mbedtls/tests/suites
Przemek Stekiel cd00d7f724 test PSA key derivation: add positive and negative cases for mixed-psk
Mix-PSK-to-MS test vectors are generated using python-tls library:
https://github.com/python-tls/tls

Steps to generate test vectors:
1. git clone git@github.com:python-tls/tls.git
2. cd tls
3. python3 setup.py build
4. sudo python3 setup.py install
5. Use the python script below to generate Master Secret (see description for details):

"""
Script to derive MS using mixed PSK to MS algorithm.

Script can be used to generate expected result for mixed PSK to MS tests.

Script uses python tls library:
https://github.com/python-tls/tls

Example usage:
derive_ms.py <secret> <other_secret> <seed> <label> <hash>
derive_ms.py 01020304 ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f 6d617374657220736563726574 SHA256

secret          : 01020304
other_secret    : ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7
pms             : 0030ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7000401020304
seed            : 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f
label           : 6d617374657220736563726574
output          : 168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b
"""
from cryptography.hazmat.primitives import hashes
from tls._common.prf import prf
import os
import sys

def build_pms(other_secret: bytes, secret: bytes) -> bytes:
    other_secret_size = len(other_secret).to_bytes(2, byteorder='big')
    secret_size = len(secret).to_bytes(2, byteorder='big')
    return(other_secret_size + other_secret + secret_size + secret)

def derive_ms(secret: bytes, other_secret: bytes, seed: bytes, label: bytes, hash: hashes.HashAlgorithm) -> bytes:
    return prf(build_pms(other_secret, secret), label, seed, hash, 48)

def main():
    #check args
    if len(sys.argv) != 6:
        print("Invalid number of arguments. Expected: <secret> <other_secret> <seed> <label> <hash>" )
        return
    if sys.argv[5] != 'SHA384' and sys.argv[5] != 'SHA256':
        print("Invalid hash algorithm. Expected: SHA256 or SHA384" )
        return

    secret = bytes.fromhex(sys.argv[1])
    other_secret = bytes.fromhex(sys.argv[2])
    seed = bytes.fromhex(sys.argv[3])
    label = bytes.fromhex(sys.argv[4])
    hash_func = hashes.SHA384() if sys.argv[5] == 'SHA384' else hashes.SHA256()
    pms = build_pms(other_secret, secret)

    actual_output = derive_ms(secret, other_secret, seed, label, hash_func)

    print('secret       : ' + secret.hex())
    print('other_secret : ' + other_secret.hex())
    print('pms          : ' + pms.hex())
    print('seed         : ' + seed.hex())
    print('label        : ' + label.hex())
    print('output       : ' + actual_output.hex())

if __name__ == "__main__":
    main()

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:41:41 +02:00
..
helpers.function Merge remote-tracking branch 'mbedtls/development' into mbedtls_private_with_python 2021-06-14 16:17:32 +02:00
host_test.function Show values when TEST_EQUAL fails 2021-10-19 22:32:44 +02:00
main_test.function Changing the places of the mbedtls_test_hook_test_fail callback declaration 2021-07-20 13:36:16 +02:00
test_suite_aes.cbc.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_aes.cfb.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_aes.ecb.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_aes.function Catch failures of AES or DES operations 2021-09-27 16:22:08 +02:00
test_suite_aes.ofb.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_aes.rest.data Refactor optional parameter check tests 2021-05-27 17:27:14 +02:00
test_suite_aes.xts.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_aria.data Removal of the TEST_VALID_PARAM macro and its usages 2021-05-27 17:35:04 +02:00
test_suite_aria.function Addition of ommited part of code review follow-up 2021-05-28 12:56:57 +02:00
test_suite_asn1parse.data Merge pull request #350 from gilles-peskine-arm/asn1-tests-parse_prefixes-trailing_garbage 2020-02-05 15:40:22 +00:00
test_suite_asn1parse.function Use mbedtls_test_read_mpi in test suites 2021-06-22 12:44:05 +02:00
test_suite_asn1write.data Add test cases for ASN.1 ENUMERATED tag 2019-10-31 19:17:36 +02:00
test_suite_asn1write.function Merge remote-tracking branch 'origin/development' into development_new 2021-04-07 16:31:09 +01:00
test_suite_base64.data Move the list of Base64 digits out of the test data 2021-10-25 22:15:19 +02:00
test_suite_base64.function Delete base64_invasive.h due to functions are moved to the constant-time module 2021-11-26 17:20:02 +01:00
test_suite_camellia.data Removal of the TEST_VALID_PARAM macro and its usages 2021-05-27 17:35:04 +02:00
test_suite_camellia.function Removal of the TEST_VALID_PARAM macro and its usages 2021-05-27 17:35:04 +02:00
test_suite_ccm.data Add tests for CCM*-no-tag. 2021-10-21 11:33:41 +02:00
test_suite_ccm.function Add tests for CCM*-no-tag. 2021-10-21 11:33:41 +02:00
test_suite_chacha20.data Refactor optional parameter check tests 2021-05-27 17:27:14 +02:00
test_suite_chacha20.function Refactor optional parameter check tests 2021-05-27 17:27:14 +02:00
test_suite_chachapoly.data Refactor optional parameter check tests 2021-05-27 17:27:14 +02:00
test_suite_chachapoly.function Refactor optional parameter check tests 2021-05-27 17:27:14 +02:00
test_suite_cipher.aes.data Extend CCM*-no-tag tests 2021-10-28 18:00:33 +02:00
test_suite_cipher.aria.data Extend CCM*-no-tag tests 2021-10-28 18:00:33 +02:00
test_suite_cipher.camellia.data Extend CCM*-no-tag tests 2021-10-28 18:00:33 +02:00
test_suite_cipher.ccm.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_cipher.chacha20.data Modifies data files to match new test function name 2022-02-21 09:57:51 +00:00
test_suite_cipher.chachapoly.data Modifies data files to match new test function name 2022-02-21 09:57:51 +00:00
test_suite_cipher.des.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_cipher.function Changes name of iv_check to iv_len_validity 2022-02-17 21:30:25 +00:00
test_suite_cipher.gcm.data Add missing dependency on MBEDTLS_GCM_C in cipher tests 2022-01-19 07:08:27 -05:00
test_suite_cipher.misc.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_cipher.nist_kw.data Test data: replace "::" by ":" 2019-09-20 16:01:59 +02:00
test_suite_cipher.null.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_cipher.padding.data Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
test_suite_cmac.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_cmac.function Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_ctr_drbg.data Remove selftest dependency in the test suite 2019-11-21 13:49:20 +01:00
test_suite_ctr_drbg.function Rename the _ret() functions 2021-06-08 16:45:41 +02:00
test_suite_debug.data Add mbedtls_debug_print_mpi test case for 0 2021-06-17 21:46:29 +02:00
test_suite_debug.function fix test_suite_debug test fail 2021-08-10 13:34:32 +08:00
test_suite_des.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_des.function Catch failures of AES or DES operations 2021-09-27 16:22:08 +02:00
test_suite_dhm.data Unify G=1 and G=-1 test cases 2021-06-22 12:47:21 +02:00
test_suite_dhm.function Use mbedtls_test_read_mpi in test suites 2021-06-22 12:44:05 +02:00
test_suite_ecdh.data Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
test_suite_ecdh.function Use mbedtls_test_read_mpi in test suites 2021-06-22 12:44:05 +02:00
test_suite_ecdsa.data Refactor optional parameter check tests 2021-05-27 17:27:14 +02:00
test_suite_ecdsa.function Add output size parameter to signature functions 2021-06-25 00:46:22 +02:00
test_suite_ecjpake.data ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that 2021-03-17 11:36:31 +01:00
test_suite_ecjpake.function Changes after code review 2021-05-27 17:34:14 +02:00
test_suite_ecp.data Fix minor issues 2022-03-21 09:49:40 +01:00
test_suite_ecp.function mbedtls_ecp_group_cmp: change names of parameters to more suitable 2022-03-28 07:25:12 +02:00
test_suite_entropy.data Remove MBEDTLS_TEST_NULL_ENTROPY config option. 2021-05-11 13:15:19 +02:00
test_suite_entropy.function Merge remote-tracking branch 'origin/development' into development_new 2021-04-07 16:31:09 +01:00
test_suite_error.data
test_suite_error.function
test_suite_gcm.aes128_de.data Fix PSA AEAD GCM's update output buffer length verification. 2021-10-04 13:54:55 +02:00
test_suite_gcm.aes128_en.data Fix PSA AEAD GCM's update output buffer length verification. 2021-10-04 13:54:55 +02:00
test_suite_gcm.aes192_de.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_gcm.aes192_en.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_gcm.aes256_de.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_gcm.aes256_en.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_gcm.camellia.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_gcm.function Remove redundant value assignemnt to olen. 2021-10-21 14:55:59 +02:00
test_suite_gcm.misc.data Removal of the TEST_VALID_PARAM macro and its usages 2021-05-27 17:35:04 +02:00
test_suite_hkdf.data Code review follow-up corrections 2021-06-16 10:34:45 +02:00
test_suite_hkdf.function Update old style test function parameter handling 2022-03-16 16:53:23 +01:00
test_suite_hmac_drbg.function Support set *_drbg reseed interval before seed 2020-11-25 14:25:56 -08:00
test_suite_hmac_drbg.misc.data Fix SHA definitions and their dependencies in library and test suites. 2021-05-10 13:51:53 +02:00
test_suite_hmac_drbg.no_reseed.data Fix SHA definitions and their dependencies in library and test suites. 2021-05-10 13:51:53 +02:00
test_suite_hmac_drbg.nopr.data Separate SHA224 from SHA256 config options. 2021-04-28 14:38:37 +02:00
test_suite_hmac_drbg.pr.data Separate SHA224 from SHA256 config options. 2021-04-28 14:38:37 +02:00
test_suite_md.data Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
test_suite_md.function Fix test_suite_md API violation 2022-03-04 16:48:17 +00:00
test_suite_mdx.data Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
test_suite_mdx.function Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
test_suite_memory_buffer_alloc.data More accurate test case description 2019-10-31 15:07:35 +01:00
test_suite_memory_buffer_alloc.function Enable more test cases without MBEDTLS_MEMORY_DEBUG 2019-10-31 15:07:45 +01:00
test_suite_mpi.data Fix copypasta in test data 2021-06-22 12:47:21 +02:00
test_suite_mpi.function Fix copypasta in test function argument name 2021-06-22 12:47:21 +02:00
test_suite_mps.data Add unit test for integer overflow in mbedtls_mps_reader_reclaim() 2021-03-29 14:20:18 +01:00
test_suite_mps.function Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 2021-12-10 13:47:55 +01:00
test_suite_net.data Add test for mbedtls_net_poll beyond FD_SETSIZE 2021-02-25 15:56:48 +01:00
test_suite_net.function Fix test code to can be built on alpine 2021-09-24 09:21:29 +09:00
test_suite_nist_kw.data Removal of RC4 certs and fixes to docs and tests 2021-06-21 13:27:29 +02:00
test_suite_nist_kw.function tests: Get rid of mbedtls_test_unhexify() in unit test code 2020-06-26 10:45:16 +02:00
test_suite_oid.data Fix SHA definitions and their dependencies in library and test suites. 2021-05-10 13:51:53 +02:00
test_suite_oid.function Rename MBEDTLS_X509_INFO to !MBEDTLS_X509_REMOVE_INFO 2021-04-27 17:18:52 +01:00
test_suite_pem.data Check the result of PEM decoding 2022-02-08 14:53:50 -05:00
test_suite_pem.function Check the result of PEM decoding 2022-02-08 14:53:50 -05:00
test_suite_pk.data Replace rsakey to 2048bits for test 2022-03-23 11:16:53 +08:00
test_suite_pk.function Merge pull request #5683 from paul-elliott-arm/fix_pk_test 2022-04-04 17:51:49 +02:00
test_suite_pkcs1_v15.data Preparatory commit to remove tests 2021-05-12 15:18:20 +01:00
test_suite_pkcs1_v15.function Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation 2021-06-24 10:28:20 +02:00
test_suite_pkcs1_v21.data Separate SHA224 from SHA256 config options. 2021-04-28 14:38:37 +02:00
test_suite_pkcs1_v21.function RSA: Use hashlen as the hash input size as documented 2021-06-22 18:39:53 +02:00
test_suite_pkcs5.data Separate SHA224 from SHA256 config options. 2021-04-28 14:38:37 +02:00
test_suite_pkcs5.function tests: Reformating due to hexcmp() renaming 2020-06-12 14:33:08 +02:00
test_suite_pkcs12.data Add expected output for tests 2021-12-10 20:53:59 +00:00
test_suite_pkcs12.function Add expected output for tests 2021-12-10 20:53:59 +00:00
test_suite_pkparse.data Code review fixes 2021-06-18 12:59:38 +02:00
test_suite_pkparse.function Add RNG params to private key parsing 2021-06-17 09:38:38 +02:00
test_suite_pkwrite.data pk_write test cases with short/long private key 2019-11-05 15:32:53 +01:00
test_suite_pkwrite.function Add RNG params to private key parsing 2021-06-17 09:38:38 +02:00
test_suite_poly1305.data Refactor optional parameter check tests 2021-05-27 17:27:14 +02:00
test_suite_poly1305.function Refactor optional parameter check tests 2021-05-27 17:27:14 +02:00
test_suite_psa_crypto.data test PSA key derivation: add positive and negative cases for mixed-psk 2022-04-21 11:41:41 +02:00
test_suite_psa_crypto.function test PSA key derivation: add positive and negative cases for mixed-psk 2022-04-21 11:41:41 +02:00
test_suite_psa_crypto_attributes.data Update PSA crypto test dependencies 2021-03-24 09:26:44 +01:00
test_suite_psa_crypto_attributes.function tests: psa: Test PSA client-only code 2021-02-01 13:17:23 +01:00
test_suite_psa_crypto_driver_wrappers.data Adds test data for insufficient memory case 2022-04-04 14:21:18 +01:00
test_suite_psa_crypto_driver_wrappers.function Adds driver dispatch test for M-AEAD encryption setup 2022-04-04 14:21:10 +01:00
test_suite_psa_crypto_entropy.data tests: psa: Change Elliptic curve defines to PSA names 2021-03-10 13:19:45 -07:00
test_suite_psa_crypto_entropy.function Merge pull request #4344 from TRodziewicz/remove_deprecated_things_in_crypto_compat_h 2021-04-19 10:55:21 +02:00
test_suite_psa_crypto_generate_key.function Adapt generate_key() test code to mbedTLS standards 2021-11-02 10:52:53 +01:00
test_suite_psa_crypto_hash.data Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
test_suite_psa_crypto_hash.function Include psa_crypto_helpers.h in helpers.function 2021-01-06 18:21:18 +01:00
test_suite_psa_crypto_init.data CTR_DRBG: define a constant for the default entropy nonce length 2019-10-23 19:47:05 +02:00
test_suite_psa_crypto_init.function Move part of timing module out of the library 2021-06-15 15:47:44 +02:00
test_suite_psa_crypto_metadata.data Add PSA_ALG_IS_HASH_AND_SIGN to the metadata tests 2021-11-03 15:51:20 +01:00
test_suite_psa_crypto_metadata.function Fix test bug: some classification flags were not tested 2021-11-03 15:51:32 +01:00
test_suite_psa_crypto_not_supported.function Remove key generation when given argument is invalid from NotSupported class 2021-10-20 10:04:55 +02:00
test_suite_psa_crypto_not_supported.misc.data New test suite for not-supported cases: key creation (import, generate) 2021-02-17 14:50:17 +01:00
test_suite_psa_crypto_persistent_key.data Add negative tests for psa_destroy_key 2021-06-23 13:43:08 +02:00
test_suite_psa_crypto_persistent_key.function Add negative tests for psa_destroy_key 2021-06-23 13:43:08 +02:00
test_suite_psa_crypto_se_driver_hal.data Add ARIA to the PSA API 2021-09-21 11:59:39 +02:00
test_suite_psa_crypto_se_driver_hal.function Increment the test step number when invalidating a key 2021-02-23 20:36:07 +01:00
test_suite_psa_crypto_se_driver_hal_mocks.data Update SE support to pass a location when registering a driver 2020-05-11 11:15:26 +02:00
test_suite_psa_crypto_se_driver_hal_mocks.function Include psa_crypto_helpers.h in helpers.function 2021-01-06 18:21:18 +01:00
test_suite_psa_crypto_slot_management.data Remove dependency of builtin keys on storage 2021-08-17 02:46:00 +05:30
test_suite_psa_crypto_slot_management.function Rename function to conform to the library 2021-06-29 17:06:33 +02:00
test_suite_psa_crypto_storage_format.function Check that attempting to destroy a read-only key fails 2021-06-23 13:44:35 +02:00
test_suite_psa_crypto_storage_format.misc.data Remove obsolete MBEDTLS_xxx dependencies 2021-07-13 17:12:53 +02:00
test_suite_psa_its.data BUGFIX: PSA test vectors use UID 1 instead of 0. 2022-02-08 15:19:26 +01:00
test_suite_psa_its.function TEST: added psa_its_set expected failure test 2022-02-08 15:19:26 +01:00
test_suite_random.data Explain the "external RNG large" test case 2021-02-16 15:46:06 +01:00
test_suite_random.function Remove MBEDTLS_TEST_NULL_ENTROPY config option. 2021-05-11 13:15:19 +02:00
test_suite_rsa.data Add RSA tests with message=0 2021-06-22 12:47:21 +02:00
test_suite_rsa.function Fix potential free of uninitialised pointer 2021-06-25 11:17:12 +01:00
test_suite_shax.data Removal of the TEST_VALID_PARAM macro and its usages 2021-05-27 17:35:04 +02:00
test_suite_shax.function Rename the _ret() functions 2021-06-08 16:45:41 +02:00
test_suite_ssl.data Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 2022-04-01 12:29:06 +02:00
test_suite_ssl.function Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 2022-04-01 12:29:06 +02:00
test_suite_timing.data Add the timing test dependency on MBEDTLS_HAVE_TIME 2022-03-04 05:07:45 -05:00
test_suite_timing.function Move part of timing module out of the library 2021-06-15 15:47:44 +02:00
test_suite_version.data Bump version to 3.1.0 2021-12-15 09:02:53 +01:00
test_suite_version.function Fix GCC format-signedness warnings 2020-04-22 16:01:48 +02:00
test_suite_x509parse.data Code review fixes 2021-06-18 12:59:38 +02:00
test_suite_x509parse.function Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code 2021-06-07 13:52:23 +02:00
test_suite_x509write.data Remove MD2, MD4, RC4, Blowfish and XTEA 2021-06-16 10:34:25 +02:00
test_suite_x509write.function Merge pull request #5518 from superna9999/5274-ecdsa-signing 2022-03-21 09:57:57 +01:00