Valerio Setti
024b028ce1
test: split psa_pake function/data from the generic test_suite_psa_crypto
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-22 18:52:17 +01:00
Valerio Setti
1070aed778
test_suite_psa_crypto: do not re-use PAKE's contexts in case of errors
...
As for ecjpake_setup(), now the test function can handle:
- "external" errors, through parameters set by the data file
- "internal" ones, through enums which inject ad-hoc failures
Similarly also ecjpake_rounds() can handle both type of errors,
but right now there's no erroneous case in the associated ".data"
file.
In both cases, after an error the current test is terminated.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-22 18:45:03 +01:00
Przemek Stekiel
cd356c3cdb
Add ec-jpake test to verify if key can be destroyed after set_password_key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-21 12:25:21 +01:00
Gilles Peskine
faefe62013
Merge pull request #6390 from mpg/fix-ecjpake-psa-format
...
Fix ecjpake PSA format
2022-11-07 17:35:44 +01:00
Przemek Stekiel
8258ea7b7d
test_suite_psa_crypto: adapt dependenies and guards so the test can run in the driver-only build
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-19 13:20:20 +02:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
...
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
Przemek Stekiel
42bb3ff40b
Adapt expected results in ChaCha20-Poly1305 ( invalid tag length)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 07:28:40 +02:00
Manuel Pégourié-Gonnard
ec7012dbc7
Fix I/O format of PSA EC J-PAKE for compliance
...
The format used by the mbedtls_ecjpake_xxx() APIs and that defined by
the PSA Crypto PAKE extension are quite different; the former is
tailored to the needs of TLS while the later is quite generic and plain.
Previously we only addressed some part of this impedance mismatch: the
different number of I/O rounds, but failed to address the part where the
legacy API adds some extras (length bytes, ECParameters) that shouldn't
be present in the PSA Crypto version. See comments in the code.
Add some length testing as well; would have caught the issue.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-05 12:52:48 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
...
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Andrzej Kurek
2be1689504
Add capacity testing to EC J-PAKE to PMS tests
...
Let the caller restrict the capacity but limit it to 32 bytes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:14:04 -04:00
Andrzej Kurek
d37850404a
Add derivation step testing to EC J-PAKE to PMS tests
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 06:45:44 -04:00
Andrzej Kurek
d8705bc7b7
Add tests for the newly created ad-hoc EC J-PAKE KDF
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:39:41 -04:00
Neil Armstrong
2a73f21878
Fixup expected status handling in ecjpake_setup() and add more coverage for psa_pake_set_password_key()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-06 11:34:54 +02:00
Neil Armstrong
e5fdf20a79
Make ecjpake_rounds test depends on PSA_WANT_ALG_TLS12_PSK_TO_MS
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
8c2e8a6cda
Add ecjpake_rounds_inject tests to exercise error injection
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
f983caf6c4
Move JPAKE rounds into a common function, add reordering and error injection
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
a24278a74a
Add invalid hash ecjpake_setup() test case
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
9c8b492052
Add advanced psa_pake_input/psa_pake_output test in ecjpake_setup() test
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
ebd9a03743
Cleanup PSA pake test dependency
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
d597bc705f
Add PSA PAKE tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1
...
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
2022-06-20 15:27:46 +02:00
Przemek Stekiel
66867731aa
derive_output tests: fix output key length to be consistent with teh description
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
cde3f783f5
Make info valid only after secret for HKDF-EXPAND + adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
0586f4c4ea
Make salt mandatory for HKDF-EXTRACT + adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:25:43 +02:00
Przemek Stekiel
3e8249cde0
Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
fcdd023ba6
derive_output tests: add invalid input secret test for HKDF-Expand
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 10:28:58 +02:00
Manuel Pégourié-Gonnard
4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector
...
PSA: ChaCha20: add RFC 7539 test vector with counter=1
2022-05-12 12:34:20 +02:00
Shaun Case
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Przemek Stekiel
6786a87ccd
derive_output tests: add capacity HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:40:21 +02:00
Przemek Stekiel
2849e0e4d5
derive_output tests: add negative HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:38:01 +02:00
Przemek Stekiel
e1036fbe90
derive_output tests: add positive HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:34:53 +02:00
Gilles Peskine
2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise
...
PSA storage format: exercise key
2022-04-28 18:20:02 +02:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2
...
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
2022-04-21 17:11:52 +02:00
Przemek Stekiel
4daaa2bd05
derive_output mix-psk test: add more cases for derivation of output key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
6aabc473ce
derive_output test: remove redundant tests with raw key agreement
...
Already handled by input_bytes().
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
e665466a80
derive_output test: add other key type value 11 to handle raw key type
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
c5bd1b8b24
PSA key derivation mix-psk tests: add description for bad state cases
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
cd00d7f724
test PSA key derivation: add positive and negative cases for mixed-psk
...
Mix-PSK-to-MS test vectors are generated using python-tls library:
https://github.com/python-tls/tls
Steps to generate test vectors:
1. git clone git@github.com:python-tls/tls.git
2. cd tls
3. python3 setup.py build
4. sudo python3 setup.py install
5. Use the python script below to generate Master Secret (see description for details):
"""
Script to derive MS using mixed PSK to MS algorithm.
Script can be used to generate expected result for mixed PSK to MS tests.
Script uses python tls library:
https://github.com/python-tls/tls
Example usage:
derive_ms.py <secret> <other_secret> <seed> <label> <hash>
derive_ms.py 01020304 ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f 6d617374657220736563726574 SHA256
secret : 01020304
other_secret : ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7
pms : 0030ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7000401020304
seed : 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f
label : 6d617374657220736563726574
output : 168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b
"""
from cryptography.hazmat.primitives import hashes
from tls._common.prf import prf
import os
import sys
def build_pms(other_secret: bytes, secret: bytes) -> bytes:
other_secret_size = len(other_secret).to_bytes(2, byteorder='big')
secret_size = len(secret).to_bytes(2, byteorder='big')
return(other_secret_size + other_secret + secret_size + secret)
def derive_ms(secret: bytes, other_secret: bytes, seed: bytes, label: bytes, hash: hashes.HashAlgorithm) -> bytes:
return prf(build_pms(other_secret, secret), label, seed, hash, 48)
def main():
#check args
if len(sys.argv) != 6:
print("Invalid number of arguments. Expected: <secret> <other_secret> <seed> <label> <hash>" )
return
if sys.argv[5] != 'SHA384' and sys.argv[5] != 'SHA256':
print("Invalid hash algorithm. Expected: SHA256 or SHA384" )
return
secret = bytes.fromhex(sys.argv[1])
other_secret = bytes.fromhex(sys.argv[2])
seed = bytes.fromhex(sys.argv[3])
label = bytes.fromhex(sys.argv[4])
hash_func = hashes.SHA384() if sys.argv[5] == 'SHA384' else hashes.SHA256()
pms = build_pms(other_secret, secret)
actual_output = derive_ms(secret, other_secret, seed, label, hash_func)
print('secret : ' + secret.hex())
print('other_secret : ' + other_secret.hex())
print('pms : ' + pms.hex())
print('seed : ' + seed.hex())
print('label : ' + label.hex())
print('output : ' + actual_output.hex())
if __name__ == "__main__":
main()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:41:41 +02:00
Gilles Peskine
9e38f2c8fd
cipher_alg_without_iv: generalized to also do decryption
...
Test set_iv/generate_iv after decrypt_setup. Test successful decryption.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:25:00 +02:00
Przemek Stekiel
ffbb7d35fc
derive_output: add optional step for derivation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-12 11:27:00 +02:00
Gilles Peskine
08622b6dc7
Declare PSA_WANT_ALG_CCM_STAR_NO_TAG and use it in tests
...
CCM*-no-tag is currently available whenever CCM is, so declare
PSA_WANT_ALG_CCM_STAR_NO_TAG whenever PSA_WANT_ALG_CCM is declared and vice
versa.
Fix dependencies of test cases that use PSA_ALG_CCM_STAR_NO_TAG: some were
using PSA_WANT_ALG_CCM and some had altogether wrong dependencies.
This commit does not touch library code. There is still no provision for
providing CCM support without CCM*-no-tag or vice versa.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
...
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
Gilles Peskine
fc47641e36
Add RFC 7539 test vector for ChaCha20
...
The PSA Crypto API uses 0 as the initial counter value, but the test vector
in RFC 7539 uses 1. So the unit tests here include an extra leading block.
The expected data for this leading block was calculated with Cryptodome.
#!/usr/bin/env python3
import re
from Cryptodome.Cipher import ChaCha20
key = bytes.fromhex('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f')
nonce = bytes.fromhex('000000000000004a00000000')
encrypt = lambda pt: ChaCha20.new(key=key, nonce=nonce).encrypt(pt)
# Cryptodome uses counter=0, like PSA Crypto. Prepend a 64-byte input block #0
# so that the plaintext from RFC 7539 starts exactly at block #1 .
header = b'The RFC 7539 test vector uses counter=1, but PSA uses counter=0.'
assert(len(header) == 64)
sunscreen = b"Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it."
plaintext = header + sunscreen
zeros = b'\x00' * len(plaintext)
keystream = encrypt(zeros)
ciphertext = encrypt(plaintext)
print('RFC 7539 §2.4.2')
print('Keystream:')
print(re.sub(r'(..)', r'\1:', keystream[64:].hex()))
print('Ciphertext Subscreen:')
print(re.sub(r'(..)', r'\1 ', ciphertext[64:].hex()))
print('')
print(f"""\
PSA symmetric decrypt: ChaCha20, RFC7539 keystream
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
# Keystream from RFC 7539 §2.4.2, with an extra 64-byte output block prepended
# because the test vector starts at counter=1 but our API starts at counter=0.
cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"{key.hex()}":"{nonce.hex()}":"{zeros.hex()}":"{keystream.hex()}"
PSA symmetric decrypt: ChaCha20, RFC7539 sunscreen
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
# Test vector from RFC 7539 §2.4.2, with an extra 64-byte block prepended
# because the test vector starts at counter=1 but our API starts at counter=0.
cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"{key.hex()}":"{nonce.hex()}":"{ciphertext.hex()}":"{plaintext.hex()}"
""")
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-10 18:57:09 +01:00
Przemek Stekiel
4400be408b
Adapt test cases for invalid bits with and without ECC keys enabled
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 17:02:46 +01:00
Przemek Stekiel
dcab6ccb3b
Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled.
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 14:29:49 +01:00
Neil Armstrong
4766f99fe5
Add multi-part mac sign/verify test
...
The test is based on the AEAD multi-part test, re-using the
design on aead_multipart_internal_func() to test differnet
sequence of psa_mac_update() for MAC update or verify.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-28 18:37:30 +01:00
Neil Armstrong
60234f87a6
Revert "Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences"
...
This reverts commit 3ccd08b343
.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-28 15:21:38 +01:00
Neil Armstrong
3ccd08b343
Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 16:15:08 +01:00
Przemyslaw Stekiel
aeaa4f0651
Code optimization
...
- fix codding style
- fix comments and descriptions
- add helper function for montgomery curve
- move N-2 calculation outside the loop
- fix access to <data> bytes: *data[x] -> (*data)[x]
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
f6c2c87492
Fix ECC derivation tests
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00