eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #7328 from mprse/ec-jpake-fix1

Browse source 
Fix the JPAKE driver interface for user+peer
This commit is contained in:
Gilles Peskine 2023-05-02 20:42:25 +02:00 committed by GitHub
commit d3ca5e5897
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 135 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog.d/ec_jpake_user_peer_2.txt Normal file
View file

@ -0,0 +1,3 @@
Bugfix
* Fix the J-PAKE driver interface for user and peer to accept any values
(previously accepted values were limited to "client" or "server").

4
docs/proposed/psa-driver-interface.md
View file

@ -390,10 +390,6 @@ psa_status_t psa_crypto_driver_pake_get_peer(
const psa_crypto_driver_pake_inputs_t *inputs, const psa_crypto_driver_pake_inputs_t *inputs,
uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length); uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length);
psa_status_t psa_crypto_driver_pake_get_role(
    const psa_crypto_driver_pake_inputs_t *inputs,
    psa_pake_role_t *role);
psa_status_t psa_crypto_driver_pake_get_cipher_suite( psa_status_t psa_crypto_driver_pake_get_cipher_suite(
    const psa_crypto_driver_pake_inputs_t *inputs,     const psa_crypto_driver_pake_inputs_t *inputs,
    psa_pake_cipher_suite_t *cipher_suite);     psa_pake_cipher_suite_t *cipher_suite);

1
include/mbedtls/ecjpake.h
View file

@ -54,6 +54,7 @@ extern "C" {
typedef enum { typedef enum {
MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */ MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */
MBEDTLS_ECJPAKE_SERVER, /**< Server */ MBEDTLS_ECJPAKE_SERVER, /**< Server */
MBEDTLS_ECJPAKE_NONE, /**< Undefined */
} mbedtls_ecjpake_role; } mbedtls_ecjpake_role;
#if !defined(MBEDTLS_ECJPAKE_ALT) #if !defined(MBEDTLS_ECJPAKE_ALT)

2
include/psa/crypto_builtin_composites.h
View file

@ -202,7 +202,7 @@ typedef struct {
uint8_t *MBEDTLS_PRIVATE(password); uint8_t *MBEDTLS_PRIVATE(password);
size_t MBEDTLS_PRIVATE(password_len); size_t MBEDTLS_PRIVATE(password_len);
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
uint8_t MBEDTLS_PRIVATE(role); mbedtls_ecjpake_role MBEDTLS_PRIVATE(role);
uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_JPAKE_BUFFER_SIZE]); uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_JPAKE_BUFFER_SIZE]);
size_t MBEDTLS_PRIVATE(buffer_length); size_t MBEDTLS_PRIVATE(buffer_length);
size_t MBEDTLS_PRIVATE(buffer_offset); size_t MBEDTLS_PRIVATE(buffer_offset);

17
include/psa/crypto_extra.h
View file

@ -1328,20 +1328,6 @@ psa_status_t psa_crypto_driver_pake_get_password(
const psa_crypto_driver_pake_inputs_t *inputs, const psa_crypto_driver_pake_inputs_t *inputs,
uint8_t *buffer, size_t buffer_size, size_t *buffer_length); uint8_t *buffer, size_t buffer_size, size_t *buffer_length);
/** Get the role from given inputs.
*
* \param[in] inputs Operation inputs.
* \param[out] role Return buffer for role.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
* Role hasn't been set yet.
*/
psa_status_t psa_crypto_driver_pake_get_role(
const psa_crypto_driver_pake_inputs_t *inputs,
psa_pake_role_t *role);
/** Get the length of the user id in bytes from given inputs. /** Get the length of the user id in bytes from given inputs.
* *
* \param[in] inputs Operation inputs. * \param[in] inputs Operation inputs.
@ -1560,7 +1546,6 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
* been set (psa_pake_set_user() hasn't been * been set (psa_pake_set_user() hasn't been
* called yet). * called yet).
* \param[in] user_id The user ID to authenticate with. * \param[in] user_id The user ID to authenticate with.
* (temporary limitation: "client" or "server" only)
* \param user_id_len Size of the \p user_id buffer in bytes. * \param user_id_len Size of the \p user_id buffer in bytes.
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
@ -1602,7 +1587,6 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation,
* been set (psa_pake_set_peer() hasn't been * been set (psa_pake_set_peer() hasn't been
* called yet). * called yet).
* \param[in] peer_id The peer's ID to authenticate. * \param[in] peer_id The peer's ID to authenticate.
* (temporary limitation: "client" or "server" only)
* \param peer_id_len Size of the \p peer_id buffer in bytes. * \param peer_id_len Size of the \p peer_id buffer in bytes.
* *
* \retval #PSA_SUCCESS * \retval #PSA_SUCCESS
@ -2039,7 +2023,6 @@ static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite,
struct psa_crypto_driver_pake_inputs_s { struct psa_crypto_driver_pake_inputs_s {
uint8_t *MBEDTLS_PRIVATE(password); uint8_t *MBEDTLS_PRIVATE(password);
size_t MBEDTLS_PRIVATE(password_len); size_t MBEDTLS_PRIVATE(password_len);
psa_pake_role_t MBEDTLS_PRIVATE(role);
uint8_t *MBEDTLS_PRIVATE(user); uint8_t *MBEDTLS_PRIVATE(user);
size_t MBEDTLS_PRIVATE(user_len); size_t MBEDTLS_PRIVATE(user_len);
uint8_t *MBEDTLS_PRIVATE(peer); uint8_t *MBEDTLS_PRIVATE(peer);

48
library/psa_crypto.c
View file

@ -91,10 +91,6 @@
#define BUILTIN_ALG_ANY_HKDF 1 #define BUILTIN_ALG_ANY_HKDF 1
#endif #endif
/* The only two JPAKE user/peer identifiers supported for the time being. */
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
/****************************************************************/ /****************************************************************/
/* Global data, support functions and library management */ /* Global data, support functions and library management */
/****************************************************************/ /****************************************************************/
@ -7237,19 +7233,6 @@ psa_status_t psa_crypto_driver_pake_get_password(
return PSA_SUCCESS; return PSA_SUCCESS;
} }
psa_status_t psa_crypto_driver_pake_get_role(
const psa_crypto_driver_pake_inputs_t *inputs,
psa_pake_role_t *role)
{
if (inputs->role == PSA_PAKE_ROLE_NONE) {
return PSA_ERROR_BAD_STATE;
}
*role = inputs->role;
return PSA_SUCCESS;
}
psa_status_t psa_crypto_driver_pake_get_user_len( psa_status_t psa_crypto_driver_pake_get_user_len(
const psa_crypto_driver_pake_inputs_t *inputs, const psa_crypto_driver_pake_inputs_t *inputs,
size_t *user_len) size_t *user_len)
@ -7444,15 +7427,6 @@ psa_status_t psa_pake_set_user(
goto exit; goto exit;
} }
/* Allow only "client" or "server" values (temporary restriction). */
if ((user_id_len != sizeof(jpake_server_id) ||
memcmp(user_id, jpake_server_id, user_id_len) != 0) &&
(user_id_len != sizeof(jpake_client_id) ||
memcmp(user_id, jpake_client_id, user_id_len) != 0)) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
operation->data.inputs.user = mbedtls_calloc(1, user_id_len); operation->data.inputs.user = mbedtls_calloc(1, user_id_len);
if (operation->data.inputs.user == NULL) { if (operation->data.inputs.user == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY; status = PSA_ERROR_INSUFFICIENT_MEMORY;
@ -7490,15 +7464,6 @@ psa_status_t psa_pake_set_peer(
goto exit; goto exit;
} }
/* Allow only "client" or "server" values (temporary restriction). */
if ((peer_id_len != sizeof(jpake_server_id) ||
memcmp(peer_id, jpake_server_id, peer_id_len) != 0) &&
(peer_id_len != sizeof(jpake_client_id) ||
memcmp(peer_id, jpake_client_id, peer_id_len) != 0)) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len); operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len);
if (operation->data.inputs.peer == NULL) { if (operation->data.inputs.peer == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY; status = PSA_ERROR_INSUFFICIENT_MEMORY;
@ -7616,19 +7581,6 @@ static psa_status_t psa_pake_complete_inputs(
if (inputs.user_len == 0 || inputs.peer_len == 0) { if (inputs.user_len == 0 || inputs.peer_len == 0) {
return PSA_ERROR_BAD_STATE; return PSA_ERROR_BAD_STATE;
} }
if (memcmp(inputs.user, jpake_client_id, inputs.user_len) == 0 &&
memcmp(inputs.peer, jpake_server_id, inputs.peer_len) == 0) {
inputs.role = PSA_PAKE_ROLE_CLIENT;
} else
if (memcmp(inputs.user, jpake_server_id, inputs.user_len) == 0 &&
memcmp(inputs.peer, jpake_client_id, inputs.peer_len) == 0) {
inputs.role = PSA_PAKE_ROLE_SERVER;
}
if (inputs.role != PSA_PAKE_ROLE_CLIENT &&
inputs.role != PSA_PAKE_ROLE_SERVER) {
return PSA_ERROR_NOT_SUPPORTED;
}
} }
/* Clear driver context */ /* Clear driver context */

77
library/psa_crypto_pake.c
View file

@ -168,13 +168,11 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret)
static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation) static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecjpake_role role = (operation->role == PSA_PAKE_ROLE_CLIENT) ?
MBEDTLS_ECJPAKE_CLIENT : MBEDTLS_ECJPAKE_SERVER;
mbedtls_ecjpake_init(&operation->ctx.jpake); mbedtls_ecjpake_init(&operation->ctx.jpake);
ret = mbedtls_ecjpake_setup(&operation->ctx.jpake, ret = mbedtls_ecjpake_setup(&operation->ctx.jpake,
role, operation->role,
MBEDTLS_MD_SHA256, MBEDTLS_MD_SHA256,
MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_SECP256R1,
operation->password, operation->password,
@ -190,21 +188,30 @@ static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operati
} }
#endif #endif
/* The only two JPAKE user/peer identifiers supported in built-in implementation. */
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
const psa_crypto_driver_pake_inputs_t *inputs) const psa_crypto_driver_pake_inputs_t *inputs)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t password_len = 0; size_t user_len = 0, peer_len = 0, password_len = 0;
psa_pake_role_t role = PSA_PAKE_ROLE_NONE; uint8_t *peer = NULL, *user = NULL;
size_t actual_user_len = 0, actual_peer_len = 0, actual_password_len = 0;
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
size_t actual_password_len = 0;
status = psa_crypto_driver_pake_get_password_len(inputs, &password_len); status = psa_crypto_driver_pake_get_password_len(inputs, &password_len);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
return status; return status;
} }
status = psa_crypto_driver_pake_get_role(inputs, &role); psa_crypto_driver_pake_get_user_len(inputs, &user_len);
if (status != PSA_SUCCESS) {
return status;
}
psa_crypto_driver_pake_get_peer_len(inputs, &peer_len);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
return status; return status;
} }
@ -216,7 +223,20 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
operation->password = mbedtls_calloc(1, password_len); operation->password = mbedtls_calloc(1, password_len);
if (operation->password == NULL) { if (operation->password == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY; status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto error;
}
user = mbedtls_calloc(1, user_len);
if (user == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto error;
}
peer = mbedtls_calloc(1, peer_len);
if (peer == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto error;
} }
status = psa_crypto_driver_pake_get_password(inputs, operation->password, status = psa_crypto_driver_pake_get_password(inputs, operation->password,
@ -225,6 +245,18 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
goto error; goto error;
} }
status = psa_crypto_driver_pake_get_user(inputs, user,
user_len, &actual_user_len);
if (status != PSA_SUCCESS) {
goto error;
}
status = psa_crypto_driver_pake_get_peer(inputs, peer,
peer_len, &actual_peer_len);
if (status != PSA_SUCCESS) {
goto error;
}
operation->password_len = actual_password_len; operation->password_len = actual_password_len;
operation->alg = cipher_suite.algorithm; operation->alg = cipher_suite.algorithm;
@ -238,7 +270,24 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
goto error; goto error;
} }
operation->role = role; const size_t user_peer_len = sizeof(jpake_client_id); // client and server have the same length
if (actual_user_len != user_peer_len ||
actual_peer_len != user_peer_len) {
status = PSA_ERROR_NOT_SUPPORTED;
goto error;
}
if (memcmp(user, jpake_client_id, actual_user_len) == 0 &&
memcmp(peer, jpake_server_id, actual_peer_len) == 0) {
operation->role = MBEDTLS_ECJPAKE_CLIENT;
} else
if (memcmp(user, jpake_server_id, actual_user_len) == 0 &&
memcmp(peer, jpake_client_id, actual_peer_len) == 0) {
operation->role = MBEDTLS_ECJPAKE_SERVER;
} else {
status = PSA_ERROR_NOT_SUPPORTED;
goto error;
}
operation->buffer_length = 0; operation->buffer_length = 0;
operation->buffer_offset = 0; operation->buffer_offset = 0;
@ -248,6 +297,9 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
goto error; goto error;
} }
/* Role has been set, release user/peer buffers. */
mbedtls_free(user); mbedtls_free(peer);
return PSA_SUCCESS; return PSA_SUCCESS;
} else } else
#else #else
@ -257,6 +309,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
{ status = PSA_ERROR_NOT_SUPPORTED; } { status = PSA_ERROR_NOT_SUPPORTED; }
error: error:
mbedtls_free(user); mbedtls_free(peer);
/* In case of failure of the setup of a multipart operation, the PSA driver interface /* In case of failure of the setup of a multipart operation, the PSA driver interface
* specifies that the core does not call any other driver entry point thus does not * specifies that the core does not call any other driver entry point thus does not
* call mbedtls_psa_pake_abort(). Therefore call it here to do the needed clean * call mbedtls_psa_pake_abort(). Therefore call it here to do the needed clean
@ -332,7 +385,7 @@ static psa_status_t mbedtls_psa_pake_output_internal(
* information is already available. * information is already available.
*/ */
if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE && if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE &&
operation->role == PSA_PAKE_ROLE_SERVER) { operation->role == MBEDTLS_ECJPAKE_SERVER) {
/* Skip ECParameters, with is 3 bytes (RFC 8422) */ /* Skip ECParameters, with is 3 bytes (RFC 8422) */
operation->buffer_offset += 3; operation->buffer_offset += 3;
} }
@ -423,7 +476,7 @@ static psa_status_t mbedtls_psa_pake_input_internal(
* we're a client. * we're a client.
*/ */
if (step == PSA_JPAKE_X4S_STEP_KEY_SHARE && if (step == PSA_JPAKE_X4S_STEP_KEY_SHARE &&
operation->role == PSA_PAKE_ROLE_CLIENT) { operation->role == MBEDTLS_ECJPAKE_CLIENT) {
/* We only support secp256r1. */ /* We only support secp256r1. */
/* This is the ECParameters structure defined by RFC 8422. */ /* This is the ECParameters structure defined by RFC 8422. */
unsigned char ecparameters[3] = { unsigned char ecparameters[3] = {
@ -541,7 +594,7 @@ psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) { if (operation->alg == PSA_ALG_JPAKE) {
operation->role = PSA_PAKE_ROLE_NONE; operation->role = MBEDTLS_ECJPAKE_NONE;
mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer)); mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer));
operation->buffer_length = 0; operation->buffer_length = 0;
operation->buffer_offset = 0; operation->buffer_offset = 0;

7
tests/suites/test_suite_psa_crypto_pake.data
View file

@ -48,11 +48,11 @@ ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_
PSA PAKE: set invalid user PSA PAKE: set invalid user
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"aaaa":"server":0:ERR_IN_SET_USER:PSA_ERROR_NOT_SUPPORTED ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"something":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED
PSA PAKE: set invalid peer PSA PAKE: set invalid peer
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"aaaa":0:ERR_IN_SET_PEER:PSA_ERROR_NOT_SUPPORTED ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"something":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED
PSA PAKE: user already set PSA PAKE: user already set
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
@ -220,9 +220,6 @@ pake_input_getters_password
PSA PAKE: input getters: cipher suite PSA PAKE: input getters: cipher suite
pake_input_getters_cipher_suite pake_input_getters_cipher_suite
PSA PAKE: input getters: role
pake_input_getters_role
PSA PAKE: input getters: user PSA PAKE: input getters: user
pake_input_getters_user pake_input_getters_user

151
tests/suites/test_suite_psa_crypto_pake.function
View file

@ -989,8 +989,7 @@ void pake_input_getters_password()
&buffer_len_ret), &buffer_len_ret),
PSA_SUCCESS); PSA_SUCCESS);
TEST_EQUAL(buffer_len_ret, strlen(password)); ASSERT_COMPARE(password_ret, buffer_len_ret, password, strlen(password));
PSA_ASSERT(memcmp(password_ret, password, buffer_len_ret));
exit: exit:
PSA_ASSERT(psa_destroy_key(key)); PSA_ASSERT(psa_destroy_key(key));
PSA_ASSERT(psa_pake_abort(&operation)); PSA_ASSERT(psa_pake_abort(&operation));
@ -1023,7 +1022,8 @@ void pake_input_getters_cipher_suite()
TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret), TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret),
PSA_SUCCESS); PSA_SUCCESS);
PSA_ASSERT(memcmp(&cipher_suite_ret, &cipher_suite, sizeof(cipher_suite))); ASSERT_COMPARE(&cipher_suite_ret, sizeof(cipher_suite_ret),
&cipher_suite, sizeof(cipher_suite));
exit: exit:
PSA_ASSERT(psa_pake_abort(&operation)); PSA_ASSERT(psa_pake_abort(&operation));
@ -1031,48 +1031,12 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
void pake_input_getters_role()
{
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_operation_t operation = psa_pake_operation_init();
psa_pake_role_t role_ret = PSA_PAKE_ROLE_NONE;
psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE(
PSA_PAKE_PRIMITIVE_TYPE_ECC,
PSA_ECC_FAMILY_SECP_R1, 256);
PSA_INIT();
psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE);
psa_pake_cs_set_primitive(&cipher_suite, primitive);
psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256);
PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite));
TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret),
PSA_ERROR_BAD_STATE);
/* Role can not be set directly using psa_pake_set_role(). It is set by the core
based on given user/peer identifiers. Simulate that Role is already set. */
operation.data.inputs.role = PSA_PAKE_ROLE_SERVER;
TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret),
PSA_SUCCESS);
TEST_EQUAL(role_ret, PSA_PAKE_ROLE_SERVER);
exit:
PSA_ASSERT(psa_pake_abort(&operation));
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
void pake_input_getters_user() void pake_input_getters_user()
{ {
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_operation_t operation = psa_pake_operation_init(); psa_pake_operation_t operation = psa_pake_operation_init();
const uint8_t user[] = { 's', 'e', 'r', 'v', 'e', 'r' }; const char *users[] = { "client", "server", "other" };
const size_t user_len = sizeof(user);
uint8_t user_ret[20] = { 0 }; // max user length is 20 bytes uint8_t user_ret[20] = { 0 }; // max user length is 20 bytes
size_t user_len_ret = 0; size_t user_len_ret = 0;
size_t buffer_len_ret = 0; size_t buffer_len_ret = 0;
@ -1087,37 +1051,43 @@ void pake_input_getters_user()
psa_pake_cs_set_primitive(&cipher_suite, primitive); psa_pake_cs_set_primitive(&cipher_suite, primitive);
psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256);
PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); for (size_t i = 0; i < ARRAY_LENGTH(users); i++) {
uint8_t *user = (uint8_t *) users[i];
uint8_t user_len = strlen(users[i]);
TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, PSA_ASSERT(psa_pake_abort(&operation));
(uint8_t *) &user_ret,
10, &buffer_len_ret),
PSA_ERROR_BAD_STATE);
TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret), PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite));
PSA_ERROR_BAD_STATE);
PSA_ASSERT(psa_pake_set_user(&operation, user, user_len)); TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs,
(uint8_t *) &user_ret,
10, &buffer_len_ret),
PSA_ERROR_BAD_STATE);
TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret), TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret),
PSA_SUCCESS); PSA_ERROR_BAD_STATE);
TEST_EQUAL(user_len_ret, user_len); PSA_ASSERT(psa_pake_set_user(&operation, user, user_len));
TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret),
(uint8_t *) &user_ret, PSA_SUCCESS);
user_len_ret - 1,
&buffer_len_ret),
PSA_ERROR_BUFFER_TOO_SMALL);
TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, TEST_EQUAL(user_len_ret, user_len);
(uint8_t *) &user_ret,
user_len_ret,
&buffer_len_ret),
PSA_SUCCESS);
TEST_EQUAL(buffer_len_ret, user_len); TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs,
PSA_ASSERT(memcmp(user_ret, user, buffer_len_ret)); (uint8_t *) &user_ret,
user_len_ret - 1,
&buffer_len_ret),
PSA_ERROR_BUFFER_TOO_SMALL);
TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs,
(uint8_t *) &user_ret,
user_len_ret,
&buffer_len_ret),
PSA_SUCCESS);
ASSERT_COMPARE(user_ret, buffer_len_ret, user, user_len);
}
exit: exit:
PSA_ASSERT(psa_pake_abort(&operation)); PSA_ASSERT(psa_pake_abort(&operation));
PSA_DONE(); PSA_DONE();
@ -1129,8 +1099,7 @@ void pake_input_getters_peer()
{ {
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_operation_t operation = psa_pake_operation_init(); psa_pake_operation_t operation = psa_pake_operation_init();
const uint8_t peer[] = { 's', 'e', 'r', 'v', 'e', 'r' }; const char *peers[] = { "client", "server", "other" };
const size_t peer_len = sizeof(peer);
uint8_t peer_ret[20] = { 0 }; // max peer length is 20 bytes uint8_t peer_ret[20] = { 0 }; // max peer length is 20 bytes
size_t peer_len_ret = 0; size_t peer_len_ret = 0;
size_t buffer_len_ret = 0; size_t buffer_len_ret = 0;
@ -1145,37 +1114,43 @@ void pake_input_getters_peer()
psa_pake_cs_set_primitive(&cipher_suite, primitive); psa_pake_cs_set_primitive(&cipher_suite, primitive);
psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256);
PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); for (size_t i = 0; i < ARRAY_LENGTH(peers); i++) {
uint8_t *peer = (uint8_t *) peers[i];
uint8_t peer_len = strlen(peers[i]);
TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, PSA_ASSERT(psa_pake_abort(&operation));
(uint8_t *) &peer_ret,
10, &buffer_len_ret),
PSA_ERROR_BAD_STATE);
TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret), PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite));
PSA_ERROR_BAD_STATE);
PSA_ASSERT(psa_pake_set_peer(&operation, peer, peer_len)); TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs,
(uint8_t *) &peer_ret,
10, &buffer_len_ret),
PSA_ERROR_BAD_STATE);
TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret), TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret),
PSA_SUCCESS); PSA_ERROR_BAD_STATE);
TEST_EQUAL(peer_len_ret, peer_len); PSA_ASSERT(psa_pake_set_peer(&operation, peer, peer_len));
TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret),
(uint8_t *) &peer_ret, PSA_SUCCESS);
peer_len_ret - 1,
&buffer_len_ret),
PSA_ERROR_BUFFER_TOO_SMALL);
TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, TEST_EQUAL(peer_len_ret, peer_len);
(uint8_t *) &peer_ret,
peer_len_ret,
&buffer_len_ret),
PSA_SUCCESS);
TEST_EQUAL(buffer_len_ret, peer_len); TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs,
PSA_ASSERT(memcmp(peer_ret, peer, buffer_len_ret)); (uint8_t *) &peer_ret,
peer_len_ret - 1,
&buffer_len_ret),
PSA_ERROR_BUFFER_TOO_SMALL);
TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs,
(uint8_t *) &peer_ret,
peer_len_ret,
&buffer_len_ret),
PSA_SUCCESS);
ASSERT_COMPARE(peer_ret, buffer_len_ret, peer, peer_len);
}
exit: exit:
PSA_ASSERT(psa_pake_abort(&operation)); PSA_ASSERT(psa_pake_abort(&operation));
PSA_DONE(); PSA_DONE();