mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-21 19:20:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1160 from davidhorstmann-arm/copying-pake

Browse Source 
Add secure buffer copying to PAKE
This commit is contained in:
David Horstmann 2024-03-08 16:09:10 +00:00 committed by GitHub
commit 849bb717bc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 117 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
library/psa_crypto.c
View File

@ -8326,10 +8326,11 @@ exit:
psa_status_t psa_pake_set_user(
psa_pake_operation_t *operation,
const uint8_t *user_id,
const uint8_t *user_id_external,
size_t user_id_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(user_id_external, user_id);
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = PSA_ERROR_BAD_STATE;
@ -8352,21 +8353,28 @@ psa_status_t psa_pake_set_user(
goto exit;
}
LOCAL_INPUT_ALLOC(user_id_external, user_id_len, user_id);
memcpy(operation->data.inputs.user, user_id, user_id_len);
operation->data.inputs.user_len = user_id_len;
return PSA_SUCCESS;
status = PSA_SUCCESS;
exit:
psa_pake_abort(operation);
LOCAL_INPUT_FREE(user_id_external, user_id);
if (status != PSA_SUCCESS) {
psa_pake_abort(operation);
}
return status;
}
psa_status_t psa_pake_set_peer(
psa_pake_operation_t *operation,
const uint8_t *peer_id,
const uint8_t *peer_id_external,
size_t peer_id_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
LOCAL_INPUT_DECLARE(peer_id_external, peer_id);
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = PSA_ERROR_BAD_STATE;
@ -8389,12 +8397,18 @@ psa_status_t psa_pake_set_peer(
goto exit;
}
LOCAL_INPUT_ALLOC(peer_id_external, peer_id_len, peer_id);
memcpy(operation->data.inputs.peer, peer_id, peer_id_len);
operation->data.inputs.peer_len = peer_id_len;
return PSA_SUCCESS;
status = PSA_SUCCESS;
exit:
psa_pake_abort(operation);
LOCAL_INPUT_FREE(peer_id_external, peer_id);
if (status != PSA_SUCCESS) {
psa_pake_abort(operation);
}
return status;
}
@ -8580,12 +8594,13 @@ static psa_status_t psa_jpake_epilogue(
psa_status_t psa_pake_output(
psa_pake_operation_t *operation,
psa_pake_step_t step,
uint8_t *output,
uint8_t *output_external,
size_t output_size,
size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_crypto_driver_pake_step_t driver_step = PSA_JPAKE_STEP_INVALID;
LOCAL_OUTPUT_DECLARE(output_external, output);
*output_length = 0;
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
@ -8622,6 +8637,8 @@ psa_status_t psa_pake_output(
goto exit;
}
LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
status = psa_driver_wrapper_pake_output(operation, driver_step,
output, output_size, output_length);
@ -8643,16 +8660,18 @@ psa_status_t psa_pake_output(
goto exit;
}
return PSA_SUCCESS;
exit:
psa_pake_abort(operation);
LOCAL_OUTPUT_FREE(output_external, output);
if (status != PSA_SUCCESS) {
psa_pake_abort(operation);
}
return status;
}
psa_status_t psa_pake_input(
psa_pake_operation_t *operation,
psa_pake_step_t step,
const uint8_t *input,
const uint8_t *input_external,
size_t input_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@ -8660,6 +8679,7 @@ psa_status_t psa_pake_input(
const size_t max_input_length = (size_t) PSA_PAKE_INPUT_SIZE(operation->alg,
operation->primitive,
step);
LOCAL_INPUT_DECLARE(input_external, input);
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
status = psa_pake_complete_inputs(operation);
@ -8695,6 +8715,7 @@ psa_status_t psa_pake_input(
goto exit;
}
LOCAL_INPUT_ALLOC(input_external, input_length, input);
status = psa_driver_wrapper_pake_input(operation, driver_step,
input, input_length);
@ -8716,9 +8737,11 @@ psa_status_t psa_pake_input(
goto exit;
}
return PSA_SUCCESS;
exit:
psa_pake_abort(operation);
LOCAL_INPUT_FREE(input_external, input);
if (status != PSA_SUCCESS) {
psa_pake_abort(operation);
}
return status;
}

2
tests/scripts/generate_psa_wrappers.py
View File

@ -143,6 +143,8 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
"""Whether the specified buffer argument to a PSA function should be copied.
"""
#pylint: disable=too-many-return-statements
if function_name.startswith('psa_pake'):
return True
if function_name.startswith('psa_aead'):
return True
if function_name in {'psa_cipher_encrypt', 'psa_cipher_decrypt',

24
tests/src/psa_test_wrappers.c
View File

@ -1002,7 +1002,13 @@ psa_status_t mbedtls_test_wrap_psa_pake_input(
const uint8_t *arg2_input,
size_t arg3_input_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg2_input, arg3_input_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_pake_input)(arg0_operation, arg1_step, arg2_input, arg3_input_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg2_input, arg3_input_length);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -1014,7 +1020,13 @@ psa_status_t mbedtls_test_wrap_psa_pake_output(
size_t arg3_output_size,
size_t *arg4_output_length)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg2_output, arg3_output_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_pake_output)(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg2_output, arg3_output_size);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -1033,7 +1045,13 @@ psa_status_t mbedtls_test_wrap_psa_pake_set_peer(
const uint8_t *arg1_peer_id,
size_t arg2_peer_id_len)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_peer_id, arg2_peer_id_len);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_pake_set_peer)(arg0_operation, arg1_peer_id, arg2_peer_id_len);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_peer_id, arg2_peer_id_len);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}
@ -1052,7 +1070,13 @@ psa_status_t mbedtls_test_wrap_psa_pake_set_user(
const uint8_t *arg1_user_id,
size_t arg2_user_id_len)
{
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_POISON(arg1_user_id, arg2_user_id_len);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
psa_status_t status = (psa_pake_set_user)(arg0_operation, arg1_user_id, arg2_user_id_len);
#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
MBEDTLS_TEST_MEMORY_UNPOISON(arg1_user_id, arg2_user_id_len);
#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
return status;
}

36
tests/suites/test_suite_psa_crypto.function
View File

@ -742,37 +742,37 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
/* Server first round Output */
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_g1_len));
buffer_length - buffer0_off, &s_g1_len));
TEST_EQUAL(s_g1_len, expected_size_key_share);
s_g1_off = buffer0_off;
buffer0_off += s_g1_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x1_pk_len));
buffer_length - buffer0_off, &s_x1_pk_len));
TEST_EQUAL(s_x1_pk_len, expected_size_zk_public);
s_x1_pk_off = buffer0_off;
buffer0_off += s_x1_pk_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x1_pr_len));
buffer_length - buffer0_off, &s_x1_pr_len));
TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof);
s_x1_pr_off = buffer0_off;
buffer0_off += s_x1_pr_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_g2_len));
buffer_length - buffer0_off, &s_g2_len));
TEST_EQUAL(s_g2_len, expected_size_key_share);
s_g2_off = buffer0_off;
buffer0_off += s_g2_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2_pk_len));
buffer_length - buffer0_off, &s_x2_pk_len));
TEST_EQUAL(s_x2_pk_len, expected_size_zk_public);
s_x2_pk_off = buffer0_off;
buffer0_off += s_x2_pk_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2_pr_len));
buffer_length - buffer0_off, &s_x2_pr_len));
TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof);
s_x2_pr_off = buffer0_off;
buffer0_off += s_x2_pr_len;
@ -862,37 +862,37 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
/* Client first round Output */
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_g1_len));
buffer_length - buffer1_off, &c_g1_len));
TEST_EQUAL(c_g1_len, expected_size_key_share);
c_g1_off = buffer1_off;
buffer1_off += c_g1_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x1_pk_len));
buffer_length - buffer1_off, &c_x1_pk_len));
TEST_EQUAL(c_x1_pk_len, expected_size_zk_public);
c_x1_pk_off = buffer1_off;
buffer1_off += c_x1_pk_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x1_pr_len));
buffer_length - buffer1_off, &c_x1_pr_len));
TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof);
c_x1_pr_off = buffer1_off;
buffer1_off += c_x1_pr_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_g2_len));
buffer_length - buffer1_off, &c_g2_len));
TEST_EQUAL(c_g2_len, expected_size_key_share);
c_g2_off = buffer1_off;
buffer1_off += c_g2_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2_pk_len));
buffer_length - buffer1_off, &c_x2_pk_len));
TEST_EQUAL(c_x2_pk_len, expected_size_zk_public);
c_x2_pk_off = buffer1_off;
buffer1_off += c_x2_pk_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2_pr_len));
buffer_length - buffer1_off, &c_x2_pr_len));
TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof);
c_x2_pr_off = buffer1_off;
buffer1_off += c_x2_pr_len;
@ -1040,19 +1040,19 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_a_len));
buffer_length - buffer0_off, &s_a_len));
TEST_EQUAL(s_a_len, expected_size_key_share);
s_a_off = buffer0_off;
buffer0_off += s_a_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2s_pk_len));
buffer_length - buffer0_off, &s_x2s_pk_len));
TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public);
s_x2s_pk_off = buffer0_off;
buffer0_off += s_x2s_pk_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2s_pr_len));
buffer_length - buffer0_off, &s_x2s_pr_len));
TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof);
s_x2s_pr_off = buffer0_off;
buffer0_off += s_x2s_pr_len;
@ -1105,19 +1105,19 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_a_len));
buffer_length - buffer1_off, &c_a_len));
TEST_EQUAL(c_a_len, expected_size_key_share);
c_a_off = buffer1_off;
buffer1_off += c_a_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2s_pk_len));
buffer_length - buffer1_off, &c_x2s_pk_len));
TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public);
c_x2s_pk_off = buffer1_off;
buffer1_off += c_x2s_pk_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2s_pr_len));
buffer_length - buffer1_off, &c_x2s_pr_len));
TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof);
c_x2s_pr_off = buffer1_off;
buffer1_off += c_x2s_pr_len;

36
tests/suites/test_suite_psa_crypto_driver_wrappers.function
View File

@ -57,7 +57,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
/* Server first round Output */
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_g1_len));
buffer_length - buffer0_off, &s_g1_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_g1_len, expected_size_key_share);
@ -65,7 +65,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer0_off += s_g1_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x1_pk_len));
buffer_length - buffer0_off, &s_x1_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_x1_pk_len, expected_size_zk_public);
@ -73,7 +73,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer0_off += s_x1_pk_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x1_pr_len));
buffer_length - buffer0_off, &s_x1_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof);
@ -81,7 +81,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer0_off += s_x1_pr_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_g2_len));
buffer_length - buffer0_off, &s_g2_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_g2_len, expected_size_key_share);
@ -89,7 +89,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer0_off += s_g2_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2_pk_len));
buffer_length - buffer0_off, &s_x2_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_x2_pk_len, expected_size_zk_public);
@ -97,7 +97,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer0_off += s_x2_pk_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2_pr_len));
buffer_length - buffer0_off, &s_x2_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof);
@ -154,7 +154,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
/* Client first round Output */
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_g1_len));
buffer_length - buffer1_off, &c_g1_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_g1_len, expected_size_key_share);
@ -162,7 +162,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1_off += c_g1_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x1_pk_len));
buffer_length - buffer1_off, &c_x1_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_x1_pk_len, expected_size_zk_public);
@ -170,7 +170,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1_off += c_x1_pk_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x1_pr_len));
buffer_length - buffer1_off, &c_x1_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof);
@ -178,7 +178,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1_off += c_x1_pr_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_g2_len));
buffer_length - buffer1_off, &c_g2_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_g2_len, expected_size_key_share);
@ -186,7 +186,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1_off += c_g2_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2_pk_len));
buffer_length - buffer1_off, &c_x2_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_x2_pk_len, expected_size_zk_public);
@ -194,7 +194,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1_off += c_x2_pk_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2_pr_len));
buffer_length - buffer1_off, &c_x2_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof);
@ -290,7 +290,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_a_len));
buffer_length - buffer0_off, &s_a_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_a_len, expected_size_key_share);
@ -298,7 +298,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer0_off += s_a_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2s_pk_len));
buffer_length - buffer0_off, &s_x2s_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public);
@ -306,7 +306,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer0_off += s_x2s_pk_len;
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2s_pr_len));
buffer_length - buffer0_off, &s_x2s_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof);
@ -341,7 +341,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_a_len));
buffer_length - buffer1_off, &c_a_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_a_len, expected_size_key_share);
@ -349,7 +349,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1_off += c_a_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2s_pk_len));
buffer_length - buffer1_off, &c_x2s_pk_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public);
@ -357,7 +357,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1_off += c_x2s_pk_len;
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2s_pr_len));
buffer_length - buffer1_off, &c_x2s_pr_len));
TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total,
pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof);

40
tests/suites/test_suite_psa_crypto_pake.function
View File

@ -147,7 +147,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
/* Server first round Output */
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_g1_len));
buffer_length - buffer0_off, &s_g1_len));
TEST_EQUAL(s_g1_len, expected_size_key_share);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1,
@ -156,7 +156,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x1_pk_len));
buffer_length - buffer0_off, &s_x1_pk_len));
TEST_EQUAL(s_x1_pk_len, expected_size_zk_public);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1,
@ -165,7 +165,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x1_pr_len));
buffer_length - buffer0_off, &s_x1_pr_len));
TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1,
@ -174,7 +174,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_g2_len));
buffer_length - buffer0_off, &s_g2_len));
TEST_EQUAL(s_g2_len, expected_size_key_share);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2,
@ -183,7 +183,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2_pk_len));
buffer_length - buffer0_off, &s_x2_pk_len));
TEST_EQUAL(s_x2_pk_len, expected_size_zk_public);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2,
@ -192,7 +192,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2_pr_len));
buffer_length - buffer0_off, &s_x2_pr_len));
TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2,
@ -203,7 +203,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
DO_ROUND_CONDITIONAL_CHECK_FAILURE(
ERR_INJECT_EXTRA_OUTPUT,
psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_g2_off, 512 - s_g2_off, &extra_output_len));
buffer0 + s_g2_off, buffer_length - s_g2_off, &extra_output_len));
(void) extra_output_len;
/*
* When injecting errors in inputs, the implementation is
@ -260,7 +260,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
/* Client first round Output */
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_g1_len));
buffer_length - buffer1_off, &c_g1_len));
TEST_EQUAL(c_g1_len, expected_size_key_share);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1,
@ -269,7 +269,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x1_pk_len));
buffer_length - buffer1_off, &c_x1_pk_len));
TEST_EQUAL(c_x1_pk_len, expected_size_zk_public);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1,
@ -278,7 +278,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x1_pr_len));
buffer_length - buffer1_off, &c_x1_pr_len));
TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1,
@ -287,7 +287,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_g2_len));
buffer_length - buffer1_off, &c_g2_len));
TEST_EQUAL(c_g2_len, expected_size_key_share);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2,
@ -296,7 +296,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2_pk_len));
buffer_length - buffer1_off, &c_x2_pk_len));
TEST_EQUAL(c_x2_pk_len, expected_size_zk_public);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2,
@ -305,7 +305,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2_pr_len));
buffer_length - buffer1_off, &c_x2_pr_len));
TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2,
@ -391,7 +391,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + buffer0_off,
512 - buffer0_off, &s_a_len));
buffer_length - buffer0_off, &s_a_len));
TEST_EQUAL(s_a_len, expected_size_key_share);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND2_SERVER_KEY_SHARE,
@ -400,7 +400,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2s_pk_len));
buffer_length - buffer0_off, &s_x2s_pk_len));
TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC,
@ -409,7 +409,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
buffer0 + buffer0_off,
512 - buffer0_off, &s_x2s_pr_len));
buffer_length - buffer0_off, &s_x2s_pr_len));
TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND2_SERVER_ZK_PROOF,
@ -445,7 +445,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + buffer1_off,
512 - buffer1_off, &c_a_len));
buffer_length - buffer1_off, &c_a_len));
TEST_EQUAL(c_a_len, expected_size_key_share);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND2_CLIENT_KEY_SHARE,
@ -454,7 +454,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2s_pk_len));
buffer_length - buffer1_off, &c_x2s_pk_len));
TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC,
@ -463,7 +463,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
buffer1 + buffer1_off,
512 - buffer1_off, &c_x2s_pr_len));
buffer_length - buffer1_off, &c_x2s_pr_len));
TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof);
DO_ROUND_CONDITIONAL_INJECT(
ERR_INJECT_ROUND2_CLIENT_ZK_PROOF,
@ -475,7 +475,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
DO_ROUND_CONDITIONAL_CHECK_FAILURE(
ERR_INJECT_EXTRA_OUTPUT_AT_END,
psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + c_a_off, 512 - c_a_off,
buffer1 + c_a_off, buffer_length - c_a_off,
&extra_output_at_end_len));
(void) extra_output_at_end_len;
}