1a8e1175bSopenharmony_ci/* BEGIN_HEADER */ 2a8e1175bSopenharmony_ci#include <stdint.h> 3a8e1175bSopenharmony_ci 4a8e1175bSopenharmony_ci#include "psa/crypto.h" 5a8e1175bSopenharmony_ci#include "psa/crypto_extra.h" 6a8e1175bSopenharmony_ci 7a8e1175bSopenharmony_citypedef enum { 8a8e1175bSopenharmony_ci ERR_NONE = 0, 9a8e1175bSopenharmony_ci /* errors forced internally in the code */ 10a8e1175bSopenharmony_ci ERR_INJECT_UNINITIALIZED_ACCESS, 11a8e1175bSopenharmony_ci ERR_INJECT_DUPLICATE_SETUP, 12a8e1175bSopenharmony_ci ERR_INJECT_SET_USER, 13a8e1175bSopenharmony_ci ERR_INJECT_SET_PEER, 14a8e1175bSopenharmony_ci ERR_INJECT_SET_ROLE, 15a8e1175bSopenharmony_ci ERR_DUPLICATE_SET_USER, 16a8e1175bSopenharmony_ci ERR_DUPLICATE_SET_PEER, 17a8e1175bSopenharmony_ci ERR_INJECT_EMPTY_IO_BUFFER, 18a8e1175bSopenharmony_ci ERR_INJECT_UNKNOWN_STEP, 19a8e1175bSopenharmony_ci ERR_INJECT_INVALID_FIRST_STEP, 20a8e1175bSopenharmony_ci ERR_INJECT_WRONG_BUFFER_SIZE, 21a8e1175bSopenharmony_ci ERR_INJECT_WRONG_BUFFER_SIZE_2, 22a8e1175bSopenharmony_ci ERR_INJECT_VALID_OPERATION_AFTER_FAILURE, 23a8e1175bSopenharmony_ci ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1, 24a8e1175bSopenharmony_ci ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2, 25a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1, 26a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1, 27a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1, 28a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2, 29a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2, 30a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2, 31a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_CLIENT_KEY_SHARE, 32a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC, 33a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_CLIENT_ZK_PROOF, 34a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1, 35a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1, 36a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1, 37a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2, 38a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2, 39a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2, 40a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_SERVER_KEY_SHARE, 41a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC, 42a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_SERVER_ZK_PROOF, 43a8e1175bSopenharmony_ci ERR_INJECT_EXTRA_OUTPUT, 44a8e1175bSopenharmony_ci ERR_INJECT_EXTRA_INPUT, 45a8e1175bSopenharmony_ci ERR_INJECT_EXTRA_OUTPUT_AT_END, 46a8e1175bSopenharmony_ci ERR_INJECT_EXTRA_INPUT_AT_END, 47a8e1175bSopenharmony_ci /* errors issued from the .data file */ 48a8e1175bSopenharmony_ci ERR_IN_SETUP, 49a8e1175bSopenharmony_ci ERR_IN_SET_USER, 50a8e1175bSopenharmony_ci ERR_IN_SET_PEER, 51a8e1175bSopenharmony_ci ERR_IN_SET_ROLE, 52a8e1175bSopenharmony_ci ERR_IN_SET_PASSWORD_KEY, 53a8e1175bSopenharmony_ci ERR_IN_INPUT, 54a8e1175bSopenharmony_ci ERR_IN_OUTPUT, 55a8e1175bSopenharmony_ci} ecjpake_error_stage_t; 56a8e1175bSopenharmony_ci 57a8e1175bSopenharmony_citypedef enum { 58a8e1175bSopenharmony_ci PAKE_ROUND_ONE, 59a8e1175bSopenharmony_ci PAKE_ROUND_TWO 60a8e1175bSopenharmony_ci} pake_round_t; 61a8e1175bSopenharmony_ci 62a8e1175bSopenharmony_ci#if defined(PSA_WANT_ALG_JPAKE) 63a8e1175bSopenharmony_ci/* The only two JPAKE user/peer identifiers supported for the time being. */ 64a8e1175bSopenharmony_cistatic const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; 65a8e1175bSopenharmony_cistatic const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; 66a8e1175bSopenharmony_ci#endif 67a8e1175bSopenharmony_ci 68a8e1175bSopenharmony_ci/* 69a8e1175bSopenharmony_ci * Inject an error on the specified buffer ONLY it this is the correct stage. 70a8e1175bSopenharmony_ci * Offset 7 is arbitrary, but chosen because it's "in the middle" of the part 71a8e1175bSopenharmony_ci * we're corrupting. 72a8e1175bSopenharmony_ci */ 73a8e1175bSopenharmony_ci#define DO_ROUND_CONDITIONAL_INJECT(this_stage, buf) \ 74a8e1175bSopenharmony_ci if (this_stage == err_stage) \ 75a8e1175bSopenharmony_ci { \ 76a8e1175bSopenharmony_ci *(buf + 7) ^= 1; \ 77a8e1175bSopenharmony_ci } 78a8e1175bSopenharmony_ci 79a8e1175bSopenharmony_ci#define DO_ROUND_CONDITIONAL_CHECK_FAILURE(this_stage, function) \ 80a8e1175bSopenharmony_ci if (this_stage == err_stage) \ 81a8e1175bSopenharmony_ci { \ 82a8e1175bSopenharmony_ci TEST_EQUAL(function, expected_error_arg); \ 83a8e1175bSopenharmony_ci break; \ 84a8e1175bSopenharmony_ci } 85a8e1175bSopenharmony_ci 86a8e1175bSopenharmony_ci#define DO_ROUND_UPDATE_OFFSETS(main_buf_offset, step_offset, step_size) \ 87a8e1175bSopenharmony_ci { \ 88a8e1175bSopenharmony_ci step_offset = main_buf_offset; \ 89a8e1175bSopenharmony_ci main_buf_offset += step_size; \ 90a8e1175bSopenharmony_ci } 91a8e1175bSopenharmony_ci 92a8e1175bSopenharmony_ci#define DO_ROUND_CHECK_FAILURE() \ 93a8e1175bSopenharmony_ci if (err_stage != ERR_NONE && status != PSA_SUCCESS) \ 94a8e1175bSopenharmony_ci { \ 95a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_error_arg); \ 96a8e1175bSopenharmony_ci break; \ 97a8e1175bSopenharmony_ci } \ 98a8e1175bSopenharmony_ci else \ 99a8e1175bSopenharmony_ci { \ 100a8e1175bSopenharmony_ci TEST_EQUAL(status, PSA_SUCCESS); \ 101a8e1175bSopenharmony_ci } 102a8e1175bSopenharmony_ci 103a8e1175bSopenharmony_ci#if defined(PSA_WANT_ALG_JPAKE) 104a8e1175bSopenharmony_cistatic void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, 105a8e1175bSopenharmony_ci psa_pake_operation_t *server, 106a8e1175bSopenharmony_ci psa_pake_operation_t *client, 107a8e1175bSopenharmony_ci int client_input_first, 108a8e1175bSopenharmony_ci pake_round_t round, 109a8e1175bSopenharmony_ci ecjpake_error_stage_t err_stage, 110a8e1175bSopenharmony_ci int expected_error_arg) 111a8e1175bSopenharmony_ci{ 112a8e1175bSopenharmony_ci unsigned char *buffer0 = NULL, *buffer1 = NULL; 113a8e1175bSopenharmony_ci size_t buffer_length = ( 114a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + 115a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + 116a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; 117a8e1175bSopenharmony_ci /* The output should be exactly this size according to the spec */ 118a8e1175bSopenharmony_ci const size_t expected_size_key_share = 119a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); 120a8e1175bSopenharmony_ci /* The output should be exactly this size according to the spec */ 121a8e1175bSopenharmony_ci const size_t expected_size_zk_public = 122a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); 123a8e1175bSopenharmony_ci /* The output can be smaller: the spec allows stripping leading zeroes */ 124a8e1175bSopenharmony_ci const size_t max_expected_size_zk_proof = 125a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); 126a8e1175bSopenharmony_ci size_t buffer0_off = 0; 127a8e1175bSopenharmony_ci size_t buffer1_off = 0; 128a8e1175bSopenharmony_ci size_t s_g1_len, s_g2_len, s_a_len; 129a8e1175bSopenharmony_ci size_t s_g1_off, s_g2_off, s_a_off; 130a8e1175bSopenharmony_ci size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; 131a8e1175bSopenharmony_ci size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; 132a8e1175bSopenharmony_ci size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; 133a8e1175bSopenharmony_ci size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; 134a8e1175bSopenharmony_ci size_t c_g1_len, c_g2_len, c_a_len; 135a8e1175bSopenharmony_ci size_t c_g1_off, c_g2_off, c_a_off; 136a8e1175bSopenharmony_ci size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; 137a8e1175bSopenharmony_ci size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; 138a8e1175bSopenharmony_ci size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; 139a8e1175bSopenharmony_ci size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; 140a8e1175bSopenharmony_ci psa_status_t status; 141a8e1175bSopenharmony_ci 142a8e1175bSopenharmony_ci TEST_CALLOC(buffer0, buffer_length); 143a8e1175bSopenharmony_ci TEST_CALLOC(buffer1, buffer_length); 144a8e1175bSopenharmony_ci 145a8e1175bSopenharmony_ci switch (round) { 146a8e1175bSopenharmony_ci case PAKE_ROUND_ONE: 147a8e1175bSopenharmony_ci /* Server first round Output */ 148a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 149a8e1175bSopenharmony_ci buffer0 + buffer0_off, 150a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_g1_len)); 151a8e1175bSopenharmony_ci TEST_EQUAL(s_g1_len, expected_size_key_share); 152a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 153a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1, 154a8e1175bSopenharmony_ci buffer0 + buffer0_off); 155a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_g1_off, s_g1_len); 156a8e1175bSopenharmony_ci 157a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 158a8e1175bSopenharmony_ci buffer0 + buffer0_off, 159a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x1_pk_len)); 160a8e1175bSopenharmony_ci TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); 161a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 162a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1, 163a8e1175bSopenharmony_ci buffer0 + buffer0_off); 164a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_x1_pk_off, s_x1_pk_len); 165a8e1175bSopenharmony_ci 166a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 167a8e1175bSopenharmony_ci buffer0 + buffer0_off, 168a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x1_pr_len)); 169a8e1175bSopenharmony_ci TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); 170a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 171a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1, 172a8e1175bSopenharmony_ci buffer0 + buffer0_off); 173a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_x1_pr_off, s_x1_pr_len); 174a8e1175bSopenharmony_ci 175a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 176a8e1175bSopenharmony_ci buffer0 + buffer0_off, 177a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_g2_len)); 178a8e1175bSopenharmony_ci TEST_EQUAL(s_g2_len, expected_size_key_share); 179a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 180a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2, 181a8e1175bSopenharmony_ci buffer0 + buffer0_off); 182a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_g2_off, s_g2_len); 183a8e1175bSopenharmony_ci 184a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 185a8e1175bSopenharmony_ci buffer0 + buffer0_off, 186a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x2_pk_len)); 187a8e1175bSopenharmony_ci TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); 188a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 189a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2, 190a8e1175bSopenharmony_ci buffer0 + buffer0_off); 191a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_x2_pk_off, s_x2_pk_len); 192a8e1175bSopenharmony_ci 193a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 194a8e1175bSopenharmony_ci buffer0 + buffer0_off, 195a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x2_pr_len)); 196a8e1175bSopenharmony_ci TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); 197a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 198a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2, 199a8e1175bSopenharmony_ci buffer0 + buffer0_off); 200a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_x2_pr_off, s_x2_pr_len); 201a8e1175bSopenharmony_ci 202a8e1175bSopenharmony_ci size_t extra_output_len; 203a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_CHECK_FAILURE( 204a8e1175bSopenharmony_ci ERR_INJECT_EXTRA_OUTPUT, 205a8e1175bSopenharmony_ci psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 206a8e1175bSopenharmony_ci buffer0 + s_g2_off, buffer_length - s_g2_off, &extra_output_len)); 207a8e1175bSopenharmony_ci (void) extra_output_len; 208a8e1175bSopenharmony_ci /* 209a8e1175bSopenharmony_ci * When injecting errors in inputs, the implementation is 210a8e1175bSopenharmony_ci * free to detect it right away of with a delay. 211a8e1175bSopenharmony_ci * This permits delaying the error until the end of the input 212a8e1175bSopenharmony_ci * sequence, if no error appears then, this will be treated 213a8e1175bSopenharmony_ci * as an error. 214a8e1175bSopenharmony_ci */ 215a8e1175bSopenharmony_ci if (client_input_first == 1) { 216a8e1175bSopenharmony_ci /* Client first round Input */ 217a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 218a8e1175bSopenharmony_ci buffer0 + s_g1_off, s_g1_len); 219a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 220a8e1175bSopenharmony_ci 221a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 222a8e1175bSopenharmony_ci buffer0 + s_x1_pk_off, 223a8e1175bSopenharmony_ci s_x1_pk_len); 224a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 225a8e1175bSopenharmony_ci 226a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 227a8e1175bSopenharmony_ci buffer0 + s_x1_pr_off, 228a8e1175bSopenharmony_ci s_x1_pr_len); 229a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 230a8e1175bSopenharmony_ci 231a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 232a8e1175bSopenharmony_ci buffer0 + s_g2_off, 233a8e1175bSopenharmony_ci s_g2_len); 234a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 235a8e1175bSopenharmony_ci 236a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 237a8e1175bSopenharmony_ci buffer0 + s_x2_pk_off, 238a8e1175bSopenharmony_ci s_x2_pk_len); 239a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 240a8e1175bSopenharmony_ci 241a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 242a8e1175bSopenharmony_ci buffer0 + s_x2_pr_off, 243a8e1175bSopenharmony_ci s_x2_pr_len); 244a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 245a8e1175bSopenharmony_ci 246a8e1175bSopenharmony_ci /* Note: Must have client_input_first == 1 to inject extra input */ 247a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_CHECK_FAILURE( 248a8e1175bSopenharmony_ci ERR_INJECT_EXTRA_INPUT, 249a8e1175bSopenharmony_ci psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 250a8e1175bSopenharmony_ci buffer0 + s_g2_off, s_g2_len)); 251a8e1175bSopenharmony_ci 252a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 253a8e1175bSopenharmony_ci if ((err_stage >= ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1) && 254a8e1175bSopenharmony_ci (err_stage <= ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2)) { 255a8e1175bSopenharmony_ci TEST_ASSERT( 256a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 257a8e1175bSopenharmony_ci } 258a8e1175bSopenharmony_ci } 259a8e1175bSopenharmony_ci 260a8e1175bSopenharmony_ci /* Client first round Output */ 261a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 262a8e1175bSopenharmony_ci buffer1 + buffer1_off, 263a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_g1_len)); 264a8e1175bSopenharmony_ci TEST_EQUAL(c_g1_len, expected_size_key_share); 265a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 266a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1, 267a8e1175bSopenharmony_ci buffer1 + buffer1_off); 268a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_g1_off, c_g1_len); 269a8e1175bSopenharmony_ci 270a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 271a8e1175bSopenharmony_ci buffer1 + buffer1_off, 272a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x1_pk_len)); 273a8e1175bSopenharmony_ci TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); 274a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 275a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1, 276a8e1175bSopenharmony_ci buffer1 + buffer1_off); 277a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_x1_pk_off, c_x1_pk_len); 278a8e1175bSopenharmony_ci 279a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 280a8e1175bSopenharmony_ci buffer1 + buffer1_off, 281a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x1_pr_len)); 282a8e1175bSopenharmony_ci TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); 283a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 284a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1, 285a8e1175bSopenharmony_ci buffer1 + buffer1_off); 286a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_x1_pr_off, c_x1_pr_len); 287a8e1175bSopenharmony_ci 288a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 289a8e1175bSopenharmony_ci buffer1 + buffer1_off, 290a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_g2_len)); 291a8e1175bSopenharmony_ci TEST_EQUAL(c_g2_len, expected_size_key_share); 292a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 293a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2, 294a8e1175bSopenharmony_ci buffer1 + buffer1_off); 295a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_g2_off, c_g2_len); 296a8e1175bSopenharmony_ci 297a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 298a8e1175bSopenharmony_ci buffer1 + buffer1_off, 299a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x2_pk_len)); 300a8e1175bSopenharmony_ci TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); 301a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 302a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2, 303a8e1175bSopenharmony_ci buffer1 + buffer1_off); 304a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_x2_pk_off, c_x2_pk_len); 305a8e1175bSopenharmony_ci 306a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 307a8e1175bSopenharmony_ci buffer1 + buffer1_off, 308a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x2_pr_len)); 309a8e1175bSopenharmony_ci TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); 310a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 311a8e1175bSopenharmony_ci ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2, 312a8e1175bSopenharmony_ci buffer1 + buffer1_off); 313a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_x2_pr_off, buffer1_off); 314a8e1175bSopenharmony_ci 315a8e1175bSopenharmony_ci if (client_input_first == 0) { 316a8e1175bSopenharmony_ci /* Client first round Input */ 317a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 318a8e1175bSopenharmony_ci buffer0 + s_g1_off, s_g1_len); 319a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 320a8e1175bSopenharmony_ci 321a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 322a8e1175bSopenharmony_ci buffer0 + s_x1_pk_off, 323a8e1175bSopenharmony_ci s_x1_pk_len); 324a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 325a8e1175bSopenharmony_ci 326a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 327a8e1175bSopenharmony_ci buffer0 + s_x1_pr_off, 328a8e1175bSopenharmony_ci s_x1_pr_len); 329a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 330a8e1175bSopenharmony_ci 331a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 332a8e1175bSopenharmony_ci buffer0 + s_g2_off, 333a8e1175bSopenharmony_ci s_g2_len); 334a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 335a8e1175bSopenharmony_ci 336a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 337a8e1175bSopenharmony_ci buffer0 + s_x2_pk_off, 338a8e1175bSopenharmony_ci s_x2_pk_len); 339a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 340a8e1175bSopenharmony_ci 341a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 342a8e1175bSopenharmony_ci buffer0 + s_x2_pr_off, 343a8e1175bSopenharmony_ci s_x2_pr_len); 344a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 345a8e1175bSopenharmony_ci 346a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 347a8e1175bSopenharmony_ci if ((err_stage >= ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1) && 348a8e1175bSopenharmony_ci (err_stage <= ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2)) { 349a8e1175bSopenharmony_ci TEST_ASSERT( 350a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 351a8e1175bSopenharmony_ci } 352a8e1175bSopenharmony_ci } 353a8e1175bSopenharmony_ci 354a8e1175bSopenharmony_ci /* Server first round Input */ 355a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 356a8e1175bSopenharmony_ci buffer1 + c_g1_off, c_g1_len); 357a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 358a8e1175bSopenharmony_ci 359a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 360a8e1175bSopenharmony_ci buffer1 + c_x1_pk_off, c_x1_pk_len); 361a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 362a8e1175bSopenharmony_ci 363a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 364a8e1175bSopenharmony_ci buffer1 + c_x1_pr_off, c_x1_pr_len); 365a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 366a8e1175bSopenharmony_ci 367a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 368a8e1175bSopenharmony_ci buffer1 + c_g2_off, c_g2_len); 369a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 370a8e1175bSopenharmony_ci 371a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 372a8e1175bSopenharmony_ci buffer1 + c_x2_pk_off, c_x2_pk_len); 373a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 374a8e1175bSopenharmony_ci 375a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 376a8e1175bSopenharmony_ci buffer1 + c_x2_pr_off, c_x2_pr_len); 377a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 378a8e1175bSopenharmony_ci 379a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 380a8e1175bSopenharmony_ci if ((err_stage >= ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1) && 381a8e1175bSopenharmony_ci (err_stage <= ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2)) { 382a8e1175bSopenharmony_ci TEST_ASSERT( 383a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 384a8e1175bSopenharmony_ci } 385a8e1175bSopenharmony_ci 386a8e1175bSopenharmony_ci break; 387a8e1175bSopenharmony_ci 388a8e1175bSopenharmony_ci case PAKE_ROUND_TWO: 389a8e1175bSopenharmony_ci /* Server second round Output */ 390a8e1175bSopenharmony_ci buffer0_off = 0; 391a8e1175bSopenharmony_ci 392a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, 393a8e1175bSopenharmony_ci buffer0 + buffer0_off, 394a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_a_len)); 395a8e1175bSopenharmony_ci TEST_EQUAL(s_a_len, expected_size_key_share); 396a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 397a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_SERVER_KEY_SHARE, 398a8e1175bSopenharmony_ci buffer0 + buffer0_off); 399a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_a_off, s_a_len); 400a8e1175bSopenharmony_ci 401a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, 402a8e1175bSopenharmony_ci buffer0 + buffer0_off, 403a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x2s_pk_len)); 404a8e1175bSopenharmony_ci TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); 405a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 406a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC, 407a8e1175bSopenharmony_ci buffer0 + buffer0_off); 408a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_x2s_pk_off, s_x2s_pk_len); 409a8e1175bSopenharmony_ci 410a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, 411a8e1175bSopenharmony_ci buffer0 + buffer0_off, 412a8e1175bSopenharmony_ci buffer_length - buffer0_off, &s_x2s_pr_len)); 413a8e1175bSopenharmony_ci TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); 414a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 415a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_SERVER_ZK_PROOF, 416a8e1175bSopenharmony_ci buffer0 + buffer0_off); 417a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_x2s_pr_off, s_x2s_pr_len); 418a8e1175bSopenharmony_ci 419a8e1175bSopenharmony_ci if (client_input_first == 1) { 420a8e1175bSopenharmony_ci /* Client second round Input */ 421a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 422a8e1175bSopenharmony_ci buffer0 + s_a_off, s_a_len); 423a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 424a8e1175bSopenharmony_ci 425a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 426a8e1175bSopenharmony_ci buffer0 + s_x2s_pk_off, 427a8e1175bSopenharmony_ci s_x2s_pk_len); 428a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 429a8e1175bSopenharmony_ci 430a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 431a8e1175bSopenharmony_ci buffer0 + s_x2s_pr_off, 432a8e1175bSopenharmony_ci s_x2s_pr_len); 433a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 434a8e1175bSopenharmony_ci 435a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 436a8e1175bSopenharmony_ci if ((err_stage >= ERR_INJECT_ROUND2_SERVER_KEY_SHARE) && 437a8e1175bSopenharmony_ci (err_stage <= ERR_INJECT_ROUND2_SERVER_ZK_PROOF)) { 438a8e1175bSopenharmony_ci TEST_ASSERT( 439a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 440a8e1175bSopenharmony_ci } 441a8e1175bSopenharmony_ci } 442a8e1175bSopenharmony_ci 443a8e1175bSopenharmony_ci /* Client second round Output */ 444a8e1175bSopenharmony_ci buffer1_off = 0; 445a8e1175bSopenharmony_ci 446a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 447a8e1175bSopenharmony_ci buffer1 + buffer1_off, 448a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_a_len)); 449a8e1175bSopenharmony_ci TEST_EQUAL(c_a_len, expected_size_key_share); 450a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 451a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_CLIENT_KEY_SHARE, 452a8e1175bSopenharmony_ci buffer1 + buffer1_off); 453a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_a_off, c_a_len); 454a8e1175bSopenharmony_ci 455a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, 456a8e1175bSopenharmony_ci buffer1 + buffer1_off, 457a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x2s_pk_len)); 458a8e1175bSopenharmony_ci TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); 459a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 460a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC, 461a8e1175bSopenharmony_ci buffer1 + buffer1_off); 462a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_x2s_pk_off, c_x2s_pk_len); 463a8e1175bSopenharmony_ci 464a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, 465a8e1175bSopenharmony_ci buffer1 + buffer1_off, 466a8e1175bSopenharmony_ci buffer_length - buffer1_off, &c_x2s_pr_len)); 467a8e1175bSopenharmony_ci TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); 468a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_INJECT( 469a8e1175bSopenharmony_ci ERR_INJECT_ROUND2_CLIENT_ZK_PROOF, 470a8e1175bSopenharmony_ci buffer1 + buffer1_off); 471a8e1175bSopenharmony_ci DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_x2s_pr_off, c_x2s_pr_len); 472a8e1175bSopenharmony_ci 473a8e1175bSopenharmony_ci if (client_input_first == 1) { 474a8e1175bSopenharmony_ci size_t extra_output_at_end_len; 475a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_CHECK_FAILURE( 476a8e1175bSopenharmony_ci ERR_INJECT_EXTRA_OUTPUT_AT_END, 477a8e1175bSopenharmony_ci psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, 478a8e1175bSopenharmony_ci buffer1 + c_a_off, buffer_length - c_a_off, 479a8e1175bSopenharmony_ci &extra_output_at_end_len)); 480a8e1175bSopenharmony_ci (void) extra_output_at_end_len; 481a8e1175bSopenharmony_ci } 482a8e1175bSopenharmony_ci 483a8e1175bSopenharmony_ci if (client_input_first == 0) { 484a8e1175bSopenharmony_ci /* Client second round Input */ 485a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, 486a8e1175bSopenharmony_ci buffer0 + s_a_off, s_a_len); 487a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 488a8e1175bSopenharmony_ci 489a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, 490a8e1175bSopenharmony_ci buffer0 + s_x2s_pk_off, 491a8e1175bSopenharmony_ci s_x2s_pk_len); 492a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 493a8e1175bSopenharmony_ci 494a8e1175bSopenharmony_ci status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, 495a8e1175bSopenharmony_ci buffer0 + s_x2s_pr_off, 496a8e1175bSopenharmony_ci s_x2s_pr_len); 497a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 498a8e1175bSopenharmony_ci 499a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 500a8e1175bSopenharmony_ci if ((err_stage >= ERR_INJECT_ROUND2_SERVER_KEY_SHARE) && 501a8e1175bSopenharmony_ci (err_stage <= ERR_INJECT_ROUND2_SERVER_ZK_PROOF)) { 502a8e1175bSopenharmony_ci TEST_ASSERT( 503a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 504a8e1175bSopenharmony_ci } 505a8e1175bSopenharmony_ci } 506a8e1175bSopenharmony_ci 507a8e1175bSopenharmony_ci /* Server second round Input */ 508a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 509a8e1175bSopenharmony_ci buffer1 + c_a_off, c_a_len); 510a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 511a8e1175bSopenharmony_ci 512a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, 513a8e1175bSopenharmony_ci buffer1 + c_x2s_pk_off, c_x2s_pk_len); 514a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 515a8e1175bSopenharmony_ci 516a8e1175bSopenharmony_ci status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, 517a8e1175bSopenharmony_ci buffer1 + c_x2s_pr_off, c_x2s_pr_len); 518a8e1175bSopenharmony_ci DO_ROUND_CHECK_FAILURE(); 519a8e1175bSopenharmony_ci 520a8e1175bSopenharmony_ci DO_ROUND_CONDITIONAL_CHECK_FAILURE( 521a8e1175bSopenharmony_ci ERR_INJECT_EXTRA_INPUT_AT_END, 522a8e1175bSopenharmony_ci psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, 523a8e1175bSopenharmony_ci buffer1 + c_a_off, c_a_len)); 524a8e1175bSopenharmony_ci 525a8e1175bSopenharmony_ci 526a8e1175bSopenharmony_ci /* Error didn't trigger, make test fail */ 527a8e1175bSopenharmony_ci if ((err_stage >= ERR_INJECT_ROUND2_CLIENT_KEY_SHARE) && 528a8e1175bSopenharmony_ci (err_stage <= ERR_INJECT_ROUND2_CLIENT_ZK_PROOF)) { 529a8e1175bSopenharmony_ci TEST_ASSERT( 530a8e1175bSopenharmony_ci !"One of the last psa_pake_input() calls should have returned the expected error."); 531a8e1175bSopenharmony_ci } 532a8e1175bSopenharmony_ci 533a8e1175bSopenharmony_ci break; 534a8e1175bSopenharmony_ci 535a8e1175bSopenharmony_ci } 536a8e1175bSopenharmony_ci 537a8e1175bSopenharmony_ciexit: 538a8e1175bSopenharmony_ci mbedtls_free(buffer0); 539a8e1175bSopenharmony_ci mbedtls_free(buffer1); 540a8e1175bSopenharmony_ci} 541a8e1175bSopenharmony_ci#endif /* PSA_WANT_ALG_JPAKE */ 542a8e1175bSopenharmony_ci 543a8e1175bSopenharmony_ci/* 544a8e1175bSopenharmony_ci * This check is used for functions that might either succeed or fail depending 545a8e1175bSopenharmony_ci * on the parameters that are passed in from the *.data file: 546a8e1175bSopenharmony_ci * - in case of success following functions depend on the current one 547a8e1175bSopenharmony_ci * - in case of failure the test is always terminated. There are two options 548a8e1175bSopenharmony_ci * here 549a8e1175bSopenharmony_ci * - terminated successfully if this exact error was expected at this stage 550a8e1175bSopenharmony_ci * - terminated with failure otherwise (either no error was expected at this 551a8e1175bSopenharmony_ci * stage or a different error code was expected) 552a8e1175bSopenharmony_ci */ 553a8e1175bSopenharmony_ci#define SETUP_ALWAYS_CHECK_STEP(test_function, this_check_err_stage) \ 554a8e1175bSopenharmony_ci status = test_function; \ 555a8e1175bSopenharmony_ci if (err_stage != this_check_err_stage) \ 556a8e1175bSopenharmony_ci { \ 557a8e1175bSopenharmony_ci PSA_ASSERT(status); \ 558a8e1175bSopenharmony_ci } \ 559a8e1175bSopenharmony_ci else \ 560a8e1175bSopenharmony_ci { \ 561a8e1175bSopenharmony_ci TEST_EQUAL(status, expected_error); \ 562a8e1175bSopenharmony_ci goto exit; \ 563a8e1175bSopenharmony_ci } 564a8e1175bSopenharmony_ci 565a8e1175bSopenharmony_ci/* 566a8e1175bSopenharmony_ci * This check is used for failures that are injected at code level. There's only 567a8e1175bSopenharmony_ci * 1 input parameter that is relevant in this case and it's the stage at which 568a8e1175bSopenharmony_ci * the error should be injected. 569a8e1175bSopenharmony_ci * The check is conditional in this case because, once the error is triggered, 570a8e1175bSopenharmony_ci * the pake's context structure is compromised and the setup function cannot 571a8e1175bSopenharmony_ci * proceed further. As a consequence the test is terminated. 572a8e1175bSopenharmony_ci * The test succeeds if the returned error is exactly the expected one, 573a8e1175bSopenharmony_ci * otherwise it fails. 574a8e1175bSopenharmony_ci */ 575a8e1175bSopenharmony_ci#define SETUP_CONDITIONAL_CHECK_STEP(test_function, this_check_err_stage) \ 576a8e1175bSopenharmony_ci if (err_stage == this_check_err_stage) \ 577a8e1175bSopenharmony_ci { \ 578a8e1175bSopenharmony_ci TEST_EQUAL(test_function, expected_error); \ 579a8e1175bSopenharmony_ci goto exit; \ 580a8e1175bSopenharmony_ci } 581a8e1175bSopenharmony_ci/* END_HEADER */ 582a8e1175bSopenharmony_ci 583a8e1175bSopenharmony_ci/* BEGIN_DEPENDENCIES 584a8e1175bSopenharmony_ci * depends_on:MBEDTLS_PSA_CRYPTO_C 585a8e1175bSopenharmony_ci * END_DEPENDENCIES 586a8e1175bSopenharmony_ci */ 587a8e1175bSopenharmony_ci 588a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 589a8e1175bSopenharmony_civoid ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, 590a8e1175bSopenharmony_ci int primitive_arg, int hash_arg, char *user_arg, char *peer_arg, 591a8e1175bSopenharmony_ci int test_input, 592a8e1175bSopenharmony_ci int err_stage_arg, 593a8e1175bSopenharmony_ci int expected_error_arg) 594a8e1175bSopenharmony_ci{ 595a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 596a8e1175bSopenharmony_ci psa_pake_operation_t operation = psa_pake_operation_init(); 597a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 598a8e1175bSopenharmony_ci psa_pake_primitive_t primitive = primitive_arg; 599a8e1175bSopenharmony_ci psa_key_type_t key_type_pw = key_type_pw_arg; 600a8e1175bSopenharmony_ci psa_key_usage_t key_usage_pw = key_usage_pw_arg; 601a8e1175bSopenharmony_ci psa_algorithm_t hash_alg = hash_arg; 602a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 603a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 604a8e1175bSopenharmony_ci ecjpake_error_stage_t err_stage = err_stage_arg; 605a8e1175bSopenharmony_ci psa_status_t expected_error = expected_error_arg; 606a8e1175bSopenharmony_ci psa_status_t status; 607a8e1175bSopenharmony_ci unsigned char *output_buffer = NULL; 608a8e1175bSopenharmony_ci size_t output_len = 0; 609a8e1175bSopenharmony_ci const uint8_t password[] = "abcd"; 610a8e1175bSopenharmony_ci uint8_t *user = (uint8_t *) user_arg; 611a8e1175bSopenharmony_ci uint8_t *peer = (uint8_t *) peer_arg; 612a8e1175bSopenharmony_ci size_t user_len = strlen(user_arg); 613a8e1175bSopenharmony_ci size_t peer_len = strlen(peer_arg); 614a8e1175bSopenharmony_ci 615a8e1175bSopenharmony_ci psa_key_derivation_operation_t key_derivation = 616a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_OPERATION_INIT; 617a8e1175bSopenharmony_ci 618a8e1175bSopenharmony_ci PSA_INIT(); 619a8e1175bSopenharmony_ci 620a8e1175bSopenharmony_ci size_t buf_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg, 621a8e1175bSopenharmony_ci PSA_PAKE_STEP_KEY_SHARE); 622a8e1175bSopenharmony_ci TEST_CALLOC(output_buffer, buf_size); 623a8e1175bSopenharmony_ci 624a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, key_usage_pw); 625a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 626a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type_pw); 627a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, password, sizeof(password), 628a8e1175bSopenharmony_ci &key)); 629a8e1175bSopenharmony_ci 630a8e1175bSopenharmony_ci psa_pake_cs_set_algorithm(&cipher_suite, alg); 631a8e1175bSopenharmony_ci psa_pake_cs_set_primitive(&cipher_suite, primitive); 632a8e1175bSopenharmony_ci psa_pake_cs_set_hash(&cipher_suite, hash_alg); 633a8e1175bSopenharmony_ci 634a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 635a8e1175bSopenharmony_ci 636a8e1175bSopenharmony_ci if (err_stage == ERR_INJECT_UNINITIALIZED_ACCESS) { 637a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_user(&operation, user, user_len), 638a8e1175bSopenharmony_ci expected_error); 639a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_peer(&operation, peer, peer_len), 640a8e1175bSopenharmony_ci expected_error); 641a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_password_key(&operation, key), 642a8e1175bSopenharmony_ci expected_error); 643a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), 644a8e1175bSopenharmony_ci expected_error); 645a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, 646a8e1175bSopenharmony_ci output_buffer, 0, &output_len), 647a8e1175bSopenharmony_ci expected_error); 648a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, 649a8e1175bSopenharmony_ci output_buffer, 0), 650a8e1175bSopenharmony_ci expected_error); 651a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_get_implicit_key(&operation, &key_derivation), 652a8e1175bSopenharmony_ci expected_error); 653a8e1175bSopenharmony_ci goto exit; 654a8e1175bSopenharmony_ci } 655a8e1175bSopenharmony_ci 656a8e1175bSopenharmony_ci SETUP_ALWAYS_CHECK_STEP(psa_pake_setup(&operation, &cipher_suite), 657a8e1175bSopenharmony_ci ERR_IN_SETUP); 658a8e1175bSopenharmony_ci 659a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_setup(&operation, &cipher_suite), 660a8e1175bSopenharmony_ci ERR_INJECT_DUPLICATE_SETUP); 661a8e1175bSopenharmony_ci 662a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), 663a8e1175bSopenharmony_ci ERR_INJECT_SET_ROLE); 664a8e1175bSopenharmony_ci 665a8e1175bSopenharmony_ci SETUP_ALWAYS_CHECK_STEP(psa_pake_set_role(&operation, PSA_PAKE_ROLE_NONE), 666a8e1175bSopenharmony_ci ERR_IN_SET_ROLE); 667a8e1175bSopenharmony_ci 668a8e1175bSopenharmony_ci SETUP_ALWAYS_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), 669a8e1175bSopenharmony_ci ERR_IN_SET_USER); 670a8e1175bSopenharmony_ci 671a8e1175bSopenharmony_ci SETUP_ALWAYS_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), 672a8e1175bSopenharmony_ci ERR_IN_SET_PEER); 673a8e1175bSopenharmony_ci 674a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_user(&operation, user, user_len), 675a8e1175bSopenharmony_ci ERR_DUPLICATE_SET_USER); 676a8e1175bSopenharmony_ci 677a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_set_peer(&operation, peer, peer_len), 678a8e1175bSopenharmony_ci ERR_DUPLICATE_SET_PEER); 679a8e1175bSopenharmony_ci 680a8e1175bSopenharmony_ci SETUP_ALWAYS_CHECK_STEP(psa_pake_set_password_key(&operation, key), 681a8e1175bSopenharmony_ci ERR_IN_SET_PASSWORD_KEY); 682a8e1175bSopenharmony_ci 683a8e1175bSopenharmony_ci const size_t size_key_share = PSA_PAKE_INPUT_SIZE(alg, primitive, 684a8e1175bSopenharmony_ci PSA_PAKE_STEP_KEY_SHARE); 685a8e1175bSopenharmony_ci const size_t size_zk_public = PSA_PAKE_INPUT_SIZE(alg, primitive, 686a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PUBLIC); 687a8e1175bSopenharmony_ci const size_t size_zk_proof = PSA_PAKE_INPUT_SIZE(alg, primitive, 688a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PROOF); 689a8e1175bSopenharmony_ci 690a8e1175bSopenharmony_ci if (test_input) { 691a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_input(&operation, 692a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PROOF, 693a8e1175bSopenharmony_ci output_buffer, 0), 694a8e1175bSopenharmony_ci ERR_INJECT_EMPTY_IO_BUFFER); 695a8e1175bSopenharmony_ci 696a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_input(&operation, 697a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PROOF + 10, 698a8e1175bSopenharmony_ci output_buffer, size_zk_proof), 699a8e1175bSopenharmony_ci ERR_INJECT_UNKNOWN_STEP); 700a8e1175bSopenharmony_ci 701a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_input(&operation, 702a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PROOF, 703a8e1175bSopenharmony_ci output_buffer, size_zk_proof), 704a8e1175bSopenharmony_ci ERR_INJECT_INVALID_FIRST_STEP) 705a8e1175bSopenharmony_ci 706a8e1175bSopenharmony_ci SETUP_ALWAYS_CHECK_STEP(psa_pake_input(&operation, 707a8e1175bSopenharmony_ci PSA_PAKE_STEP_KEY_SHARE, 708a8e1175bSopenharmony_ci output_buffer, size_key_share), 709a8e1175bSopenharmony_ci ERR_IN_INPUT); 710a8e1175bSopenharmony_ci 711a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_input(&operation, 712a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PUBLIC, 713a8e1175bSopenharmony_ci output_buffer, size_zk_public + 1), 714a8e1175bSopenharmony_ci ERR_INJECT_WRONG_BUFFER_SIZE); 715a8e1175bSopenharmony_ci 716a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_input(&operation, 717a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PROOF, 718a8e1175bSopenharmony_ci output_buffer, size_zk_proof + 1), 719a8e1175bSopenharmony_ci ERR_INJECT_WRONG_BUFFER_SIZE_2); 720a8e1175bSopenharmony_ci 721a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP( 722a8e1175bSopenharmony_ci (psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PUBLIC, 723a8e1175bSopenharmony_ci output_buffer, size_zk_public + 1), 724a8e1175bSopenharmony_ci psa_pake_input(&operation, PSA_PAKE_STEP_ZK_PUBLIC, 725a8e1175bSopenharmony_ci output_buffer, size_zk_public)), 726a8e1175bSopenharmony_ci ERR_INJECT_VALID_OPERATION_AFTER_FAILURE); 727a8e1175bSopenharmony_ci } else { 728a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_output(&operation, 729a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PROOF, 730a8e1175bSopenharmony_ci output_buffer, 0, 731a8e1175bSopenharmony_ci &output_len), 732a8e1175bSopenharmony_ci ERR_INJECT_EMPTY_IO_BUFFER); 733a8e1175bSopenharmony_ci 734a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_output(&operation, 735a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PROOF + 10, 736a8e1175bSopenharmony_ci output_buffer, buf_size, &output_len), 737a8e1175bSopenharmony_ci ERR_INJECT_UNKNOWN_STEP); 738a8e1175bSopenharmony_ci 739a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_output(&operation, 740a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PROOF, 741a8e1175bSopenharmony_ci output_buffer, buf_size, &output_len), 742a8e1175bSopenharmony_ci ERR_INJECT_INVALID_FIRST_STEP); 743a8e1175bSopenharmony_ci 744a8e1175bSopenharmony_ci SETUP_ALWAYS_CHECK_STEP(psa_pake_output(&operation, 745a8e1175bSopenharmony_ci PSA_PAKE_STEP_KEY_SHARE, 746a8e1175bSopenharmony_ci output_buffer, buf_size, &output_len), 747a8e1175bSopenharmony_ci ERR_IN_OUTPUT); 748a8e1175bSopenharmony_ci 749a8e1175bSopenharmony_ci TEST_ASSERT(output_len > 0); 750a8e1175bSopenharmony_ci 751a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP(psa_pake_output(&operation, 752a8e1175bSopenharmony_ci PSA_PAKE_STEP_ZK_PUBLIC, 753a8e1175bSopenharmony_ci output_buffer, size_zk_public - 1, 754a8e1175bSopenharmony_ci &output_len), 755a8e1175bSopenharmony_ci ERR_INJECT_WRONG_BUFFER_SIZE); 756a8e1175bSopenharmony_ci 757a8e1175bSopenharmony_ci SETUP_CONDITIONAL_CHECK_STEP( 758a8e1175bSopenharmony_ci (psa_pake_output(&operation, PSA_PAKE_STEP_ZK_PUBLIC, 759a8e1175bSopenharmony_ci output_buffer, size_zk_public - 1, &output_len), 760a8e1175bSopenharmony_ci psa_pake_output(&operation, PSA_PAKE_STEP_ZK_PUBLIC, 761a8e1175bSopenharmony_ci output_buffer, buf_size, &output_len)), 762a8e1175bSopenharmony_ci ERR_INJECT_VALID_OPERATION_AFTER_FAILURE); 763a8e1175bSopenharmony_ci } 764a8e1175bSopenharmony_ci 765a8e1175bSopenharmony_ciexit: 766a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 767a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 768a8e1175bSopenharmony_ci mbedtls_free(output_buffer); 769a8e1175bSopenharmony_ci PSA_DONE(); 770a8e1175bSopenharmony_ci} 771a8e1175bSopenharmony_ci/* END_CASE */ 772a8e1175bSopenharmony_ci 773a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 774a8e1175bSopenharmony_civoid ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, 775a8e1175bSopenharmony_ci int client_input_first, 776a8e1175bSopenharmony_ci data_t *pw_data, 777a8e1175bSopenharmony_ci int err_stage_arg, 778a8e1175bSopenharmony_ci int expected_error_arg, 779a8e1175bSopenharmony_ci int inject_in_second_round) 780a8e1175bSopenharmony_ci{ 781a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 782a8e1175bSopenharmony_ci psa_pake_operation_t server = psa_pake_operation_init(); 783a8e1175bSopenharmony_ci psa_pake_operation_t client = psa_pake_operation_init(); 784a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 785a8e1175bSopenharmony_ci psa_algorithm_t hash_alg = hash_arg; 786a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 787a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 788a8e1175bSopenharmony_ci ecjpake_error_stage_t err_stage = err_stage_arg; 789a8e1175bSopenharmony_ci 790a8e1175bSopenharmony_ci PSA_INIT(); 791a8e1175bSopenharmony_ci 792a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 793a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 794a8e1175bSopenharmony_ci psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 795a8e1175bSopenharmony_ci 796a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 797a8e1175bSopenharmony_ci &key)); 798a8e1175bSopenharmony_ci 799a8e1175bSopenharmony_ci psa_pake_cs_set_algorithm(&cipher_suite, alg); 800a8e1175bSopenharmony_ci psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); 801a8e1175bSopenharmony_ci psa_pake_cs_set_hash(&cipher_suite, hash_alg); 802a8e1175bSopenharmony_ci 803a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); 804a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); 805a8e1175bSopenharmony_ci 806a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); 807a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); 808a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); 809a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); 810a8e1175bSopenharmony_ci 811a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_password_key(&server, key)); 812a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_password_key(&client, key)); 813a8e1175bSopenharmony_ci 814a8e1175bSopenharmony_ci ecjpake_do_round(alg, primitive_arg, &server, &client, 815a8e1175bSopenharmony_ci client_input_first, PAKE_ROUND_ONE, 816a8e1175bSopenharmony_ci inject_in_second_round ? ERR_NONE : err_stage, 817a8e1175bSopenharmony_ci expected_error_arg); 818a8e1175bSopenharmony_ci 819a8e1175bSopenharmony_ci if (!inject_in_second_round && err_stage != ERR_NONE) { 820a8e1175bSopenharmony_ci goto exit; 821a8e1175bSopenharmony_ci } 822a8e1175bSopenharmony_ci 823a8e1175bSopenharmony_ci ecjpake_do_round(alg, primitive_arg, &server, &client, 824a8e1175bSopenharmony_ci client_input_first, PAKE_ROUND_TWO, 825a8e1175bSopenharmony_ci err_stage, expected_error_arg); 826a8e1175bSopenharmony_ci 827a8e1175bSopenharmony_ciexit: 828a8e1175bSopenharmony_ci psa_destroy_key(key); 829a8e1175bSopenharmony_ci psa_pake_abort(&server); 830a8e1175bSopenharmony_ci psa_pake_abort(&client); 831a8e1175bSopenharmony_ci PSA_DONE(); 832a8e1175bSopenharmony_ci} 833a8e1175bSopenharmony_ci/* END_CASE */ 834a8e1175bSopenharmony_ci 835a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 836a8e1175bSopenharmony_civoid ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, 837a8e1175bSopenharmony_ci int derive_alg_arg, data_t *pw_data, 838a8e1175bSopenharmony_ci int client_input_first, int destroy_key, 839a8e1175bSopenharmony_ci int err_stage_arg) 840a8e1175bSopenharmony_ci{ 841a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 842a8e1175bSopenharmony_ci psa_pake_operation_t server = psa_pake_operation_init(); 843a8e1175bSopenharmony_ci psa_pake_operation_t client = psa_pake_operation_init(); 844a8e1175bSopenharmony_ci psa_algorithm_t alg = alg_arg; 845a8e1175bSopenharmony_ci psa_algorithm_t hash_alg = hash_arg; 846a8e1175bSopenharmony_ci psa_algorithm_t derive_alg = derive_alg_arg; 847a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 848a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 849a8e1175bSopenharmony_ci psa_key_derivation_operation_t server_derive = 850a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_OPERATION_INIT; 851a8e1175bSopenharmony_ci psa_key_derivation_operation_t client_derive = 852a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_OPERATION_INIT; 853a8e1175bSopenharmony_ci ecjpake_error_stage_t err_stage = err_stage_arg; 854a8e1175bSopenharmony_ci 855a8e1175bSopenharmony_ci PSA_INIT(); 856a8e1175bSopenharmony_ci 857a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 858a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 859a8e1175bSopenharmony_ci psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 860a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, 861a8e1175bSopenharmony_ci &key)); 862a8e1175bSopenharmony_ci 863a8e1175bSopenharmony_ci psa_pake_cs_set_algorithm(&cipher_suite, alg); 864a8e1175bSopenharmony_ci psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); 865a8e1175bSopenharmony_ci psa_pake_cs_set_hash(&cipher_suite, hash_alg); 866a8e1175bSopenharmony_ci 867a8e1175bSopenharmony_ci /* Get shared key */ 868a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg)); 869a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg)); 870a8e1175bSopenharmony_ci 871a8e1175bSopenharmony_ci if (PSA_ALG_IS_TLS12_PRF(derive_alg) || 872a8e1175bSopenharmony_ci PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) { 873a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive, 874a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_SEED, 875a8e1175bSopenharmony_ci (const uint8_t *) "", 0)); 876a8e1175bSopenharmony_ci PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive, 877a8e1175bSopenharmony_ci PSA_KEY_DERIVATION_INPUT_SEED, 878a8e1175bSopenharmony_ci (const uint8_t *) "", 0)); 879a8e1175bSopenharmony_ci } 880a8e1175bSopenharmony_ci 881a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); 882a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); 883a8e1175bSopenharmony_ci 884a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_user(&server, jpake_server_id, sizeof(jpake_server_id))); 885a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_peer(&server, jpake_client_id, sizeof(jpake_client_id))); 886a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_user(&client, jpake_client_id, sizeof(jpake_client_id))); 887a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_peer(&client, jpake_server_id, sizeof(jpake_server_id))); 888a8e1175bSopenharmony_ci 889a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_password_key(&server, key)); 890a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_password_key(&client, key)); 891a8e1175bSopenharmony_ci 892a8e1175bSopenharmony_ci if (destroy_key == 1) { 893a8e1175bSopenharmony_ci psa_destroy_key(key); 894a8e1175bSopenharmony_ci } 895a8e1175bSopenharmony_ci 896a8e1175bSopenharmony_ci if (err_stage == ERR_INJECT_ANTICIPATE_KEY_DERIVATION_1) { 897a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_get_implicit_key(&server, &server_derive), 898a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 899a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_get_implicit_key(&client, &client_derive), 900a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 901a8e1175bSopenharmony_ci goto exit; 902a8e1175bSopenharmony_ci } 903a8e1175bSopenharmony_ci 904a8e1175bSopenharmony_ci /* First round */ 905a8e1175bSopenharmony_ci ecjpake_do_round(alg, primitive_arg, &server, &client, 906a8e1175bSopenharmony_ci client_input_first, PAKE_ROUND_ONE, 907a8e1175bSopenharmony_ci ERR_NONE, PSA_SUCCESS); 908a8e1175bSopenharmony_ci 909a8e1175bSopenharmony_ci if (err_stage == ERR_INJECT_ANTICIPATE_KEY_DERIVATION_2) { 910a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_get_implicit_key(&server, &server_derive), 911a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 912a8e1175bSopenharmony_ci TEST_EQUAL(psa_pake_get_implicit_key(&client, &client_derive), 913a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 914a8e1175bSopenharmony_ci goto exit; 915a8e1175bSopenharmony_ci } 916a8e1175bSopenharmony_ci 917a8e1175bSopenharmony_ci /* Second round */ 918a8e1175bSopenharmony_ci ecjpake_do_round(alg, primitive_arg, &server, &client, 919a8e1175bSopenharmony_ci client_input_first, PAKE_ROUND_TWO, 920a8e1175bSopenharmony_ci ERR_NONE, PSA_SUCCESS); 921a8e1175bSopenharmony_ci 922a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); 923a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); 924a8e1175bSopenharmony_ci 925a8e1175bSopenharmony_ciexit: 926a8e1175bSopenharmony_ci psa_key_derivation_abort(&server_derive); 927a8e1175bSopenharmony_ci psa_key_derivation_abort(&client_derive); 928a8e1175bSopenharmony_ci psa_destroy_key(key); 929a8e1175bSopenharmony_ci psa_pake_abort(&server); 930a8e1175bSopenharmony_ci psa_pake_abort(&client); 931a8e1175bSopenharmony_ci PSA_DONE(); 932a8e1175bSopenharmony_ci} 933a8e1175bSopenharmony_ci/* END_CASE */ 934a8e1175bSopenharmony_ci 935a8e1175bSopenharmony_ci/* BEGIN_CASE */ 936a8e1175bSopenharmony_civoid ecjpake_size_macros() 937a8e1175bSopenharmony_ci{ 938a8e1175bSopenharmony_ci const psa_algorithm_t alg = PSA_ALG_JPAKE; 939a8e1175bSopenharmony_ci const size_t bits = 256; 940a8e1175bSopenharmony_ci const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( 941a8e1175bSopenharmony_ci PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, bits); 942a8e1175bSopenharmony_ci const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( 943a8e1175bSopenharmony_ci PSA_ECC_FAMILY_SECP_R1); 944a8e1175bSopenharmony_ci 945a8e1175bSopenharmony_ci // https://armmbed.github.io/mbed-crypto/1.1_PAKE_Extension.0-bet.0/html/pake.html#pake-step-types 946a8e1175bSopenharmony_ci /* The output for KEY_SHARE and ZK_PUBLIC is the same as a public key */ 947a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), 948a8e1175bSopenharmony_ci PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)); 949a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), 950a8e1175bSopenharmony_ci PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)); 951a8e1175bSopenharmony_ci /* The output for ZK_PROOF is the same bitsize as the curve */ 952a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), 953a8e1175bSopenharmony_ci PSA_BITS_TO_BYTES(bits)); 954a8e1175bSopenharmony_ci 955a8e1175bSopenharmony_ci /* Input sizes are the same as output sizes */ 956a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), 957a8e1175bSopenharmony_ci PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE)); 958a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), 959a8e1175bSopenharmony_ci PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC)); 960a8e1175bSopenharmony_ci TEST_EQUAL(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), 961a8e1175bSopenharmony_ci PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF)); 962a8e1175bSopenharmony_ci 963a8e1175bSopenharmony_ci /* These inequalities will always hold even when other PAKEs are added */ 964a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), 965a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_MAX_SIZE); 966a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), 967a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_MAX_SIZE); 968a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), 969a8e1175bSopenharmony_ci PSA_PAKE_OUTPUT_MAX_SIZE); 970a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), 971a8e1175bSopenharmony_ci PSA_PAKE_INPUT_MAX_SIZE); 972a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), 973a8e1175bSopenharmony_ci PSA_PAKE_INPUT_MAX_SIZE); 974a8e1175bSopenharmony_ci TEST_LE_U(PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), 975a8e1175bSopenharmony_ci PSA_PAKE_INPUT_MAX_SIZE); 976a8e1175bSopenharmony_ci} 977a8e1175bSopenharmony_ci/* END_CASE */ 978a8e1175bSopenharmony_ci 979a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 980a8e1175bSopenharmony_civoid pake_input_getters_password() 981a8e1175bSopenharmony_ci{ 982a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 983a8e1175bSopenharmony_ci psa_pake_operation_t operation = psa_pake_operation_init(); 984a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 985a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 986a8e1175bSopenharmony_ci const char *password = "password"; 987a8e1175bSopenharmony_ci uint8_t password_ret[20] = { 0 }; // max key length is 20 bytes 988a8e1175bSopenharmony_ci size_t password_len_ret = 0; 989a8e1175bSopenharmony_ci size_t buffer_len_ret = 0; 990a8e1175bSopenharmony_ci 991a8e1175bSopenharmony_ci psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( 992a8e1175bSopenharmony_ci PSA_PAKE_PRIMITIVE_TYPE_ECC, 993a8e1175bSopenharmony_ci PSA_ECC_FAMILY_SECP_R1, 256); 994a8e1175bSopenharmony_ci 995a8e1175bSopenharmony_ci PSA_INIT(); 996a8e1175bSopenharmony_ci 997a8e1175bSopenharmony_ci psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); 998a8e1175bSopenharmony_ci psa_pake_cs_set_primitive(&cipher_suite, primitive); 999a8e1175bSopenharmony_ci psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); 1000a8e1175bSopenharmony_ci 1001a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); 1002a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); 1003a8e1175bSopenharmony_ci psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); 1004a8e1175bSopenharmony_ci 1005a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); 1006a8e1175bSopenharmony_ci 1007a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, (uint8_t *) password, strlen(password), &key)); 1008a8e1175bSopenharmony_ci 1009a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_password(&operation.data.inputs, 1010a8e1175bSopenharmony_ci (uint8_t *) &password_ret, 1011a8e1175bSopenharmony_ci 10, &buffer_len_ret), 1012a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 1013a8e1175bSopenharmony_ci 1014a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_password_len(&operation.data.inputs, &password_len_ret), 1015a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 1016a8e1175bSopenharmony_ci 1017a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_password_key(&operation, key)); 1018a8e1175bSopenharmony_ci 1019a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_password_len(&operation.data.inputs, &password_len_ret), 1020a8e1175bSopenharmony_ci PSA_SUCCESS); 1021a8e1175bSopenharmony_ci 1022a8e1175bSopenharmony_ci TEST_EQUAL(password_len_ret, strlen(password)); 1023a8e1175bSopenharmony_ci 1024a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_password(&operation.data.inputs, 1025a8e1175bSopenharmony_ci (uint8_t *) &password_ret, 1026a8e1175bSopenharmony_ci password_len_ret - 1, 1027a8e1175bSopenharmony_ci &buffer_len_ret), 1028a8e1175bSopenharmony_ci PSA_ERROR_BUFFER_TOO_SMALL); 1029a8e1175bSopenharmony_ci 1030a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_password(&operation.data.inputs, 1031a8e1175bSopenharmony_ci (uint8_t *) &password_ret, 1032a8e1175bSopenharmony_ci password_len_ret, 1033a8e1175bSopenharmony_ci &buffer_len_ret), 1034a8e1175bSopenharmony_ci PSA_SUCCESS); 1035a8e1175bSopenharmony_ci 1036a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(password_ret, buffer_len_ret, password, strlen(password)); 1037a8e1175bSopenharmony_ciexit: 1038a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 1039a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 1040a8e1175bSopenharmony_ci PSA_DONE(); 1041a8e1175bSopenharmony_ci} 1042a8e1175bSopenharmony_ci/* END_CASE */ 1043a8e1175bSopenharmony_ci 1044a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 1045a8e1175bSopenharmony_civoid pake_input_getters_cipher_suite() 1046a8e1175bSopenharmony_ci{ 1047a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 1048a8e1175bSopenharmony_ci psa_pake_operation_t operation = psa_pake_operation_init(); 1049a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite_ret = psa_pake_cipher_suite_init(); 1050a8e1175bSopenharmony_ci 1051a8e1175bSopenharmony_ci psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( 1052a8e1175bSopenharmony_ci PSA_PAKE_PRIMITIVE_TYPE_ECC, 1053a8e1175bSopenharmony_ci PSA_ECC_FAMILY_SECP_R1, 256); 1054a8e1175bSopenharmony_ci 1055a8e1175bSopenharmony_ci PSA_INIT(); 1056a8e1175bSopenharmony_ci 1057a8e1175bSopenharmony_ci psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); 1058a8e1175bSopenharmony_ci psa_pake_cs_set_primitive(&cipher_suite, primitive); 1059a8e1175bSopenharmony_ci psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); 1060a8e1175bSopenharmony_ci 1061a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret), 1062a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 1063a8e1175bSopenharmony_ci 1064a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); 1065a8e1175bSopenharmony_ci 1066a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret), 1067a8e1175bSopenharmony_ci PSA_SUCCESS); 1068a8e1175bSopenharmony_ci 1069a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(&cipher_suite_ret, sizeof(cipher_suite_ret), 1070a8e1175bSopenharmony_ci &cipher_suite, sizeof(cipher_suite)); 1071a8e1175bSopenharmony_ci 1072a8e1175bSopenharmony_ciexit: 1073a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 1074a8e1175bSopenharmony_ci PSA_DONE(); 1075a8e1175bSopenharmony_ci} 1076a8e1175bSopenharmony_ci/* END_CASE */ 1077a8e1175bSopenharmony_ci 1078a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 1079a8e1175bSopenharmony_civoid pake_input_getters_user() 1080a8e1175bSopenharmony_ci{ 1081a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 1082a8e1175bSopenharmony_ci psa_pake_operation_t operation = psa_pake_operation_init(); 1083a8e1175bSopenharmony_ci const char *users[] = { "client", "server", "other" }; 1084a8e1175bSopenharmony_ci uint8_t user_ret[20] = { 0 }; // max user length is 20 bytes 1085a8e1175bSopenharmony_ci size_t user_len_ret = 0; 1086a8e1175bSopenharmony_ci size_t buffer_len_ret = 0; 1087a8e1175bSopenharmony_ci 1088a8e1175bSopenharmony_ci psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( 1089a8e1175bSopenharmony_ci PSA_PAKE_PRIMITIVE_TYPE_ECC, 1090a8e1175bSopenharmony_ci PSA_ECC_FAMILY_SECP_R1, 256); 1091a8e1175bSopenharmony_ci 1092a8e1175bSopenharmony_ci PSA_INIT(); 1093a8e1175bSopenharmony_ci 1094a8e1175bSopenharmony_ci psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); 1095a8e1175bSopenharmony_ci psa_pake_cs_set_primitive(&cipher_suite, primitive); 1096a8e1175bSopenharmony_ci psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); 1097a8e1175bSopenharmony_ci 1098a8e1175bSopenharmony_ci for (size_t i = 0; i < ARRAY_LENGTH(users); i++) { 1099a8e1175bSopenharmony_ci uint8_t *user = (uint8_t *) users[i]; 1100a8e1175bSopenharmony_ci uint8_t user_len = strlen(users[i]); 1101a8e1175bSopenharmony_ci 1102a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 1103a8e1175bSopenharmony_ci 1104a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); 1105a8e1175bSopenharmony_ci 1106a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, 1107a8e1175bSopenharmony_ci (uint8_t *) &user_ret, 1108a8e1175bSopenharmony_ci 10, &buffer_len_ret), 1109a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 1110a8e1175bSopenharmony_ci 1111a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret), 1112a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 1113a8e1175bSopenharmony_ci 1114a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_user(&operation, user, user_len)); 1115a8e1175bSopenharmony_ci 1116a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret), 1117a8e1175bSopenharmony_ci PSA_SUCCESS); 1118a8e1175bSopenharmony_ci 1119a8e1175bSopenharmony_ci TEST_EQUAL(user_len_ret, user_len); 1120a8e1175bSopenharmony_ci 1121a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, 1122a8e1175bSopenharmony_ci (uint8_t *) &user_ret, 1123a8e1175bSopenharmony_ci user_len_ret - 1, 1124a8e1175bSopenharmony_ci &buffer_len_ret), 1125a8e1175bSopenharmony_ci PSA_ERROR_BUFFER_TOO_SMALL); 1126a8e1175bSopenharmony_ci 1127a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs, 1128a8e1175bSopenharmony_ci (uint8_t *) &user_ret, 1129a8e1175bSopenharmony_ci user_len_ret, 1130a8e1175bSopenharmony_ci &buffer_len_ret), 1131a8e1175bSopenharmony_ci PSA_SUCCESS); 1132a8e1175bSopenharmony_ci 1133a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(user_ret, buffer_len_ret, user, user_len); 1134a8e1175bSopenharmony_ci } 1135a8e1175bSopenharmony_ciexit: 1136a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 1137a8e1175bSopenharmony_ci PSA_DONE(); 1138a8e1175bSopenharmony_ci} 1139a8e1175bSopenharmony_ci/* END_CASE */ 1140a8e1175bSopenharmony_ci 1141a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ 1142a8e1175bSopenharmony_civoid pake_input_getters_peer() 1143a8e1175bSopenharmony_ci{ 1144a8e1175bSopenharmony_ci psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); 1145a8e1175bSopenharmony_ci psa_pake_operation_t operation = psa_pake_operation_init(); 1146a8e1175bSopenharmony_ci const char *peers[] = { "client", "server", "other" }; 1147a8e1175bSopenharmony_ci uint8_t peer_ret[20] = { 0 }; // max peer length is 20 bytes 1148a8e1175bSopenharmony_ci size_t peer_len_ret = 0; 1149a8e1175bSopenharmony_ci size_t buffer_len_ret = 0; 1150a8e1175bSopenharmony_ci 1151a8e1175bSopenharmony_ci psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( 1152a8e1175bSopenharmony_ci PSA_PAKE_PRIMITIVE_TYPE_ECC, 1153a8e1175bSopenharmony_ci PSA_ECC_FAMILY_SECP_R1, 256); 1154a8e1175bSopenharmony_ci 1155a8e1175bSopenharmony_ci PSA_INIT(); 1156a8e1175bSopenharmony_ci 1157a8e1175bSopenharmony_ci psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); 1158a8e1175bSopenharmony_ci psa_pake_cs_set_primitive(&cipher_suite, primitive); 1159a8e1175bSopenharmony_ci psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); 1160a8e1175bSopenharmony_ci 1161a8e1175bSopenharmony_ci for (size_t i = 0; i < ARRAY_LENGTH(peers); i++) { 1162a8e1175bSopenharmony_ci uint8_t *peer = (uint8_t *) peers[i]; 1163a8e1175bSopenharmony_ci uint8_t peer_len = strlen(peers[i]); 1164a8e1175bSopenharmony_ci 1165a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 1166a8e1175bSopenharmony_ci 1167a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); 1168a8e1175bSopenharmony_ci 1169a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, 1170a8e1175bSopenharmony_ci (uint8_t *) &peer_ret, 1171a8e1175bSopenharmony_ci 10, &buffer_len_ret), 1172a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 1173a8e1175bSopenharmony_ci 1174a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret), 1175a8e1175bSopenharmony_ci PSA_ERROR_BAD_STATE); 1176a8e1175bSopenharmony_ci 1177a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_set_peer(&operation, peer, peer_len)); 1178a8e1175bSopenharmony_ci 1179a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret), 1180a8e1175bSopenharmony_ci PSA_SUCCESS); 1181a8e1175bSopenharmony_ci 1182a8e1175bSopenharmony_ci TEST_EQUAL(peer_len_ret, peer_len); 1183a8e1175bSopenharmony_ci 1184a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, 1185a8e1175bSopenharmony_ci (uint8_t *) &peer_ret, 1186a8e1175bSopenharmony_ci peer_len_ret - 1, 1187a8e1175bSopenharmony_ci &buffer_len_ret), 1188a8e1175bSopenharmony_ci PSA_ERROR_BUFFER_TOO_SMALL); 1189a8e1175bSopenharmony_ci 1190a8e1175bSopenharmony_ci TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs, 1191a8e1175bSopenharmony_ci (uint8_t *) &peer_ret, 1192a8e1175bSopenharmony_ci peer_len_ret, 1193a8e1175bSopenharmony_ci &buffer_len_ret), 1194a8e1175bSopenharmony_ci PSA_SUCCESS); 1195a8e1175bSopenharmony_ci 1196a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(peer_ret, buffer_len_ret, peer, peer_len); 1197a8e1175bSopenharmony_ci } 1198a8e1175bSopenharmony_ciexit: 1199a8e1175bSopenharmony_ci PSA_ASSERT(psa_pake_abort(&operation)); 1200a8e1175bSopenharmony_ci PSA_DONE(); 1201a8e1175bSopenharmony_ci} 1202a8e1175bSopenharmony_ci/* END_CASE */ 1203