diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 247c57e334..946234c41a 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6490,175 +6490,3 @@ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY PSA derive persistent key: HKDF SHA-256, exportable persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY - -PSA PAKE: uninitialized access to psa_pake_operation_t -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE - -PSA PAKE: invalid alg -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: invalid primitive type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: invalid primitive family -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: invalid primitive bits -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: invalid hash -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: duplicate a valid setup -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE - -PSA PAKE: ecjpake setup invalid role NONE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: wrong key type password -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: wrong key usage type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:0:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED - -PSA PAKE: set invalid user -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: set invalid peer -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: set user -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_USER:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: set peer -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_PEER:PSA_ERROR_NOT_SUPPORTED - -PSA PAKE: empty server password -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE - -PSA PAKE: empty client password -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE - -PSA PAKE: invalid input -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_EMPTY_IO_BUFFER:0 - -PSA PAKE: unkown input step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_UNKNOWN_STEP:0 - -PSA PAKE: invalid first input step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_INVALID_FIRST_STEP:0 - -PSA PAKE: input buffer too large -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_WRONG_BUFFER_SIZE:0 - -PSA PAKE: valid input operation after a failure -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 - -PSA PAKE: invalid output -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_EMPTY_IO_BUFFER:0 - -PSA PAKE: unkown output step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_UNKNOWN_STEP:0 - -PSA PAKE: invalid first output step -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_INVALID_FIRST_STEP:0 - -PSA PAKE: output buffer too small -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_WRONG_BUFFER_SIZE:0 - -PSA PAKE: valid output operation after a failure -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 - -PSA PAKE: ecjpake setup client bad password key type -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_DERIVE:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT - -PSA PAKE: ecjpake setup client bad password key usage -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED - -PSA PAKE: ecjpake rounds -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ERR_NONE - -PSA PAKE: ecjpake rounds, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:INJECT_ERR_NONE - -PSA PAKE: ecjpake rounds, early key derivation 1 -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_1 - -PSA PAKE: ecjpake rounds, early key derivation 2 -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_2 - -PSA PAKE: ecjpake no input errors -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef" - -PSA PAKE: ecjpake no input errors, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef" - -PSA PAKE: ecjpake inject input errors, first round client -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:1:"abcdef" - -PSA PAKE: ecjpake inject input errors, first round client, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:1:"abcdef" - -PSA PAKE: ecjpake inject input errors, first round server -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:2:"abcdef" - -PSA PAKE: ecjpake inject input errors, first round server, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:2:"abcdef" - -PSA PAKE: ecjpake inject input errors, second round client -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:3:"abcdef" - -PSA PAKE: ecjpake inject input errors, second round client, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:3:"abcdef" - -PSA PAKE: ecjpake inject input errors, second round server -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:4:"abcdef" - -PSA PAKE: ecjpake inject input errors, second round server, client input first -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:4:"abcdef" - -PSA PAKE: ecjpake size macros -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 -ecjpake_size_macros: diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 8d42bf9b34..a2297639ee 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9073,7 +9073,6 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, int derive_alg_arg, data_t *pw_data, - int client_input_first, int destroy_key, int client_input_first, int inj_err_type_arg ) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); @@ -9126,9 +9125,6 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT( psa_pake_set_password_key( &server, key ) ); PSA_ASSERT( psa_pake_set_password_key( &client, key ) ); - if( destroy_key == 1 ) - psa_destroy_key( key ); - if( inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_1 ) { TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data new file mode 100644 index 0000000000..fba9e8ee30 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -0,0 +1,171 @@ +PSA PAKE: uninitialized access to psa_pake_operation_t +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_UNINITIALIZED_ACCESS:PSA_ERROR_BAD_STATE + +PSA PAKE: invalid alg +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: invalid primitive type +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: invalid primitive family +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: invalid primitive bits +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: invalid hash +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: duplicate a valid setup +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_DUPLICATE_SETUP:PSA_ERROR_BAD_STATE + +PSA PAKE: ecjpake setup invalid role NONE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: wrong key type password +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: wrong key usage type +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:0:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED + +PSA PAKE: set invalid user +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_USER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set invalid peer +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_INVALID_PEER:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: set user +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_USER:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: set peer +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_ERR_SET_PEER:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE: empty server password +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE + +PSA PAKE: empty client password +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"":INJECT_ERR_NONE:PSA_ERROR_BAD_STATE + +PSA PAKE: invalid input +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_EMPTY_IO_BUFFER:0 + +PSA PAKE: unkown input step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_UNKNOWN_STEP:0 + +PSA PAKE: invalid first input step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_INVALID_FIRST_STEP:0 + +PSA PAKE: input buffer too large +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_WRONG_BUFFER_SIZE:0 + +PSA PAKE: valid input operation after a failure +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 + +PSA PAKE: invalid output +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_EMPTY_IO_BUFFER:0 + +PSA PAKE: unkown output step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_UNKNOWN_STEP:0 + +PSA PAKE: invalid first output step +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_INVALID_FIRST_STEP:0 + +PSA PAKE: output buffer too small +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_WRONG_BUFFER_SIZE:0 + +PSA PAKE: valid output operation after a failure +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:"abcd":INJECT_VALID_OPERATION_AFTER_FAILURE:0 + +PSA PAKE: ecjpake setup client bad password key type +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_DERIVE:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_INVALID_ARGUMENT + +PSA PAKE: ecjpake setup client bad password key usage +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_ENCRYPT:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_CLIENT:0:"abcd":INJECT_ERR_NONE:PSA_ERROR_NOT_PERMITTED + +PSA PAKE: ecjpake rounds +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ERR_NONE + +PSA PAKE: ecjpake rounds, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:INJECT_ERR_NONE + +PSA PAKE: ecjpake rounds, early key derivation 1 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_1 + +PSA PAKE: ecjpake rounds, early key derivation 2 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:INJECT_ANTICIPATE_KEY_DERIVATION_2 + +PSA PAKE: ecjpake no input errors +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef" + +PSA PAKE: ecjpake no input errors, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:0:"abcdef" + +PSA PAKE: ecjpake inject input errors, first round client +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:1:"abcdef" + +PSA PAKE: ecjpake inject input errors, first round client, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:1:"abcdef" + +PSA PAKE: ecjpake inject input errors, first round server +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:2:"abcdef" + +PSA PAKE: ecjpake inject input errors, first round server, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:2:"abcdef" + +PSA PAKE: ecjpake inject input errors, second round client +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:3:"abcdef" + +PSA PAKE: ecjpake inject input errors, second round client, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:3:"abcdef" + +PSA PAKE: ecjpake inject input errors, second round server +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:4:"abcdef" + +PSA PAKE: ecjpake inject input errors, second round server, client input first +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:4:"abcdef" + +PSA PAKE: ecjpake size macros +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 +ecjpake_size_macros: diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function new file mode 100644 index 0000000000..c378b4932b --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -0,0 +1,1060 @@ +/* BEGIN_HEADER */ +#include + +#include "psa/crypto.h" + +#if defined(PSA_WANT_ALG_JPAKE) +static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive, + psa_pake_operation_t *server, + psa_pake_operation_t *client, + int client_input_first, + int round, int inject_error ) +{ + unsigned char *buffer0 = NULL, *buffer1 = NULL; + size_t buffer_length = ( + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; + /* The output should be exactly this size according to the spec */ + const size_t expected_size_key_share = + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); + /* The output should be exactly this size according to the spec */ + const size_t expected_size_zk_public = + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); + /* The output can be smaller: the spec allows stripping leading zeroes */ + const size_t max_expected_size_zk_proof = + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); + size_t buffer0_off = 0; + size_t buffer1_off = 0; + size_t s_g1_len, s_g2_len, s_a_len; + size_t s_g1_off, s_g2_off, s_a_off; + size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; + size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; + size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; + size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; + size_t c_g1_len, c_g2_len, c_a_len; + size_t c_g1_off, c_g2_off, c_a_off; + size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; + size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; + size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; + size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; + psa_status_t expected_status = PSA_SUCCESS; + psa_status_t status; + + ASSERT_ALLOC( buffer0, buffer_length ); + ASSERT_ALLOC( buffer1, buffer_length ); + + switch( round ) + { + case 1: + /* Server first round Output */ + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_g1_len ) ); + TEST_EQUAL( s_g1_len, expected_size_key_share ); + s_g1_off = buffer0_off; + buffer0_off += s_g1_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x1_pk_len ) ); + TEST_EQUAL( s_x1_pk_len, expected_size_zk_public ); + s_x1_pk_off = buffer0_off; + buffer0_off += s_x1_pk_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x1_pr_len ) ); + TEST_LE_U( s_x1_pr_len, max_expected_size_zk_proof ); + s_x1_pr_off = buffer0_off; + buffer0_off += s_x1_pr_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_g2_len ) ); + TEST_EQUAL( s_g2_len, expected_size_key_share ); + s_g2_off = buffer0_off; + buffer0_off += s_g2_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2_pk_len ) ); + TEST_EQUAL( s_x2_pk_len, expected_size_zk_public ); + s_x2_pk_off = buffer0_off; + buffer0_off += s_x2_pk_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2_pr_len ) ); + TEST_LE_U( s_x2_pr_len, max_expected_size_zk_proof ); + s_x2_pr_off = buffer0_off; + buffer0_off += s_x2_pr_len; + + if( inject_error == 1 ) + { + buffer0[s_x1_pr_off + 8] ^= 1; + buffer0[s_x2_pr_off + 7] ^= 1; + expected_status = PSA_ERROR_DATA_INVALID; + } + + /* + * When injecting errors in inputs, the implementation is + * free to detect it right away of with a delay. + * This permits delaying the error until the end of the input + * sequence, if no error appears then, this will be treated + * as an error. + */ + + if( client_input_first == 1 ) + { + /* Client first round Input */ + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g1_off, s_g1_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x1_pk_off, + s_x1_pk_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x1_pr_off, + s_x1_pr_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g2_off, + s_g2_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2_pk_off, + s_x2_pk_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2_pr_off, + s_x2_pr_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 1 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } + + /* Client first round Output */ + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_g1_len ) ); + TEST_EQUAL( c_g1_len, expected_size_key_share ); + c_g1_off = buffer1_off; + buffer1_off += c_g1_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x1_pk_len ) ); + TEST_EQUAL( c_x1_pk_len, expected_size_zk_public ); + c_x1_pk_off = buffer1_off; + buffer1_off += c_x1_pk_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x1_pr_len ) ); + TEST_LE_U( c_x1_pr_len, max_expected_size_zk_proof ); + c_x1_pr_off = buffer1_off; + buffer1_off += c_x1_pr_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_g2_len ) ); + TEST_EQUAL( c_g2_len, expected_size_key_share ); + c_g2_off = buffer1_off; + buffer1_off += c_g2_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2_pk_len ) ); + TEST_EQUAL( c_x2_pk_len, expected_size_zk_public ); + c_x2_pk_off = buffer1_off; + buffer1_off += c_x2_pk_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2_pr_len ) ); + TEST_LE_U( c_x2_pr_len, max_expected_size_zk_proof ); + c_x2_pr_off = buffer1_off; + buffer1_off += c_x2_pr_len; + + if( client_input_first == 0 ) + { + /* Client first round Input */ + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g1_off, s_g1_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x1_pk_off, + s_x1_pk_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x1_pr_off, + s_x1_pr_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g2_off, + s_g2_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2_pk_off, + s_x2_pk_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2_pr_off, + s_x2_pr_len ); + if( inject_error == 1 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 1 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } + + if( inject_error == 2 ) + { + buffer1[c_x1_pr_off + 12] ^= 1; + buffer1[c_x2_pr_off + 7] ^= 1; + expected_status = PSA_ERROR_DATA_INVALID; + } + + /* Server first round Input */ + status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_g1_off, c_g1_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + c_x1_pk_off, c_x1_pk_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + c_x1_pr_off, c_x1_pr_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_g2_off, c_g2_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + c_x2_pk_off, c_x2_pk_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + c_x2_pr_off, c_x2_pr_len ); + if( inject_error == 2 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 2 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + + break; + + case 2: + /* Server second round Output */ + buffer0_off = 0; + + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_a_len ) ); + TEST_EQUAL( s_a_len, expected_size_key_share ); + s_a_off = buffer0_off; + buffer0_off += s_a_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2s_pk_len ) ); + TEST_EQUAL( s_x2s_pk_len, expected_size_zk_public ); + s_x2s_pk_off = buffer0_off; + buffer0_off += s_x2s_pk_len; + PSA_ASSERT( psa_pake_output( server, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2s_pr_len ) ); + TEST_LE_U( s_x2s_pr_len, max_expected_size_zk_proof ); + s_x2s_pr_off = buffer0_off; + buffer0_off += s_x2s_pr_len; + + if( inject_error == 3 ) + { + buffer0[s_x2s_pk_off + 12] += 0x33; + expected_status = PSA_ERROR_DATA_INVALID; + } + + if( client_input_first == 1 ) + { + /* Client second round Input */ + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_a_off, s_a_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2s_pk_off, + s_x2s_pk_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2s_pr_off, + s_x2s_pr_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 3 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } + + /* Client second round Output */ + buffer1_off = 0; + + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_a_len ) ); + TEST_EQUAL( c_a_len, expected_size_key_share ); + c_a_off = buffer1_off; + buffer1_off += c_a_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2s_pk_len ) ); + TEST_EQUAL( c_x2s_pk_len, expected_size_zk_public ); + c_x2s_pk_off = buffer1_off; + buffer1_off += c_x2s_pk_len; + PSA_ASSERT( psa_pake_output( client, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2s_pr_len ) ); + TEST_LE_U( c_x2s_pr_len, max_expected_size_zk_proof ); + c_x2s_pr_off = buffer1_off; + buffer1_off += c_x2s_pr_len; + + if( client_input_first == 0 ) + { + /* Client second round Input */ + status = psa_pake_input( client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_a_off, s_a_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2s_pk_off, + s_x2s_pk_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2s_pr_off, + s_x2s_pr_len ); + if( inject_error == 3 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 3 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + } + + if( inject_error == 4 ) + { + buffer1[c_x2s_pk_off + 7] += 0x28; + expected_status = PSA_ERROR_DATA_INVALID; + } + + /* Server second round Input */ + status = psa_pake_input( server, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_a_off, c_a_len ); + if( inject_error == 4 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + c_x2s_pk_off, c_x2s_pk_len ); + if( inject_error == 4 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + status = psa_pake_input( server, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + c_x2s_pr_off, c_x2s_pr_len ); + if( inject_error == 4 && status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + break; + } + else + { + TEST_EQUAL( status, PSA_SUCCESS ); + } + + /* Error didn't trigger, make test fail */ + if( inject_error == 4 ) + TEST_ASSERT( ! "One of the last psa_pake_input() calls should have returned the expected error." ); + + break; + + } + +exit: + mbedtls_free( buffer0 ); + mbedtls_free( buffer1 ); +} +#endif /* PSA_WANT_ALG_JPAKE */ + +typedef enum +{ + INJECT_ERR_NONE = 0, + INJECT_ERR_UNINITIALIZED_ACCESS, + INJECT_ERR_DUPLICATE_SETUP, + INJECT_ERR_INVALID_USER, + INJECT_ERR_INVALID_PEER, + INJECT_ERR_SET_USER, + INJECT_ERR_SET_PEER, + INJECT_EMPTY_IO_BUFFER, + INJECT_UNKNOWN_STEP, + INJECT_INVALID_FIRST_STEP, + INJECT_WRONG_BUFFER_SIZE, + INJECT_VALID_OPERATION_AFTER_FAILURE, + INJECT_ANTICIPATE_KEY_DERIVATION_1, + INJECT_ANTICIPATE_KEY_DERIVATION_2, +} ecjpake_injected_failure_t; + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_CRYPTO_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, + int primitive_arg, int hash_arg, int role_arg, + int test_input, data_t *pw_data, + int inj_err_type_arg, + int expected_error_arg) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t operation = psa_pake_operation_init(); + psa_algorithm_t alg = alg_arg; + psa_pake_primitive_t primitive = primitive_arg; + psa_key_type_t key_type_pw = key_type_pw_arg; + psa_key_usage_t key_usage_pw = key_usage_pw_arg; + psa_algorithm_t hash_alg = hash_arg; + psa_pake_role_t role = role_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + ecjpake_injected_failure_t inj_err_type = inj_err_type_arg; + psa_status_t expected_error = expected_error_arg; + psa_status_t status; + unsigned char *output_buffer = NULL; + size_t output_len = 0; + + PSA_INIT( ); + + size_t buf_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive_arg, + PSA_PAKE_STEP_KEY_SHARE); + ASSERT_ALLOC( output_buffer, buf_size ); + + if( pw_data->len > 0 ) + { + psa_set_key_usage_flags( &attributes, key_usage_pw ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type_pw ); + PSA_ASSERT( psa_import_key( &attributes, pw_data->x, pw_data->len, + &key ) ); + } + + psa_pake_cs_set_algorithm( &cipher_suite, alg ); + psa_pake_cs_set_primitive( &cipher_suite, primitive ); + psa_pake_cs_set_hash( &cipher_suite, hash_alg ); + + PSA_ASSERT( psa_pake_abort( &operation ) ); + + if ( inj_err_type == INJECT_ERR_UNINITIALIZED_ACCESS ) + { + TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_set_password_key( &operation, key ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_set_role( &operation, role ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, + NULL, 0, NULL ), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, NULL, 0), + expected_error ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + goto exit; + } + + status = psa_pake_setup( &operation, &cipher_suite ); + if (status != PSA_SUCCESS) + { + TEST_EQUAL( status, expected_error ); + goto exit; + } + + if( inj_err_type == INJECT_ERR_DUPLICATE_SETUP ) + { + TEST_EQUAL( psa_pake_setup( &operation, &cipher_suite ), + expected_error ); + goto exit; + } + + status = psa_pake_set_role( &operation, role); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error ); + goto exit; + } + + if( pw_data->len > 0 ) + { + status = psa_pake_set_password_key( &operation, key ); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error ); + goto exit; + } + } + + if ( inj_err_type == INJECT_ERR_INVALID_USER ) + { + TEST_EQUAL( psa_pake_set_user( &operation, NULL, 0 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_ERR_INVALID_PEER ) + { + TEST_EQUAL( psa_pake_set_peer( &operation, NULL, 0 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_ERR_SET_USER ) + { + const uint8_t unsupported_id[] = "abcd"; + TEST_EQUAL( psa_pake_set_user( &operation, unsupported_id, 4 ), + PSA_ERROR_NOT_SUPPORTED ); + goto exit; + } + + if ( inj_err_type == INJECT_ERR_SET_PEER ) + { + const uint8_t unsupported_id[] = "abcd"; + TEST_EQUAL( psa_pake_set_peer( &operation, unsupported_id, 4 ), + PSA_ERROR_NOT_SUPPORTED ); + goto exit; + } + + const size_t size_key_share = PSA_PAKE_INPUT_SIZE( alg, primitive, + PSA_PAKE_STEP_KEY_SHARE ); + const size_t size_zk_public = PSA_PAKE_INPUT_SIZE( alg, primitive, + PSA_PAKE_STEP_ZK_PUBLIC ); + const size_t size_zk_proof = PSA_PAKE_INPUT_SIZE( alg, primitive, + PSA_PAKE_STEP_ZK_PROOF ); + + if ( test_input ) + { + if ( inj_err_type == INJECT_EMPTY_IO_BUFFER ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, NULL, 0 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_UNKNOWN_STEP ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, + output_buffer, size_zk_proof ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_INVALID_FIRST_STEP ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, + output_buffer, size_zk_proof ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + + status = psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, + output_buffer, size_key_share ); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error); + goto exit; + } + + if ( inj_err_type == INJECT_WRONG_BUFFER_SIZE ) + { + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public + 1 ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_VALID_OPERATION_AFTER_FAILURE ) + { + // Just trigger any kind of error. We don't care about the result here + psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public + 1 ); + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + } else { + if ( inj_err_type == INJECT_EMPTY_IO_BUFFER ) + { + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, + NULL, 0, NULL ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_UNKNOWN_STEP ) + { + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, + output_buffer, buf_size, &output_len ), + PSA_ERROR_INVALID_ARGUMENT ); + goto exit; + } + + if ( inj_err_type == INJECT_INVALID_FIRST_STEP ) + { + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, + output_buffer, buf_size, &output_len ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + + status = psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, + output_buffer, buf_size, &output_len ); + if ( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_error); + goto exit; + } + + TEST_ASSERT( output_len > 0 ); + + if ( inj_err_type == INJECT_WRONG_BUFFER_SIZE ) + { + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public - 1, &output_len ), + PSA_ERROR_BUFFER_TOO_SMALL ); + goto exit; + } + + if ( inj_err_type == INJECT_VALID_OPERATION_AFTER_FAILURE ) + { + // Just trigger any kind of error. We don't care about the result here + psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, size_zk_public - 1, &output_len ); + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PUBLIC, + output_buffer, buf_size, &output_len ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + } + +exit: + PSA_ASSERT( psa_destroy_key( key ) ); + PSA_ASSERT( psa_pake_abort( &operation ) ); + mbedtls_free( output_buffer ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void ecjpake_rounds_inject( int alg_arg, int primitive_arg, int hash_arg, + int client_input_first, int inject_error, + data_t *pw_data ) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t server = psa_pake_operation_init(); + psa_pake_operation_t client = psa_pake_operation_init(); + psa_algorithm_t alg = alg_arg; + psa_algorithm_t hash_alg = hash_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_INIT( ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_PASSWORD ); + PSA_ASSERT( psa_import_key( &attributes, pw_data->x, pw_data->len, + &key ) ); + + psa_pake_cs_set_algorithm( &cipher_suite, alg ); + psa_pake_cs_set_primitive( &cipher_suite, primitive_arg ); + psa_pake_cs_set_hash( &cipher_suite, hash_alg ); + + + PSA_ASSERT( psa_pake_setup( &server, &cipher_suite ) ); + PSA_ASSERT( psa_pake_setup( &client, &cipher_suite ) ); + + PSA_ASSERT( psa_pake_set_role( &server, PSA_PAKE_ROLE_SERVER ) ); + PSA_ASSERT( psa_pake_set_role( &client, PSA_PAKE_ROLE_CLIENT ) ); + + PSA_ASSERT( psa_pake_set_password_key( &server, key ) ); + PSA_ASSERT( psa_pake_set_password_key( &client, key ) ); + + ecjpake_do_round( alg, primitive_arg, &server, &client, + client_input_first, 1, inject_error ); + + if( inject_error == 1 || inject_error == 2 ) + goto exit; + + ecjpake_do_round( alg, primitive_arg, &server, &client, + client_input_first, 2, inject_error ); + +exit: + psa_destroy_key( key ); + psa_pake_abort( &server ); + psa_pake_abort( &client ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, + int derive_alg_arg, data_t *pw_data, + int client_input_first, int inj_err_type_arg ) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t server = psa_pake_operation_init(); + psa_pake_operation_t client = psa_pake_operation_init(); + psa_algorithm_t alg = alg_arg; + psa_algorithm_t hash_alg = hash_arg; + psa_algorithm_t derive_alg = derive_alg_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_derivation_operation_t server_derive = + PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t client_derive = + PSA_KEY_DERIVATION_OPERATION_INIT; + ecjpake_injected_failure_t inj_err_type = inj_err_type_arg; + + PSA_INIT( ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_PASSWORD ); + PSA_ASSERT( psa_import_key( &attributes, pw_data->x, pw_data->len, + &key ) ); + + psa_pake_cs_set_algorithm( &cipher_suite, alg ); + psa_pake_cs_set_primitive( &cipher_suite, primitive_arg ); + psa_pake_cs_set_hash( &cipher_suite, hash_alg ); + + /* Get shared key */ + PSA_ASSERT( psa_key_derivation_setup( &server_derive, derive_alg ) ); + PSA_ASSERT( psa_key_derivation_setup( &client_derive, derive_alg ) ); + + if( PSA_ALG_IS_TLS12_PRF( derive_alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( derive_alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( &server_derive, + PSA_KEY_DERIVATION_INPUT_SEED, + (const uint8_t*) "", 0) ); + PSA_ASSERT( psa_key_derivation_input_bytes( &client_derive, + PSA_KEY_DERIVATION_INPUT_SEED, + (const uint8_t*) "", 0) ); + } + + PSA_ASSERT( psa_pake_setup( &server, &cipher_suite ) ); + PSA_ASSERT( psa_pake_setup( &client, &cipher_suite ) ); + + PSA_ASSERT( psa_pake_set_role( &server, PSA_PAKE_ROLE_SERVER ) ); + PSA_ASSERT( psa_pake_set_role( &client, PSA_PAKE_ROLE_CLIENT ) ); + + PSA_ASSERT( psa_pake_set_password_key( &server, key ) ); + PSA_ASSERT( psa_pake_set_password_key( &client, key ) ); + + if( inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_1 ) + { + TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), + PSA_ERROR_BAD_STATE ); + TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + + /* First round */ + ecjpake_do_round( alg, primitive_arg, &server, &client, + client_input_first, 1, 0 ); + + if ( inj_err_type == INJECT_ANTICIPATE_KEY_DERIVATION_2 ) + { + TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), + PSA_ERROR_BAD_STATE ); + TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ), + PSA_ERROR_BAD_STATE ); + goto exit; + } + + /* Second round */ + ecjpake_do_round( alg, primitive_arg, &server, &client, + client_input_first, 2, 0 ); + + PSA_ASSERT( psa_pake_get_implicit_key( &server, &server_derive ) ); + PSA_ASSERT( psa_pake_get_implicit_key( &client, &client_derive ) ); + +exit: + psa_key_derivation_abort( &server_derive ); + psa_key_derivation_abort( &client_derive ); + psa_destroy_key( key ); + psa_pake_abort( &server ); + psa_pake_abort( &client ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecjpake_size_macros( ) +{ + const psa_algorithm_t alg = PSA_ALG_JPAKE; + const size_t bits = 256; + const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, bits ); + const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( + PSA_ECC_FAMILY_SECP_R1 ); + + // https://armmbed.github.io/mbed-crypto/1.1_PAKE_Extension.0-bet.0/html/pake.html#pake-step-types + /* The output for KEY_SHARE and ZK_PUBLIC is the same as a public key */ + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( key_type, bits ) ); + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( key_type, bits ) ); + /* The output for ZK_PROOF is the same bitsize as the curve */ + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), + PSA_BITS_TO_BYTES( bits ) ); + + /* Input sizes are the same as output sizes */ + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), + PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE) ); + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), + PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC) ); + TEST_EQUAL( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), + PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF) ); + + /* These inequalities will always hold even when other PAKEs are added */ + TEST_LE_U( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), + PSA_PAKE_OUTPUT_MAX_SIZE ); + TEST_LE_U( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), + PSA_PAKE_OUTPUT_MAX_SIZE ); + TEST_LE_U( PSA_PAKE_OUTPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), + PSA_PAKE_OUTPUT_MAX_SIZE ); + TEST_LE_U( PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_KEY_SHARE), + PSA_PAKE_INPUT_MAX_SIZE ); + TEST_LE_U( PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PUBLIC), + PSA_PAKE_INPUT_MAX_SIZE ); + TEST_LE_U( PSA_PAKE_INPUT_SIZE(alg, prim, PSA_PAKE_STEP_ZK_PROOF), + PSA_PAKE_INPUT_MAX_SIZE ); +} +/* END_CASE */