x2_pr_off = buffer1_off;
buffer1_off += c_x2_pr_len;
if (client_input_first == 0) {
/* Client first round Input */
status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_g1_off, s_g1_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + s_x1_pk_off,
s_x1_pk_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + s_x1_pr_off,
s_x1_pr_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_g2_off,
s_g2_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + s_x2_pk_off,
s_x2_pk_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + s_x2_pr_off,
s_x2_pr_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
}
/* Server first round Input */
status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + c_g1_off, c_g1_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + c_x1_pk_off, c_x1_pk_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + c_x1_pr_off, c_x1_pr_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + c_g2_off, c_g2_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + c_x2_pk_off, c_x2_pk_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + c_x2_pr_off, c_x2_pr_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
break;
case 2:
/* Server second round Output */
buffer0_off = 0;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_a_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_a_len, expected_size_key_share);
s_a_off = buffer0_off;
buffer0_off += s_a_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2s_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public);
s_x2s_pk_off = buffer0_off;
buffer0_off += s_x2s_pk_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2s_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof);
s_x2s_pr_off = buffer0_off;
buffer0_off += s_x2s_pr_len;
if (client_input_first == 1) {
/* Client second round Input */
status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_a_off, s_a_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + s_x2s_pk_off,
s_x2s_pk_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + s_x2s_pr_off,
s_x2s_pr_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
}
/* Client second round Output */
buffer1_off = 0;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_a_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_a_len, expected_size_key_share);
c_a_off = buffer1_off;
buffer1_off += c_a_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2s_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public);
c_x2s_pk_off = buffer1_off;
buffer1_off += c_x2s_pk_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2s_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof);
c_x2s_pr_off = buffer1_off;
buffer1_off += c_x2s_pr_len;
if (client_input_first == 0) {
/* Client second round Input */
status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_a_off, s_a_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + s_x2s_pk_off,
s_x2s_pk_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + s_x2s_pr_off,
s_x2s_pr_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
}
/* Server second round Input */
status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + c_a_off, c_a_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + c_x2s_pk_off, c_x2s_pk_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + c_x2s_pr_off, c_x2s_pr_len);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(status, PSA_SUCCESS);
break;
}
exit:
mbedtls_free(buffer0);
mbedtls_free(buffer1);
}
#endif /* PSA_WANT_ALG_JPAKE */
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
/* Sanity checks on the output of RSA encryption.
*
@ -2567,3 +2972,391 @@ exit:
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void pake_setup(data_t *pw_data, int forced_status_arg, int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t forced_status = forced_status_arg;
psa_status_t expected_status = expected_status_arg;
psa_pake_operation_t operation = psa_pake_operation_init();
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_key_type_t key_type_pw = PSA_KEY_TYPE_PASSWORD;
psa_key_usage_t key_usage_pw = PSA_KEY_USAGE_DERIVE;
psa_algorithm_t alg = PSA_ALG_JPAKE;
psa_algorithm_t hash_alg = PSA_ALG_SHA_256;
psa_pake_primitive_t primitive_arg = PSA_PAKE_PRIMITIVE(
PSA_PAKE_PRIMITIVE_TYPE_ECC,
PSA_ECC_FAMILY_SECP_R1, 256);
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init();
PSA_INIT();
if (pw_data->len > 0) {
psa_set_key_usage_flags(&attributes, key_usage_pw);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type_pw);
PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len,
&key));
}
psa_pake_cs_set_algorithm(&cipher_suite, alg);
psa_pake_cs_set_primitive(&cipher_suite, primitive_arg);
psa_pake_cs_set_hash(&cipher_suite, hash_alg);
mbedtls_test_driver_pake_hooks.forced_status = forced_status;
TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite),
expected_status);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
psa_reset_key_attributes(&attributes);
psa_destroy_key(key);
mbedtls_test_driver_pake_hooks =
mbedtls_test_driver_pake_hooks_init();
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void pake_operations(data_t *pw_data, int forced_status_setup_arg, data_t *forced_output,
int forced_status_arg, int expected_status_set_user_arg,
int expected_status_set_role_arg, int expected_status_set_peer_arg,
int expected_status_set_password_arg, int expected_status_input_arg,
int expected_status_abort_arg, int expected_status_output_arg,
int expected_status_get_key_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t forced_status = forced_status_arg;
psa_status_t forced_status_setup = forced_status_setup_arg;
psa_status_t expected_status_set_user = expected_status_set_user_arg;
psa_status_t expected_status_set_role = expected_status_set_role_arg;
psa_status_t expected_status_set_peer = expected_status_set_peer_arg;
psa_status_t expected_status_set_password = expected_status_set_password_arg;
psa_status_t expected_status_input = expected_status_input_arg;
psa_status_t expected_status_abort = expected_status_abort_arg;
psa_status_t expected_status_output = expected_status_output_arg;
psa_status_t expected_status_get_key = expected_status_get_key_arg;
psa_pake_operation_t operation = psa_pake_operation_init();
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_key_type_t key_type_pw = PSA_KEY_TYPE_PASSWORD;
psa_key_usage_t key_usage_pw = PSA_KEY_USAGE_DERIVE;
psa_algorithm_t alg = PSA_ALG_JPAKE;
psa_algorithm_t hash_alg = PSA_ALG_SHA_256;
psa_key_derivation_operation_t implicit_key =
PSA_KEY_DERIVATION_OPERATION_INIT;
psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE(
PSA_PAKE_PRIMITIVE_TYPE_ECC,
PSA_ECC_FAMILY_SECP_R1, 256);
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init();
const unsigned char *user = (const unsigned char *) "user";
const uint8_t peer[] = "abcd";
uint32_t expected_hits = 1;
unsigned char *input_buffer = NULL;
const size_t size_key_share = PSA_PAKE_INPUT_SIZE(alg, primitive,
PSA_PAKE_STEP_KEY_SHARE);
unsigned char *output_buffer = NULL;
size_t output_len = 0;
size_t output_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive,
PSA_PAKE_STEP_KEY_SHARE);
ASSERT_ALLOC(input_buffer,
PSA_PAKE_INPUT_SIZE(alg, primitive,
PSA_PAKE_STEP_KEY_SHARE));
memset(input_buffer, 0xAA, size_key_share);
ASSERT_ALLOC(output_buffer,
PSA_PAKE_INPUT_SIZE(alg, primitive,
PSA_PAKE_STEP_KEY_SHARE));
memset(output_buffer, 0x55, output_size);
/* Transparent driver is not available (fallback). */
if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) {
expected_hits = 0;
}
PSA_INIT();
if (pw_data->len > 0) {
psa_set_key_usage_flags(&attributes, key_usage_pw);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type_pw);
PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len,
&key));
}
psa_pake_cs_set_algorithm(&cipher_suite, alg);
psa_pake_cs_set_primitive(&cipher_suite, primitive);
psa_pake_cs_set_hash(&cipher_suite, hash_alg);
mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup;
TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite),
PSA_SUCCESS);
/* --- psa_pake_set_user --- */
mbedtls_test_driver_pake_hooks.forced_status = forced_status;
mbedtls_test_driver_pake_hooks.hits = 0;
TEST_EQUAL(psa_pake_set_user(&operation, user, 4),
expected_status_set_user);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
/* psa_pake_set_user is unsupported (after this call operation is aborted)
we need to reinitialize object. */
if (mbedtls_test_driver_pake_hooks.forced_status == PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup;
TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite),
PSA_SUCCESS);
}
/* --- psa_pake_set_peer --- */
mbedtls_test_driver_pake_hooks.forced_status = forced_status;
mbedtls_test_driver_pake_hooks.hits = 0;
TEST_EQUAL(psa_pake_set_peer(&operation, peer, 4),
expected_status_set_peer);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
/* psa_pake_set_user is unsupported (after this call operation is aborted)
we need to reinitialize object. */
if (mbedtls_test_driver_pake_hooks.forced_status == PSA_SUCCESS) {
mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup;
TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite),
PSA_SUCCESS);
}
/* --- psa_pake_set_role --- */
mbedtls_test_driver_pake_hooks.forced_status = forced_status;
mbedtls_test_driver_pake_hooks.hits = 0;
TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER),
expected_status_set_role);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
/* --- psa_pake_set_password_key --- */
/* psa_pake_set_password_key is dispatched by location and other
functions are dispatched by operation id (set during setup).
In case of dispatching by location fallback is performed when
transparent accelerators are not supported. */
if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) {
mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED;
expected_hits = 1;
} else {
mbedtls_test_driver_pake_hooks.forced_status = forced_status;
}
mbedtls_test_driver_pake_hooks.hits = 0;
TEST_EQUAL(psa_pake_set_password_key(&operation, key),
expected_status_set_password);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
/* Restore expected_hits for next tests. */
if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) {
expected_hits = 0;
}
/* --- psa_pake_input --- */
mbedtls_test_driver_pake_hooks.forced_status = forced_status;
mbedtls_test_driver_pake_hooks.hits = 0;
TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE,
input_buffer, size_key_share),
expected_status_input);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
/* --- psa_pake_abort --- */
mbedtls_test_driver_pake_hooks.forced_status = forced_status;
mbedtls_test_driver_pake_hooks.hits = 0;
TEST_EQUAL(psa_pake_abort(&operation), expected_status_abort);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
/* --- psa_pake_output --- */
/* We need to setup pake again */
mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS;
TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS);
mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup;
TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite),
PSA_SUCCESS);
TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER),
PSA_SUCCESS);
TEST_EQUAL(psa_pake_set_password_key(&operation, key),
PSA_SUCCESS);
mbedtls_test_driver_pake_hooks.forced_status = forced_status;
mbedtls_test_driver_pake_hooks.hits = 0;
if (forced_output->len > 0) {
mbedtls_test_driver_pake_hooks.forced_output = forced_output->x;
mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len;
}
TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE,
output_buffer, output_size, &output_len),
expected_status_output);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
if (forced_output->len > 0) {
TEST_EQUAL(output_len, forced_output->len);
TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0);
}
/* --- psa_pake_get_implicit_key --- */
mbedtls_test_driver_pake_hooks.forced_status = forced_status;
mbedtls_test_driver_pake_hooks.hits = 0;
TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key),
expected_status_get_key);
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
/* Clean up */
mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS;
TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
psa_reset_key_attributes(&attributes);
mbedtls_free(input_buffer);
mbedtls_free(output_buffer);
psa_destroy_key(key);
mbedtls_test_driver_pake_hooks =
mbedtls_test_driver_pake_hooks_init();
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg,
int derive_alg_arg, data_t *pw_data,
int client_input_first, int in_driver)
{
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_operation_t server = psa_pake_operation_init();
psa_pake_operation_t client = psa_pake_operation_init();
psa_algorithm_t alg = alg_arg;
psa_algorithm_t hash_alg = hash_arg;
psa_algorithm_t derive_alg = derive_alg_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t server_derive =
PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t client_derive =
PSA_KEY_DERIVATION_OPERATION_INIT;
pake_in_driver = in_driver;
mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS;
mbedtls_test_driver_pake_hooks.hits = 0;
pake_expected_hit_count = 1;
PSA_INIT();
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len,
&key));
psa_pake_cs_set_algorithm(&cipher_suite, alg);
psa_pake_cs_set_primitive(&cipher_suite, primitive_arg);
psa_pake_cs_set_hash(&cipher_suite, hash_alg);
/* Get shared key */
PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg));
PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg));
if (PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) {
PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive,
PSA_KEY_DERIVATION_INPUT_SEED,
(const uint8_t *) "", 0));
PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive,
PSA_KEY_DERIVATION_INPUT_SEED,
(const uint8_t *) "", 0));
}
if (!pake_in_driver) {
mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED;
}
PSA_ASSERT(psa_pake_setup(&server, &cipher_suite));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_expected_hit_count++);
PSA_ASSERT(psa_pake_setup(&client, &cipher_suite));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_expected_hit_count++);
/* Restore forced status and adjust pake_expected_hit_count */
mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS;
if (!pake_in_driver) {
pake_expected_hit_count--;
}
PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
/* psa_pake_set_password_key is dispatched by location and other
functions are dispatched by operation id (set during setup).
In case of dispatching by location fallback is performed when
transparent accelerators are not supported. We need to also adjust
expected hit counter. */
if (!pake_in_driver) {
mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED;
pake_expected_hit_count++;
}
PSA_ASSERT(psa_pake_set_password_key(&server, key));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_expected_hit_count++);
PSA_ASSERT(psa_pake_set_password_key(&client, key));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_expected_hit_count++);
/* Restore forced status and adjust pake_expected_hit_count */
mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS;
if (!pake_in_driver) {
pake_expected_hit_count--;
}
/* First round */
ecjpake_do_round(alg, primitive_arg, &server, &client,
client_input_first, 1);
/* Second round */
ecjpake_do_round(alg, primitive_arg, &server, &client,
client_input_first, 2);
PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
exit:
psa_key_derivation_abort(&server_derive);
psa_key_derivation_abort(&client_derive);
psa_destroy_key(key);
psa_pake_abort(&server);
psa_pake_abort(&client);
PSA_DONE();
}
/* END_CASE */