Add pake driver wrapper tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 6069a69..73c569d 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -820,3 +820,39 @@
PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, insufficient memory
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
+
+PSA PAKE setup transparent driver: in-driver success
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+pake_setup:"abcd":PSA_SUCCESS:PSA_SUCCESS
+
+PSA PAKE setup transparent driver: in-driver forced error
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+pake_setup:"abcd":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
+
+PSA PAKE setup transparent driver: fallback
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_PAKE
+pake_setup:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+PSA PAKE setup transparent driver: fallback not available
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE
+pake_setup:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+PSA PAKE operations transparent driver: in-driver success
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+pake_operations:"abcd":PSA_SUCCESS:"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE
+
+PSA PAKE operations transparent driver: in-driver forced status
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+pake_operations:"abcd":PSA_SUCCESS:"1234":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
+
+PSA PAKE operations transparent driver: fallback
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_PAKE
+pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE
+
+PSA PAKE: ecjpake rounds transparent driver: in-driver
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:1
+
+PSA PAKE: ecjpake rounds transparent driver: fallback
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:MBEDTLS_PSA_BUILTIN_PAKE
+ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 8bb3e35..cfbcccb 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -1,6 +1,411 @@
/* BEGIN_HEADER */
#include "test/drivers/test_driver.h"
+/* Auxiliary variables for pake tests.
+ Global to silent the compiler when unused. */
+size_t pake_expected_hit_count;
+int pake_in_driver;
+
+#if defined(PSA_WANT_ALG_JPAKE)
+static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
+ psa_pake_operation_t *server,
+ psa_pake_operation_t *client,
+ int client_input_first,
+ int round)
+{
+ unsigned char *buffer0 = NULL, *buffer1 = NULL;
+ size_t buffer_length = (
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) +
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) +
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2;
+ /* The output should be exactly this size according to the spec */
+ const size_t expected_size_key_share =
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE);
+ /* The output should be exactly this size according to the spec */
+ const size_t expected_size_zk_public =
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC);
+ /* The output can be smaller: the spec allows stripping leading zeroes */
+ const size_t max_expected_size_zk_proof =
+ PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF);
+ size_t buffer0_off = 0;
+ size_t buffer1_off = 0;
+ size_t s_g1_len, s_g2_len, s_a_len;
+ size_t s_g1_off, s_g2_off, s_a_off;
+ size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len;
+ size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off;
+ size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len;
+ size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off;
+ size_t c_g1_len, c_g2_len, c_a_len;
+ size_t c_g1_off, c_g2_off, c_a_off;
+ size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len;
+ size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off;
+ size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len;
+ size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off;
+ psa_status_t status;
+
+ ASSERT_ALLOC(buffer0, buffer_length);
+ ASSERT_ALLOC(buffer1, buffer_length);
+
+ switch (round) {
+ case 1:
+ /* Server first round Output */
+ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_g1_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(s_g1_len, expected_size_key_share);
+ s_g1_off = buffer0_off;
+ buffer0_off += s_g1_len;
+ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x1_pk_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(s_x1_pk_len, expected_size_zk_public);
+ s_x1_pk_off = buffer0_off;
+ buffer0_off += s_x1_pk_len;
+ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x1_pr_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof);
+ s_x1_pr_off = buffer0_off;
+ buffer0_off += s_x1_pr_len;
+ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_g2_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(s_g2_len, expected_size_key_share);
+ s_g2_off = buffer0_off;
+ buffer0_off += s_g2_len;
+ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x2_pk_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(s_x2_pk_len, expected_size_zk_public);
+ s_x2_pk_off = buffer0_off;
+ buffer0_off += s_x2_pk_len;
+ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x2_pr_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof);
+ s_x2_pr_off = buffer0_off;
+ buffer0_off += s_x2_pr_len;
+
+ if (client_input_first == 1) {
+ /* Client first round Input */
+ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_g1_off, s_g1_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x1_pk_off,
+ s_x1_pk_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x1_pr_off,
+ s_x1_pr_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_g2_off,
+ s_g2_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x2_pk_off,
+ s_x2_pk_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x2_pr_off,
+ s_x2_pr_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+ }
+
+ /* Client first round Output */
+ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_g1_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(c_g1_len, expected_size_key_share);
+ c_g1_off = buffer1_off;
+ buffer1_off += c_g1_len;
+ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x1_pk_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(c_x1_pk_len, expected_size_zk_public);
+ c_x1_pk_off = buffer1_off;
+ buffer1_off += c_x1_pk_len;
+ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x1_pr_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof);
+ c_x1_pr_off = buffer1_off;
+ buffer1_off += c_x1_pr_len;
+ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_g2_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(c_g2_len, expected_size_key_share);
+ c_g2_off = buffer1_off;
+ buffer1_off += c_g2_len;
+ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x2_pk_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(c_x2_pk_len, expected_size_zk_public);
+ c_x2_pk_off = buffer1_off;
+ buffer1_off += c_x2_pk_len;
+ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x2_pr_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof);
+ c_x2_pr_off = buffer1_off;
+ buffer1_off += c_x2_pr_len;
+
+ if (client_input_first == 0) {
+ /* Client first round Input */
+ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_g1_off, s_g1_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x1_pk_off,
+ s_x1_pk_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x1_pr_off,
+ s_x1_pr_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_g2_off,
+ s_g2_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x2_pk_off,
+ s_x2_pk_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x2_pr_off,
+ s_x2_pr_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+ }
+
+ /* Server first round Input */
+ status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + c_g1_off, c_g1_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + c_x1_pk_off, c_x1_pk_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + c_x1_pr_off, c_x1_pr_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + c_g2_off, c_g2_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + c_x2_pk_off, c_x2_pk_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + c_x2_pr_off, c_x2_pr_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ break;
+
+ case 2:
+ /* Server second round Output */
+ buffer0_off = 0;
+
+ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_a_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(s_a_len, expected_size_key_share);
+ s_a_off = buffer0_off;
+ buffer0_off += s_a_len;
+ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x2s_pk_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public);
+ s_x2s_pk_off = buffer0_off;
+ buffer0_off += s_x2s_pk_len;
+ PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + buffer0_off,
+ 512 - buffer0_off, &s_x2s_pr_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof);
+ s_x2s_pr_off = buffer0_off;
+ buffer0_off += s_x2s_pr_len;
+
+ if (client_input_first == 1) {
+ /* Client second round Input */
+ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_a_off, s_a_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x2s_pk_off,
+ s_x2s_pk_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x2s_pr_off,
+ s_x2s_pr_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+ }
+
+ /* Client second round Output */
+ buffer1_off = 0;
+
+ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_a_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(c_a_len, expected_size_key_share);
+ c_a_off = buffer1_off;
+ buffer1_off += c_a_len;
+ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x2s_pk_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public);
+ c_x2s_pk_off = buffer1_off;
+ buffer1_off += c_x2s_pk_len;
+ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + buffer1_off,
+ 512 - buffer1_off, &c_x2s_pr_len));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof);
+ c_x2s_pr_off = buffer1_off;
+ buffer1_off += c_x2s_pr_len;
+
+ if (client_input_first == 0) {
+ /* Client second round Input */
+ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
+ buffer0 + s_a_off, s_a_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer0 + s_x2s_pk_off,
+ s_x2s_pk_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF,
+ buffer0 + s_x2s_pr_off,
+ s_x2s_pr_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+ }
+
+ /* Server second round Input */
+ status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE,
+ buffer1 + c_a_off, c_a_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC,
+ buffer1 + c_x2s_pk_off, c_x2s_pk_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF,
+ buffer1 + c_x2s_pr_off, c_x2s_pr_len);
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ TEST_EQUAL(status, PSA_SUCCESS);
+
+ break;
+ }
+
+exit:
+ mbedtls_free(buffer0);
+ mbedtls_free(buffer1);
+}
+#endif /* PSA_WANT_ALG_JPAKE */
+
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
/* Sanity checks on the output of RSA encryption.
*
@@ -2567,3 +2972,391 @@
PSA_DONE();
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void pake_setup(data_t *pw_data, int forced_status_arg, int expected_status_arg)
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t forced_status = forced_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_pake_operation_t operation = psa_pake_operation_init();
+ psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
+ psa_key_type_t key_type_pw = PSA_KEY_TYPE_PASSWORD;
+ psa_key_usage_t key_usage_pw = PSA_KEY_USAGE_DERIVE;
+ psa_algorithm_t alg = PSA_ALG_JPAKE;
+ psa_algorithm_t hash_alg = PSA_ALG_SHA_256;
+ psa_pake_primitive_t primitive_arg = PSA_PAKE_PRIMITIVE(
+ PSA_PAKE_PRIMITIVE_TYPE_ECC,
+ PSA_ECC_FAMILY_SECP_R1, 256);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init();
+
+ PSA_INIT();
+
+ if (pw_data->len > 0) {
+ psa_set_key_usage_flags(&attributes, key_usage_pw);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type_pw);
+ PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len,
+ &key));
+ }
+
+ psa_pake_cs_set_algorithm(&cipher_suite, alg);
+ psa_pake_cs_set_primitive(&cipher_suite, primitive_arg);
+ psa_pake_cs_set_hash(&cipher_suite, hash_alg);
+
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status;
+
+ TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite),
+ expected_status);
+
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1);
+exit:
+ /*
+ * Key attributes may have been returned by psa_get_key_attributes()
+ * thus reset them as required.
+ */
+ psa_reset_key_attributes(&attributes);
+ psa_destroy_key(key);
+ mbedtls_test_driver_pake_hooks =
+ mbedtls_test_driver_pake_hooks_init();
+ PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void pake_operations(data_t *pw_data, int forced_status_setup_arg, data_t *forced_output,
+ int forced_status_arg, int expected_status_set_user_arg,
+ int expected_status_set_role_arg, int expected_status_set_peer_arg,
+ int expected_status_set_password_arg, int expected_status_input_arg,
+ int expected_status_abort_arg, int expected_status_output_arg,
+ int expected_status_get_key_arg)
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t forced_status = forced_status_arg;
+ psa_status_t forced_status_setup = forced_status_setup_arg;
+ psa_status_t expected_status_set_user = expected_status_set_user_arg;
+ psa_status_t expected_status_set_role = expected_status_set_role_arg;
+ psa_status_t expected_status_set_peer = expected_status_set_peer_arg;
+ psa_status_t expected_status_set_password = expected_status_set_password_arg;
+ psa_status_t expected_status_input = expected_status_input_arg;
+ psa_status_t expected_status_abort = expected_status_abort_arg;
+ psa_status_t expected_status_output = expected_status_output_arg;
+ psa_status_t expected_status_get_key = expected_status_get_key_arg;
+ psa_pake_operation_t operation = psa_pake_operation_init();
+ psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
+ psa_key_type_t key_type_pw = PSA_KEY_TYPE_PASSWORD;
+ psa_key_usage_t key_usage_pw = PSA_KEY_USAGE_DERIVE;
+ psa_algorithm_t alg = PSA_ALG_JPAKE;
+ psa_algorithm_t hash_alg = PSA_ALG_SHA_256;
+ psa_key_derivation_operation_t implicit_key =
+ PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE(
+ PSA_PAKE_PRIMITIVE_TYPE_ECC,
+ PSA_ECC_FAMILY_SECP_R1, 256);
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init();
+ const unsigned char *user = (const unsigned char *) "user";
+ const uint8_t peer[] = "abcd";
+ uint32_t expected_hits = 1;
+ unsigned char *input_buffer = NULL;
+ const size_t size_key_share = PSA_PAKE_INPUT_SIZE(alg, primitive,
+ PSA_PAKE_STEP_KEY_SHARE);
+ unsigned char *output_buffer = NULL;
+ size_t output_len = 0;
+ size_t output_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive,
+ PSA_PAKE_STEP_KEY_SHARE);
+
+ ASSERT_ALLOC(input_buffer,
+ PSA_PAKE_INPUT_SIZE(alg, primitive,
+ PSA_PAKE_STEP_KEY_SHARE));
+ memset(input_buffer, 0xAA, size_key_share);
+
+ ASSERT_ALLOC(output_buffer,
+ PSA_PAKE_INPUT_SIZE(alg, primitive,
+ PSA_PAKE_STEP_KEY_SHARE));
+ memset(output_buffer, 0x55, output_size);
+
+ /* Transparent driver is not available (fallback). */
+ if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) {
+ expected_hits = 0;
+ }
+
+ PSA_INIT();
+
+ if (pw_data->len > 0) {
+ psa_set_key_usage_flags(&attributes, key_usage_pw);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type_pw);
+ PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len,
+ &key));
+ }
+
+ psa_pake_cs_set_algorithm(&cipher_suite, alg);
+ psa_pake_cs_set_primitive(&cipher_suite, primitive);
+ psa_pake_cs_set_hash(&cipher_suite, hash_alg);
+
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup;
+ TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite),
+ PSA_SUCCESS);
+
+ /* --- psa_pake_set_user --- */
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status;
+ mbedtls_test_driver_pake_hooks.hits = 0;
+
+ TEST_EQUAL(psa_pake_set_user(&operation, user, 4),
+ expected_status_set_user);
+
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
+
+ /* psa_pake_set_user is unsupported (after this call operation is aborted)
+ we need to reinitialize object. */
+ if (mbedtls_test_driver_pake_hooks.forced_status == PSA_SUCCESS) {
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup;
+ TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite),
+ PSA_SUCCESS);
+ }
+
+ /* --- psa_pake_set_peer --- */
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status;
+ mbedtls_test_driver_pake_hooks.hits = 0;
+
+ TEST_EQUAL(psa_pake_set_peer(&operation, peer, 4),
+ expected_status_set_peer);
+
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
+
+ /* psa_pake_set_user is unsupported (after this call operation is aborted)
+ we need to reinitialize object. */
+ if (mbedtls_test_driver_pake_hooks.forced_status == PSA_SUCCESS) {
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup;
+ TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite),
+ PSA_SUCCESS);
+ }
+
+ /* --- psa_pake_set_role --- */
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status;
+ mbedtls_test_driver_pake_hooks.hits = 0;
+
+ TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER),
+ expected_status_set_role);
+
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
+
+ /* --- psa_pake_set_password_key --- */
+ /* psa_pake_set_password_key is dispatched by location and other
+ functions are dispatched by operation id (set during setup).
+ In case of dispatching by location fallback is performed when
+ transparent accelerators are not supported. */
+ if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) {
+ mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED;
+ expected_hits = 1;
+ } else {
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status;
+ }
+ mbedtls_test_driver_pake_hooks.hits = 0;
+
+ TEST_EQUAL(psa_pake_set_password_key(&operation, key),
+ expected_status_set_password);
+
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
+
+ /* Restore expected_hits for next tests. */
+ if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) {
+ expected_hits = 0;
+ }
+
+ /* --- psa_pake_input --- */
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status;
+ mbedtls_test_driver_pake_hooks.hits = 0;
+
+ TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE,
+ input_buffer, size_key_share),
+ expected_status_input);
+
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
+
+ /* --- psa_pake_abort --- */
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status;
+ mbedtls_test_driver_pake_hooks.hits = 0;
+
+ TEST_EQUAL(psa_pake_abort(&operation), expected_status_abort);
+
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
+
+ /* --- psa_pake_output --- */
+ /* We need to setup pake again */
+ mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS;
+ TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS);
+
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup;
+ TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite),
+ PSA_SUCCESS);
+
+ TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER),
+ PSA_SUCCESS);
+
+ TEST_EQUAL(psa_pake_set_password_key(&operation, key),
+ PSA_SUCCESS);
+
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status;
+ mbedtls_test_driver_pake_hooks.hits = 0;
+
+ if (forced_output->len > 0) {
+ mbedtls_test_driver_pake_hooks.forced_output = forced_output->x;
+ mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len;
+ }
+
+ TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE,
+ output_buffer, output_size, &output_len),
+ expected_status_output);
+
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
+
+ if (forced_output->len > 0) {
+ TEST_EQUAL(output_len, forced_output->len);
+ TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0);
+ }
+
+ /* --- psa_pake_get_implicit_key --- */
+ mbedtls_test_driver_pake_hooks.forced_status = forced_status;
+ mbedtls_test_driver_pake_hooks.hits = 0;
+
+ TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key),
+ expected_status_get_key);
+
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits);
+
+ /* Clean up */
+ mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS;
+ TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS);
+exit:
+ /*
+ * Key attributes may have been returned by psa_get_key_attributes()
+ * thus reset them as required.
+ */
+ psa_reset_key_attributes(&attributes);
+ mbedtls_free(input_buffer);
+ mbedtls_free(output_buffer);
+ psa_destroy_key(key);
+ mbedtls_test_driver_pake_hooks =
+ mbedtls_test_driver_pake_hooks_init();
+ PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
+void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg,
+ int derive_alg_arg, data_t *pw_data,
+ int client_input_first, int in_driver)
+{
+ psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
+ psa_pake_operation_t server = psa_pake_operation_init();
+ psa_pake_operation_t client = psa_pake_operation_init();
+ psa_algorithm_t alg = alg_arg;
+ psa_algorithm_t hash_alg = hash_arg;
+ psa_algorithm_t derive_alg = derive_alg_arg;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t server_derive =
+ PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t client_derive =
+ PSA_KEY_DERIVATION_OPERATION_INIT;
+ pake_in_driver = in_driver;
+ mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS;
+ mbedtls_test_driver_pake_hooks.hits = 0;
+ pake_expected_hit_count = 1;
+
+ PSA_INIT();
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
+ PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len,
+ &key));
+
+ psa_pake_cs_set_algorithm(&cipher_suite, alg);
+ psa_pake_cs_set_primitive(&cipher_suite, primitive_arg);
+ psa_pake_cs_set_hash(&cipher_suite, hash_alg);
+
+ /* Get shared key */
+ PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg));
+ PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg));
+
+ if (PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ (const uint8_t *) "", 0));
+ PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ (const uint8_t *) "", 0));
+ }
+
+ if (!pake_in_driver) {
+ mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ PSA_ASSERT(psa_pake_setup(&server, &cipher_suite));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_expected_hit_count++);
+ PSA_ASSERT(psa_pake_setup(&client, &cipher_suite));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_expected_hit_count++);
+
+ /* Restore forced status and adjust pake_expected_hit_count */
+ mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS;
+ if (!pake_in_driver) {
+ pake_expected_hit_count--;
+ }
+
+ PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+
+ /* psa_pake_set_password_key is dispatched by location and other
+ functions are dispatched by operation id (set during setup).
+ In case of dispatching by location fallback is performed when
+ transparent accelerators are not supported. We need to also adjust
+ expected hit counter. */
+ if (!pake_in_driver) {
+ mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED;
+ pake_expected_hit_count++;
+ }
+
+ PSA_ASSERT(psa_pake_set_password_key(&server, key));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_expected_hit_count++);
+ PSA_ASSERT(psa_pake_set_password_key(&client, key));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_expected_hit_count++);
+
+ /* Restore forced status and adjust pake_expected_hit_count */
+ mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS;
+ if (!pake_in_driver) {
+ pake_expected_hit_count--;
+ }
+
+ /* First round */
+ ecjpake_do_round(alg, primitive_arg, &server, &client,
+ client_input_first, 1);
+
+ /* Second round */
+ ecjpake_do_round(alg, primitive_arg, &server, &client,
+ client_input_first, 2);
+
+ PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+ PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive));
+ TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits,
+ pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count);
+exit:
+ psa_key_derivation_abort(&server_derive);
+ psa_key_derivation_abort(&client_derive);
+ psa_destroy_key(key);
+ psa_pake_abort(&server);
+ psa_pake_abort(&client);
+ PSA_DONE();
+}
+/* END_CASE */