From 26c909d5872435d4b931e0ba1596a740caaf1406 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 28 Feb 2023 12:34:03 +0100 Subject: [PATCH 01/18] Enable support for user/peer for JPAKE This is only partial support. Only 'client' and 'server' values are accepted for peer and user. Remove support for role. Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 7 +++ library/psa_crypto.c | 95 ++++++++++++++++++++++++++++++-------- 2 files changed, 84 insertions(+), 18 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 30d345c8e1..f6fdcfeba5 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -434,6 +434,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, #define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1 #define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2 +/** JPAKE operation stages. */ +#define PSA_JPAKE_SERVER_ID "server" +#define PSA_JPAKE_CLIENT_ID "client" /** * \brief Set domain parameters for a key. * @@ -1970,6 +1973,10 @@ struct psa_crypto_driver_pake_inputs_s { uint8_t *MBEDTLS_PRIVATE(password); size_t MBEDTLS_PRIVATE(password_len); psa_pake_role_t MBEDTLS_PRIVATE(role); + uint8_t *MBEDTLS_PRIVATE(user); + size_t MBEDTLS_PRIVATE(user_len); + uint8_t *MBEDTLS_PRIVATE(peer); + size_t MBEDTLS_PRIVATE(peer_len); psa_key_attributes_t MBEDTLS_PRIVATE(attributes); psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); }; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 572402528b..31df082e15 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7323,7 +7323,6 @@ psa_status_t psa_pake_set_user( size_t user_id_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - (void) user_id; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = PSA_ERROR_BAD_STATE; @@ -7335,7 +7334,28 @@ psa_status_t psa_pake_set_user( goto exit; } - return PSA_ERROR_NOT_SUPPORTED; + if (operation->data.inputs.peer_len != 0) { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + /* Allow only "client" or "server" values. */ + if (memcmp(peer_id, PSA_JPAKE_SERVER_ID, peer_id_len) != 0 && + memcmp(peer_id, PSA_JPAKE_CLIENT_ID, peer_id_len) != 0) { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + + operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len); + if (operation->data.inputs.peer == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto exit; + } + + memcpy(operation->data.inputs.peer, peer_id, peer_id_len); + operation->data.inputs.peer_len = peer_id_len; + + return PSA_SUCCESS; exit: psa_pake_abort(operation); return status; @@ -7347,7 +7367,6 @@ psa_status_t psa_pake_set_peer( size_t peer_id_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - (void) peer_id; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = PSA_ERROR_BAD_STATE; @@ -7359,7 +7378,28 @@ psa_status_t psa_pake_set_peer( goto exit; } - return PSA_ERROR_NOT_SUPPORTED; + if (operation->data.inputs.user_len != 0) { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + /* Allow only "client" or "server" values. */ + if (memcmp(user_id, PSA_JPAKE_SERVER_ID, user_id_len) != 0 && + memcmp(user_id, PSA_JPAKE_CLIENT_ID, user_id_len) != 0) { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + + operation->data.inputs.user = mbedtls_calloc(1, user_id_len); + if (operation->data.inputs.user == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto exit; + } + + memcpy(operation->data.inputs.user, user_id, user_id_len); + operation->data.inputs.user_len = user_id_len; + + return PSA_SUCCESS; exit: psa_pake_abort(operation); return status; @@ -7372,7 +7412,7 @@ psa_status_t psa_pake_set_role( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - status = PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; goto exit; } @@ -7385,9 +7425,7 @@ psa_status_t psa_pake_set_role( goto exit; } - operation->data.inputs.role = role; - - return PSA_SUCCESS; + status = PSA_ERROR_NOT_SUPPORTED; exit: psa_pake_abort(operation); return status; @@ -7458,14 +7496,25 @@ static psa_status_t psa_pake_complete_inputs( psa_crypto_driver_pake_inputs_t inputs = operation->data.inputs; if (inputs.password_len == 0 || - inputs.role == PSA_PAKE_ROLE_NONE) { + inputs.user_len == 0 || + inputs.peer_len == 0) { return PSA_ERROR_BAD_STATE; } - if (operation->alg == PSA_ALG_JPAKE && - inputs.role != PSA_PAKE_ROLE_CLIENT && - inputs.role != PSA_PAKE_ROLE_SERVER) { - return PSA_ERROR_NOT_SUPPORTED; + if (operation->alg == PSA_ALG_JPAKE) { + if (memcmp(inputs.user, PSA_JPAKE_CLIENT_ID, inputs.user_len) == 0 && + memcmp(inputs.peer, PSA_JPAKE_SERVER_ID, inputs.peer_len) == 0) { + inputs.role = PSA_PAKE_ROLE_CLIENT; + } else + if (memcmp(inputs.user, PSA_JPAKE_SERVER_ID, inputs.user_len) == 0 && + memcmp(inputs.peer, PSA_JPAKE_CLIENT_ID, inputs.peer_len) == 0) { + inputs.role = PSA_PAKE_ROLE_SERVER; + } + + if (inputs.role != PSA_PAKE_ROLE_CLIENT && + inputs.role != PSA_PAKE_ROLE_SERVER) { + return PSA_ERROR_NOT_SUPPORTED; + } } /* Clear driver context */ @@ -7477,6 +7526,10 @@ static psa_status_t psa_pake_complete_inputs( mbedtls_platform_zeroize(inputs.password, inputs.password_len); mbedtls_free(inputs.password); + /* User and peer are translated to role. */ + mbedtls_free(inputs.user); + mbedtls_free(inputs.peer); + if (status == PSA_SUCCESS) { #if defined(PSA_WANT_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { @@ -7885,13 +7938,19 @@ psa_status_t psa_pake_abort( status = psa_driver_wrapper_pake_abort(operation); } - if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS && - operation->data.inputs.password != NULL) { - mbedtls_platform_zeroize(operation->data.inputs.password, + if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + if (operation->data.inputs.password != NULL) { + mbedtls_platform_zeroize(operation->data.inputs.password, operation->data.inputs.password_len); - mbedtls_free(operation->data.inputs.password); + mbedtls_free(operation->data.inputs.password); + } + if (operation->data.inputs.user != NULL) { + mbedtls_free(operation->data.inputs.user); + } + if (operation->data.inputs.peer != NULL) { + mbedtls_free(operation->data.inputs.peer); + } } - memset(operation, 0, sizeof(psa_pake_operation_t)); return status; From 0c946e9aa96915908c4e13e1fc99b3abf5289231 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 28 Feb 2023 12:36:56 +0100 Subject: [PATCH 02/18] Addapt jpake tests and add cases for set_user, set_peer Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto_pake.data | 66 +++++++++------- .../test_suite_psa_crypto_pake.function | 75 +++++++++++++------ 2 files changed, 92 insertions(+), 49 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 7640e3a891..fb8bb9e20f 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -1,90 +1,106 @@ PSA PAKE: uninitialized access to psa_pake_operation_t depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE PSA PAKE: invalid alg depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_SETUP:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid primitive type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive family depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive bits depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid hash depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:"client":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: duplicate a valid setup depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE -PSA PAKE: ecjpake setup invalid role NONE +PSA PAKE: ecjpake setup role depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:ERR_IN_OUTPUT:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_SET_ROLE:PSA_ERROR_NOT_SUPPORTED PSA PAKE: wrong password key type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: wrong password key usage depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_SET_PASSWORD_KEY:PSA_ERROR_NOT_PERMITTED + +PSA PAKE: set empty user +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"":"server":0:ERR_INJECT_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set empty peer +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"":0:ERR_INJECT_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: set invalid user depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"aaaa":"server":0:ERR_INJECT_SET_USER:PSA_ERROR_NOT_SUPPORTED PSA PAKE: set invalid peer depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"aaaa":0:ERR_INJECT_SET_PEER:PSA_ERROR_NOT_SUPPORTED -PSA PAKE: set user +PSA PAKE: user already set depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_SET_USER:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_DUPLICATE_SET_USER:PSA_ERROR_BAD_STATE -PSA PAKE: set peer +PSA PAKE: peer already set depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_SET_PEER:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_DUPLICATE_SET_PEER:PSA_ERROR_BAD_STATE + +PSA PAKE: user and peer both servers +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"server":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: user and peer both clients +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"client":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid input depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: unkown input step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid first input step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE PSA PAKE: input buffer too large depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid output depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: unkown output step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: invalid first output step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_INVALID_FIRST_STEP:PSA_ERROR_BAD_STATE PSA PAKE: output buffer too small depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_BUFFER_TOO_SMALL +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_BUFFER_TOO_SMALL PSA PAKE: check rounds w/o forced errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 2bed45ac16..fae78baed7 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -12,6 +12,10 @@ typedef enum { ERR_INJECT_INVALID_PEER, ERR_INJECT_SET_USER, ERR_INJECT_SET_PEER, + ERR_DUPLICATE_SET_USER, + ERR_DUPLICATE_SET_PEER, + ERR_SET_USER_PEER_BOTH_SERVERS, + ERR_SET_USER_PEER_BOTH_CLIENTS, ERR_INJECT_EMPTY_IO_BUFFER, ERR_INJECT_UNKNOWN_STEP, ERR_INJECT_INVALID_FIRST_STEP, @@ -40,6 +44,8 @@ typedef enum { /* erros issued from the .data file */ ERR_IN_SETUP, ERR_IN_SET_ROLE, + ERR_IN_SET_USER, + ERR_IN_SET_PEER, ERR_IN_SET_PASSWORD_KEY, ERR_IN_INPUT, ERR_IN_OUTPUT, @@ -537,7 +543,7 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, - int primitive_arg, int hash_arg, int role_arg, + int primitive_arg, int hash_arg, char *user_arg, char *peer_arg, int test_input, int err_stage_arg, int expected_error_arg) @@ -549,7 +555,6 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, psa_key_type_t key_type_pw = key_type_pw_arg; psa_key_usage_t key_usage_pw = key_usage_pw_arg; psa_algorithm_t hash_alg = hash_arg; - psa_pake_role_t role = role_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; ecjpake_error_stage_t err_stage = err_stage_arg; @@ -557,8 +562,12 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, psa_status_t status; unsigned char *output_buffer = NULL; size_t output_len = 0; - const uint8_t unsupp_id[] = "abcd"; const uint8_t password[] = "abcd"; + uint8_t *user = (uint8_t*)user_arg; + uint8_t *peer = (uint8_t*)peer_arg; + size_t user_len = strlen(user_arg); + size_t peer_len = strlen(peer_arg); + psa_key_derivation_operation_t key_derivation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -581,13 +590,13 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, PSA_ASSERT(psa_pake_abort(&operation)); if (err_stage == ERR_INJECT_UNINITIALIZED_ACCESS) { - TEST_EQUAL(psa_pake_set_user(&operation, NULL, 0), + TEST_EQUAL(psa_pake_set_user(&operation, user, user_len), expected_error); - TEST_EQUAL(psa_pake_set_peer(&operation, NULL, 0), + TEST_EQUAL(psa_pake_set_peer(&operation, peer, peer_len), expected_error); TEST_EQUAL(psa_pake_set_password_key(&operation, key), expected_error); - TEST_EQUAL(psa_pake_set_role(&operation, role), + TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), expected_error); TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, 0, &output_len), @@ -606,24 +615,30 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, SETUP_CONDITIONAL_CHECK_STEP(psa_pake_setup(&operation, &cipher_suite), ERR_INJECT_DUPLICATE_SETUP); - SETUP_ALWAYS_CHECK_STEP(psa_pake_set_role(&operation, role), - ERR_IN_SET_ROLE); + SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), + ERR_IN_SET_ROLE); + + SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), + ERR_INJECT_INVALID_USER); + + SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), + ERR_INJECT_INVALID_PEER); + + SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), + ERR_INJECT_SET_USER); + + SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), + ERR_INJECT_SET_PEER); + + SETUP_ALWAYS_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), + ERR_IN_SET_USER); + + SETUP_ALWAYS_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), + ERR_IN_SET_PEER); SETUP_ALWAYS_CHECK_STEP(psa_pake_set_password_key(&operation, key), ERR_IN_SET_PASSWORD_KEY); - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, NULL, 0), - ERR_INJECT_INVALID_USER); - - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, NULL, 0), - ERR_INJECT_INVALID_PEER); - - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, unsupp_id, 4), - ERR_INJECT_SET_USER); - - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, unsupp_id, 4), - ERR_INJECT_SET_PEER); - const size_t size_key_share = PSA_PAKE_INPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); const size_t size_zk_public = PSA_PAKE_INPUT_SIZE(alg, primitive, @@ -724,6 +739,10 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; ecjpake_error_stage_t err_stage = err_stage_arg; + const uint8_t server_id[] = PSA_JPAKE_SERVER_ID; + const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID; + const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID); + const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID); PSA_INIT(); @@ -741,8 +760,10 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); - PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); - PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); + PSA_ASSERT(psa_pake_set_user(&server, server_id, server_id_len)); + PSA_ASSERT(psa_pake_set_peer(&server, client_id, client_id_len)); + PSA_ASSERT(psa_pake_set_user(&client, client_id, client_id_len)); + PSA_ASSERT(psa_pake_set_peer(&client, server_id, server_id_len)); PSA_ASSERT(psa_pake_set_password_key(&server, key)); PSA_ASSERT(psa_pake_set_password_key(&client, key)); @@ -786,6 +807,10 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, psa_key_derivation_operation_t client_derive = PSA_KEY_DERIVATION_OPERATION_INIT; ecjpake_error_stage_t err_stage = err_stage_arg; + const uint8_t server_id[] = PSA_JPAKE_SERVER_ID; + const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID; + const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID); + const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID); PSA_INIT(); @@ -816,8 +841,10 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); - PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); - PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); + PSA_ASSERT(psa_pake_set_user(&server, server_id, server_id_len)); + PSA_ASSERT(psa_pake_set_peer(&server, client_id, client_id_len)); + PSA_ASSERT(psa_pake_set_user(&client, client_id, client_id_len)); + PSA_ASSERT(psa_pake_set_peer(&client, server_id, server_id_len)); PSA_ASSERT(psa_pake_set_password_key(&server, key)); PSA_ASSERT(psa_pake_set_password_key(&client, key)); From 1e7a927118e27c3f0a4b2575b4a31f9f3bbe574a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 28 Feb 2023 14:38:58 +0100 Subject: [PATCH 03/18] Add input getters for jpake user and peer Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 64 ++++++++++++++++++++++++++++++++++++++ library/psa_crypto.c | 62 ++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f6fdcfeba5..5357be8de0 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1347,6 +1347,70 @@ psa_status_t psa_crypto_driver_pake_get_role( const psa_crypto_driver_pake_inputs_t *inputs, psa_pake_role_t *role); +/** Get the lengths of the user in bytes from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] user_len Return buffer for user length. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * User hasn't been set yet. + */ +psa_status_t psa_crypto_driver_pake_get_user_len( + const psa_crypto_driver_pake_inputs_t *inputs, + size_t *user_len); + +/** Get the lengths of the peer in bytes from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] peer_len Return buffer for peer length. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * Peer hasn't been set yet. + */ +psa_status_t psa_crypto_driver_pake_get_peer_len( + const psa_crypto_driver_pake_inputs_t *inputs, + size_t *peer_len); + +/** Get the user from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] buffer Return buffer for user. + * \param buffer_size Size of the return buffer in bytes. + * \param[out] buffer_length Actual size of the password in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * User hasn't been set yet. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p buffer is too small. + */ +psa_status_t psa_crypto_driver_pake_get_user( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *buffer, size_t buffer_size, size_t *buffer_length); + +/** Get the peer from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] buffer Return buffer for user. + * \param buffer_size Size of the return buffer in bytes. + * \param[out] buffer_length Actual size of the password in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * Peer hasn't been set yet. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p buffer is too small. + */ +psa_status_t psa_crypto_driver_pake_get_peer( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *buffer, size_t buffer_size, size_t *buffer_length); + /** Get the cipher suite from given inputs. * * \param[in] inputs Operation inputs. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 31df082e15..7422cbb596 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7209,6 +7209,68 @@ psa_status_t psa_crypto_driver_pake_get_role( return PSA_SUCCESS; } +psa_status_t psa_crypto_driver_pake_get_user_len( + const psa_crypto_driver_pake_inputs_t *inputs, + size_t *user_len) +{ + if (inputs->user_len == 0) { + return PSA_ERROR_BAD_STATE; + } + + *user_len = inputs->user_len; + + return PSA_SUCCESS; +} + +psa_status_t psa_crypto_driver_pake_get_user( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *buffer, size_t buffer_size, size_t *buffer_length) +{ + if (inputs->user_len == 0) { + return PSA_ERROR_BAD_STATE; + } + + if (buffer_size < inputs->user_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + memcpy(buffer, inputs->user, inputs->user_len); + *buffer_length = inputs->user_len; + + return PSA_SUCCESS; +} + +psa_status_t psa_crypto_driver_pake_get_peer_len( + const psa_crypto_driver_pake_inputs_t *inputs, + size_t *peer_len) +{ + if (inputs->peer_len == 0) { + return PSA_ERROR_BAD_STATE; + } + + *peer_len = inputs->peer_len; + + return PSA_SUCCESS; +} + +psa_status_t psa_crypto_driver_pake_get_peer( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *buffer, size_t buffer_size, size_t *buffer_length) +{ + if (inputs->peer_len == 0) { + return PSA_ERROR_BAD_STATE; + } + + if (buffer_size < inputs->peer_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + memcpy(buffer, inputs->peer, inputs->peer_len); + *buffer_length = inputs->peer_len; + + return PSA_SUCCESS; +} + psa_status_t psa_crypto_driver_pake_get_cipher_suite( const psa_crypto_driver_pake_inputs_t *inputs, psa_pake_cipher_suite_t *cipher_suite) From af94c13b2c04dac0ed706a147c283f82e325928e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 28 Feb 2023 14:40:00 +0100 Subject: [PATCH 04/18] Add tests for user/peer input getters Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto_pake.data | 6 + .../test_suite_psa_crypto_pake.function | 121 +++++++++++++++++- 2 files changed, 125 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index fb8bb9e20f..1cbd8ac7eb 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -218,3 +218,9 @@ pake_input_getters_cipher_suite PSA PAKE: input getters: role pake_input_getters_role + +PSA PAKE: input getters: user +pake_input_getters_user + +PSA PAKE: input getters: peer +pake_input_getters_peer diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index fae78baed7..bea017fd38 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -1057,8 +1057,9 @@ void pake_input_getters_role() TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret), PSA_ERROR_BAD_STATE); - PSA_ASSERT(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER)); - + /* Role can not be set directly using psa_pake_set_role(). It is set by the core + based on given user/peer. Simulate that Role is already set. */ + operation.data.inputs.role = PSA_PAKE_ROLE_SERVER; TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret), PSA_SUCCESS); @@ -1068,3 +1069,119 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ +void pake_input_getters_user() +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t operation = psa_pake_operation_init(); + const uint8_t user[] = "server"; + const size_t user_len = strlen("server"); + uint8_t user_ret[20] = { 0 }; // max user length is 20 bytes + size_t user_len_ret = 0; + size_t buffer_len_ret = 0; + + psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, + PSA_ECC_FAMILY_SECP_R1, 256); + + PSA_INIT(); + + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_primitive(&cipher_suite, primitive); + psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); + + PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); + + TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, + (uint8_t *) &user_ret, + 10, &buffer_len_ret), + PSA_ERROR_BAD_STATE); + + TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret), + PSA_ERROR_BAD_STATE); + + PSA_ASSERT(psa_pake_set_user(&operation, user, user_len)); + + TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret), + PSA_SUCCESS); + + TEST_EQUAL(user_len_ret, user_len); + + TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, + (uint8_t *) &user_ret, + user_len_ret - 1, + &buffer_len_ret), + PSA_ERROR_BUFFER_TOO_SMALL); + + TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, + (uint8_t *) &user_ret, + user_len_ret, + &buffer_len_ret), + PSA_SUCCESS); + + TEST_EQUAL(buffer_len_ret, user_len); + PSA_ASSERT(memcmp(user_ret, user, buffer_len_ret)); +exit: + PSA_ASSERT(psa_pake_abort(&operation)); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ +void pake_input_getters_peer() +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t operation = psa_pake_operation_init(); + const uint8_t peer[] = "server"; + const size_t peer_len = strlen("server"); + uint8_t peer_ret[20] = { 0 }; // max peer length is 20 bytes + size_t peer_len_ret = 0; + size_t buffer_len_ret = 0; + + psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, + PSA_ECC_FAMILY_SECP_R1, 256); + + PSA_INIT(); + + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_primitive(&cipher_suite, primitive); + psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); + + PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); + + TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, + (uint8_t *) &peer_ret, + 10, &buffer_len_ret), + PSA_ERROR_BAD_STATE); + + TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret), + PSA_ERROR_BAD_STATE); + + PSA_ASSERT(psa_pake_set_peer(&operation, peer, peer_len)); + + TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret), + PSA_SUCCESS); + + TEST_EQUAL(peer_len_ret, peer_len); + + TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, + (uint8_t *) &peer_ret, + peer_len_ret - 1, + &buffer_len_ret), + PSA_ERROR_BUFFER_TOO_SMALL); + + TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, + (uint8_t *) &peer_ret, + peer_len_ret, + &buffer_len_ret), + PSA_SUCCESS); + + TEST_EQUAL(buffer_len_ret, peer_len); + PSA_ASSERT(memcmp(peer_ret, peer, buffer_len_ret)); +exit: + PSA_ASSERT(psa_pake_abort(&operation)); + PSA_DONE(); +} +/* END_CASE */ From f3ae020c372848e53233b53649023b381fc406cb Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 28 Feb 2023 15:38:00 +0100 Subject: [PATCH 05/18] Use user/peer instead role in jpake driver-wrapper tests Signed-off-by: Przemek Stekiel --- ...t_suite_psa_crypto_driver_wrappers.function | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index ab09fa0f5b..cb5d202a24 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -2994,6 +2994,10 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st PSA_ECC_FAMILY_SECP_R1, 256); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; unsigned char *input_buffer = NULL; + const uint8_t server_id[] = PSA_JPAKE_SERVER_ID; + const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID; + const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID); + const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID); const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE); unsigned char *output_buffer = NULL; @@ -3035,8 +3039,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), PSA_SUCCESS); - TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), - PSA_SUCCESS); + PSA_ASSERT(psa_pake_set_user(&operation, server_id, server_id_len)); + PSA_ASSERT(psa_pake_set_peer(&operation, client_id, client_id_len)); TEST_EQUAL(psa_pake_set_password_key(&operation, key), PSA_SUCCESS); @@ -3184,6 +3188,10 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_derivation_operation_t client_derive = PSA_KEY_DERIVATION_OPERATION_INIT; + const uint8_t server_id[] = PSA_JPAKE_SERVER_ID; + const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID; + const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID); + const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID); pake_in_driver = in_driver; /* driver setup is called indirectly through pake_output/pake_input */ if (pake_in_driver) { @@ -3229,9 +3237,11 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); - PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); + PSA_ASSERT(psa_pake_set_user(&server, server_id, server_id_len)); + PSA_ASSERT(psa_pake_set_peer(&server, client_id, client_id_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); - PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); + PSA_ASSERT(psa_pake_set_user(&client, client_id, client_id_len)); + PSA_ASSERT(psa_pake_set_peer(&client, server_id, server_id_len)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_password_key(&server, key)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); From 4cd20313fe473ac5f9ba5e321380c6d21117a89b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 1 Mar 2023 11:11:28 +0100 Subject: [PATCH 06/18] Use user/peer instead role in jpake TLS code Signed-off-by: Przemek Stekiel --- library/ssl_tls.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5d8a761db0..2d5d52911e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1954,9 +1954,11 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( mbedtls_svc_key_id_t pwd) { psa_status_t status; - psa_pake_role_t psa_role; psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); - + uint8_t *user = NULL; + size_t user_len = 0; + uint8_t *peer = NULL; + size_t peer_len = 0; psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); psa_pake_cs_set_primitive(&cipher_suite, PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, @@ -1970,12 +1972,23 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( } if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - psa_role = PSA_PAKE_ROLE_SERVER; + user = (uint8_t *) PSA_JPAKE_SERVER_ID; + user_len = strlen(PSA_JPAKE_SERVER_ID); + peer = (uint8_t *) PSA_JPAKE_CLIENT_ID; + peer_len = strlen(PSA_JPAKE_CLIENT_ID); } else { - psa_role = PSA_PAKE_ROLE_CLIENT; + user = (uint8_t *) PSA_JPAKE_CLIENT_ID; + user_len = strlen(PSA_JPAKE_CLIENT_ID); + peer = (uint8_t *) PSA_JPAKE_SERVER_ID; + peer_len = strlen(PSA_JPAKE_SERVER_ID); } - status = psa_pake_set_role(&ssl->handshake->psa_pake_ctx, psa_role); + status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_pake_set_peer(&ssl->handshake->psa_pake_ctx, peer, peer_len); if (status != PSA_SUCCESS) { return status; } From e9254a0e559f76e47a51a86d58b742389b08e4c5 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 1 Mar 2023 11:18:09 +0100 Subject: [PATCH 07/18] Adapt driver dispatch documentation for user/peer getters Signed-off-by: Przemek Stekiel Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 16 ++++++++++++++++ include/psa/crypto_extra.h | 4 +++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index f681ea60e2..0a5255715d 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -374,6 +374,22 @@ psa_status_t psa_crypto_driver_pake_get_password_key(     uint8_t** p_key_buffer, size_t *key_buffer_size, const psa_key_attributes_t *attributes); +psa_status_t psa_crypto_driver_pake_get_user_len( +    const psa_crypto_driver_pake_inputs_t *inputs, +    size_t *user_len); + +psa_status_t psa_crypto_driver_pake_get_user( +    const psa_crypto_driver_pake_inputs_t *inputs, +    uint8_t *buffer, size_t buffer_size, size_t *buffer_length); + +psa_status_t psa_crypto_driver_pake_get_peer_len( +    const psa_crypto_driver_pake_inputs_t *inputs, +    size_t *peer_len); + +psa_status_t psa_crypto_driver_pake_get_peer( +    const psa_crypto_driver_pake_inputs_t *inputs, +    uint8_t *buffer, size_t buffer_size, size_t *buffer_length); + psa_status_t psa_crypto_driver_pake_get_role(     const psa_crypto_driver_pake_inputs_t *inputs,     psa_pake_role_t *role); diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 5357be8de0..cbf90ccee7 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -434,7 +434,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, #define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1 #define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2 -/** JPAKE operation stages. */ +/** JPAKE user/peer ids. */ #define PSA_JPAKE_SERVER_ID "server" #define PSA_JPAKE_CLIENT_ID "client" /** @@ -1565,6 +1565,7 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * been set (psa_pake_set_user() hasn't been * called yet). * \param[in] user_id The user ID to authenticate with. + * ("client" or "server") * \param user_id_len Size of the \p user_id buffer in bytes. * * \retval #PSA_SUCCESS @@ -1606,6 +1607,7 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, * been set (psa_pake_set_peer() hasn't been * called yet). * \param[in] peer_id The peer's ID to authenticate. + * ("client" or "server") * \param peer_id_len Size of the \p peer_id buffer in bytes. * * \retval #PSA_SUCCESS From 9cc1786e461af95a6a0d73a624f421cd54745f46 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 2 Mar 2023 09:27:54 +0100 Subject: [PATCH 08/18] Add chenage log entry for j-pake user/peer partial fix Signed-off-by: Przemek Stekiel --- ChangeLog.d/fix-jpake-user-peer.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix-jpake-user-peer.txt diff --git a/ChangeLog.d/fix-jpake-user-peer.txt b/ChangeLog.d/fix-jpake-user-peer.txt new file mode 100644 index 0000000000..ae6d441ac0 --- /dev/null +++ b/ChangeLog.d/fix-jpake-user-peer.txt @@ -0,0 +1,4 @@ +Bugfix + * Allow setting user and peer identity for EC J-PAKE operation + instead role in PAKE PSA Crypto API as described in the specification. + This is partial fix that allows only "client"/"server" ids. From d7f6ad7bc8c4634b998367871df71f14028a425e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 6 Mar 2023 13:39:52 +0100 Subject: [PATCH 09/18] Minor fixes (comments, cleanup) Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 24 ++++++++++++------------ library/psa_crypto.c | 6 ++++-- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index cbf90ccee7..ea3cfd8598 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1347,45 +1347,45 @@ psa_status_t psa_crypto_driver_pake_get_role( const psa_crypto_driver_pake_inputs_t *inputs, psa_pake_role_t *role); -/** Get the lengths of the user in bytes from given inputs. +/** Get the lengths of the user id in bytes from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] user_len Return buffer for user length. + * \param[out] user_len Return buffer for user id length. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * User hasn't been set yet. + * User id hasn't been set yet. */ psa_status_t psa_crypto_driver_pake_get_user_len( const psa_crypto_driver_pake_inputs_t *inputs, size_t *user_len); -/** Get the lengths of the peer in bytes from given inputs. +/** Get the lengths of the peer id in bytes from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] peer_len Return buffer for peer length. + * \param[out] peer_len Return buffer for peer id length. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * Peer hasn't been set yet. + * Peer id hasn't been set yet. */ psa_status_t psa_crypto_driver_pake_get_peer_len( const psa_crypto_driver_pake_inputs_t *inputs, size_t *peer_len); -/** Get the user from given inputs. +/** Get the user id from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] buffer Return buffer for user. + * \param[out] buffer Return buffer for user id. * \param buffer_size Size of the return buffer in bytes. * \param[out] buffer_length Actual size of the password in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * User hasn't been set yet. + * User id hasn't been set yet. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p buffer is too small. */ @@ -1393,17 +1393,17 @@ psa_status_t psa_crypto_driver_pake_get_user( const psa_crypto_driver_pake_inputs_t *inputs, uint8_t *buffer, size_t buffer_size, size_t *buffer_length); -/** Get the peer from given inputs. +/** Get the peer id from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] buffer Return buffer for user. + * \param[out] buffer Return buffer for user id. * \param buffer_size Size of the return buffer in bytes. * \param[out] buffer_length Actual size of the password in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * Peer hasn't been set yet. + * Peer id hasn't been set yet. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p buffer is too small. */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7422cbb596..bcdf683367 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7401,7 +7401,7 @@ psa_status_t psa_pake_set_user( goto exit; } - /* Allow only "client" or "server" values. */ + /* Allow only "client" or "server" values (temporary restriction). */ if (memcmp(peer_id, PSA_JPAKE_SERVER_ID, peer_id_len) != 0 && memcmp(peer_id, PSA_JPAKE_CLIENT_ID, peer_id_len) != 0) { status = PSA_ERROR_NOT_SUPPORTED; @@ -7445,7 +7445,7 @@ psa_status_t psa_pake_set_peer( goto exit; } - /* Allow only "client" or "server" values. */ + /* Allow only "client" or "server" values (temporary restriction). */ if (memcmp(user_id, PSA_JPAKE_SERVER_ID, user_id_len) != 0 && memcmp(user_id, PSA_JPAKE_CLIENT_ID, user_id_len) != 0) { status = PSA_ERROR_NOT_SUPPORTED; @@ -7591,6 +7591,8 @@ static psa_status_t psa_pake_complete_inputs( /* User and peer are translated to role. */ mbedtls_free(inputs.user); mbedtls_free(inputs.peer); + inputs.user = NULL; inputs.user_len = 0; + inputs.peer = NULL; inputs.peer_len = 0; if (status == PSA_SUCCESS) { #if defined(PSA_WANT_ALG_JPAKE) From f15d335f5b3a7811f2f97122b2f17b67afb7da01 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 6 Mar 2023 13:49:59 +0100 Subject: [PATCH 10/18] ecjpake_setup: clean up handling of errors Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto_pake.data | 10 +++---- .../test_suite_psa_crypto_pake.function | 30 +++++++------------ 2 files changed, 15 insertions(+), 25 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 1cbd8ac7eb..eeef53a275 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -28,7 +28,7 @@ ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_ PSA PAKE: ecjpake setup role depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_IN_SET_ROLE:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_SET_ROLE:PSA_ERROR_NOT_SUPPORTED PSA PAKE: wrong password key type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 @@ -40,19 +40,19 @@ ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE PSA PAKE: set empty user depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"":"server":0:ERR_INJECT_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"":"server":0:ERR_IN_SET_USER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: set empty peer depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"":0:ERR_INJECT_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"":0:ERR_IN_SET_PEER:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: set invalid user depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"aaaa":"server":0:ERR_INJECT_SET_USER:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"aaaa":"server":0:ERR_IN_SET_USER:PSA_ERROR_NOT_SUPPORTED PSA PAKE: set invalid peer depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"aaaa":0:ERR_INJECT_SET_PEER:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"aaaa":0:ERR_IN_SET_PEER:PSA_ERROR_NOT_SUPPORTED PSA PAKE: user already set depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index bea017fd38..07d4e9f1fa 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -8,14 +8,11 @@ typedef enum { /* errors forced internally in the code */ ERR_INJECT_UNINITIALIZED_ACCESS, ERR_INJECT_DUPLICATE_SETUP, - ERR_INJECT_INVALID_USER, - ERR_INJECT_INVALID_PEER, ERR_INJECT_SET_USER, ERR_INJECT_SET_PEER, + ERR_INJECT_SET_ROLE, ERR_DUPLICATE_SET_USER, ERR_DUPLICATE_SET_PEER, - ERR_SET_USER_PEER_BOTH_SERVERS, - ERR_SET_USER_PEER_BOTH_CLIENTS, ERR_INJECT_EMPTY_IO_BUFFER, ERR_INJECT_UNKNOWN_STEP, ERR_INJECT_INVALID_FIRST_STEP, @@ -43,7 +40,6 @@ typedef enum { ERR_INJECT_ROUND2_SERVER_ZK_PROOF, /* erros issued from the .data file */ ERR_IN_SETUP, - ERR_IN_SET_ROLE, ERR_IN_SET_USER, ERR_IN_SET_PEER, ERR_IN_SET_PASSWORD_KEY, @@ -616,25 +612,19 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, ERR_INJECT_DUPLICATE_SETUP); SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), - ERR_IN_SET_ROLE); - - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), - ERR_INJECT_INVALID_USER); - - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), - ERR_INJECT_INVALID_PEER); - - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), - ERR_INJECT_SET_USER); - - SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), - ERR_INJECT_SET_PEER); + ERR_INJECT_SET_ROLE); SETUP_ALWAYS_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), - ERR_IN_SET_USER); + ERR_IN_SET_USER); SETUP_ALWAYS_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), - ERR_IN_SET_PEER); + ERR_IN_SET_PEER); + + SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), + ERR_DUPLICATE_SET_USER); + + SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), + ERR_DUPLICATE_SET_PEER); SETUP_ALWAYS_CHECK_STEP(psa_pake_set_password_key(&operation, key), ERR_IN_SET_PASSWORD_KEY); From 09104b8712eb0695691ec4849029b3d9973a2869 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 6 Mar 2023 14:11:51 +0100 Subject: [PATCH 11/18] rework psa_pake_set_role to be consistent with requirements and adapt tests Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 22 +++++++++++-------- tests/suites/test_suite_psa_crypto_pake.data | 2 +- .../test_suite_psa_crypto_pake.function | 4 ++++ 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bcdf683367..76af6b66df 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7478,16 +7478,20 @@ psa_status_t psa_pake_set_role( goto exit; } - if (role != PSA_PAKE_ROLE_NONE && - role != PSA_PAKE_ROLE_FIRST && - role != PSA_PAKE_ROLE_SECOND && - role != PSA_PAKE_ROLE_CLIENT && - role != PSA_PAKE_ROLE_SERVER) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; + switch (operation->alg) { +#if defined(PSA_WANT_ALG_JPAKE) + case PSA_ALG_JPAKE: + if (role == PSA_PAKE_ROLE_NONE) { + return PSA_SUCCESS; + } + status = PSA_ERROR_INVALID_ARGUMENT; + break; +#endif + default: + (void) role; + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; } - - status = PSA_ERROR_NOT_SUPPORTED; exit: psa_pake_abort(operation); return status; diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index eeef53a275..62157037d1 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -28,7 +28,7 @@ ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_ PSA PAKE: ecjpake setup role depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_SET_ROLE:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_SET_ROLE:PSA_ERROR_INVALID_ARGUMENT PSA PAKE: wrong password key type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 07d4e9f1fa..ebfe843c6f 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -42,6 +42,7 @@ typedef enum { ERR_IN_SETUP, ERR_IN_SET_USER, ERR_IN_SET_PEER, + ERR_IN_SET_ROLE, ERR_IN_SET_PASSWORD_KEY, ERR_IN_INPUT, ERR_IN_OUTPUT, @@ -614,6 +615,9 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), ERR_INJECT_SET_ROLE); + SETUP_ALWAYS_CHECK_STEP(psa_pake_set_role(&operation, PSA_PAKE_ROLE_NONE), + ERR_IN_SET_ROLE); + SETUP_ALWAYS_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), ERR_IN_SET_USER); From aa1834254e8ab7e73a350a1858595e9b8ce55b07 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 6 Mar 2023 14:21:44 +0100 Subject: [PATCH 12/18] Fix code style Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 2 +- .../test_suite_psa_crypto_pake.function | 22 +++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 76af6b66df..d21a823ed3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -8009,7 +8009,7 @@ psa_status_t psa_pake_abort( if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { if (operation->data.inputs.password != NULL) { mbedtls_platform_zeroize(operation->data.inputs.password, - operation->data.inputs.password_len); + operation->data.inputs.password_len); mbedtls_free(operation->data.inputs.password); } if (operation->data.inputs.user != NULL) { diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index ebfe843c6f..8df28f7b72 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -560,8 +560,8 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, unsigned char *output_buffer = NULL; size_t output_len = 0; const uint8_t password[] = "abcd"; - uint8_t *user = (uint8_t*)user_arg; - uint8_t *peer = (uint8_t*)peer_arg; + uint8_t *user = (uint8_t *) user_arg; + uint8_t *peer = (uint8_t *) peer_arg; size_t user_len = strlen(user_arg); size_t peer_len = strlen(peer_arg); @@ -616,13 +616,13 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, ERR_INJECT_SET_ROLE); SETUP_ALWAYS_CHECK_STEP(psa_pake_set_role(&operation, PSA_PAKE_ROLE_NONE), - ERR_IN_SET_ROLE); + ERR_IN_SET_ROLE); SETUP_ALWAYS_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), - ERR_IN_SET_USER); + ERR_IN_SET_USER); SETUP_ALWAYS_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), - ERR_IN_SET_PEER); + ERR_IN_SET_PEER); SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), ERR_DUPLICATE_SET_USER); @@ -1109,9 +1109,9 @@ void pake_input_getters_user() PSA_ERROR_BUFFER_TOO_SMALL); TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, - (uint8_t *) &user_ret, - user_len_ret, - &buffer_len_ret), + (uint8_t *) &user_ret, + user_len_ret, + &buffer_len_ret), PSA_SUCCESS); TEST_EQUAL(buffer_len_ret, user_len); @@ -1167,9 +1167,9 @@ void pake_input_getters_peer() PSA_ERROR_BUFFER_TOO_SMALL); TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, - (uint8_t *) &peer_ret, - peer_len_ret, - &buffer_len_ret), + (uint8_t *) &peer_ret, + peer_len_ret, + &buffer_len_ret), PSA_SUCCESS); TEST_EQUAL(buffer_len_ret, peer_len); From 18cd6c908ccb4db980db1005236f58a38e122d7b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 6 Mar 2023 15:40:35 +0100 Subject: [PATCH 13/18] Use local macros for j-pake slient/server strings Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 3 --- library/psa_crypto.c | 20 +++++++++++------- library/ssl_tls.c | 20 +++++++++++------- ..._suite_psa_crypto_driver_wrappers.function | 21 ++++++++++++------- .../test_suite_psa_crypto_pake.function | 20 +++++++++++------- 5 files changed, 49 insertions(+), 35 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index ea3cfd8598..ba43c72076 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -434,9 +434,6 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, #define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1 #define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2 -/** JPAKE user/peer ids. */ -#define PSA_JPAKE_SERVER_ID "server" -#define PSA_JPAKE_CLIENT_ID "client" /** * \brief Set domain parameters for a key. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d21a823ed3..dea2a365a3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -91,6 +91,10 @@ #define BUILTIN_ALG_ANY_HKDF 1 #endif +/* JPAKE user/peer ids. */ +#define JPAKE_SERVER_ID "server" +#define JPAKE_CLIENT_ID "client" + /****************************************************************/ /* Global data, support functions and library management */ /****************************************************************/ @@ -7402,8 +7406,8 @@ psa_status_t psa_pake_set_user( } /* Allow only "client" or "server" values (temporary restriction). */ - if (memcmp(peer_id, PSA_JPAKE_SERVER_ID, peer_id_len) != 0 && - memcmp(peer_id, PSA_JPAKE_CLIENT_ID, peer_id_len) != 0) { + if (memcmp(user_id, JPAKE_SERVER_ID, user_id_len) != 0 && + memcmp(user_id, JPAKE_CLIENT_ID, user_id_len) != 0) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } @@ -7446,8 +7450,8 @@ psa_status_t psa_pake_set_peer( } /* Allow only "client" or "server" values (temporary restriction). */ - if (memcmp(user_id, PSA_JPAKE_SERVER_ID, user_id_len) != 0 && - memcmp(user_id, PSA_JPAKE_CLIENT_ID, user_id_len) != 0) { + if (memcmp(peer_id, JPAKE_SERVER_ID, peer_id_len) != 0 && + memcmp(peer_id, JPAKE_CLIENT_ID, peer_id_len) != 0) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } @@ -7568,12 +7572,12 @@ static psa_status_t psa_pake_complete_inputs( } if (operation->alg == PSA_ALG_JPAKE) { - if (memcmp(inputs.user, PSA_JPAKE_CLIENT_ID, inputs.user_len) == 0 && - memcmp(inputs.peer, PSA_JPAKE_SERVER_ID, inputs.peer_len) == 0) { + if (memcmp(inputs.user, JPAKE_CLIENT_ID, inputs.user_len) == 0 && + memcmp(inputs.peer, JPAKE_SERVER_ID, inputs.peer_len) == 0) { inputs.role = PSA_PAKE_ROLE_CLIENT; } else - if (memcmp(inputs.user, PSA_JPAKE_SERVER_ID, inputs.user_len) == 0 && - memcmp(inputs.peer, PSA_JPAKE_CLIENT_ID, inputs.peer_len) == 0) { + if (memcmp(inputs.user, JPAKE_SERVER_ID, inputs.user_len) == 0 && + memcmp(inputs.peer, JPAKE_CLIENT_ID, inputs.peer_len) == 0) { inputs.role = PSA_PAKE_ROLE_SERVER; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2d5d52911e..4a351f320b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -61,6 +61,10 @@ psa_generic_status_to_mbedtls) #endif +/* JPAKE user/peer ids. */ +#define JPAKE_SERVER_ID "server" +#define JPAKE_CLIENT_ID "client" + #if defined(MBEDTLS_TEST_HOOKS) static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args; @@ -1972,15 +1976,15 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( } if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - user = (uint8_t *) PSA_JPAKE_SERVER_ID; - user_len = strlen(PSA_JPAKE_SERVER_ID); - peer = (uint8_t *) PSA_JPAKE_CLIENT_ID; - peer_len = strlen(PSA_JPAKE_CLIENT_ID); + user = (uint8_t *) JPAKE_SERVER_ID; + user_len = strlen(JPAKE_SERVER_ID); + peer = (uint8_t *) JPAKE_CLIENT_ID; + peer_len = strlen(JPAKE_CLIENT_ID); } else { - user = (uint8_t *) PSA_JPAKE_CLIENT_ID; - user_len = strlen(PSA_JPAKE_CLIENT_ID); - peer = (uint8_t *) PSA_JPAKE_SERVER_ID; - peer_len = strlen(PSA_JPAKE_SERVER_ID); + user = (uint8_t *) JPAKE_CLIENT_ID; + user_len = strlen(JPAKE_CLIENT_ID); + peer = (uint8_t *) JPAKE_SERVER_ID; + peer_len = strlen(JPAKE_SERVER_ID); } status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index cb5d202a24..c235ff6e7d 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -5,6 +5,11 @@ Global to silent the compiler when unused. */ size_t pake_expected_hit_count = 0; int pake_in_driver = 0; + +/* JPAKE user/peer ids. */ +#define JPAKE_SERVER_ID "server" +#define JPAKE_CLIENT_ID "client" + #if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, @@ -2994,10 +2999,10 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st PSA_ECC_FAMILY_SECP_R1, 256); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; unsigned char *input_buffer = NULL; - const uint8_t server_id[] = PSA_JPAKE_SERVER_ID; - const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID; - const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID); - const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID); + const uint8_t server_id[] = JPAKE_SERVER_ID; + const uint8_t client_id[] = JPAKE_CLIENT_ID; + const size_t server_id_len = strlen(JPAKE_SERVER_ID); + const size_t client_id_len = strlen(JPAKE_CLIENT_ID); const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE); unsigned char *output_buffer = NULL; @@ -3188,10 +3193,10 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_derivation_operation_t client_derive = PSA_KEY_DERIVATION_OPERATION_INIT; - const uint8_t server_id[] = PSA_JPAKE_SERVER_ID; - const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID; - const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID); - const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID); + const uint8_t server_id[] = JPAKE_SERVER_ID; + const uint8_t client_id[] = JPAKE_CLIENT_ID; + const size_t server_id_len = strlen(JPAKE_SERVER_ID); + const size_t client_id_len = strlen(JPAKE_CLIENT_ID); pake_in_driver = in_driver; /* driver setup is called indirectly through pake_output/pake_input */ if (pake_in_driver) { diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 8df28f7b72..d8b1035a76 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -53,6 +53,10 @@ typedef enum { PAKE_ROUND_TWO } pake_round_t; +/* JPAKE user/peer ids. */ +#define JPAKE_SERVER_ID "server" +#define JPAKE_CLIENT_ID "client" + /* * Inject an error on the specified buffer ONLY it this is the correct stage. * Offset 7 is arbitrary, but chosen because it's "in the middle" of the part @@ -733,10 +737,10 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; ecjpake_error_stage_t err_stage = err_stage_arg; - const uint8_t server_id[] = PSA_JPAKE_SERVER_ID; - const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID; - const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID); - const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID); + const uint8_t server_id[] = JPAKE_SERVER_ID; + const uint8_t client_id[] = JPAKE_CLIENT_ID; + const size_t server_id_len = strlen(JPAKE_SERVER_ID); + const size_t client_id_len = strlen(JPAKE_CLIENT_ID); PSA_INIT(); @@ -801,10 +805,10 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, psa_key_derivation_operation_t client_derive = PSA_KEY_DERIVATION_OPERATION_INIT; ecjpake_error_stage_t err_stage = err_stage_arg; - const uint8_t server_id[] = PSA_JPAKE_SERVER_ID; - const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID; - const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID); - const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID); + const uint8_t server_id[] = JPAKE_SERVER_ID; + const uint8_t client_id[] = JPAKE_CLIENT_ID; + const size_t server_id_len = strlen(JPAKE_SERVER_ID); + const size_t client_id_len = strlen(JPAKE_CLIENT_ID); PSA_INIT(); From 8b429ba4144f7e5539cb325da8b9129fa951a97e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 10 Mar 2023 09:22:46 +0100 Subject: [PATCH 14/18] Add change log entry (EC j-pake driver dispatch) Signed-off-by: Przemek Stekiel --- ChangeLog.d/ec_jpake_driver_dispatch.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/ec_jpake_driver_dispatch.txt diff --git a/ChangeLog.d/ec_jpake_driver_dispatch.txt b/ChangeLog.d/ec_jpake_driver_dispatch.txt new file mode 100644 index 0000000000..343929629e --- /dev/null +++ b/ChangeLog.d/ec_jpake_driver_dispatch.txt @@ -0,0 +1,3 @@ +Features + * Add a driver dispatch layer for EC J-PAKE, enabling alternative + implementations of EC J-PAKE through the driver entry points. From f309d6b7fb0edff13d88df10b1d9e3bffe34472f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 10 Mar 2023 09:54:45 +0100 Subject: [PATCH 15/18] Fix peer user mismatch after rebase Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index dea2a365a3..767dbfcd1a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7400,7 +7400,7 @@ psa_status_t psa_pake_set_user( goto exit; } - if (operation->data.inputs.peer_len != 0) { + if (operation->data.inputs.user_len != 0) { status = PSA_ERROR_BAD_STATE; goto exit; } @@ -7412,14 +7412,14 @@ psa_status_t psa_pake_set_user( goto exit; } - operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len); - if (operation->data.inputs.peer == NULL) { + operation->data.inputs.user = mbedtls_calloc(1, user_id_len); + if (operation->data.inputs.user == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto exit; } - memcpy(operation->data.inputs.peer, peer_id, peer_id_len); - operation->data.inputs.peer_len = peer_id_len; + memcpy(operation->data.inputs.user, user_id, user_id_len); + operation->data.inputs.user_len = user_id_len; return PSA_SUCCESS; exit: @@ -7444,7 +7444,7 @@ psa_status_t psa_pake_set_peer( goto exit; } - if (operation->data.inputs.user_len != 0) { + if (operation->data.inputs.peer_len != 0) { status = PSA_ERROR_BAD_STATE; goto exit; } @@ -7456,14 +7456,14 @@ psa_status_t psa_pake_set_peer( goto exit; } - operation->data.inputs.user = mbedtls_calloc(1, user_id_len); - if (operation->data.inputs.user == NULL) { + operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len); + if (operation->data.inputs.peer == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto exit; } - memcpy(operation->data.inputs.user, user_id, user_id_len); - operation->data.inputs.user_len = user_id_len; + memcpy(operation->data.inputs.peer, peer_id, peer_id_len); + operation->data.inputs.peer_len = peer_id_len; return PSA_SUCCESS; exit: From a11c1d141e9d0569f52381b2bdf20738721d58db Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 13 Mar 2023 16:06:34 +0100 Subject: [PATCH 16/18] Reword change log entry Signed-off-by: Przemek Stekiel --- ChangeLog.d/fix-jpake-user-peer.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/fix-jpake-user-peer.txt b/ChangeLog.d/fix-jpake-user-peer.txt index ae6d441ac0..e027fc37b3 100644 --- a/ChangeLog.d/fix-jpake-user-peer.txt +++ b/ChangeLog.d/fix-jpake-user-peer.txt @@ -1,4 +1,4 @@ Bugfix - * Allow setting user and peer identity for EC J-PAKE operation - instead role in PAKE PSA Crypto API as described in the specification. - This is partial fix that allows only "client"/"server" ids. + * Allow setting user and peer identifiers for EC J-PAKE operation + instead of role in PAKE PSA Crypto API as described in the specification. + This is a partial fix that allows only "client" and "server" identifiers. From fde112830f132a90d5b4b4f3aaffc3b00722378c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 13 Mar 2023 16:06:09 +0100 Subject: [PATCH 17/18] Code optimizations and documentation fixes Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 4 +-- library/psa_crypto.c | 35 ++++++++++--------- library/ssl_tls.c | 28 +++++++-------- ..._suite_psa_crypto_driver_wrappers.function | 26 +++++--------- .../test_suite_psa_crypto_pake.function | 32 +++++++---------- 5 files changed, 56 insertions(+), 69 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index ba43c72076..e491a86ebd 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1562,7 +1562,7 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * been set (psa_pake_set_user() hasn't been * called yet). * \param[in] user_id The user ID to authenticate with. - * ("client" or "server") + * (temporary limitation: "client" or "server" only) * \param user_id_len Size of the \p user_id buffer in bytes. * * \retval #PSA_SUCCESS @@ -1604,7 +1604,7 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, * been set (psa_pake_set_peer() hasn't been * called yet). * \param[in] peer_id The peer's ID to authenticate. - * ("client" or "server") + * (temporary limitation: "client" or "server" only) * \param peer_id_len Size of the \p peer_id buffer in bytes. * * \retval #PSA_SUCCESS diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 767dbfcd1a..b875412c99 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -91,9 +91,9 @@ #define BUILTIN_ALG_ANY_HKDF 1 #endif -/* JPAKE user/peer ids. */ -#define JPAKE_SERVER_ID "server" -#define JPAKE_CLIENT_ID "client" +/* The only two JPAKE user/peer identifiers supported for the time being. */ +static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; +static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; /****************************************************************/ /* Global data, support functions and library management */ @@ -7406,8 +7406,10 @@ psa_status_t psa_pake_set_user( } /* Allow only "client" or "server" values (temporary restriction). */ - if (memcmp(user_id, JPAKE_SERVER_ID, user_id_len) != 0 && - memcmp(user_id, JPAKE_CLIENT_ID, user_id_len) != 0) { + if ((user_id_len != sizeof(jpake_server_id) || + memcmp(user_id, jpake_server_id, user_id_len) != 0) && + (user_id_len != sizeof(jpake_client_id) || + memcmp(user_id, jpake_client_id, user_id_len) != 0)) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } @@ -7450,8 +7452,10 @@ psa_status_t psa_pake_set_peer( } /* Allow only "client" or "server" values (temporary restriction). */ - if (memcmp(peer_id, JPAKE_SERVER_ID, peer_id_len) != 0 && - memcmp(peer_id, JPAKE_CLIENT_ID, peer_id_len) != 0) { + if ((peer_id_len != sizeof(jpake_server_id) || + memcmp(peer_id, jpake_server_id, peer_id_len) != 0) && + (peer_id_len != sizeof(jpake_client_id) || + memcmp(peer_id, jpake_client_id, peer_id_len) != 0)) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } @@ -7565,19 +7569,20 @@ static psa_status_t psa_pake_complete_inputs( with the driver context which will be setup by the driver. */ psa_crypto_driver_pake_inputs_t inputs = operation->data.inputs; - if (inputs.password_len == 0 || - inputs.user_len == 0 || - inputs.peer_len == 0) { + if (inputs.password_len == 0) { return PSA_ERROR_BAD_STATE; } if (operation->alg == PSA_ALG_JPAKE) { - if (memcmp(inputs.user, JPAKE_CLIENT_ID, inputs.user_len) == 0 && - memcmp(inputs.peer, JPAKE_SERVER_ID, inputs.peer_len) == 0) { + if (inputs.user_len == 0 || inputs.peer_len == 0) { + return PSA_ERROR_BAD_STATE; + } + if (memcmp(inputs.user, jpake_client_id, inputs.user_len) == 0 && + memcmp(inputs.peer, jpake_server_id, inputs.peer_len) == 0) { inputs.role = PSA_PAKE_ROLE_CLIENT; } else - if (memcmp(inputs.user, JPAKE_SERVER_ID, inputs.user_len) == 0 && - memcmp(inputs.peer, JPAKE_CLIENT_ID, inputs.peer_len) == 0) { + if (memcmp(inputs.user, jpake_server_id, inputs.user_len) == 0 && + memcmp(inputs.peer, jpake_client_id, inputs.peer_len) == 0) { inputs.role = PSA_PAKE_ROLE_SERVER; } @@ -7599,8 +7604,6 @@ static psa_status_t psa_pake_complete_inputs( /* User and peer are translated to role. */ mbedtls_free(inputs.user); mbedtls_free(inputs.peer); - inputs.user = NULL; inputs.user_len = 0; - inputs.peer = NULL; inputs.peer_len = 0; if (status == PSA_SUCCESS) { #if defined(PSA_WANT_ALG_JPAKE) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4a351f320b..f43bb73a3b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -61,10 +61,6 @@ psa_generic_status_to_mbedtls) #endif -/* JPAKE user/peer ids. */ -#define JPAKE_SERVER_ID "server" -#define JPAKE_CLIENT_ID "client" - #if defined(MBEDTLS_TEST_HOOKS) static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args; @@ -1953,15 +1949,19 @@ void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) +/* The only two JPAKE user/peer identifiers supported for the time being. */ +static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; +static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; + static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( mbedtls_ssl_context *ssl, mbedtls_svc_key_id_t pwd) { psa_status_t status; psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); - uint8_t *user = NULL; + const uint8_t *user = NULL; size_t user_len = 0; - uint8_t *peer = NULL; + const uint8_t *peer = NULL; size_t peer_len = 0; psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); psa_pake_cs_set_primitive(&cipher_suite, @@ -1976,15 +1976,15 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( } if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - user = (uint8_t *) JPAKE_SERVER_ID; - user_len = strlen(JPAKE_SERVER_ID); - peer = (uint8_t *) JPAKE_CLIENT_ID; - peer_len = strlen(JPAKE_CLIENT_ID); + user = jpake_server_id; + user_len = sizeof(jpake_server_id); + peer = jpake_client_id; + peer_len = sizeof(jpake_client_id); } else { - user = (uint8_t *) JPAKE_CLIENT_ID; - user_len = strlen(JPAKE_CLIENT_ID); - peer = (uint8_t *) JPAKE_SERVER_ID; - peer_len = strlen(JPAKE_SERVER_ID); + user = jpake_client_id; + user_len = sizeof(jpake_client_id); + peer = jpake_server_id; + peer_len = sizeof(jpake_server_id); } status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index c235ff6e7d..56f4d1d5b3 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -6,9 +6,9 @@ size_t pake_expected_hit_count = 0; int pake_in_driver = 0; -/* JPAKE user/peer ids. */ -#define JPAKE_SERVER_ID "server" -#define JPAKE_CLIENT_ID "client" +/* The only two JPAKE user/peer identifiers supported for the time being. */ +static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; +static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; #if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) @@ -2999,10 +2999,6 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st PSA_ECC_FAMILY_SECP_R1, 256); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; unsigned char *input_buffer = NULL; - const uint8_t server_id[] = JPAKE_SERVER_ID; - const uint8_t client_id[] = JPAKE_CLIENT_ID; - const size_t server_id_len = strlen(JPAKE_SERVER_ID); - const size_t client_id_len = strlen(JPAKE_CLIENT_ID); const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE); unsigned char *output_buffer = NULL; @@ -3044,8 +3040,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), PSA_SUCCESS); - PSA_ASSERT(psa_pake_set_user(&operation, server_id, server_id_len)); - PSA_ASSERT(psa_pake_set_peer(&operation, client_id, client_id_len)); + PSA_ASSERT(psa_pake_set_user(&operation, jpake_server_id, sizeof(jpake_server_id))); + PSA_ASSERT(psa_pake_set_peer(&operation, jpake_client_id, sizeof(jpake_client_id))); TEST_EQUAL(psa_pake_set_password_key(&operation, key), PSA_SUCCESS); @@ -3193,10 +3189,6 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_derivation_operation_t client_derive = PSA_KEY_DERIVATION_OPERATION_INIT; - const uint8_t server_id[] = JPAKE_SERVER_ID; - const uint8_t client_id[] = JPAKE_CLIENT_ID; - const size_t server_id_len = strlen(JPAKE_SERVER_ID); - const size_t client_id_len = strlen(JPAKE_CLIENT_ID); pake_in_driver = in_driver; /* driver setup is called indirectly through pake_output/pake_input */ if (pake_in_driver) { @@ -3242,11 +3234,11 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); - PSA_ASSERT(psa_pake_set_user(&server, server_id, server_id_len)); - PSA_ASSERT(psa_pake_set_peer(&server, client_id, client_id_len)); + PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); + PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); - PSA_ASSERT(psa_pake_set_user(&client, client_id, client_id_len)); - PSA_ASSERT(psa_pake_set_peer(&client, server_id, server_id_len)); + PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_password_key(&server, key)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index d8b1035a76..00b5c2ff95 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -53,9 +53,9 @@ typedef enum { PAKE_ROUND_TWO } pake_round_t; -/* JPAKE user/peer ids. */ -#define JPAKE_SERVER_ID "server" -#define JPAKE_CLIENT_ID "client" +/* The only two JPAKE user/peer identifiers supported for the time being. */ +static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; +static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; /* * Inject an error on the specified buffer ONLY it this is the correct stage. @@ -737,10 +737,6 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; ecjpake_error_stage_t err_stage = err_stage_arg; - const uint8_t server_id[] = JPAKE_SERVER_ID; - const uint8_t client_id[] = JPAKE_CLIENT_ID; - const size_t server_id_len = strlen(JPAKE_SERVER_ID); - const size_t client_id_len = strlen(JPAKE_CLIENT_ID); PSA_INIT(); @@ -758,10 +754,10 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); - PSA_ASSERT(psa_pake_set_user(&server, server_id, server_id_len)); - PSA_ASSERT(psa_pake_set_peer(&server, client_id, client_id_len)); - PSA_ASSERT(psa_pake_set_user(&client, client_id, client_id_len)); - PSA_ASSERT(psa_pake_set_peer(&client, server_id, server_id_len)); + PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); + PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); PSA_ASSERT(psa_pake_set_password_key(&server, key)); PSA_ASSERT(psa_pake_set_password_key(&client, key)); @@ -805,10 +801,6 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, psa_key_derivation_operation_t client_derive = PSA_KEY_DERIVATION_OPERATION_INIT; ecjpake_error_stage_t err_stage = err_stage_arg; - const uint8_t server_id[] = JPAKE_SERVER_ID; - const uint8_t client_id[] = JPAKE_CLIENT_ID; - const size_t server_id_len = strlen(JPAKE_SERVER_ID); - const size_t client_id_len = strlen(JPAKE_CLIENT_ID); PSA_INIT(); @@ -839,10 +831,10 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); - PSA_ASSERT(psa_pake_set_user(&server, server_id, server_id_len)); - PSA_ASSERT(psa_pake_set_peer(&server, client_id, client_id_len)); - PSA_ASSERT(psa_pake_set_user(&client, client_id, client_id_len)); - PSA_ASSERT(psa_pake_set_peer(&client, server_id, server_id_len)); + PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); + PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); + PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); PSA_ASSERT(psa_pake_set_password_key(&server, key)); PSA_ASSERT(psa_pake_set_password_key(&client, key)); @@ -1056,7 +1048,7 @@ void pake_input_getters_role() PSA_ERROR_BAD_STATE); /* Role can not be set directly using psa_pake_set_role(). It is set by the core - based on given user/peer. Simulate that Role is already set. */ + based on given user/peer identifiers. Simulate that Role is already set. */ operation.data.inputs.role = PSA_PAKE_ROLE_SERVER; TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret), PSA_SUCCESS); From c0e6250ff921506871dd57745d9dc62446314c2e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 14 Mar 2023 11:49:36 +0100 Subject: [PATCH 18/18] Fix documentation and tests Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 8 ++--- include/psa/crypto_extra.h | 32 +++++++++---------- library/psa_crypto.c | 16 +++++----- library/ssl_tls.c | 1 - .../test_suite_psa_crypto_pake.function | 12 +++---- 5 files changed, 34 insertions(+), 35 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 0a5255715d..0027ec7662 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -379,16 +379,16 @@ psa_status_t psa_crypto_driver_pake_get_user_len(     size_t *user_len); psa_status_t psa_crypto_driver_pake_get_user( -    const psa_crypto_driver_pake_inputs_t *inputs, -    uint8_t *buffer, size_t buffer_size, size_t *buffer_length); + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *user_id, size_t user_id_size, size_t *user_id_len); psa_status_t psa_crypto_driver_pake_get_peer_len(     const psa_crypto_driver_pake_inputs_t *inputs,     size_t *peer_len); psa_status_t psa_crypto_driver_pake_get_peer( -    const psa_crypto_driver_pake_inputs_t *inputs, -    uint8_t *buffer, size_t buffer_size, size_t *buffer_length); + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length); psa_status_t psa_crypto_driver_pake_get_role(     const psa_crypto_driver_pake_inputs_t *inputs, diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index e491a86ebd..4920508d7b 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1300,10 +1300,10 @@ typedef struct psa_jpake_computation_stage_s psa_jpake_computation_stage_t; */ static psa_pake_operation_t psa_pake_operation_init(void); -/** Get the lengths of the password in bytes from given inputs. +/** Get the length of the password in bytes from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] password_len Return buffer for password length. + * \param[out] password_len Password length. * * \retval #PSA_SUCCESS * Success. @@ -1344,10 +1344,10 @@ psa_status_t psa_crypto_driver_pake_get_role( const psa_crypto_driver_pake_inputs_t *inputs, psa_pake_role_t *role); -/** Get the lengths of the user id in bytes from given inputs. +/** Get the length of the user id in bytes from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] user_len Return buffer for user id length. + * \param[out] user_len User id length. * * \retval #PSA_SUCCESS * Success. @@ -1358,10 +1358,10 @@ psa_status_t psa_crypto_driver_pake_get_user_len( const psa_crypto_driver_pake_inputs_t *inputs, size_t *user_len); -/** Get the lengths of the peer id in bytes from given inputs. +/** Get the length of the peer id in bytes from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] peer_len Return buffer for peer id length. + * \param[out] peer_len Peer id length. * * \retval #PSA_SUCCESS * Success. @@ -1375,38 +1375,38 @@ psa_status_t psa_crypto_driver_pake_get_peer_len( /** Get the user id from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] buffer Return buffer for user id. - * \param buffer_size Size of the return buffer in bytes. - * \param[out] buffer_length Actual size of the password in bytes. + * \param[out] user_id User id. + * \param user_id_size Size of \p user_id in bytes. + * \param[out] user_id_len Size of the user id in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE * User id hasn't been set yet. * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p buffer is too small. + * The size of the \p user_id is too small. */ psa_status_t psa_crypto_driver_pake_get_user( const psa_crypto_driver_pake_inputs_t *inputs, - uint8_t *buffer, size_t buffer_size, size_t *buffer_length); + uint8_t *user_id, size_t user_id_size, size_t *user_id_len); /** Get the peer id from given inputs. * * \param[in] inputs Operation inputs. - * \param[out] buffer Return buffer for user id. - * \param buffer_size Size of the return buffer in bytes. - * \param[out] buffer_length Actual size of the password in bytes. + * \param[out] peer_id Peer id. + * \param peer_id_size Size of \p peer_id in bytes. + * \param[out] peer_id_length Size of the peer id in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE * Peer id hasn't been set yet. * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p buffer is too small. + * The size of the \p peer_id is too small. */ psa_status_t psa_crypto_driver_pake_get_peer( const psa_crypto_driver_pake_inputs_t *inputs, - uint8_t *buffer, size_t buffer_size, size_t *buffer_length); + uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length); /** Get the cipher suite from given inputs. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b875412c99..d0cdd626e8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7228,18 +7228,18 @@ psa_status_t psa_crypto_driver_pake_get_user_len( psa_status_t psa_crypto_driver_pake_get_user( const psa_crypto_driver_pake_inputs_t *inputs, - uint8_t *buffer, size_t buffer_size, size_t *buffer_length) + uint8_t *user_id, size_t user_id_size, size_t *user_id_len) { if (inputs->user_len == 0) { return PSA_ERROR_BAD_STATE; } - if (buffer_size < inputs->user_len) { + if (user_id_size < inputs->user_len) { return PSA_ERROR_BUFFER_TOO_SMALL; } - memcpy(buffer, inputs->user, inputs->user_len); - *buffer_length = inputs->user_len; + memcpy(user_id, inputs->user, inputs->user_len); + *user_id_len = inputs->user_len; return PSA_SUCCESS; } @@ -7259,18 +7259,18 @@ psa_status_t psa_crypto_driver_pake_get_peer_len( psa_status_t psa_crypto_driver_pake_get_peer( const psa_crypto_driver_pake_inputs_t *inputs, - uint8_t *buffer, size_t buffer_size, size_t *buffer_length) + uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length) { if (inputs->peer_len == 0) { return PSA_ERROR_BAD_STATE; } - if (buffer_size < inputs->peer_len) { + if (peer_id_size < inputs->peer_len) { return PSA_ERROR_BUFFER_TOO_SMALL; } - memcpy(buffer, inputs->peer, inputs->peer_len); - *buffer_length = inputs->peer_len; + memcpy(peer_id, inputs->peer, inputs->peer_len); + *peer_id_length = inputs->peer_len; return PSA_SUCCESS; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f43bb73a3b..5f795685a2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1949,7 +1949,6 @@ void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) -/* The only two JPAKE user/peer identifiers supported for the time being. */ static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 00b5c2ff95..88f24dd55b 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -1060,13 +1060,13 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void pake_input_getters_user() { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t operation = psa_pake_operation_init(); - const uint8_t user[] = "server"; - const size_t user_len = strlen("server"); + const uint8_t user[] = { 's', 'e', 'r', 'v', 'e', 'r' }; + const size_t user_len = sizeof(user); uint8_t user_ret[20] = { 0 }; // max user length is 20 bytes size_t user_len_ret = 0; size_t buffer_len_ret = 0; @@ -1118,13 +1118,13 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void pake_input_getters_peer() { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t operation = psa_pake_operation_init(); - const uint8_t peer[] = "server"; - const size_t peer_len = strlen("server"); + const uint8_t peer[] = { 's', 'e', 'r', 'v', 'e', 'r' }; + const size_t peer_len = sizeof(peer); uint8_t peer_ret[20] = { 0 }; // max peer length is 20 bytes size_t peer_len_ret = 0; size_t buffer_len_ret = 0;