diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index c0f76c894a..a280331e3d 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -241,7 +241,9 @@ int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len); int mbedtls_test_inject_entropy_restore(void); #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ - +/** Parse binary string and convert it to a long integer + */ +uint64_t parse_binary_string(data_t *bin_string); /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index b5e3d35426..46f4d08107 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -119,6 +119,7 @@ * The inputs \p input1 and \p input2 are, in order: * - HKDF: salt, info. * - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label. + * - PBKDF2: input cost, salt. * * \param operation The operation object to use. * It must be in the initialized state. diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index cab96ab967..18eac060f5 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -149,6 +149,17 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) } } +uint64_t parse_binary_string(data_t *bin_string) +{ + uint64_t result = 0; + TEST_LE_U(bin_string->len, 8); + for (size_t i = 0; i < bin_string->len; i++) { + result = result << 8 | bin_string->x[i]; + } +exit: + return result; /* returns 0 if len > 8 */ +} + #if defined(MBEDTLS_PSA_INJECT_ENTROPY) #include diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 9ff408cb05..83359771c1 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -437,6 +437,18 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length)); + } else if (PSA_ALG_IS_PBKDF2(alg)) { + data_t input_cost = { (unsigned char *) input1, (uint32_t) input1_length }; + PSA_ASSERT(psa_key_derivation_input_integer(operation, + PSA_KEY_DERIVATION_INPUT_COST, + parse_binary_string(&input_cost))); + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_SALT, + input2, + input2_length)); + PSA_ASSERT(psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_PASSWORD, + key)); } else { TEST_FAIL("Key derivation algorithm not supported"); } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 2396590b2d..d1ae15b73f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -296,17 +296,6 @@ exit: #define INPUT_INTEGER 0x10000 /* Out of range of psa_key_type_t */ -uint64_t parse_binary_string(data_t *bin_string) -{ - uint64_t result = 0; - TEST_LE_U(bin_string->len, 8); - for (size_t i = 0; i < bin_string->len; i++) { - result = result << 8 | bin_string->x[i]; - } -exit: - return result; /* returns 0 if len > 8 */ -} - /* An overapproximation of the amount of storage needed for a key of the * given type and with the given content. The API doesn't make it easy * to find a good value for the size. The current implementation doesn't