Add tests for supplying inputs or requesting outputs when a J-PAKE
computation has already completed
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Test that extra calls to psa_pake_input() and psa_pake_output() during a
round return the correct error.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The explanation of the dispatch layer's state machine should not be in
the file containing the software implementation and a better
understanding can be had by reading the dispatch layer's code.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Take advantage of the contiguous nature of XYZ_KEY_SHARE, XYZ_ZK_PUBLIC
and XYZ_ZK_PROOF to simplify the conversion code.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The psa_jpake_computation_stage_t is already initialized in
psa_pake_setup(), so does not need initializing again in
psa_pake_complete_inputs().
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Keep track of the J-PAKE internal state in a more intuitive way.
Specifically, replace the current state with a struct of 5 fields:
* The round of J-PAKE we are currently in, FIRST or SECOND
* The 'mode' we are currently working in, INPUT or OUTPUT
* The number of inputs so far this round
* The number of outputs so far this round
* The PAKE step we are expecting, KEY_SHARE, ZK_PUBLIC or ZK_PROOF
This should improve the readability of the state-transformation code.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Given the size of ciL is set dependant on MBEDTLS_HAVE_INT32 /
MBEDTLS_HAVE_INT64, clang rightfully reports this as unreachable code in
32 bit builds. Fix this by using #define guards instead.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This allows also to:
- removing the dependency on ECP_C for these functions and only rely
on PSA symbols
- removing extra header inclusing from crypto_extra.h
- return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to
their original position in pk.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Note: both MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS
has been move on top of the pk.h file because we need these symbols
when crypto.h is evaluated otherwise functions like
mbedtls_ecc_group_of_psa() won't be available.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This helps backward compatibility since compressed points were
always supported in previous releases as long as PK_PARSE_C and
ECP_C were defined.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This includes also:
- auto enabling ECP_LIGHT when MBEDTLS_PK_PARSE_EC_COMPRESSED is
defined
- replacing ECP_LIGHT guards with PK_PARSE_EC_COMPRESSED in pkparse
- disabling PK_PARSE_EC_COMPRESSED in tests with accelarated EC curves
(it get disabled also in the reference components because we want
to achieve test parity)
- remove skipped checks in analyze_outcomes.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
ECP_LIGHT was never set as public symbol so it should not be
enabled/disabled using the config.py script.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
