From fdb77cdae3565b9228a887b45f4de541832b5399 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 11 Nov 2022 12:02:24 +0100 Subject: [PATCH 01/15] psa_crypto_pake: internally call to psa_pake_abort() in case of errors In this way, in case of error, it is not possible to continue using the same psa_pake_operation_t without reinitializing it. This should make the PSA pake's behavior closer to what expected by the specification Signed-off-by: Valerio Setti --- library/psa_crypto_pake.c | 96 +++++++++++++++++++++++++++++++-------- 1 file changed, 76 insertions(+), 20 deletions(-) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 659b712a5b..431057ca42 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -197,9 +197,14 @@ static psa_status_t mbedtls_ecjpake_to_psa_error( int ret ) psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { + psa_status_t status; + /* A context must be freshly initialized before it can be set up. */ if( operation->alg != PSA_ALG_NONE ) - return( PSA_ERROR_BAD_STATE ); + { + status = PSA_ERROR_BAD_STATE; + goto error; + } if( cipher_suite == NULL || PSA_ALG_IS_PAKE(cipher_suite->algorithm ) == 0 || @@ -207,7 +212,8 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH ) || PSA_ALG_IS_HASH( cipher_suite->hash ) == 0 ) { - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto error; } #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) @@ -218,7 +224,8 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, cipher_suite->bits != 256 || cipher_suite->hash != PSA_ALG_SHA_256 ) { - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; + goto error; } operation->alg = cipher_suite->algorithm; @@ -238,7 +245,11 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, } else #endif - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; + +error: + psa_pake_abort( operation ); + return status; } psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, @@ -253,12 +264,13 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, if( operation->alg == PSA_ALG_NONE || operation->state != PSA_PAKE_STATE_SETUP ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto error; } status = psa_get_key_attributes( password, &attributes ); if( status != PSA_SUCCESS ) - return( status ); + goto error; type = psa_get_key_type( &attributes ); usage = psa_get_key_usage_flags( &attributes ); @@ -268,11 +280,14 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, if( type != PSA_KEY_TYPE_PASSWORD && type != PSA_KEY_TYPE_PASSWORD_HASH ) { - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto error; } - if( ( usage & PSA_KEY_USAGE_DERIVE ) == 0 ) - return( PSA_ERROR_NOT_PERMITTED ); + if( ( usage & PSA_KEY_USAGE_DERIVE ) == 0 ) { + status = PSA_ERROR_NOT_PERMITTED; + goto error; + } if( operation->password != NULL ) return( PSA_ERROR_BAD_STATE ); @@ -297,47 +312,74 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, return( status ); return( PSA_SUCCESS ); + +error: + psa_pake_abort(operation); + return( status ); } psa_status_t psa_pake_set_user( psa_pake_operation_t *operation, const uint8_t *user_id, size_t user_id_len ) { + psa_status_t status; + if( operation->alg == PSA_ALG_NONE || operation->state != PSA_PAKE_STATE_SETUP ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto error; } if( user_id_len == 0 || user_id == NULL ) - return( PSA_ERROR_INVALID_ARGUMENT ); + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto error; + } - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; + +error: + psa_pake_abort(operation); + return( status ); } psa_status_t psa_pake_set_peer( psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len ) { + psa_status_t status; + if( operation->alg == PSA_ALG_NONE || operation->state != PSA_PAKE_STATE_SETUP ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto error; } if( peer_id_len == 0 || peer_id == NULL ) - return( PSA_ERROR_INVALID_ARGUMENT ); + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto error; + } - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; + +error: + psa_pake_abort(operation); + return( status ); } psa_status_t psa_pake_set_role( psa_pake_operation_t *operation, psa_pake_role_t role ) { + psa_status_t status; + if( operation->alg == PSA_ALG_NONE || operation->state != PSA_PAKE_STATE_SETUP ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto error; } if( role != PSA_PAKE_ROLE_NONE && @@ -346,7 +388,8 @@ psa_status_t psa_pake_set_role( psa_pake_operation_t *operation, role != PSA_PAKE_ROLE_CLIENT && role != PSA_PAKE_ROLE_SERVER ) { - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto error; } #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) @@ -362,7 +405,11 @@ psa_status_t psa_pake_set_role( psa_pake_operation_t *operation, } else #endif - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; + +error: + psa_pake_abort(operation); + return( status ); } #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) @@ -812,7 +859,10 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, operation->state != PSA_PAKE_STATE_READY || operation->input_step != PSA_PAKE_STEP_DERIVE || operation->output_step != PSA_PAKE_STEP_DERIVE ) - return( PSA_ERROR_BAD_STATE ); + { + status = PSA_ERROR_BAD_STATE; + goto error; + } #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if( operation->alg == PSA_ALG_JPAKE ) @@ -842,7 +892,13 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, } else #endif - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; + +error: + psa_key_derivation_abort( output ); + psa_pake_abort( operation ); + + return( status ); } psa_status_t psa_pake_abort(psa_pake_operation_t * operation) From 1070aed778b12931bde949ec3f6938d6e0cac9be Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 11 Nov 2022 19:37:31 +0100 Subject: [PATCH 02/15] test_suite_psa_crypto: do not re-use PAKE's contexts in case of errors As for ecjpake_setup(), now the test function can handle: - "external" errors, through parameters set by the data file - "internal" ones, through enums which inject ad-hoc failures Similarly also ecjpake_rounds() can handle both type of errors, but right now there's no erroneous case in the associated ".data" file. In both cases, after an error the current test is terminated. Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 141 ++++++--- tests/suites/test_suite_psa_crypto.function | 327 ++++++++++++-------- 2 files changed, 305 insertions(+), 163 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 659205d529..247c57e334 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6491,74 +6491,133 @@ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY PSA derive persistent key: HKDF SHA-256, exportable persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY +PSA PAKE: uninitialized access to psa_pake_operation_t +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE + PSA PAKE: invalid alg depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:0:0 +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid primitive type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":PSA_ERROR_NOT_SUPPORTED:0:0:0 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive family depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":PSA_ERROR_NOT_SUPPORTED:0:0:0 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive bits depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":PSA_ERROR_NOT_SUPPORTED:0:0:0 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid hash depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:"abcd":PSA_ERROR_NOT_SUPPORTED:0:0:0 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED -PSA PAKE: ecjpake setup server output step first +PSA PAKE: duplicate a valid setup depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":0:0:0:0 - -PSA PAKE: ecjpake setup server input step first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":0:0:0:0 - -PSA PAKE: ecjpake setup server empty password -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":0:0:0:PSA_ERROR_BAD_STATE - -PSA PAKE: ecjpake setup client output step first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":0:0:0:0 - -PSA PAKE: ecjpake setup client input step first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:1:"abcd":0:0:0:0 - -PSA PAKE: ecjpake setup client empty password -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"":0:0:0:PSA_ERROR_BAD_STATE - -PSA PAKE: ecjpake setup client bad password key type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_DERIVE:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":0:0:PSA_ERROR_INVALID_ARGUMENT:0 - -PSA PAKE: ecjpake setup client bad password key usage -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":0:0:PSA_ERROR_NOT_PERMITTED:0 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE PSA PAKE: ecjpake setup invalid role NONE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":0:PSA_ERROR_NOT_SUPPORTED:0:0 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: wrong key type password +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: wrong key usage type +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:0:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED + +PSA PAKE: set invalid user +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set invalid peer +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set user +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_USER:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: set peer +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_PEER:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: empty server password +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE + +PSA PAKE: empty client password +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE + +PSA PAKE: invalid input +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_EMPTY_IO_BUFFER:0 + +PSA PAKE: unkown input step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_UNKNOWN_STEP:0 + +PSA PAKE: invalid first input step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_INVALID_FIRST_STEP:0 + +PSA PAKE: input buffer too large +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_WRONG_BUFFER_SIZE:0 + +PSA PAKE: valid input operation after a failure +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 + +PSA PAKE: invalid output +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_EMPTY_IO_BUFFER:0 + +PSA PAKE: unkown output step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_UNKNOWN_STEP:0 + +PSA PAKE: invalid first output step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_INVALID_FIRST_STEP:0 + +PSA PAKE: output buffer too small +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_WRONG_BUFFER_SIZE:0 + +PSA PAKE: valid output operation after a failure +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 + +PSA PAKE: ecjpake setup client bad password key type +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_DERIVE:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: ecjpake setup client bad password key usage +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED PSA PAKE: ecjpake rounds depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0 +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ERR_NONE PSA PAKE: ecjpake rounds, client input first depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:0 +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:INJECT_ERR_NONE -# This test case relies on implementation (it may need to be adjusted in the future) -PSA PAKE: ecjpake rounds - key is destroyed after being passed to set_password_key +PSA PAKE: ecjpake rounds, early key derivation 1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:1 +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_1 + +PSA PAKE: ecjpake rounds, early key derivation 2 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_2 PSA PAKE: ecjpake no input errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ca1614befa..8d42bf9b34 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1318,6 +1318,24 @@ exit: } #endif /* PSA_WANT_ALG_JPAKE */ +typedef enum +{ + INJECT_ERR_NONE = 0, + INJECT_ERR_UNINITIALIZED_ACCESS, + INJECT_ERR_DUPLICATE_SETUP, + INJECT_ERR_INVALID_USER, + INJECT_ERR_INVALID_PEER, + INJECT_ERR_SET_USER, + INJECT_ERR_SET_PEER, + INJECT_EMPTY_IO_BUFFER, + INJECT_UNKNOWN_STEP, + INJECT_INVALID_FIRST_STEP, + INJECT_WRONG_BUFFER_SIZE, + INJECT_VALID_OPERATION_AFTER_FAILURE, + INJECT_ANTICIPATE_KEY_DERIVATION_1, + INJECT_ANTICIPATE_KEY_DERIVATION_2, +} ecjpake_injected_failure_t; + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -8753,11 +8771,9 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, int primitive_arg, int hash_arg, int role_arg, - int input_first, data_t *pw_data, - int expected_status_setup_arg, - int expected_status_set_role_arg, - int expected_status_set_password_key_arg, - int expected_status_input_output_arg) + int test_input, data_t *pw_data, + int inj_err_type_arg, + int expected_error_arg) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t operation = psa_pake_operation_init(); @@ -8769,12 +8785,9 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, psa_pake_role_t role = role_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t expected_status_setup = expected_status_setup_arg; - psa_status_t expected_status_set_role = expected_status_set_role_arg; - psa_status_t expected_status_set_password_key = - expected_status_set_password_key_arg; - psa_status_t expected_status_input_output = - expected_status_input_output_arg; + ecjpake_injected_failure_t inj_err_type = inj_err_type_arg; + psa_status_t expected_error = expected_error_arg; + psa_status_t status; unsigned char *output_buffer = NULL; size_t output_len = 0; @@ -8799,54 +8812,90 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, PSA_ASSERT( psa_pake_abort( &operation ) ); - TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), - PSA_ERROR_BAD_STATE ); - TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ), - PSA_ERROR_BAD_STATE ); - TEST_EQUAL( psa_pake_set_password_key( &operation, key ), - PSA_ERROR_BAD_STATE ); - TEST_EQUAL( psa_pake_set_role( &operation, role ), - PSA_ERROR_BAD_STATE ); - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, - NULL, 0, NULL ), - PSA_ERROR_BAD_STATE ); - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, NULL, 0), - PSA_ERROR_BAD_STATE ); - - PSA_ASSERT( psa_pake_abort( &operation ) ); - - TEST_EQUAL( psa_pake_setup( &operation, &cipher_suite ), - expected_status_setup ); - if( expected_status_setup != PSA_SUCCESS ) + if ( inj_err_type == INJECT_ERR_UNINITIALIZED_ACCESS ) + { + TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_set_password_key( &operation, key ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_set_role( &operation, role ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, + NULL, 0, NULL ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, NULL, 0), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); goto exit; + } - TEST_EQUAL( psa_pake_setup( &operation, &cipher_suite ), - PSA_ERROR_BAD_STATE ); - - TEST_EQUAL( psa_pake_set_role( &operation, role), - expected_status_set_role ); - if( expected_status_set_role != PSA_SUCCESS ) + status = psa_pake_setup( &operation, &cipher_suite ); + if (status != PSA_SUCCESS) + { + TEST_EQUAL( status, expected_error ); goto exit; + } + + if( inj_err_type == INJECT_ERR_DUPLICATE_SETUP ) + { + TEST_EQUAL( psa_pake_setup( &operation, &cipher_suite ), + expected_error ); + goto exit; + } + + status = psa_pake_set_role( &operation, role); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error ); + goto exit; + } if( pw_data->len > 0 ) { - TEST_EQUAL( psa_pake_set_password_key( &operation, key ), - expected_status_set_password_key ); - if( expected_status_set_password_key != PSA_SUCCESS ) + status = psa_pake_set_password_key( &operation, key ); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error ); goto exit; + } } - TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), - PSA_ERROR_INVALID_ARGUMENT ); - TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ), - PSA_ERROR_INVALID_ARGUMENT ); + if ( inj_err_type == INJECT_ERR_INVALID_USER ) + { + TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } - const uint8_t unsupported_id[] = "abcd"; + if ( inj_err_type == INJECT_ERR_INVALID_PEER ) + { + TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } - TEST_EQUAL( psa_pake_set_user( &operation, unsupported_id, 4 ), - PSA_ERROR_NOT_SUPPORTED ); - TEST_EQUAL( psa_pake_set_peer( &operation, unsupported_id, 4 ), - PSA_ERROR_NOT_SUPPORTED ); + if ( inj_err_type == INJECT_ERR_SET_USER ) + { + const uint8_t unsupported_id[] = "abcd"; + TEST_EQUAL( psa_pake_set_user( &operation, unsupported_id, 4 ), + PSA_ERROR_NOT_SUPPORTED ); + goto exit; + } + + if ( inj_err_type == INJECT_ERR_SET_PEER ) + { + const uint8_t unsupported_id[] = "abcd"; + TEST_EQUAL( psa_pake_set_peer( &operation, unsupported_id, 4 ), + PSA_ERROR_NOT_SUPPORTED ); + goto exit; + } const size_t size_key_share = PSA_PAKE_INPUT_SIZE( alg, primitive, PSA_PAKE_STEP_KEY_SHARE ); @@ -8855,85 +8904,109 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, const size_t size_zk_proof = PSA_PAKE_INPUT_SIZE( alg, primitive, PSA_PAKE_STEP_ZK_PROOF ); - /* First round */ - if( input_first ) + if ( test_input ) { - /* Invalid parameters (input) */ - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, - NULL, 0 ), - PSA_ERROR_INVALID_ARGUMENT ); - /* Invalid parameters (step) */ - TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ) , 0 ); - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, - output_buffer, size_zk_proof ), - PSA_ERROR_INVALID_ARGUMENT ); - /* Invalid first step */ - TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ), 0 ); - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, - output_buffer, size_zk_proof ), - PSA_ERROR_BAD_STATE ); - - /* Possibly valid */ - TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ), 0 ); - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, - output_buffer, size_key_share ), - expected_status_input_output); - - if( expected_status_input_output == PSA_SUCCESS ) + if ( inj_err_type == INJECT_EMPTY_IO_BUFFER ) { - /* Buffer too large */ - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, - output_buffer, size_zk_public + 1 ), - PSA_ERROR_INVALID_ARGUMENT ); + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, NULL, 0 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } - /* The operation's state should be invalidated at this point */ + if ( inj_err_type == INJECT_UNKNOWN_STEP ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, + output_buffer, size_zk_proof ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_INVALID_FIRST_STEP ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, + output_buffer, size_zk_proof ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + + status = psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, + output_buffer, size_key_share ); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error); + goto exit; + } + + if ( inj_err_type == INJECT_WRONG_BUFFER_SIZE ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public + 1 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_VALID_OPERATION_AFTER_FAILURE ) + { + // Just trigger any kind of error. We don't care about the result here + psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public + 1 ); TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, output_buffer, size_zk_public ), - PSA_ERROR_BAD_STATE ); + PSA_ERROR_BAD_STATE ); + goto exit; } - } - else - { - /* Invalid parameters (output) */ - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, - NULL, 0, NULL ), - PSA_ERROR_INVALID_ARGUMENT ); - /* Invalid parameters (step) */ - TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ), 0 ); - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, - output_buffer, buf_size, &output_len ), - PSA_ERROR_INVALID_ARGUMENT ); - /* Invalid first step */ - TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ), 0 ); - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, - output_buffer, buf_size, &output_len ), - PSA_ERROR_BAD_STATE ); - - /* Possibly valid */ - TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ), 0 ); - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, - output_buffer, buf_size, &output_len ), - expected_status_input_output ); - - if( expected_status_input_output == PSA_SUCCESS ) + } else { + if ( inj_err_type == INJECT_EMPTY_IO_BUFFER ) { - TEST_ASSERT( output_len > 0 ); + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, + NULL, 0, NULL ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } - /* Buffer too small */ - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, - output_buffer, size_zk_public - 1, &output_len ), - PSA_ERROR_BUFFER_TOO_SMALL ); + if ( inj_err_type == INJECT_UNKNOWN_STEP ) + { + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, + output_buffer, buf_size, &output_len ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } - /* The operation's state should be invalidated at this point */ + if ( inj_err_type == INJECT_INVALID_FIRST_STEP ) + { + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, + output_buffer, buf_size, &output_len ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + + status = psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, + output_buffer, buf_size, &output_len ); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error); + goto exit; + } + + TEST_ASSERT( output_len > 0 ); + + if ( inj_err_type == INJECT_WRONG_BUFFER_SIZE ) + { TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, - output_buffer, buf_size, &output_len ), - PSA_ERROR_BAD_STATE ); + output_buffer, size_zk_public - 1, &output_len ), + PSA_ERROR_BUFFER_TOO_SMALL ); + goto exit; + } + + if ( inj_err_type == INJECT_VALID_OPERATION_AFTER_FAILURE ) + { + // Just trigger any kind of error. We don't care about the result here + psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public - 1, &output_len ); + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, buf_size, &output_len ), + PSA_ERROR_BAD_STATE ); + goto exit; } } @@ -9000,7 +9073,8 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, int derive_alg_arg, data_t *pw_data, - int client_input_first, int destroy_key ) + int client_input_first, int destroy_key, + int client_input_first, int inj_err_type_arg ) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t server = psa_pake_operation_init(); @@ -9014,6 +9088,7 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_derivation_operation_t client_derive = PSA_KEY_DERIVATION_OPERATION_INIT; + ecjpake_injected_failure_t inj_err_type = inj_err_type_arg; PSA_INIT( ); @@ -9054,19 +9129,27 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, if( destroy_key == 1 ) psa_destroy_key( key ); - TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), + if( inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_1 ) + { + TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), PSA_ERROR_BAD_STATE ); - TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ), + TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ), PSA_ERROR_BAD_STATE ); + goto exit; + } /* First round */ ecjpake_do_round( alg, primitive_arg, &server, &client, client_input_first, 1, 0 ); - TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), + if ( inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_2 ) + { + TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), PSA_ERROR_BAD_STATE ); - TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ), + TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ), PSA_ERROR_BAD_STATE ); + goto exit; + } /* Second round */ ecjpake_do_round( alg, primitive_arg, &server, &client, From 024b028ce16f0cf1dbaa172e8e40f1519e326b8d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 16 Nov 2022 12:32:29 +0100 Subject: [PATCH 03/15] test: split psa_pake function/data from the generic test_suite_psa_crypto Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 172 --- tests/suites/test_suite_psa_crypto.function | 4 - tests/suites/test_suite_psa_crypto_pake.data | 171 +++ .../test_suite_psa_crypto_pake.function | 1060 +++++++++++++++++ 4 files changed, 1231 insertions(+), 176 deletions(-) create mode 100644 tests/suites/test_suite_psa_crypto_pake.data create mode 100644 tests/suites/test_suite_psa_crypto_pake.function diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 247c57e334..946234c41a 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6490,175 +6490,3 @@ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY PSA derive persistent key: HKDF SHA-256, exportable persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY - -PSA PAKE: uninitialized access to psa_pake_operation_t -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE - -PSA PAKE: invalid alg -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: invalid primitive type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: invalid primitive family -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: invalid primitive bits -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: invalid hash -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: duplicate a valid setup -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE - -PSA PAKE: ecjpake setup invalid role NONE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: wrong key type password -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: wrong key usage type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:0:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED - -PSA PAKE: set invalid user -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: set invalid peer -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: set user -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_USER:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: set peer -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_PEER:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: empty server password -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE - -PSA PAKE: empty client password -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE - -PSA PAKE: invalid input -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_EMPTY_IO_BUFFER:0 - -PSA PAKE: unkown input step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_UNKNOWN_STEP:0 - -PSA PAKE: invalid first input step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_INVALID_FIRST_STEP:0 - -PSA PAKE: input buffer too large -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_WRONG_BUFFER_SIZE:0 - -PSA PAKE: valid input operation after a failure -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 - -PSA PAKE: invalid output -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_EMPTY_IO_BUFFER:0 - -PSA PAKE: unkown output step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_UNKNOWN_STEP:0 - -PSA PAKE: invalid first output step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_INVALID_FIRST_STEP:0 - -PSA PAKE: output buffer too small -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_WRONG_BUFFER_SIZE:0 - -PSA PAKE: valid output operation after a failure -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 - -PSA PAKE: ecjpake setup client bad password key type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_DERIVE:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: ecjpake setup client bad password key usage -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED - -PSA PAKE: ecjpake rounds -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ERR_NONE - -PSA PAKE: ecjpake rounds, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:INJECT_ERR_NONE - -PSA PAKE: ecjpake rounds, early key derivation 1 -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_1 - -PSA PAKE: ecjpake rounds, early key derivation 2 -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_2 - -PSA PAKE: ecjpake no input errors -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef" - -PSA PAKE: ecjpake no input errors, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef" - -PSA PAKE: ecjpake inject input errors, first round client -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:1:"abcdef" - -PSA PAKE: ecjpake inject input errors, first round client, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:1:"abcdef" - -PSA PAKE: ecjpake inject input errors, first round server -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:2:"abcdef" - -PSA PAKE: ecjpake inject input errors, first round server, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:2:"abcdef" - -PSA PAKE: ecjpake inject input errors, second round client -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:3:"abcdef" - -PSA PAKE: ecjpake inject input errors, second round client, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:3:"abcdef" - -PSA PAKE: ecjpake inject input errors, second round server -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:4:"abcdef" - -PSA PAKE: ecjpake inject input errors, second round server, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:4:"abcdef" - -PSA PAKE: ecjpake size macros -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 -ecjpake_size_macros: diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 8d42bf9b34..a2297639ee 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9073,7 +9073,6 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, int derive_alg_arg, data_t *pw_data, - int client_input_first, int destroy_key, int client_input_first, int inj_err_type_arg ) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); @@ -9126,9 +9125,6 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT( psa_pake_set_password_key( &server, key ) ); PSA_ASSERT( psa_pake_set_password_key( &client, key ) ); - if( destroy_key == 1 ) - psa_destroy_key( key ); - if( inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_1 ) { TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data new file mode 100644 index 0000000000..fba9e8ee30 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -0,0 +1,171 @@ +PSA PAKE: uninitialized access to psa_pake_operation_t +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE + +PSA PAKE: invalid alg +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: invalid primitive type +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: invalid primitive family +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: invalid primitive bits +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: invalid hash +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: duplicate a valid setup +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE + +PSA PAKE: ecjpake setup invalid role NONE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: wrong key type password +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: wrong key usage type +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:0:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED + +PSA PAKE: set invalid user +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set invalid peer +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set user +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_USER:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: set peer +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_PEER:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: empty server password +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE + +PSA PAKE: empty client password +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE + +PSA PAKE: invalid input +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_EMPTY_IO_BUFFER:0 + +PSA PAKE: unkown input step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_UNKNOWN_STEP:0 + +PSA PAKE: invalid first input step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_INVALID_FIRST_STEP:0 + +PSA PAKE: input buffer too large +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_WRONG_BUFFER_SIZE:0 + +PSA PAKE: valid input operation after a failure +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 + +PSA PAKE: invalid output +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_EMPTY_IO_BUFFER:0 + +PSA PAKE: unkown output step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_UNKNOWN_STEP:0 + +PSA PAKE: invalid first output step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_INVALID_FIRST_STEP:0 + +PSA PAKE: output buffer too small +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_WRONG_BUFFER_SIZE:0 + +PSA PAKE: valid output operation after a failure +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 + +PSA PAKE: ecjpake setup client bad password key type +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_DERIVE:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: ecjpake setup client bad password key usage +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED + +PSA PAKE: ecjpake rounds +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ERR_NONE + +PSA PAKE: ecjpake rounds, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:INJECT_ERR_NONE + +PSA PAKE: ecjpake rounds, early key derivation 1 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_1 + +PSA PAKE: ecjpake rounds, early key derivation 2 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_2 + +PSA PAKE: ecjpake no input errors +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef" + +PSA PAKE: ecjpake no input errors, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef" + +PSA PAKE: ecjpake inject input errors, first round client +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:1:"abcdef" + +PSA PAKE: ecjpake inject input errors, first round client, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:1:"abcdef" + +PSA PAKE: ecjpake inject input errors, first round server +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:2:"abcdef" + +PSA PAKE: ecjpake inject input errors, first round server, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:2:"abcdef" + +PSA PAKE: ecjpake inject input errors, second round client +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:3:"abcdef" + +PSA PAKE: ecjpake inject input errors, second round client, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:3:"abcdef" + +PSA PAKE: ecjpake inject input errors, second round server +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:4:"abcdef" + +PSA PAKE: ecjpake inject input errors, second round server, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:4:"abcdef" + +PSA PAKE: ecjpake size macros +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 +ecjpake_size_macros: diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function new file mode 100644 index 0000000000..c378b4932b --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -0,0 +1,1060 @@ +/* BEGIN_HEADER */ +#include + +#include "psa/crypto.h" + +#if defined(PSA_WANT_ALG_JPAKE) +static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive, + psa_pake_operation_t *server, + psa_pake_operation_t *client, + int client_input_first, + int round, int inject_error ) +{ + unsigned char *buffer0 = NULL, *buffer1 = NULL; + size_t buffer_length = ( + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; + /* The output should be exactly this size according to the spec */ + const size_t expected_size_key_share = + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); + /* The output should be exactly this size according to the spec */ + const size_t expected_size_zk_public = + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); + /* The output can be smaller: the spec allows stripping leading zeroes */ + const size_t max_expected_size_zk_proof = + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); + size_t buffer0_off = 0; + size_t buffer1_off = 0; + size_t s_g1_len, s_g2_len, s_a_len; + size_t s_g1_off, s_g2_off, s_a_off; + size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; + size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; + size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; + size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; + size_t c_g1_len, c_g2_len, c_a_len; + size_t c_g1_off, c_g2_off, c_a_off; + size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; + size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; + size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; + size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; + psa_status_t expected_status = PSA_SUCCESS; + psa_status_t status; + + ASSERT_ALLOC( buffer0, buffer_length ); + ASSERT_ALLOC( buffer1, buffer_length ); + + switch( round ) + { + case 1: + /* Server first round Output */ + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_g1_len ) ); + TEST_EQUAL( s_g1_len, expected_size_key_share ); + s_g1_off = buffer0_off; + buffer0_off += s_g1_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x1_pk_len ) ); + TEST_EQUAL( s_x1_pk_len, expected_size_zk_public ); + s_x1_pk_off = buffer0_off; + buffer0_off += s_x1_pk_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x1_pr_len ) ); + TEST_LE_U( s_x1_pr_len, max_expected_size_zk_proof ); + s_x1_pr_off = buffer0_off; + buffer0_off += s_x1_pr_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_g2_len ) ); + TEST_EQUAL( s_g2_len, expected_size_key_share ); + s_g2_off = buffer0_off; + buffer0_off += s_g2_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2_pk_len ) ); + TEST_EQUAL( s_x2_pk_len, expected_size_zk_public ); + s_x2_pk_off = buffer0_off; + buffer0_off += s_x2_pk_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2_pr_len ) ); + TEST_LE_U( s_x2_pr_len, max_expected_size_zk_proof ); + s_x2_pr_off = buffer0_off; + buffer0_off += s_x2_pr_len; + + if( inject_error == 1 ) + { + buffer0[s_x1_pr_off + 8] ^= 1; + buffer0[s_x2_pr_off + 7] ^= 1; + expected_status = PSA_ERROR_DATA_INVALID; + } + + /* + * When injecting errors in inputs, the implementation is + * free to detect it right away of with a delay. + * This permits delaying the error until the end of the input + * sequence, if no error appears then, this will be treated + * as an error. + */ + + if( client_input_first == 1 ) + { + /* Client first round Input */ + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g1_off, s_g1_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x1_pk_off, + s_x1_pk_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x1_pr_off, + s_x1_pr_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g2_off, + s_g2_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2_pk_off, + s_x2_pk_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2_pr_off, + s_x2_pr_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 1 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } + + /* Client first round Output */ + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_g1_len ) ); + TEST_EQUAL( c_g1_len, expected_size_key_share ); + c_g1_off = buffer1_off; + buffer1_off += c_g1_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x1_pk_len ) ); + TEST_EQUAL( c_x1_pk_len, expected_size_zk_public ); + c_x1_pk_off = buffer1_off; + buffer1_off += c_x1_pk_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x1_pr_len ) ); + TEST_LE_U( c_x1_pr_len, max_expected_size_zk_proof ); + c_x1_pr_off = buffer1_off; + buffer1_off += c_x1_pr_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_g2_len ) ); + TEST_EQUAL( c_g2_len, expected_size_key_share ); + c_g2_off = buffer1_off; + buffer1_off += c_g2_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2_pk_len ) ); + TEST_EQUAL( c_x2_pk_len, expected_size_zk_public ); + c_x2_pk_off = buffer1_off; + buffer1_off += c_x2_pk_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2_pr_len ) ); + TEST_LE_U( c_x2_pr_len, max_expected_size_zk_proof ); + c_x2_pr_off = buffer1_off; + buffer1_off += c_x2_pr_len; + + if( client_input_first == 0 ) + { + /* Client first round Input */ + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g1_off, s_g1_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x1_pk_off, + s_x1_pk_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x1_pr_off, + s_x1_pr_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g2_off, + s_g2_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2_pk_off, + s_x2_pk_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2_pr_off, + s_x2_pr_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 1 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } + + if( inject_error == 2 ) + { + buffer1[c_x1_pr_off + 12] ^= 1; + buffer1[c_x2_pr_off + 7] ^= 1; + expected_status = PSA_ERROR_DATA_INVALID; + } + + /* Server first round Input */ + status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_g1_off, c_g1_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + c_x1_pk_off, c_x1_pk_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + c_x1_pr_off, c_x1_pr_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_g2_off, c_g2_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + c_x2_pk_off, c_x2_pk_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + c_x2_pr_off, c_x2_pr_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 2 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + + break; + + case 2: + /* Server second round Output */ + buffer0_off = 0; + + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_a_len ) ); + TEST_EQUAL( s_a_len, expected_size_key_share ); + s_a_off = buffer0_off; + buffer0_off += s_a_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2s_pk_len ) ); + TEST_EQUAL( s_x2s_pk_len, expected_size_zk_public ); + s_x2s_pk_off = buffer0_off; + buffer0_off += s_x2s_pk_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2s_pr_len ) ); + TEST_LE_U( s_x2s_pr_len, max_expected_size_zk_proof ); + s_x2s_pr_off = buffer0_off; + buffer0_off += s_x2s_pr_len; + + if( inject_error == 3 ) + { + buffer0[s_x2s_pk_off + 12] += 0x33; + expected_status = PSA_ERROR_DATA_INVALID; + } + + if( client_input_first == 1 ) + { + /* Client second round Input */ + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_a_off, s_a_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2s_pk_off, + s_x2s_pk_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2s_pr_off, + s_x2s_pr_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 3 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } + + /* Client second round Output */ + buffer1_off = 0; + + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_a_len ) ); + TEST_EQUAL( c_a_len, expected_size_key_share ); + c_a_off = buffer1_off; + buffer1_off += c_a_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2s_pk_len ) ); + TEST_EQUAL( c_x2s_pk_len, expected_size_zk_public ); + c_x2s_pk_off = buffer1_off; + buffer1_off += c_x2s_pk_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2s_pr_len ) ); + TEST_LE_U( c_x2s_pr_len, max_expected_size_zk_proof ); + c_x2s_pr_off = buffer1_off; + buffer1_off += c_x2s_pr_len; + + if( client_input_first == 0 ) + { + /* Client second round Input */ + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_a_off, s_a_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2s_pk_off, + s_x2s_pk_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2s_pr_off, + s_x2s_pr_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 3 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } + + if( inject_error == 4 ) + { + buffer1[c_x2s_pk_off + 7] += 0x28; + expected_status = PSA_ERROR_DATA_INVALID; + } + + /* Server second round Input */ + status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_a_off, c_a_len ); + if( inject_error == 4 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + c_x2s_pk_off, c_x2s_pk_len ); + if( inject_error == 4 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + c_x2s_pr_off, c_x2s_pr_len ); + if( inject_error == 4 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 4 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + + break; + + } + +exit: + mbedtls_free( buffer0 ); + mbedtls_free( buffer1 ); +} +#endif /* PSA_WANT_ALG_JPAKE */ + +typedef enum +{ + INJECT_ERR_NONE = 0, + INJECT_ERR_UNINITIALIZED_ACCESS, + INJECT_ERR_DUPLICATE_SETUP, + INJECT_ERR_INVALID_USER, + INJECT_ERR_INVALID_PEER, + INJECT_ERR_SET_USER, + INJECT_ERR_SET_PEER, + INJECT_EMPTY_IO_BUFFER, + INJECT_UNKNOWN_STEP, + INJECT_INVALID_FIRST_STEP, + INJECT_WRONG_BUFFER_SIZE, + INJECT_VALID_OPERATION_AFTER_FAILURE, + INJECT_ANTICIPATE_KEY_DERIVATION_1, + INJECT_ANTICIPATE_KEY_DERIVATION_2, +} ecjpake_injected_failure_t; + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_CRYPTO_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, + int primitive_arg, int hash_arg, int role_arg, + int test_input, data_t *pw_data, + int inj_err_type_arg, + int expected_error_arg) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t operation = psa_pake_operation_init(); + psa_algorithm_t alg = alg_arg; + psa_pake_primitive_t primitive = primitive_arg; + psa_key_type_t key_type_pw = key_type_pw_arg; + psa_key_usage_t key_usage_pw = key_usage_pw_arg; + psa_algorithm_t hash_alg = hash_arg; + psa_pake_role_t role = role_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + ecjpake_injected_failure_t inj_err_type = inj_err_type_arg; + psa_status_t expected_error = expected_error_arg; + psa_status_t status; + unsigned char *output_buffer = NULL; + size_t output_len = 0; + + PSA_INIT( ); + + size_t buf_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg, + PSA_PAKE_STEP_KEY_SHARE); + ASSERT_ALLOC( output_buffer, buf_size ); + + if( pw_data->len > 0 ) + { + psa_set_key_usage_flags( &attributes, key_usage_pw ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type_pw ); + PSA_ASSERT( psa_import_key( &attributes, pw_data->x, pw_data->len, + &key ) ); + } + + psa_pake_cs_set_algorithm( &cipher_suite, alg ); + psa_pake_cs_set_primitive( &cipher_suite, primitive ); + psa_pake_cs_set_hash( &cipher_suite, hash_alg ); + + PSA_ASSERT( psa_pake_abort( &operation ) ); + + if ( inj_err_type == INJECT_ERR_UNINITIALIZED_ACCESS ) + { + TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_set_password_key( &operation, key ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_set_role( &operation, role ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, + NULL, 0, NULL ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, NULL, 0), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + goto exit; + } + + status = psa_pake_setup( &operation, &cipher_suite ); + if (status != PSA_SUCCESS) + { + TEST_EQUAL( status, expected_error ); + goto exit; + } + + if( inj_err_type == INJECT_ERR_DUPLICATE_SETUP ) + { + TEST_EQUAL( psa_pake_setup( &operation, &cipher_suite ), + expected_error ); + goto exit; + } + + status = psa_pake_set_role( &operation, role); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error ); + goto exit; + } + + if( pw_data->len > 0 ) + { + status = psa_pake_set_password_key( &operation, key ); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error ); + goto exit; + } + } + + if ( inj_err_type == INJECT_ERR_INVALID_USER ) + { + TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_ERR_INVALID_PEER ) + { + TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_ERR_SET_USER ) + { + const uint8_t unsupported_id[] = "abcd"; + TEST_EQUAL( psa_pake_set_user( &operation, unsupported_id, 4 ), + PSA_ERROR_NOT_SUPPORTED ); + goto exit; + } + + if ( inj_err_type == INJECT_ERR_SET_PEER ) + { + const uint8_t unsupported_id[] = "abcd"; + TEST_EQUAL( psa_pake_set_peer( &operation, unsupported_id, 4 ), + PSA_ERROR_NOT_SUPPORTED ); + goto exit; + } + + const size_t size_key_share = PSA_PAKE_INPUT_SIZE( alg, primitive, + PSA_PAKE_STEP_KEY_SHARE ); + const size_t size_zk_public = PSA_PAKE_INPUT_SIZE( alg, primitive, + PSA_PAKE_STEP_ZK_PUBLIC ); + const size_t size_zk_proof = PSA_PAKE_INPUT_SIZE( alg, primitive, + PSA_PAKE_STEP_ZK_PROOF ); + + if ( test_input ) + { + if ( inj_err_type == INJECT_EMPTY_IO_BUFFER ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, NULL, 0 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_UNKNOWN_STEP ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, + output_buffer, size_zk_proof ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_INVALID_FIRST_STEP ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, + output_buffer, size_zk_proof ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + + status = psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, + output_buffer, size_key_share ); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error); + goto exit; + } + + if ( inj_err_type == INJECT_WRONG_BUFFER_SIZE ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public + 1 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_VALID_OPERATION_AFTER_FAILURE ) + { + // Just trigger any kind of error. We don't care about the result here + psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public + 1 ); + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + } else { + if ( inj_err_type == INJECT_EMPTY_IO_BUFFER ) + { + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, + NULL, 0, NULL ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_UNKNOWN_STEP ) + { + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, + output_buffer, buf_size, &output_len ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_INVALID_FIRST_STEP ) + { + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, + output_buffer, buf_size, &output_len ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + + status = psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, + output_buffer, buf_size, &output_len ); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error); + goto exit; + } + + TEST_ASSERT( output_len > 0 ); + + if ( inj_err_type == INJECT_WRONG_BUFFER_SIZE ) + { + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public - 1, &output_len ), + PSA_ERROR_BUFFER_TOO_SMALL ); + goto exit; + } + + if ( inj_err_type == INJECT_VALID_OPERATION_AFTER_FAILURE ) + { + // Just trigger any kind of error. We don't care about the result here + psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public - 1, &output_len ); + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, buf_size, &output_len ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + } + +exit: + PSA_ASSERT( psa_destroy_key( key ) ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + mbedtls_free( output_buffer ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void ecjpake_rounds_inject( int alg_arg, int primitive_arg, int hash_arg, + int client_input_first, int inject_error, + data_t *pw_data ) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t server = psa_pake_operation_init(); + psa_pake_operation_t client = psa_pake_operation_init(); + psa_algorithm_t alg = alg_arg; + psa_algorithm_t hash_alg = hash_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_INIT( ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_PASSWORD ); + PSA_ASSERT( psa_import_key( &attributes, pw_data->x, pw_data->len, + &key ) ); + + psa_pake_cs_set_algorithm( &cipher_suite, alg ); + psa_pake_cs_set_primitive( &cipher_suite, primitive_arg ); + psa_pake_cs_set_hash( &cipher_suite, hash_alg ); + + + PSA_ASSERT( psa_pake_setup( &server, &cipher_suite ) ); + PSA_ASSERT( psa_pake_setup( &client, &cipher_suite ) ); + + PSA_ASSERT( psa_pake_set_role( &server, PSA_PAKE_ROLE_SERVER ) ); + PSA_ASSERT( psa_pake_set_role( &client, PSA_PAKE_ROLE_CLIENT ) ); + + PSA_ASSERT( psa_pake_set_password_key( &server, key ) ); + PSA_ASSERT( psa_pake_set_password_key( &client, key ) ); + + ecjpake_do_round( alg, primitive_arg, &server, &client, + client_input_first, 1, inject_error ); + + if( inject_error == 1 || inject_error == 2 ) + goto exit; + + ecjpake_do_round( alg, primitive_arg, &server, &client, + client_input_first, 2, inject_error ); + +exit: + psa_destroy_key( key ); + psa_pake_abort( &server ); + psa_pake_abort( &client ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, + int derive_alg_arg, data_t *pw_data, + int client_input_first, int inj_err_type_arg ) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t server = psa_pake_operation_init(); + psa_pake_operation_t client = psa_pake_operation_init(); + psa_algorithm_t alg = alg_arg; + psa_algorithm_t hash_alg = hash_arg; + psa_algorithm_t derive_alg = derive_alg_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_derivation_operation_t server_derive = + PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t client_derive = + PSA_KEY_DERIVATION_OPERATION_INIT; + ecjpake_injected_failure_t inj_err_type = inj_err_type_arg; + + PSA_INIT( ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_PASSWORD ); + PSA_ASSERT( psa_import_key( &attributes, pw_data->x, pw_data->len, + &key ) ); + + psa_pake_cs_set_algorithm( &cipher_suite, alg ); + psa_pake_cs_set_primitive( &cipher_suite, primitive_arg ); + psa_pake_cs_set_hash( &cipher_suite, hash_alg ); + + /* Get shared key */ + PSA_ASSERT( psa_key_derivation_setup( &server_derive, derive_alg ) ); + PSA_ASSERT( psa_key_derivation_setup( &client_derive, derive_alg ) ); + + if( PSA_ALG_IS_TLS12_PRF( derive_alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( derive_alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( &server_derive, + PSA_KEY_DERIVATION_INPUT_SEED, + (const uint8_t*) "", 0) ); + PSA_ASSERT( psa_key_derivation_input_bytes( &client_derive, + PSA_KEY_DERIVATION_INPUT_SEED, + (const uint8_t*) "", 0) ); + } + + PSA_ASSERT( psa_pake_setup( &server, &cipher_suite ) ); + PSA_ASSERT( psa_pake_setup( &client, &cipher_suite ) ); + + PSA_ASSERT( psa_pake_set_role( &server, PSA_PAKE_ROLE_SERVER ) ); + PSA_ASSERT( psa_pake_set_role( &client, PSA_PAKE_ROLE_CLIENT ) ); + + PSA_ASSERT( psa_pake_set_password_key( &server, key ) ); + PSA_ASSERT( psa_pake_set_password_key( &client, key ) ); + + if( inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_1 ) + { + TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), + PSA_ERROR_BAD_STATE ); + TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + + /* First round */ + ecjpake_do_round( alg, primitive_arg, &server, &client, + client_input_first, 1, 0 ); + + if ( inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_2 ) + { + TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), + PSA_ERROR_BAD_STATE ); + TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + + /* Second round */ + ecjpake_do_round( alg, primitive_arg, &server, &client, + client_input_first, 2, 0 ); + + PSA_ASSERT( psa_pake_get_implicit_key( &server, &server_derive ) ); + PSA_ASSERT( psa_pake_get_implicit_key( &client, &client_derive ) ); + +exit: + psa_key_derivation_abort( &server_derive ); + psa_key_derivation_abort( &client_derive ); + psa_destroy_key( key ); + psa_pake_abort( &server ); + psa_pake_abort( &client ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecjpake_size_macros( ) +{ + const psa_algorithm_t alg = PSA_ALG_JPAKE; + const size_t bits = 256; + const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, bits ); + const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( + PSA_ECC_FAMILY_SECP_R1 ); + + // https://armmbed.github.io/mbed-crypto/1.1_PAKE_Extension.0-bet.0/html/pake.html#pake-step-types + /* The output for KEY_SHARE and ZK_PUBLIC is the same as a public key */ + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( key_type, bits ) ); + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( key_type, bits ) ); + /* The output for ZK_PROOF is the same bitsize as the curve */ + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), + PSA_BITS_TO_BYTES( bits ) ); + + /* Input sizes are the same as output sizes */ + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), + PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE) ); + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), + PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC) ); + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), + PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF) ); + + /* These inequalities will always hold even when other PAKEs are added */ + TEST_LE_U( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), + PSA_PAKE_OUTPUT_MAX_SIZE ); + TEST_LE_U( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), + PSA_PAKE_OUTPUT_MAX_SIZE ); + TEST_LE_U( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), + PSA_PAKE_OUTPUT_MAX_SIZE ); + TEST_LE_U( PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), + PSA_PAKE_INPUT_MAX_SIZE ); + TEST_LE_U( PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), + PSA_PAKE_INPUT_MAX_SIZE ); + TEST_LE_U( PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), + PSA_PAKE_INPUT_MAX_SIZE ); +} +/* END_CASE */ From 7bb65ad22f221a3a24f82674fe3f698ccfc35ba0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 18 Nov 2022 18:27:48 +0100 Subject: [PATCH 04/15] test: psa_crypto_pake: enhanced ecjpake_setup() - external errors are now checked in the specified point. If the same error happens in another line, then this is not valid and the test fails - fixed some inconsistency in which injected error codes were not taken from the data file. Now all the expected error code are read from the data file - added a couple of defines to shrink the code Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_pake.data | 178 +++++------ .../test_suite_psa_crypto_pake.function | 282 ++++++++---------- 2 files changed, 214 insertions(+), 246 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index fba9e8ee30..9d15ed3313 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -1,130 +1,136 @@ PSA PAKE: uninitialized access to psa_pake_operation_t depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE PSA PAKE: invalid alg depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SETUP:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid primitive type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive family depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive bits depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid hash depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED PSA PAKE: duplicate a valid setup depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE PSA PAKE: ecjpake setup invalid role NONE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":ERR_IN_SET_ROLE:PSA_ERROR_NOT_SUPPORTED PSA PAKE: wrong key type password depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: wrong key usage type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:0:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED - -PSA PAKE: set invalid user -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: set invalid peer -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: set user -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_USER:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: set peer -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_PEER:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: empty server password -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE - -PSA PAKE: empty client password -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE - -PSA PAKE: invalid input -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_EMPTY_IO_BUFFER:0 - -PSA PAKE: unkown input step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_UNKNOWN_STEP:0 - -PSA PAKE: invalid first input step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_INVALID_FIRST_STEP:0 - -PSA PAKE: input buffer too large -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_WRONG_BUFFER_SIZE:0 - -PSA PAKE: valid input operation after a failure -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 - -PSA PAKE: invalid output -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_EMPTY_IO_BUFFER:0 - -PSA PAKE: unkown output step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_UNKNOWN_STEP:0 - -PSA PAKE: invalid first output step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_INVALID_FIRST_STEP:0 - -PSA PAKE: output buffer too small -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_WRONG_BUFFER_SIZE:0 - -PSA PAKE: valid output operation after a failure -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 - -PSA PAKE: ecjpake setup client bad password key type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_DERIVE:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: ecjpake setup client bad password key usage depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED + +PSA PAKE: wrong key usage type +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:0:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED + +PSA PAKE: ecjpake setup client bad password key type +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_DERIVE:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set invalid user +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set invalid peer +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set user +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_SET_USER:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: set peer +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_SET_PEER:PSA_ERROR_NOT_SUPPORTED + +# NOTE: this test should be enabled once the psa_pake_set_password_key() function +# will reject empty passwords. The expected error code must be adjusted +# accordingly to the code +#PSA PAKE: empty server password +#depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +#ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_BAD_STATE + +# NOTE: this test should be enabled once the psa_pake_set_password_key() function +# will reject empty passwords The expected error code must be adjusted +# accordingly to the code +#PSA PAKE: empty client password +#depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +#ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_BAD_STATE + +PSA PAKE: invalid input +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: unkown input step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: invalid first input step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE + +PSA PAKE: input buffer too large +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: valid input operation after a failure +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE + +PSA PAKE: invalid output +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: unkown output step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: invalid first output step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE + +PSA PAKE: output buffer too small +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_BUFFER_TOO_SMALL + +PSA PAKE: valid output operation after a failure +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE PSA PAKE: ecjpake rounds depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ERR_NONE +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:ERR_NONE PSA PAKE: ecjpake rounds, client input first depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:INJECT_ERR_NONE +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:ERR_NONE PSA PAKE: ecjpake rounds, early key derivation 1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_1 +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1 PSA PAKE: ecjpake rounds, early key derivation 2 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_2 +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2 PSA PAKE: ecjpake no input errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index c378b4932b..f8022e4da0 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -596,22 +596,57 @@ exit: typedef enum { - INJECT_ERR_NONE = 0, - INJECT_ERR_UNINITIALIZED_ACCESS, - INJECT_ERR_DUPLICATE_SETUP, - INJECT_ERR_INVALID_USER, - INJECT_ERR_INVALID_PEER, - INJECT_ERR_SET_USER, - INJECT_ERR_SET_PEER, - INJECT_EMPTY_IO_BUFFER, - INJECT_UNKNOWN_STEP, - INJECT_INVALID_FIRST_STEP, - INJECT_WRONG_BUFFER_SIZE, - INJECT_VALID_OPERATION_AFTER_FAILURE, - INJECT_ANTICIPATE_KEY_DERIVATION_1, - INJECT_ANTICIPATE_KEY_DERIVATION_2, -} ecjpake_injected_failure_t; + ERR_NONE = 0, + /* errors forced internally in the code */ + ERR_INJECT_UNINITIALIZED_ACCESS, + ERR_INJECT_DUPLICATE_SETUP, + ERR_INJECT_INVALID_USER, + ERR_INJECT_INVALID_PEER, + ERR_INJECT_SET_USER, + ERR_INJECT_SET_PEER, + ERR_INJECT_EMPTY_IO_BUFFER, + ERR_INJECT_UNKNOWN_STEP, + ERR_INJECT_INVALID_FIRST_STEP, + ERR_INJECT_WRONG_BUFFER_SIZE, + ERR_INJECT_VALID_OPERATION_AFTER_FAILURE, + ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1, + ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2, + /* erros issued from the .data file */ + ERR_IN_SETUP, + ERR_IN_SET_ROLE, + ERR_IN_SET_PASSWORD_KEY, + ERR_IN_INPUT, + ERR_IN_OUTPUT, +} ecjpake_error_stage_t; +/* + * This check is used for errors issued through wrong input parameters. The + * check is always performed because, in case of all valid parameters, the + * setup function can go on + */ +#define SETUP_ALWAYS_CHECK_STEP( test_function, this_check_err_stage ) \ + status = test_function; \ + if( err_stage != this_check_err_stage ) \ + { \ + PSA_ASSERT( status ); \ + } \ + else \ + { \ + TEST_EQUAL( status, expected_error ); \ + goto exit; \ + } + +/* + * This check is used for errors injected explicitly. The check is conditional + * because once the error is triggered, the setup function cannot proceed so + * it would not be possible to check following steps + */ +#define SETUP_CONDITIONAL_CHECK_STEP( test_function, this_check_err_stage ) \ + if( err_stage == this_check_err_stage ) \ + { \ + TEST_EQUAL( test_function, expected_error ); \ + goto exit; \ + } /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -623,7 +658,7 @@ typedef enum void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, int primitive_arg, int hash_arg, int role_arg, int test_input, data_t *pw_data, - int inj_err_type_arg, + int err_stage_arg, int expected_error_arg) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); @@ -636,16 +671,17 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, psa_pake_role_t role = role_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - ecjpake_injected_failure_t inj_err_type = inj_err_type_arg; + ecjpake_error_stage_t err_stage = err_stage_arg; psa_status_t expected_error = expected_error_arg; psa_status_t status; unsigned char *output_buffer = NULL; size_t output_len = 0; + const uint8_t unsupp_id[] = "abcd"; PSA_INIT( ); - size_t buf_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg, - PSA_PAKE_STEP_KEY_SHARE); + size_t buf_size = PSA_PAKE_OUTPUT_SIZE( alg, primitive_arg, + PSA_PAKE_STEP_KEY_SHARE ); ASSERT_ALLOC( output_buffer, buf_size ); if( pw_data->len > 0 ) @@ -663,7 +699,7 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, PSA_ASSERT( psa_pake_abort( &operation ) ); - if ( inj_err_type == INJECT_ERR_UNINITIALIZED_ACCESS ) + if ( err_stage == ERR_INJECT_UNINITIALIZED_ACCESS ) { TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), expected_error ); @@ -687,66 +723,29 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, goto exit; } - status = psa_pake_setup( &operation, &cipher_suite ); - if (status != PSA_SUCCESS) - { - TEST_EQUAL( status, expected_error ); - goto exit; - } + SETUP_ALWAYS_CHECK_STEP( psa_pake_setup( &operation, &cipher_suite ), + ERR_IN_SETUP ); - if( inj_err_type == INJECT_ERR_DUPLICATE_SETUP ) - { - TEST_EQUAL( psa_pake_setup( &operation, &cipher_suite ), - expected_error ); - goto exit; - } + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_setup( &operation, &cipher_suite ), + ERR_INJECT_DUPLICATE_SETUP); - status = psa_pake_set_role( &operation, role); - if ( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_error ); - goto exit; - } + SETUP_ALWAYS_CHECK_STEP( psa_pake_set_role( &operation, role), + ERR_IN_SET_ROLE ); - if( pw_data->len > 0 ) - { - status = psa_pake_set_password_key( &operation, key ); - if ( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_error ); - goto exit; - } - } + SETUP_ALWAYS_CHECK_STEP( psa_pake_set_password_key( &operation, key ), + ERR_IN_SET_PASSWORD_KEY ); - if ( inj_err_type == INJECT_ERR_INVALID_USER ) - { - TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), - PSA_ERROR_INVALID_ARGUMENT ); - goto exit; - } + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_set_user( &operation, NULL, 0 ), + ERR_INJECT_INVALID_USER ); - if ( inj_err_type == INJECT_ERR_INVALID_PEER ) - { - TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ), - PSA_ERROR_INVALID_ARGUMENT ); - goto exit; - } + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_set_peer( &operation, NULL, 0 ), + ERR_INJECT_INVALID_PEER ); - if ( inj_err_type == INJECT_ERR_SET_USER ) - { - const uint8_t unsupported_id[] = "abcd"; - TEST_EQUAL( psa_pake_set_user( &operation, unsupported_id, 4 ), - PSA_ERROR_NOT_SUPPORTED ); - goto exit; - } + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_set_user( &operation, unsupp_id, 4 ), + ERR_INJECT_SET_USER ); - if ( inj_err_type == INJECT_ERR_SET_PEER ) - { - const uint8_t unsupported_id[] = "abcd"; - TEST_EQUAL( psa_pake_set_peer( &operation, unsupported_id, 4 ), - PSA_ERROR_NOT_SUPPORTED ); - goto exit; - } + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_set_peer( &operation, unsupp_id, 4 ), + ERR_INJECT_SET_PEER ); const size_t size_key_share = PSA_PAKE_INPUT_SIZE( alg, primitive, PSA_PAKE_STEP_KEY_SHARE ); @@ -757,108 +756,71 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, if ( test_input ) { - if ( inj_err_type == INJECT_EMPTY_IO_BUFFER ) - { - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, NULL, 0 ), - PSA_ERROR_INVALID_ARGUMENT ); - goto exit; - } + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_input( &operation, + PSA_PAKE_STEP_ZK_PROOF, NULL, 0 ), + ERR_INJECT_EMPTY_IO_BUFFER ); - if ( inj_err_type == INJECT_UNKNOWN_STEP ) - { - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_input( &operation, + PSA_PAKE_STEP_ZK_PROOF + 10, output_buffer, size_zk_proof ), - PSA_ERROR_INVALID_ARGUMENT ); - goto exit; - } + ERR_INJECT_UNKNOWN_STEP ); - if ( inj_err_type == INJECT_INVALID_FIRST_STEP ) - { - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_input( &operation, + PSA_PAKE_STEP_ZK_PROOF, output_buffer, size_zk_proof ), - PSA_ERROR_BAD_STATE ); - goto exit; - } + ERR_INJECT_INVALID_FIRST_STEP ) - status = psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, - output_buffer, size_key_share ); - if ( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_error); - goto exit; - } + SETUP_ALWAYS_CHECK_STEP( psa_pake_input( &operation, + PSA_PAKE_STEP_KEY_SHARE, + output_buffer, size_key_share ), + ERR_IN_INPUT ); - if ( inj_err_type == INJECT_WRONG_BUFFER_SIZE ) - { - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_input( &operation, + PSA_PAKE_STEP_ZK_PUBLIC, output_buffer, size_zk_public + 1 ), - PSA_ERROR_INVALID_ARGUMENT ); - goto exit; - } + ERR_INJECT_WRONG_BUFFER_SIZE ); - if ( inj_err_type == INJECT_VALID_OPERATION_AFTER_FAILURE ) - { - // Just trigger any kind of error. We don't care about the result here - psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, - output_buffer, size_zk_public + 1 ); - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, - output_buffer, size_zk_public ), - PSA_ERROR_BAD_STATE ); - goto exit; - } + SETUP_CONDITIONAL_CHECK_STEP( + ( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public + 1 ), + psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public ) ), + ERR_INJECT_VALID_OPERATION_AFTER_FAILURE ); } else { - if ( inj_err_type == INJECT_EMPTY_IO_BUFFER ) - { - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_output( &operation, + PSA_PAKE_STEP_ZK_PROOF, NULL, 0, NULL ), - PSA_ERROR_INVALID_ARGUMENT ); - goto exit; - } + ERR_INJECT_EMPTY_IO_BUFFER ); - if ( inj_err_type == INJECT_UNKNOWN_STEP ) - { - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_output( &operation, + PSA_PAKE_STEP_ZK_PROOF + 10, output_buffer, buf_size, &output_len ), - PSA_ERROR_INVALID_ARGUMENT ); - goto exit; - } + ERR_INJECT_UNKNOWN_STEP ); - if ( inj_err_type == INJECT_INVALID_FIRST_STEP ) - { - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_output( &operation, + PSA_PAKE_STEP_ZK_PROOF, output_buffer, buf_size, &output_len ), - PSA_ERROR_BAD_STATE ); - goto exit; - } + ERR_INJECT_INVALID_FIRST_STEP ); - status = psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, - output_buffer, buf_size, &output_len ); - if ( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_error); - goto exit; - } + SETUP_ALWAYS_CHECK_STEP( psa_pake_output( &operation, + PSA_PAKE_STEP_KEY_SHARE, + output_buffer, buf_size, &output_len ), + ERR_IN_OUTPUT ); TEST_ASSERT( output_len > 0 ); - if ( inj_err_type == INJECT_WRONG_BUFFER_SIZE ) - { - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, - output_buffer, size_zk_public - 1, &output_len ), - PSA_ERROR_BUFFER_TOO_SMALL ); - goto exit; - } + SETUP_CONDITIONAL_CHECK_STEP( psa_pake_output( &operation, + PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public - 1, + &output_len ), + ERR_INJECT_WRONG_BUFFER_SIZE ); - if ( inj_err_type == INJECT_VALID_OPERATION_AFTER_FAILURE ) - { - // Just trigger any kind of error. We don't care about the result here - psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, - output_buffer, size_zk_public - 1, &output_len ); - TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, - output_buffer, buf_size, &output_len ), - PSA_ERROR_BAD_STATE ); - goto exit; - } + SETUP_CONDITIONAL_CHECK_STEP( + ( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public - 1, &output_len ), + psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, buf_size, &output_len ) ), + ERR_INJECT_VALID_OPERATION_AFTER_FAILURE ); } exit: @@ -924,7 +886,7 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, int derive_alg_arg, data_t *pw_data, - int client_input_first, int inj_err_type_arg ) + int client_input_first, int err_stage_arg ) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t server = psa_pake_operation_init(); @@ -938,7 +900,7 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_derivation_operation_t client_derive = PSA_KEY_DERIVATION_OPERATION_INIT; - ecjpake_injected_failure_t inj_err_type = inj_err_type_arg; + ecjpake_error_stage_t err_stage = err_stage_arg; PSA_INIT( ); @@ -976,7 +938,7 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT( psa_pake_set_password_key( &server, key ) ); PSA_ASSERT( psa_pake_set_password_key( &client, key ) ); - if( inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_1 ) + if( err_stage == ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1 ) { TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), PSA_ERROR_BAD_STATE ); @@ -989,7 +951,7 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, ecjpake_do_round( alg, primitive_arg, &server, &client, client_input_first, 1, 0 ); - if ( inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_2 ) + if ( err_stage == ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2 ) { TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), PSA_ERROR_BAD_STATE ); From 6d4e75f0c68fa9b86a08cc0d7ad98c20d5dd2ac5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 21 Nov 2022 14:56:56 +0100 Subject: [PATCH 05/15] psa_crypto_pake: initialize psa_status_t stack variables Signed-off-by: Valerio Setti --- library/psa_crypto_pake.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 431057ca42..da66dae7da 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -197,7 +197,7 @@ static psa_status_t mbedtls_ecjpake_to_psa_error( int ret ) psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* A context must be freshly initialized before it can be set up. */ if( operation->alg != PSA_ALG_NONE ) @@ -322,7 +322,7 @@ psa_status_t psa_pake_set_user( psa_pake_operation_t *operation, const uint8_t *user_id, size_t user_id_len ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if( operation->alg == PSA_ALG_NONE || operation->state != PSA_PAKE_STATE_SETUP ) @@ -348,7 +348,7 @@ psa_status_t psa_pake_set_peer( psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if( operation->alg == PSA_ALG_NONE || operation->state != PSA_PAKE_STATE_SETUP ) @@ -373,7 +373,7 @@ error: psa_status_t psa_pake_set_role( psa_pake_operation_t *operation, psa_pake_role_t role ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if( operation->alg == PSA_ALG_NONE || operation->state != PSA_PAKE_STATE_SETUP ) From e5d7864aa0e67c7448439a1b120143bc72d80e14 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 21 Nov 2022 15:17:54 +0100 Subject: [PATCH 06/15] test: psa_pake: improved description of macros used in ecjpake_setup() Signed-off-by: Valerio Setti --- .../test_suite_psa_crypto_pake.function | 22 ++++++++++++++----- 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index f8022e4da0..52c7a7ab07 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -620,9 +620,14 @@ typedef enum } ecjpake_error_stage_t; /* - * This check is used for errors issued through wrong input parameters. The - * check is always performed because, in case of all valid parameters, the - * setup function can go on + * This check is used for functions that might either succeed or fail depending + * on the parameters that are passed in from the *.data file: + * - in case of success following functions depend on the current one + * - in case of failure the test is always terminated. There are two options + * here + * - terminated successfully if this exact error was expected at this stage + * - terminated with failure otherwise (either no error was expected at this + * stage or a different error code was expected) */ #define SETUP_ALWAYS_CHECK_STEP( test_function, this_check_err_stage ) \ status = test_function; \ @@ -637,9 +642,14 @@ typedef enum } /* - * This check is used for errors injected explicitly. The check is conditional - * because once the error is triggered, the setup function cannot proceed so - * it would not be possible to check following steps + * This check is used for failures that are injected at code level. There's only + * 1 input parameter that is relevant in this case and it's the stage at which + * the error should be injected. + * The check is conditional in this case because, once the error is triggered, + * the pake's context structure is compromised and the setup function cannot + * proceed further. As a consequence the test is terminated. + * The test succeeds if the returned error is exactly the expected one, + * otherwise it fails. */ #define SETUP_CONDITIONAL_CHECK_STEP( test_function, this_check_err_stage ) \ if( err_stage == this_check_err_stage ) \ From e65a41f2784b7fa0e85480d2a58961c1166abd2f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 21 Nov 2022 15:38:29 +0100 Subject: [PATCH 07/15] test: psa_pake: fixes in ecjpake_setup() Both changes concern the ERR_INJECT_UNINITIALIZED_ACCESS case: - removed unnecessary psa_pake_abort() - added psa_pake_get_implicit_key() Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_pake.function | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 52c7a7ab07..845b38f703 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -687,6 +687,7 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, unsigned char *output_buffer = NULL; size_t output_len = 0; const uint8_t unsupp_id[] = "abcd"; + psa_key_derivation_operation_t key_derivation; PSA_INIT( ); @@ -713,23 +714,20 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, { TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), expected_error ); - PSA_ASSERT( psa_pake_abort( &operation ) ); TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ), expected_error ); - PSA_ASSERT( psa_pake_abort( &operation ) ); TEST_EQUAL( psa_pake_set_password_key( &operation, key ), expected_error ); - PSA_ASSERT( psa_pake_abort( &operation ) ); TEST_EQUAL( psa_pake_set_role( &operation, role ), expected_error ); - PSA_ASSERT( psa_pake_abort( &operation ) ); TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, NULL, 0, NULL ), expected_error ); - PSA_ASSERT( psa_pake_abort( &operation ) ); - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, NULL, 0), + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, + NULL, 0 ), + expected_error ); + TEST_EQUAL( psa_pake_get_implicit_key( &operation, &key_derivation ), expected_error ); - PSA_ASSERT( psa_pake_abort( &operation ) ); goto exit; } From ac3ba95ee43ed95b2e73328cf7939d1bf9b9e827 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 21 Nov 2022 16:22:29 +0100 Subject: [PATCH 08/15] test: psa_pake: fix data file for ecjpake_setup() Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_pake.data | 25 ++++---------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 9d15ed3313..3a477cd39b 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -1,6 +1,6 @@ PSA PAKE: uninitialized access to psa_pake_operation_t depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE PSA PAKE: invalid alg depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 @@ -30,21 +30,13 @@ PSA PAKE: ecjpake setup invalid role NONE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":ERR_IN_SET_ROLE:PSA_ERROR_NOT_SUPPORTED -PSA PAKE: wrong key type password +PSA PAKE: wrong password key type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_INVALID_ARGUMENT -PSA PAKE: ecjpake setup client bad password key usage +PSA PAKE: wrong password key usage depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED - -PSA PAKE: wrong key usage type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:0:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED - -PSA PAKE: ecjpake setup client bad password key type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_DERIVE:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED PSA PAKE: set invalid user depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 @@ -65,17 +57,10 @@ ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_ # NOTE: this test should be enabled once the psa_pake_set_password_key() function # will reject empty passwords. The expected error code must be adjusted # accordingly to the code -#PSA PAKE: empty server password +#PSA PAKE: empty password #depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 #ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_BAD_STATE -# NOTE: this test should be enabled once the psa_pake_set_password_key() function -# will reject empty passwords The expected error code must be adjusted -# accordingly to the code -#PSA PAKE: empty client password -#depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -#ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_BAD_STATE - PSA PAKE: invalid input depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT From 40323c5d51337c5b4f61d9dd99fa86e64d608e0b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Nov 2022 10:38:49 +0100 Subject: [PATCH 09/15] test: psa_pake: improved ecjpake_do_round() test function Now it's possible to inject an error in every single step of the key exchange process. Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_pake.data | 92 ++- .../test_suite_psa_crypto_pake.function | 581 +++++++----------- 2 files changed, 299 insertions(+), 374 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 3a477cd39b..88a634ff26 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -101,61 +101,105 @@ PSA PAKE: valid output operation after a failure depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE -PSA PAKE: ecjpake rounds +PSA PAKE: check rounds w/o forced errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:ERR_NONE -PSA PAKE: ecjpake rounds, client input first +PSA PAKE: check rounds w/o forced errors, TLS12_PRF +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"abcdef":0:ERR_NONE + +PSA PAKE: check rounds w/o forced errors, client input first depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:ERR_NONE -PSA PAKE: ecjpake rounds, early key derivation 1 +PSA PAKE: force early key derivation 1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1 -PSA PAKE: ecjpake rounds, early key derivation 2 +PSA PAKE: force early key derivation 2 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2 -PSA PAKE: ecjpake no input errors +PSA PAKE: no injected errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef" +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_NONE:PSA_SUCCESS -PSA PAKE: ecjpake no input errors, client input first +PSA PAKE: no injected errors, client input first depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef" +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_NONE:PSA_SUCCESS -PSA PAKE: ecjpake inject input errors, first round client +PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:1:"abcdef" +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID -PSA PAKE: ecjpake inject input errors, first round client, client input first +PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:1:"abcdef" +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID -PSA PAKE: ecjpake inject input errors, first round server +PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:2:"abcdef" +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID -PSA PAKE: ecjpake inject input errors, first round server, client input first +PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:2:"abcdef" +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID -PSA PAKE: ecjpake inject input errors, second round client +PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:3:"abcdef" +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID -PSA PAKE: ecjpake inject input errors, second round client, client input first +PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:3:"abcdef" +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID -PSA PAKE: ecjpake inject input errors, second round server +PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:4:"abcdef" +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID -PSA PAKE: ecjpake inject input errors, second round server, client input first +PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:4:"abcdef" +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID + +PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID + +PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID + +PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID + +PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID + +PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_KEY_SHARE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_KEY_SHARE:PSA_ERROR_DATA_INVALID + +PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC:PSA_ERROR_DATA_INVALID + +PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PROOF +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PROOF:PSA_ERROR_DATA_INVALID + +PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_KEY_SHARE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_KEY_SHARE:PSA_ERROR_DATA_INVALID + +PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC:PSA_ERROR_DATA_INVALID + +PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PROOF +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PROOF:PSA_ERROR_DATA_INVALID PSA PAKE: ecjpake size macros depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 845b38f703..8d83019b5e 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -3,12 +3,88 @@ #include "psa/crypto.h" +typedef enum +{ + ERR_NONE = 0, + /* errors forced internally in the code */ + ERR_INJECT_UNINITIALIZED_ACCESS, + ERR_INJECT_DUPLICATE_SETUP, + ERR_INJECT_INVALID_USER, + ERR_INJECT_INVALID_PEER, + ERR_INJECT_SET_USER, + ERR_INJECT_SET_PEER, + ERR_INJECT_EMPTY_IO_BUFFER, + ERR_INJECT_UNKNOWN_STEP, + ERR_INJECT_INVALID_FIRST_STEP, + ERR_INJECT_WRONG_BUFFER_SIZE, + ERR_INJECT_VALID_OPERATION_AFTER_FAILURE, + ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1, + ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2, + ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1, + ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1, + ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1, + ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2, + ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2, + ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2, + ERR_INJECT_ROUND2_CLIENT_KEY_SHARE, + ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC, + ERR_INJECT_ROUND2_CLIENT_ZK_PROOF, + ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1, + ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1, + ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1, + ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2, + ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2, + ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2, + ERR_INJECT_ROUND2_SERVER_KEY_SHARE, + ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC, + ERR_INJECT_ROUND2_SERVER_ZK_PROOF, + /* erros issued from the .data file */ + ERR_IN_SETUP, + ERR_IN_SET_ROLE, + ERR_IN_SET_PASSWORD_KEY, + ERR_IN_INPUT, + ERR_IN_OUTPUT, +} ecjpake_error_stage_t; + +typedef enum +{ + PAKE_ROUND_ONE, + PAKE_ROUND_TWO +} pake_round_t; + +/* Inject an error on the specified buffer ONLY it this is the correct stage */ +#define DO_ROUND_CONDITIONAL_INJECT( this_stage, buf ) \ + if ( this_stage == err_stage ) \ + { \ + *( buf + 7) ^= 1; \ + *( buf + 8 ) ^= 1; \ + } + +#define DO_ROUND_UPDATE_OFFSETS( main_buf_offset, step_offset, step_size ) \ + { \ + step_offset = main_buf_offset; \ + main_buf_offset += step_size; \ + } + +#define DO_ROUND_CHECK_FAILURE( ) \ + if( err_stage != ERR_NONE && status != PSA_SUCCESS ) \ + { \ + TEST_EQUAL( status, expected_error_arg ); \ + break; \ + } \ + else \ + { \ + TEST_EQUAL( status, PSA_SUCCESS ); \ + } + #if defined(PSA_WANT_ALG_JPAKE) static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive, psa_pake_operation_t *server, psa_pake_operation_t *client, int client_input_first, - int round, int inject_error ) + pake_round_t round, + ecjpake_error_stage_t err_stage, + int expected_error_arg ) { unsigned char *buffer0 = NULL, *buffer1 = NULL; size_t buffer_length = ( @@ -38,7 +114,6 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive, size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; - psa_status_t expected_status = PSA_SUCCESS; psa_status_t status; ASSERT_ALLOC( buffer0, buffer_length ); @@ -46,51 +121,61 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive, switch( round ) { - case 1: + case PAKE_ROUND_ONE: /* Server first round Output */ PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, 512 - buffer0_off, &s_g1_len ) ); TEST_EQUAL( s_g1_len, expected_size_key_share ); - s_g1_off = buffer0_off; - buffer0_off += s_g1_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1, + buffer0 + buffer0_off ); + DO_ROUND_UPDATE_OFFSETS( buffer0_off, s_g1_off, s_g1_len ); + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, 512 - buffer0_off, &s_x1_pk_len ) ); TEST_EQUAL( s_x1_pk_len, expected_size_zk_public ); - s_x1_pk_off = buffer0_off; - buffer0_off += s_x1_pk_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1, + buffer0 + buffer0_off ); + DO_ROUND_UPDATE_OFFSETS( buffer0_off, s_x1_pk_off, s_x1_pk_len ); + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, 512 - buffer0_off, &s_x1_pr_len ) ); TEST_LE_U( s_x1_pr_len, max_expected_size_zk_proof ); - s_x1_pr_off = buffer0_off; - buffer0_off += s_x1_pr_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1, + buffer0 + buffer0_off ); + DO_ROUND_UPDATE_OFFSETS( buffer0_off, s_x1_pr_off, s_x1_pr_len ); + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, 512 - buffer0_off, &s_g2_len ) ); TEST_EQUAL( s_g2_len, expected_size_key_share ); - s_g2_off = buffer0_off; - buffer0_off += s_g2_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2, + buffer0 + buffer0_off ); + DO_ROUND_UPDATE_OFFSETS( buffer0_off, s_g2_off, s_g2_len ); + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2_pk_len ) ); TEST_EQUAL( s_x2_pk_len, expected_size_zk_public ); - s_x2_pk_off = buffer0_off; - buffer0_off += s_x2_pk_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2, + buffer0 + buffer0_off ); + DO_ROUND_UPDATE_OFFSETS( buffer0_off, s_x2_pk_off, s_x2_pk_len ); + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2_pr_len ) ); TEST_LE_U( s_x2_pr_len, max_expected_size_zk_proof ); - s_x2_pr_off = buffer0_off; - buffer0_off += s_x2_pr_len; - - if( inject_error == 1 ) - { - buffer0[s_x1_pr_off + 8] ^= 1; - buffer0[s_x2_pr_off + 7] ^= 1; - expected_status = PSA_ERROR_DATA_INVALID; - } + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2, + buffer0 + buffer0_off ); + DO_ROUND_UPDATE_OFFSETS( buffer0_off, s_x2_pr_off, s_x2_pr_len ); /* * When injecting errors in inputs, the implementation is @@ -99,90 +184,44 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive, * sequence, if no error appears then, this will be treated * as an error. */ - if( client_input_first == 1 ) { /* Client first round Input */ status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g1_off, s_g1_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x1_pk_off, s_x1_pk_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x1_pr_off, s_x1_pr_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g2_off, s_g2_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2_pk_off, s_x2_pk_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2_pr_off, s_x2_pr_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); /* Error didn't trigger, make test fail */ - if( inject_error == 1 ) + if( ( err_stage >= ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1 ) && + ( err_stage <= ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2 ) ) + { TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } } /* Client first round Output */ @@ -190,211 +229,131 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive, buffer1 + buffer1_off, 512 - buffer1_off, &c_g1_len ) ); TEST_EQUAL( c_g1_len, expected_size_key_share ); - c_g1_off = buffer1_off; - buffer1_off += c_g1_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1, + buffer1 + buffer1_off ); + DO_ROUND_UPDATE_OFFSETS( buffer1_off, c_g1_off, c_g1_len ); + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, 512 - buffer1_off, &c_x1_pk_len ) ); TEST_EQUAL( c_x1_pk_len, expected_size_zk_public ); - c_x1_pk_off = buffer1_off; - buffer1_off += c_x1_pk_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1, + buffer1 + buffer1_off ); + DO_ROUND_UPDATE_OFFSETS( buffer1_off, c_x1_pk_off, c_x1_pk_len ); + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, 512 - buffer1_off, &c_x1_pr_len ) ); TEST_LE_U( c_x1_pr_len, max_expected_size_zk_proof ); - c_x1_pr_off = buffer1_off; - buffer1_off += c_x1_pr_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1, + buffer1 + buffer1_off ); + DO_ROUND_UPDATE_OFFSETS( buffer1_off, c_x1_pr_off, c_x1_pr_len ); + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, 512 - buffer1_off, &c_g2_len ) ); TEST_EQUAL( c_g2_len, expected_size_key_share ); - c_g2_off = buffer1_off; - buffer1_off += c_g2_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2, + buffer1 + buffer1_off ); + DO_ROUND_UPDATE_OFFSETS( buffer1_off, c_g2_off, c_g2_len ); + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2_pk_len ) ); TEST_EQUAL( c_x2_pk_len, expected_size_zk_public ); - c_x2_pk_off = buffer1_off; - buffer1_off += c_x2_pk_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2, + buffer1 + buffer1_off ); + DO_ROUND_UPDATE_OFFSETS( buffer1_off, c_x2_pk_off, c_x2_pk_len ); + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2_pr_len ) ); TEST_LE_U( c_x2_pr_len, max_expected_size_zk_proof ); - c_x2_pr_off = buffer1_off; - buffer1_off += c_x2_pr_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2, + buffer1 + buffer1_off ); + DO_ROUND_UPDATE_OFFSETS( buffer1_off, c_x2_pr_off, buffer1_off ); if( client_input_first == 0 ) { /* Client first round Input */ status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g1_off, s_g1_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x1_pk_off, s_x1_pk_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x1_pr_off, s_x1_pr_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g2_off, s_g2_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2_pk_off, s_x2_pk_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2_pr_off, s_x2_pr_len ); - if( inject_error == 1 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); /* Error didn't trigger, make test fail */ - if( inject_error == 1 ) + if( ( err_stage >= ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1 ) && + ( err_stage <= ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2 ) ) + { TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); - } - - if( inject_error == 2 ) - { - buffer1[c_x1_pr_off + 12] ^= 1; - buffer1[c_x2_pr_off + 7] ^= 1; - expected_status = PSA_ERROR_DATA_INVALID; + } } /* Server first round Input */ status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE, buffer1 + c_g1_off, c_g1_len ); - if( inject_error == 2 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + c_x1_pk_off, c_x1_pk_len ); - if( inject_error == 2 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF, buffer1 + c_x1_pr_off, c_x1_pr_len ); - if( inject_error == 2 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE, buffer1 + c_g2_off, c_g2_len ); - if( inject_error == 2 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + c_x2_pk_off, c_x2_pk_len ); - if( inject_error == 2 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF, buffer1 + c_x2_pr_off, c_x2_pr_len ); - if( inject_error == 2 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); /* Error didn't trigger, make test fail */ - if( inject_error == 2 ) + if( ( err_stage >= ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1 ) && + ( err_stage <= ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2 ) ) + { TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } break; - case 2: + case PAKE_ROUND_TWO: /* Server second round Output */ buffer0_off = 0; @@ -402,71 +361,52 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive, buffer0 + buffer0_off, 512 - buffer0_off, &s_a_len ) ); TEST_EQUAL( s_a_len, expected_size_key_share ); - s_a_off = buffer0_off; - buffer0_off += s_a_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND2_SERVER_KEY_SHARE, + buffer0 + buffer0_off ); + DO_ROUND_UPDATE_OFFSETS( buffer0_off, s_a_off, s_a_len ); + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2s_pk_len ) ); TEST_EQUAL( s_x2s_pk_len, expected_size_zk_public ); - s_x2s_pk_off = buffer0_off; - buffer0_off += s_x2s_pk_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC, + buffer0 + buffer0_off ); + DO_ROUND_UPDATE_OFFSETS( buffer0_off, s_x2s_pk_off, s_x2s_pk_len ); + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2s_pr_len ) ); TEST_LE_U( s_x2s_pr_len, max_expected_size_zk_proof ); - s_x2s_pr_off = buffer0_off; - buffer0_off += s_x2s_pr_len; - - if( inject_error == 3 ) - { - buffer0[s_x2s_pk_off + 12] += 0x33; - expected_status = PSA_ERROR_DATA_INVALID; - } + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND2_SERVER_ZK_PROOF, + buffer0 + buffer0_off ); + DO_ROUND_UPDATE_OFFSETS( buffer0_off, s_x2s_pr_off, s_x2s_pr_len ); if( client_input_first == 1 ) { /* Client second round Input */ status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_a_off, s_a_len ); - if( inject_error == 3 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2s_pk_off, s_x2s_pk_len ); - if( inject_error == 3 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2s_pr_off, s_x2s_pr_len ); - if( inject_error == 3 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); /* Error didn't trigger, make test fail */ - if( inject_error == 3 ) + if( ( err_stage >= ERR_INJECT_ROUND2_SERVER_KEY_SHARE ) && + ( err_stage <= ERR_INJECT_ROUND2_SERVER_ZK_PROOF ) ) + { TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } } /* Client second round Output */ @@ -476,113 +416,73 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive, buffer1 + buffer1_off, 512 - buffer1_off, &c_a_len ) ); TEST_EQUAL( c_a_len, expected_size_key_share ); - c_a_off = buffer1_off; - buffer1_off += c_a_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND2_CLIENT_KEY_SHARE, + buffer1 + buffer1_off ); + DO_ROUND_UPDATE_OFFSETS( buffer1_off, c_a_off, c_a_len ); + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2s_pk_len ) ); TEST_EQUAL( c_x2s_pk_len, expected_size_zk_public ); - c_x2s_pk_off = buffer1_off; - buffer1_off += c_x2s_pk_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC, + buffer1 + buffer1_off ); + DO_ROUND_UPDATE_OFFSETS( buffer1_off, c_x2s_pk_off, c_x2s_pk_len ); + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2s_pr_len ) ); TEST_LE_U( c_x2s_pr_len, max_expected_size_zk_proof ); - c_x2s_pr_off = buffer1_off; - buffer1_off += c_x2s_pr_len; + DO_ROUND_CONDITIONAL_INJECT( + ERR_INJECT_ROUND2_CLIENT_ZK_PROOF, + buffer1 + buffer1_off ); + DO_ROUND_UPDATE_OFFSETS( buffer1_off, c_x2s_pr_off, c_x2s_pr_len ); if( client_input_first == 0 ) { /* Client second round Input */ status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_a_off, s_a_len ); - if( inject_error == 3 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2s_pk_off, s_x2s_pk_len ); - if( inject_error == 3 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2s_pr_off, s_x2s_pr_len ); - if( inject_error == 3 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); /* Error didn't trigger, make test fail */ - if( inject_error == 3 ) + if( ( err_stage >= ERR_INJECT_ROUND2_SERVER_KEY_SHARE ) && + ( err_stage <= ERR_INJECT_ROUND2_SERVER_ZK_PROOF ) ) + { TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); - } - - if( inject_error == 4 ) - { - buffer1[c_x2s_pk_off + 7] += 0x28; - expected_status = PSA_ERROR_DATA_INVALID; + } } /* Server second round Input */ status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE, buffer1 + c_a_off, c_a_len ); - if( inject_error == 4 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + c_x2s_pk_off, c_x2s_pk_len ); - if( inject_error == 4 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF, buffer1 + c_x2s_pr_off, c_x2s_pr_len ); - if( inject_error == 4 && status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - break; - } - else - { - TEST_EQUAL( status, PSA_SUCCESS ); - } + DO_ROUND_CHECK_FAILURE( ); /* Error didn't trigger, make test fail */ - if( inject_error == 4 ) + if( ( err_stage >= ERR_INJECT_ROUND2_CLIENT_KEY_SHARE ) && + ( err_stage <= ERR_INJECT_ROUND2_CLIENT_ZK_PROOF ) ) + { TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } break; @@ -594,31 +494,6 @@ exit: } #endif /* PSA_WANT_ALG_JPAKE */ -typedef enum -{ - ERR_NONE = 0, - /* errors forced internally in the code */ - ERR_INJECT_UNINITIALIZED_ACCESS, - ERR_INJECT_DUPLICATE_SETUP, - ERR_INJECT_INVALID_USER, - ERR_INJECT_INVALID_PEER, - ERR_INJECT_SET_USER, - ERR_INJECT_SET_PEER, - ERR_INJECT_EMPTY_IO_BUFFER, - ERR_INJECT_UNKNOWN_STEP, - ERR_INJECT_INVALID_FIRST_STEP, - ERR_INJECT_WRONG_BUFFER_SIZE, - ERR_INJECT_VALID_OPERATION_AFTER_FAILURE, - ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1, - ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2, - /* erros issued from the .data file */ - ERR_IN_SETUP, - ERR_IN_SET_ROLE, - ERR_IN_SET_PASSWORD_KEY, - ERR_IN_INPUT, - ERR_IN_OUTPUT, -} ecjpake_error_stage_t; - /* * This check is used for functions that might either succeed or fail depending * on the parameters that are passed in from the *.data file: @@ -723,7 +598,7 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, NULL, 0, NULL ), expected_error ); - TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, NULL, 0 ), expected_error ); TEST_EQUAL( psa_pake_get_implicit_key( &operation, &key_derivation ), @@ -841,8 +716,10 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_rounds_inject( int alg_arg, int primitive_arg, int hash_arg, - int client_input_first, int inject_error, - data_t *pw_data ) + int client_input_first, + data_t *pw_data, + int err_stage_arg, + int expected_error_arg ) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t server = psa_pake_operation_init(); @@ -851,6 +728,7 @@ void ecjpake_rounds_inject( int alg_arg, int primitive_arg, int hash_arg, psa_algorithm_t hash_alg = hash_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + ecjpake_error_stage_t err_stage = err_stage_arg; PSA_INIT( ); @@ -864,7 +742,6 @@ void ecjpake_rounds_inject( int alg_arg, int primitive_arg, int hash_arg, psa_pake_cs_set_primitive( &cipher_suite, primitive_arg ); psa_pake_cs_set_hash( &cipher_suite, hash_alg ); - PSA_ASSERT( psa_pake_setup( &server, &cipher_suite ) ); PSA_ASSERT( psa_pake_setup( &client, &cipher_suite ) ); @@ -875,13 +752,15 @@ void ecjpake_rounds_inject( int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT( psa_pake_set_password_key( &client, key ) ); ecjpake_do_round( alg, primitive_arg, &server, &client, - client_input_first, 1, inject_error ); + client_input_first, PAKE_ROUND_ONE, + err_stage, expected_error_arg ); - if( inject_error == 1 || inject_error == 2 ) + if( err_stage != ERR_NONE ) goto exit; ecjpake_do_round( alg, primitive_arg, &server, &client, - client_input_first, 2, inject_error ); + client_input_first, PAKE_ROUND_TWO, + err_stage, expected_error_arg ); exit: psa_destroy_key( key ); @@ -957,7 +836,8 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, /* First round */ ecjpake_do_round( alg, primitive_arg, &server, &client, - client_input_first, 1, 0 ); + client_input_first, PAKE_ROUND_ONE, + ERR_NONE, PSA_SUCCESS ); if ( err_stage == ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2 ) { @@ -970,7 +850,8 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, /* Second round */ ecjpake_do_round( alg, primitive_arg, &server, &client, - client_input_first, 2, 0 ); + client_input_first, PAKE_ROUND_TWO, + ERR_NONE, PSA_SUCCESS ); PSA_ASSERT( psa_pake_get_implicit_key( &server, &server_derive ) ); PSA_ASSERT( psa_pake_get_implicit_key( &client, &client_derive ) ); From b697745d14e5563cee27f31d8d6d82e3d00c1475 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Nov 2022 11:29:02 +0100 Subject: [PATCH 10/15] test: psa_pake: fix erroneously duplicated tests Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_pake.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 88a634ff26..c8e8146021 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -189,17 +189,17 @@ PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PROOF depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PROOF:PSA_ERROR_DATA_INVALID -PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_KEY_SHARE +PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_KEY_SHARE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_KEY_SHARE:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_KEY_SHARE:PSA_ERROR_DATA_INVALID -PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC +PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC:PSA_ERROR_DATA_INVALID -PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PROOF +PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PROOF depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PROOF:PSA_ERROR_DATA_INVALID +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PROOF:PSA_ERROR_DATA_INVALID PSA PAKE: ecjpake size macros depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 From b9ef1c2f03381892fecda63e1007621bacea8b0b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Nov 2022 11:31:18 +0100 Subject: [PATCH 11/15] test: psa_pake: fix error inject macro in ecjpake_do_round() Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_pake.function | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 8d83019b5e..f1cbce55fe 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -52,12 +52,15 @@ typedef enum PAKE_ROUND_TWO } pake_round_t; -/* Inject an error on the specified buffer ONLY it this is the correct stage */ +/* + * Inject an error on the specified buffer ONLY it this is the correct stage. + * Offset 7 is arbitrary, but chosen because it's "in the middle" of the part + * we're corrupting. + */ #define DO_ROUND_CONDITIONAL_INJECT( this_stage, buf ) \ if ( this_stage == err_stage ) \ { \ *( buf + 7) ^= 1; \ - *( buf + 8 ) ^= 1; \ } #define DO_ROUND_UPDATE_OFFSETS( main_buf_offset, step_offset, step_size ) \ From db4736a4cac07c7b1b21a5fccf9c6d2fe0aab313 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Nov 2022 12:24:21 +0100 Subject: [PATCH 12/15] test: psa_pake: remove empty password test Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_pake.data | 55 ++++++++----------- .../test_suite_psa_crypto_pake.function | 16 +++--- 2 files changed, 31 insertions(+), 40 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index c8e8146021..80b22f92e8 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -1,105 +1,98 @@ PSA PAKE: uninitialized access to psa_pake_operation_t depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE PSA PAKE: invalid alg depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SETUP:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid primitive type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive family depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive bits depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid hash depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED PSA PAKE: duplicate a valid setup depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE PSA PAKE: ecjpake setup invalid role NONE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":ERR_IN_SET_ROLE:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:ERR_IN_SET_ROLE:PSA_ERROR_NOT_SUPPORTED PSA PAKE: wrong password key type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: wrong password key usage depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED PSA PAKE: set invalid user depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: set invalid peer depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: set user depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_SET_USER:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_SET_USER:PSA_ERROR_NOT_SUPPORTED PSA PAKE: set peer depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_SET_PEER:PSA_ERROR_NOT_SUPPORTED - -# NOTE: this test should be enabled once the psa_pake_set_password_key() function -# will reject empty passwords. The expected error code must be adjusted -# accordingly to the code -#PSA PAKE: empty password -#depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -#ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_SET_PEER:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid input depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: unkown input step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid first input step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE PSA PAKE: input buffer too large depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: valid input operation after a failure depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE PSA PAKE: invalid output depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: unkown output step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid first output step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE PSA PAKE: output buffer too small depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_BUFFER_TOO_SMALL +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_BUFFER_TOO_SMALL PSA PAKE: valid output operation after a failure depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE PSA PAKE: check rounds w/o forced errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index f1cbce55fe..77e8ed6942 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -545,7 +545,7 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, int primitive_arg, int hash_arg, int role_arg, - int test_input, data_t *pw_data, + int test_input, int err_stage_arg, int expected_error_arg) { @@ -565,6 +565,7 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, unsigned char *output_buffer = NULL; size_t output_len = 0; const uint8_t unsupp_id[] = "abcd"; + const uint8_t password[] = "abcd"; psa_key_derivation_operation_t key_derivation; PSA_INIT( ); @@ -573,14 +574,11 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, PSA_PAKE_STEP_KEY_SHARE ); ASSERT_ALLOC( output_buffer, buf_size ); - if( pw_data->len > 0 ) - { - psa_set_key_usage_flags( &attributes, key_usage_pw ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, key_type_pw ); - PSA_ASSERT( psa_import_key( &attributes, pw_data->x, pw_data->len, - &key ) ); - } + psa_set_key_usage_flags( &attributes, key_usage_pw ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type_pw ); + PSA_ASSERT( psa_import_key( &attributes, password, sizeof( password ), + &key ) ); psa_pake_cs_set_algorithm( &cipher_suite, alg ); psa_pake_cs_set_primitive( &cipher_suite, primitive ); From e0d41de82231ae7a613c640b20c20ec88902ce0a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Nov 2022 15:47:27 +0100 Subject: [PATCH 13/15] test: psa_pake: add missing initialization in ecjpake_setup() Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_pake.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 77e8ed6942..13c9bcb078 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -566,7 +566,8 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, size_t output_len = 0; const uint8_t unsupp_id[] = "abcd"; const uint8_t password[] = "abcd"; - psa_key_derivation_operation_t key_derivation; + psa_key_derivation_operation_t key_derivation = + PSA_KEY_DERIVATION_OPERATION_INIT; PSA_INIT( ); From 728b142f40098fac1f4e2d54ff16023ff3171a7d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Nov 2022 19:47:24 +0100 Subject: [PATCH 14/15] test: psa_pake: port changes from cd356c3 Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_pake.data | 14 +++++++++----- tests/suites/test_suite_psa_crypto_pake.function | 6 +++++- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 80b22f92e8..4dd1598c2d 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -96,23 +96,27 @@ ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_ PSA PAKE: check rounds w/o forced errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:ERR_NONE +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0:ERR_NONE PSA PAKE: check rounds w/o forced errors, TLS12_PRF depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"abcdef":0:ERR_NONE +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"abcdef":0:0:ERR_NONE + +PSA PAKE: check rounds, key is destroyed after being passed to set_password_key +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:1:ERR_NONE PSA PAKE: check rounds w/o forced errors, client input first depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:ERR_NONE +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:0:ERR_NONE PSA PAKE: force early key derivation 1 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1 +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0:ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1 PSA PAKE: force early key derivation 2 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2 +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0:ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2 PSA PAKE: no injected errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 13c9bcb078..4f000c13ab 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -775,7 +775,8 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, int derive_alg_arg, data_t *pw_data, - int client_input_first, int err_stage_arg ) + int client_input_first, int destroy_key, + int err_stage_arg ) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t server = psa_pake_operation_init(); @@ -827,6 +828,9 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT( psa_pake_set_password_key( &server, key ) ); PSA_ASSERT( psa_pake_set_password_key( &client, key ) ); + if( destroy_key == 1 ) + psa_destroy_key( key ); + if( err_stage == ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1 ) { TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), From a34d0308cc8dcd86cb974677ab920072a685793a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 28 Nov 2022 10:11:48 +0100 Subject: [PATCH 15/15] test: psa_pake: fix dependency Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_pake.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 4dd1598c2d..f447ef05bf 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -99,7 +99,7 @@ depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0:ERR_NONE PSA PAKE: check rounds w/o forced errors, TLS12_PRF -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"abcdef":0:0:ERR_NONE PSA PAKE: check rounds, key is destroyed after being passed to set_password_key