lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Move JPAKE state machine logic from driver to core

Browse Source 
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
  Now when logic is moved to core information about `alg` is required.
  `computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
2022-12-21 12:54:46 +01:00
parent be5e27b5ad
commit e12ed36a6c
10 changed files with 500 additions and 323 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/include/test/drivers/pake.h
View File

@ -58,6 +58,7 @@ psa_status_t mbedtls_test_transparent_pake_setup(
psa_status_t mbedtls_test_transparent_pake_output(
mbedtls_transparent_test_driver_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
uint8_t *output,
size_t output_size,
size_t *output_length);
@ -65,6 +66,7 @@ psa_status_t mbedtls_test_transparent_pake_output(
psa_status_t mbedtls_test_transparent_pake_input(
mbedtls_transparent_test_driver_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
const uint8_t *input,
size_t input_length);
@ -102,6 +104,7 @@ psa_status_t mbedtls_test_opaque_pake_set_role(
psa_status_t mbedtls_test_opaque_pake_output(
mbedtls_opaque_test_driver_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
uint8_t *output,
size_t output_size,
size_t *output_length);
@ -109,6 +112,7 @@ psa_status_t mbedtls_test_opaque_pake_output(
psa_status_t mbedtls_test_opaque_pake_input(
mbedtls_opaque_test_driver_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
const uint8_t *input,
size_t input_length);

25
tests/src/drivers/test_driver_pake.c
View File

@ -65,6 +65,7 @@ psa_status_t mbedtls_test_transparent_pake_setup(
psa_status_t mbedtls_test_transparent_pake_output(
mbedtls_transparent_test_driver_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
uint8_t *output,
size_t output_size,
size_t *output_length)
@ -92,14 +93,20 @@ psa_status_t mbedtls_test_transparent_pake_output(
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_output(
operation, step, output, output_size, output_length);
operation,
step,
(libtestdriver1_psa_pake_computation_stage_t *) computation_stage,
output,
output_size,
output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_output(
operation, step, output, output_size, output_length);
operation, step, computation_stage, output, output_size, output_length);
#else
(void) operation;
(void) step;
(void) computation_stage;
(void) output;
(void) output_size;
(void) output_length;
@ -113,6 +120,7 @@ psa_status_t mbedtls_test_transparent_pake_output(
psa_status_t mbedtls_test_transparent_pake_input(
mbedtls_transparent_test_driver_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
const uint8_t *input,
size_t input_length)
{
@ -126,14 +134,19 @@ psa_status_t mbedtls_test_transparent_pake_input(
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_input(
operation, step, input, input_length);
operation,
step,
(libtestdriver1_psa_pake_computation_stage_t *) computation_stage,
input,
input_length);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_input(
operation, step, input, input_length);
operation, step, computation_stage, input, input_length);
#else
(void) operation;
(void) step;
(void) computation_stage;
(void) input;
(void) input_length;
mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
@ -258,12 +271,14 @@ psa_status_t mbedtls_test_opaque_pake_set_role(
psa_status_t mbedtls_test_opaque_pake_output(
mbedtls_opaque_test_driver_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
(void) operation;
(void) step;
(void) computation_stage;
(void) output;
(void) output_size;
(void) output_length;
@ -274,11 +289,13 @@ psa_status_t mbedtls_test_opaque_pake_output(
psa_status_t mbedtls_test_opaque_pake_input(
mbedtls_opaque_test_driver_pake_operation_t *operation,
psa_pake_step_t step,
const psa_pake_computation_stage_t *computation_stage,
const uint8_t *input,
size_t input_length)
{
(void) operation;
(void) step;
(void) computation_stage;
(void) input;
(void) input_length;
return PSA_ERROR_NOT_SUPPORTED;

8
tests/suites/test_suite_psa_crypto_pake.data
View File

@ -70,10 +70,6 @@ PSA PAKE: input buffer too large
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT
PSA PAKE: valid input operation after a failure
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE
PSA PAKE: invalid output
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT
@ -90,10 +86,6 @@ PSA PAKE: output buffer too small
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_BUFFER_TOO_SMALL
PSA PAKE: valid output operation after a failure
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE
PSA PAKE: check rounds w/o forced errors
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0:ERR_NONE