David Horstmann
ac12d2dc69
Remove psa_crypto_ prefix from test functions
...
This ensures they have a different name to the functions they test.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-03 19:23:49 +00:00
David Horstmann
70fda48670
Add full round-trip tests for buffer copying
...
Test that a buffer pair can be created with psa_crypto_alloc_and_copy()
and destroyed with psa_crypto_copy_and_free() correctly.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-02 18:39:42 +00:00
David Horstmann
5b9c21756a
Add test case for overlapping buffers
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-02 18:39:42 +00:00
David Horstmann
72ab8ad44a
Reject zero-lengths in psa_crypto_copy_and_free()
...
Zero-length buffers should be represented in the
psa_crypto_buffer_copy_t struct as NULL if it was created in
psa_crypto_alloc_and_copy(), so reject non-NULL zero-length buffers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-02 18:39:42 +00:00
David Horstmann
2b79cbaa17
Reject NULL original_output with non-NULL output
...
If we have a copy buffer but no original to copy back to, there is not
much sensible we can do. The psa_crypto_buffer_copy_t state is invalid.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-02 18:39:42 +00:00
David Horstmann
9700876520
Add testcases for psa_crypto_copy_and_free()
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-02 18:39:37 +00:00
David Horstmann
03b0472413
Zero-length test for psa_crypto_alloc_and_copy()
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-02 18:33:17 +00:00
David Horstmann
f06ac88284
Add extra testcases for buffer copying
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-02 18:33:17 +00:00
David Horstmann
24f11f9cc7
Add testcases for psa_crypto_alloc_and_copy()
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-02 18:33:08 +00:00
David Horstmann
2f96423147
Add testcases for psa_crypto_copy_output()
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-02 17:16:25 +00:00
David Horstmann
0b241ee584
Add testcases for psa_crypto_copy_input()
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-11-02 17:15:30 +00:00
Valerio Setti
bbf86afdeb
test_suite_psa_crypto: fix curve dependency in test
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Gilles Peskine
ae3cda9541
Merge pull request #8092 from silabs-Kusumit/PBKDF2_output_key
...
PBKDF2: test output_key
2023-09-22 18:01:06 +00:00
Kusumit Ghoderao
94d319065a
Set input cost as 1 for psa_key_exercise test
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-09-05 19:30:22 +05:30
Gilles Peskine
ead1766b5f
Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL
...
"Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of
making an empty salt work. But it didn't fix the case of an empty salt
segment followed by a non-empty salt segment, which still invoked memcpy
with a potentially null pointer as the source. This commit fixes that case,
and also simplifies the logic in the function a little.
Test data obtained with:
```
pip3 install cryptodome
python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-20 22:05:16 +02:00
Kusumit Ghoderao
8eb55891ad
Add tests in derive_key for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1dd596541b
Add tests in derive_key_type for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1fe806a1a0
Add tests in derive_key_export for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
e8f6a0d791
Add tests for derive_key_exercise for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation
...
PBKDF2 CMAC implementation
2023-08-17 11:15:16 +00:00
Kusumit Ghoderao
6c104b9b3b
Modify derive output test cases and add actual output
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-16 11:47:24 +05:30
Dave Rodgman
6f80ac4979
Merge pull request #7864 from waleed-elmelegy-arm/enforce-min-RSA-key-size
...
Enforce minimum key size when generating RSA key size
2023-08-03 12:57:52 +00:00
Waleed Elmelegy
d4e7fe09b3
Change tests to work on different MBEDTLS_RSA_GEN_KEY_MIN_BITS configs
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-02 16:59:59 +00:00
Kusumit Ghoderao
6eff0b2258
Remove test vector
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-02 17:22:49 +05:30
Kusumit Ghoderao
be55b7e45a
Add test cases for 16 byte and empty password
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-27 21:22:26 +05:30
Waleed Elmelegy
d7bdbbeb0a
Improve naming of mimimum RSA key size generation configurations
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 14:50:09 +00:00
Waleed Elmelegy
3d158f0c28
Adapt tests to work on all possible minimum RSA key sizes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 11:03:35 +00:00
Waleed Elmelegy
76336c3e4d
Enforce minimum key size when generating RSA key size
...
Add configuration to enforce minimum size when
generating a RSA key, it's default value is 1024
bits since this the minimum secure value currently
but it can be any value greater than or equal 128
bits. Tests were modifed to accommodate for this
change.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 10:58:25 +00:00
Valerio Setti
a55f042636
psa: replace DH_KEY_PAIR_LEGACY with new symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-27 09:15:34 +02:00
Valerio Setti
19fec5487d
test: remove GENPRIME dependency when RSA_KEY_PAIR_GENERATE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 12:31:50 +02:00
Valerio Setti
acab57b6b4
test: replace RSA_KEY_PAIR_LEGACY with proper symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Manuel Pégourié-Gonnard
9967f11066
Merge pull request #7810 from valeriosetti/issue7771
...
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
2023-07-07 10:22:47 +02:00
Kusumit Ghoderao
7333ed3efa
Add max iterations test case for cmac
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:03 +05:30
Kusumit Ghoderao
d80183864a
Add test case for zero input cost
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
671320633c
Add test cases for key and plain inputs
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
9d4c74f25c
Add test cases for output validation of pbkdf2 cmac
...
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome
Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):
Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16
password : 4a30314e4d45
salt : 54687265616437333563383762344f70656e54687265616444656d6f
input cost : 16384
derived key len : 16
output : 8b27beed7e7a4dd6c53138c879a8e33c
"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys
def main():
#check args
if len(sys.argv) != 5:
print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
return
password = bytes.fromhex(sys.argv[1])
salt = bytes.fromhex(sys.argv[2])
iterations = int(sys.argv[3])
dklen = int(sys.argv[4])
# If password is not 16 bytes then we need to use CMAC to derive the password
if len(password) != 16:
zeros = bytes.fromhex("00000000000000000000000000000000")
cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
passwd = bytes.fromhex(cobj_pass.hexdigest())
else:
passwd = password
cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()
actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)
print('password : ' + password.hex())
print('salt : ' + salt.hex())
print('input cost : ' + str(iterations))
print('derived key len : ' + str(dklen))
print('output : ' + actual_output.hex())
if __name__ == "__main__":
main()
"""
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
1d3fca21b1
Add test cases for input validation of pbkdf2 cmac
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:01 +05:30
Valerio Setti
27c501a10c
lib/test: replace BASIC_IMPORT_EXPORT internal symbol with BASIC,IMPORT,EXPORT
...
Also the python script for automatic test generation is fixed accordingly
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 10:16:22 +02:00
Valerio Setti
2a63460248
psa: fix guards for EC key derivation
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 10:16:21 +02:00
Valerio Setti
6a9d0ee373
library/test: replace LEGACY symbol with BASIC_IMPORT_EXPORT
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 10:16:21 +02:00
Valerio Setti
f09977023b
test: replace ECC_KEY_PAIR_LEGACY with GENERATE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 10:16:21 +02:00
Valerio Setti
c2a4fb7754
test: replace ECC_KEY_PAIR_LEGACY with DERIVE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 10:16:21 +02:00
Kusumit Ghoderao
cbfe333c2b
add test case for zero input cost
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-27 11:19:12 +05:30
Kusumit Ghoderao
42b02b9fe9
Add test and test case for input cost greater than vendor maximum
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-27 11:12:27 +05:30
Valerio Setti
ff7f861761
tests: replace deprecated symbols with temporary _LEGACY ones
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Gilles Peskine
f45a5a0ddd
Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes
...
PBKDF2: Output bytes
2023-06-16 10:08:02 +02:00
Tom Cosgrove
6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only
...
Introduce config option of 128-bit key only in AES calculation
2023-06-15 10:35:32 +01:00
Kusumit Ghoderao
b31059f072
Remove negative tests for input validation
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-08 16:42:37 +05:30
Kusumit Ghoderao
c63d140436
Add negative cases for pbkdf2 output
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-06 15:05:45 +05:30
Kusumit Ghoderao
2b5c91b757
Add RFC tests for pbkdf2 output
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-06 15:05:44 +05:30